TCP/IP for VM Secure Socket Layer (SSL) Server
Configuration Information and Requirements
for z/VM 520
| |
SSL Server for z/VM 5.2 - Linux Requirements
|
Before the TCP/IP for VM Secure Socket Layer (SSL) server can be
utilized, a Linux for S/390 kernel and file system must be installed
and configured for exclusive use by the SSL server virtual
machine.
The z/VM SSL server implementation is supported on specific Linux
distributions and kernel levels.
Supported distributions, kernel levels and the z/VM-supplied SSL RPM
packages for each distribution are listed in the tables that follow.
Use the information that follows to install and configure the SSL
server for your environment.
| |
RPM Package Overview and Naming Conventions
|
The various SSL-related RPM packages provided with TCP/IP for z/VM are
supplied on the 493 minidisk owned by the TCP/IP installation
and service user ID (for example, the 5VMTCP20 493 minidisk),
and have a file type of RPMBIN.
If IBM-supplied user IDs and minidisk defaults have been maintained
for your z/VM system, remote access to these files should be possible
using either the z/VM TCP/IP installation and service user ID
(the TCP_install_ID, such as 5VMTCP20), or the SSL server
user ID (SSLSERV). The necessary files can be obtained by
referencing the 493 minidisk associated with either of these
user IDs. (This is possible because the IBM-supplied CP directory
entry for the SSLSERV user ID provides access to the
TCP_install_ID 493 minidisk via a LINK statement that uses the
same device number — 493.)
However, if TCP/IP service minidisks have been moved to the z/VM
Shared File System (SFS), the RPM package files then must be accessed
using the z/VM TCP/IP installation and service user ID. The default SFS
directory used in place of the TCP_install_ID 493
minidisk is: VMSYS:TCP_install_ID.TCPIP.BINARY
Notes:
Use the tables that follow to determine which z/VM RPMBIN files should
be used for your installation, as well as the (Linux) naming that
should be applied to those files when they are transferred to the
Linux guest designated for running the z/VM SSL server.
| |
SSL Server for z/VM 5.2 - IBM GSKit Package Information
|
|
Linux Environment
|
z/VM-Supplied
RPM File
|
Linux RPM
Package File
|
|
31 bit Environment
|
IBMGSK RPMBIN
|
gsk7bas-7.0-3.13.s390.rpm
|
|
64 bit Environment
|
IBMGSKX RPMBIN
|
gsk7bas64-7.0-3.13.s390x.rpm
|
| |
SSL Server for z/VM 5.2 - SSL RPM Package Information
|
|
Linux Distribution
|
Required
Kernel Level
|
z/VM-Supplied
RPM File
|
Linux RPM
Package File
|
Redhat Enterprise
Linux AS3 U3 (31 bit)
|
2.4.21-20.EL
|
VMSR3 RPMBIN
|
vmssld-2.24.21-1.s390.rpm
|
Redhat Enterprise
Linux AS3 U3 (64 bit)
|
2.4.21-20.EL
|
VMSR3X RPMBIN
|
vmssld-2.24.21-1.s390x.rpm
|
Redhat Enterprise
Linux AS4 U2 (31 bit)
|
2.6.9-22.EL
|
VMSR4 RPMBIN
|
vmssld-2.6.9-1.s390.rpm
|
Redhat Enterprise
Linux AS4 U2 (64 bit)
|
2.6.9-22.EL
|
VMSR4X RPMBIN
|
vmssld-2.6.9-1.s390x.rpm
|
SUSE SLES 8 SP3
(31 bit)
|
2.4.21-83
|
VMSS8 RPMBIN
|
vmssld-2.24.21-1.s390.rpm
|
SUSE SLES 9 SP2
(31 bit)
|
2.6.5-7.191
|
VMSS9 RPMBIN
|
vmssld-2.6.5-1.s390.rpm
|
SUSE SLES 9 SP2
(64 bit)
|
2.6.5-7.191
|
VMSS9X RPMBIN
|
vmssld-2.6.5-1.s390x.rpm
|
Note:
If the Linux distribution selected for running the SSL server is of a
more-recent service level than that cited above (due to the
application of kernel patches, by the distributor or by your
installation), the vmsock kernel module (supplied with the z/VM
SSL RPM for the selected distribution) must be locally rebuilt so that
it is compatible with the level of the Linux kernel in use.
Also, note that the vmsock modules provided via the various SSL RPM
files have been verified by IBM for only the stated kernel levels.
Unexpected problems could arise through the use of a locally-rebuilt
vmsock module.
