IBM z/VM 7.1 Continuous Delivery Information

Last Updated: 31 March 2021

z/VM 7.1 Continuous Delivery Function

This page contains a list of continuous delivery function released on z/VM 7.1 after the General Availability date. The items in this list have been included in the base of z/VM 7.2 and future releases of z/VM.

Characteristics of a New Function APAR

New Function Information
Name	The name of the project. This can include any previous names the project was known by.
Description	A brief summary of what changes, who it effects, and why you would care.
Status	Along with the current status, this will give indication of key changes since the last iteration of this page.
Target availability	Depending on the project, where it is in the cycle, and other factors, this will list TBD, a quarter, a month, or, in cases where it has become available, a date. This is not a commitment and as more is learned about the work and priorities the target availability date will likely be adjusted.
Compatibility	This will describe how compatible an item is. In most cases, this will say 'No known incompatibilities'. It is not meant to list all details like a migration guide, but to give some indication of what to expect.
Enablement	This will briefly describe how enablement is managed for this Small Product Enhancement. Can it be enabled or disabled? What is the default? Can it be done dynamically? Is it on a virtual machine basis or system wide basis? It is not meant to describe all details of that process, but to give an idea of what's involved. Will also give indication of whether an IPL of the z/VM system is required, or just recycle of virtual machines or new CMS modules.
Effect	Describes what effect enabling the code may have beyond the compatibility statement above. Such as may slightly elongate logoff time or CCW translation code paths changed. These are basically meant to be hints as to how the system may respond or behave differently.
ISV impact	Indicates any impacts to ISV related products that are known, such as "If using a directory manager product, see vendor for required updates."
Linux or hardware interaction	Indicates whether a special level of Linux or hardware is required because of an interaction or dependency.
Environment variable name	If the CP New Function Indication API (APAR VM66439) is installed, the variable name is used to determine if the function is present on the z/VM system. Variable names are only present on CP New Function APARs released after the z/VM 7.2 GA date. For non-CP function, such as CMS, TCP/IP, Performance Toolkit, etc., or CP APARs released prior to z/VM 7.2, there will be no variable associated with the function and this field will show "N/A". Some new function APARs may introduce more than one environment variable and/or add new valid values to existing variables. Please see the z/VM New function Variable List for more information. This cell has been intentionally highlighted. Cells with this shading have been recently changed.
Release(s)	Indicates the releases planned for this enhancement.
Service details	See below for the IBM service information.
APAR	Information and link to the Authorized Program Analysis Report.
PTF	Information and link to the Program Temporary Fix.
RSU	Information and link to the Recommended Service Upgrade.

Available new function	Date released	Last updated
80 Logical Processor Support	August 1, 2019	February 24, 2020
CMS Pipelines SSL/TLS Enhancements	June 3, 2020	August 12, 2021
Dump Scalability	September 21, 2018	September 25, 2018
Dynamic Crypto	September 20, 2019	February 24, 2020
EAV Paging	June 20, 2019	September 27, 2019
Elliptic Curve Support	December 13, 2018	May 14, 2019
Fast Minidisk Erase	December 5, 2019	December 12, 2019
Multifactor Authentication for z/VM	May 22, 2020	August 12, 2021
RSCS Query System Service	December 4, 2018	May 14, 2019
TLS/SSL Certificate Verification	June 16, 2020	December 10, 2021
VSwitch Priority Queuing	May 23, 2019	September 27, 2019

80 Logical Processor Support
Name	80 Logical Processor Support
Description	This enhancement will relieve the limitation of 64 logical processors per LPAR by increasing the number of logical processors. The objective is to allow customers to run more workload on z/VM by increasing the number of supported logical processors which is especially important when multithreading is enabled. From the customer's viewpoint, this will allow them to define more logical processors for running more workload on each LPAR and possibly use fewer number of LPARs for the same amount of workload. The new limit will be fenced at 80 logical processors.
Status	Available August 1, 2019
Target availability	July 2019
Compatibility	No known incompatibilities.
Enablement	APAR VM66301 / PTF UM35496 must be installed as a pre-requisite. Apply PTFs and re-IPL z/VM to activate the code.
Effect	View the 80 Logical Processors performance report.
ISV impact	No known ISV impacts.
Linux or hardware interaction	Requires z14 or higher. No known Linux interaction at this time.
Environment variable name	N/A
Release(s)	z/VM 7.1 New Function APAR
Service details	CP	SAD	Perfkit
APAR	VM66265	VM66296	7.1: VM66292 6.4: VM65863
PTF	R710 UM35474	R710 UM35499	R710 UM35501 R640 UM35472
RSU	z/VM 7.1 - 2001
Additional information	z/VM Spotlight: 80 Logical Processor Support