Use this link to obtain additional information to assist you with
rebuilding the vmsock module:
Sample instructions for an FTP transfer of the necessary RPM package
files to a Linux guest system follow:
-
Login as the root user on the selected Linux system.
-
Initiate an FTP session to the z/VM host where the needed RPMBIN
package files reside:
ftp vm_host_ip_address
-
Login using one of the previously mentioned user IDs and then change
the working directory to the appropriate resource:
-
For an installation in which TCP/IP service minidisks are used:
user sslserv
pass pass_word
cd sslserv.493
-
For an installation in which TCP/IP service SFS directories are used:
user 5vmtcp20
pass pass_word
cd vmsys:5vmtcp20.tcpip.binary
-
Establish Binary transfer mode and retrieve the appropriate
RPMBIN files:
bin
get VM_IBMgskit_name.rpmbin Linux_IBMgskit_name.rpm
get VM_SSLpackage_name.rpmbin Linux_SSLpackage_name.rpm
-
End the FTP session, after the files have been successfully transferred.
After having transferred the necessary RPM package files, you can
install each package using the Linux rpm command, as described
in the next section.
| |
RPM Package Installation Instructions
|
To verify that you have installable packages, first issue the rpm
-i commands that follow. Each command will display general
information about the specified package:
rpm -qpi Linux_IBMgskit_name.rpm
rpm -qpi Linux_SSLpackage_name.rpm
Assuming each command displayed the proper information, install each
package.
Note:
Install the IBM GSKit package first, then install the SSL
server package:
rpm -Uvh Linux_IBMgskit_name.rpm
rpm -Uvh Linux_SSLpackage_name.rpm
After the IBM GSKit and SSL server packages have been installed,
additional installation and configuration steps must be performed
which are specifically associated with the SSL package. Information
and instructions regarding these steps are provided as separate
INSTALL and README files, which are placed in
package-specific documentation directories as part of the
SSL server package installation.
For example: /usr/share/doc/packages/Linux_SSLpackage_name
To determine where this information resides, issue the rpm
"query" command that follows:
rpm -qd Linux_SSLpackage_name
Note that the .rpm qualifier is not included
as part of the package name that is used for this command.
As a convenience, the INSTALL and README files that
pertain to a given RPM package are also provided on the
TCP_install_ID 493 minidisk, with file names that match
the RPMBIN file with which they are associated.
| | Virtual Machine Requirements and Restrictions |
Please note the following requirements and restrictions regarding
the SSLSERV user ID (or your selected equivalent):
-
Virtual storage defined for the user ID selected to run the z/VM SSL
server must not exceed 2G. This restriction also applies to any
non-contiguous storage extents that might be defined for this user ID.
-
The minidisk used as the SSL server TRANSITION minidisk
(device address 0203, by default) must be a CMS-formatted
minidisk.
| |
SSL Server for z/VM 5.2 - Optional Material
|
Optional SSL server Linux source RPM (SRPM) package
files (and their counterpart z/VM CMS files) are listed in the table
that follows. These packages provide a select set of source files for
interested customers.
|
Linux Distribution
|
Kernel Level
|
z/VM-Supplied
RPM File
|
Source RPM
Package File
|
Redhat Enterprise
Linux AS3 U3 (31 bit)
|
2.4.21-20.EL
|
VMSR3S RPMBIN
|
vmssld-2.24.21-1.srpm
|
Redhat Enterprise
Linux AS3 U3 (64 bit)
|
2.4.21-20.EL
|
VMSR3XS RPMBIN
|
vmssld-2.24.21-1.srpm
|
Redhat Enterprise
Linux AS4 U2 (31 bit)
|
2.6.9-22.EL
|
VMSR4S RPMBIN
|
vmssld-2.6.9-1.srpm
|
Redhat Enterprise
Linux AS4 U2 (64 bit)
|
2.6.9-22.EL
|
VMSR4XS RPMBIN
|
vmssld-2.6.9-1.srpm
|
SUSE SLES 8 SP3
(31 bit)
|
2.4.21-83
|
VMSS8S RPMBIN
|
vmssld-2.24.21-1.srpm
|
SUSE SLES 9 SP2
(31 bit)
|
2.6.5-7.191
|
VMSS9S RPMBIN
|
vmssld-2.6.5-1.srpm
|
SUSE SLES 9 SP2
(64 bit)
|
2.6.5-7.191
|
VMSS9XS RPMBIN
|
vmssld-2.6.5-1.srpm
|
To install a source package, use the information provided for it's
non-source counterpart, while adapting the package file name in an
appropriate manner.
| | SSL Server - Documentation Updates / Supplements |
Check the following link for detailed information about documentation
updates that are available for the z/VM SSL server.
|