CMS Pipelines SSL/TLS Enhancements
Name	CMS Pipelines SSL/TLS Enhancements
Description	Enhancements to the CMS Pipelines TCP/IP stages that allow applications to establish secure connections using SSL/TLS. Both implicit SSL/TLS connections (eg HTTPS) and explicit SSL/TLS connections (eg FTP) are supported. A sample stage will be provided to implement a client for FTP with SSL/TLS.
Status	Available June 3, 2020
Target availability	June 3, 2020
Compatibility	Upward compatible; existing applications that do not require SSL will continue to work as before.
Enablement	Requires a working z/VM System SSL configuration. CMS Pipelines applications need some changes to enable secure connections.
Effect	TBD
ISV impact	No known impacts at this time.
Linux or hardware interaction	N/A
Environment variable name	N/A
Release(s)	z/VM 7.1 New Function APAR
Service details	See below for the IBM service information.
APAR	VM66365
PTF	UM35658
RSU	z/VM 7.1 - 2101

Dump Scalability
Name	Dump Scalability
Description	Dump processing will be enhanced to reduce the time required to create, process, and transmit data from SNAPDUMP and Hard Abend dumps. A new system default will generate dump data that is usually considerably smaller in size, requiring less space to store these dumps in the system SPOOL and as CMS files. The increased efficiency of dump processing saves time and resources, and removes an inhibitor to the deployment of z/VM configurations with large amounts of memory.
Status	Available September 21, 2018
Target availability	September 21, 2018
Compatibility	No known incompatibilities.
Enablement	IPL the z/VM system with the dump scalability support to activate.
Effect	TBD
ISV impact	No known impacts at this time.
Linux or hardware interaction	No known Linux or hardware interaction.
Environment variable name	N/A
Release(s)	z/VM 7.1
Service details	Included as part of z/VM 7.1 release
APAR	N/A
PTF	N/A
RSU	N/A

Dynamic Crypto
Name	Dynamic Crypto
Description	Dynamic Crypto support will enable dynamic changes to the cryptographic (crypto) environment on a z/VM system. This will allow the addition or removal of Crypto Express adapters, as well as maintenance and repair of Crypto Express adapters, to be less disruptive to the system and guests running on the system. It will also allow the flexibility to change crypto resources between dedicated and shared use. New commands will be added to provide customers with an interface to make these changes without requiring an IPL of z/VM or an IPL of the guest.
Status	Available September 20, 2019
Target availability	Third Quarter 2019
Compatibility	QUERY CRYPTO and QUERY VIRTUAL CRYPTO output will have incompatible changes.
Enablement	APAR VM66206 / PTF 35449 must be installed as a pre-requisite. This PTF must be installed on all members of an SSI cluster regrardless of whether Dynamic Crypto is on the other systems. Apply Dynamic Crypto PTFs and re-IPL z/VM. Use new crypto commands to execute function.
Effect	Allows greater flexibility and less disruption in managing crypto resources.
ISV impact	No known impacts at this time.
Linux or hardware interaction	For dedicated crypto resources, additional steps may be needed to make a crypto resource offline/online from the guest's perspective (e.g. using Linux commands).
Environment variable name	N/A
Release(s)	z/VM 7.1 New Function APAR
Service details	See below for the IBM service information.
APAR	VM66266
PTF	UM35531
RSU	z/VM 7.1 - 2001
Additional information	z/VM Spotlight: Dynamic Crypto

EAV Paging
Name	EAV Paging
Description	Support for Extended Address Volumes (EAV) for z/VM paging space. This New Function APAR enhances the z/VM Control Program (CP) by allowing paging space to be located on Extended Address Volumes. As systems continue to grow, the need for paging space has increased. This New Function APAR will allow allocation and use of paging space on ECKD devices above x'FFF0' cylinders. Support for larger paging devices allows customers to define sufficient paging capacity for z/VM partitions with large memory sizes and reduces the burden of managing a large number of smaller paging devices.
Status	Available June 20, 2019
Target availability	July 2019
Compatibility	No known incompatibilities.
Enablement	System would need to be IPLed to pick up code (both CP and the CPFMTXA utility would be updated), Extended Address Volumes would need to be available and formatted for paging space.
Effect	Expect paging subsystem to have significant updates to code, but the paging rate is not expected to change.
ISV impact	No known impacts at this time.
Linux or hardware interaction	No known Linux interaction at this time. Extended Address Volumes would need to be available and formatted for paging space.
Environment variable name	N/A
Release(s)	z/VM 7.1 New Function APAR
Service details	CP	CMS	Perfkit
APAR	VM66263	VM66297	VM66293
PTF	R710 UM35475	R710 UM35483	UM35484
RSU	z/VM 7.1 - 1902
Additional information	z/VM Spotlight: EAV Paging

Elliptic Curve Support
Name	z/VM TCP/IP Elliptic Curve Cryptography (ECC) Cipher Suite Support for Transport Layer Security (TLS)
Description	Enable support for the new cryptographic algorithms that were previously added for use by System SSL through the gskkyman interface. These new cryptographic algorithms provide stronger security ciphers for the TLS/SSL server and brings it closer to TLS 1.2 compliance.
Status	Available December 13, 2018
Target availability	December 13, 2018
Compatibility	No known incompatibilities
Enablement	ECC Ciphers will be enabled by default for use by TLS/SSL (Table 39 in the z/VM TCPIP Planning and Customization will be updated to indicate the ciphers enabled by protocol and mode). In order to use this support, an ECC certificate must be created in the gskkyman database and specified for use on a secure connection.
Effect	There may be a slight performance improvement since ECC is considered to be faster than traditional cryptographic algorithms. View the Elliptic Curve Support performance findings.
ISV impact	No known impacts at this time.
Linux or hardware interaction	No known Linux or hardware interaction.
Environment variable name	N/A
Release(s)	z/VM 7.1 New Function APAR
Service details	See below for the IBM service information.
APAR	PI99184
PTF	UI60128
RSU	z/VM TCP/IP 7.1 - 1901

Fast Minidisk Erase
Name	Fast Minidisk Erase
Description	Remove data from minidisks more quickly than current techniques
Status	Available December 5, 2019
Target availability	Fourth Quarter 2019
Compatibility	No known incompatibilities.
Enablement	Apply PTFs and replace CPFMTXA exec. Function is enabled through DirMaint or by using a new option on CPFMTXA. Does not require IPL of z/VM CP to pick up changes.
Effect	Reduces elapsed time to delete users with DirMaint and for other activities that require minidisk data erasure.
ISV impact	No known impacts at this time. However, exploitation is possible.
Linux or hardware interaction	No Linux or hardware interaction.
Environment variable name	N/A
Release(s)	z/VM 7.1 New Function APAR
Service details	CP	DirMaint
APAR	VM66288	VM65784
PTF	UM35563	UV99356
RSU	z/VM 7.1 - 2001	z/VM 7.1 DirMaint - 2001

Multifactor Authentication for z/VM
Name	Multifactor Authentication for z/VM
Description	Introduces support for a z/VM system with an External Security Manager to authenticate a z/VM userid via a non-password token.
Status	Available May 22, 2020
Target availability	May 22, 2020
Compatibility	No change to default authentication behaviors. If enabled for MFA use, fallback support will be configurable for emergency-use only.
Enablement	After application of the PTF, use appropriate ESM commands to designate a z/VM userid as requiring MFA for logon (RAC ALTUSER or similar). Note that the IBM Z Multifactor Authentication product must be installed in order to process MFA requests from z/VM; refer to the announce letter for IBM Z MFA for more information. For information regarding set-up and configuration, consult the IBM Z MFA documentation.
Effect	No effect for any z/VM guest which is not marked as requiring MFA support. Users of MFA support will need to acquire a derived credential from the MFA web service in order to logon via TN3270 (Telnet) or FTPS. The time of validity for this credential, as well as its reuse, is configurable. Administrators should only enable MFA for human users, as technical users (service virtual machines) or existing applications may not be able to acquire derived credentials in an appropriate time window.
ISV impact	If you have an ISV product for ESM, please see your vendor for appropriate updates.
Linux or hardware interaction	The MFA web service must run inside a Linux on Z guest. It is recommended that this Linux guest be configured exclusively for MFA use, in order to prevent any potential security or privacy issues in sharing a guest for multiple functions. Please consult appropriate product information (5655-MA1) for details regarding minimum service levels, package requirements, and supported distributions.
Environment variable name	N/A
Release(s)	z/VM 7.1 with the PTF for CP APAR VM66324 applied
Service details	See below for the IBM service information.
APAR	VM66338
PTF	UV99363
RSU	z/VM 7.1 RACF - 2101
Additional information	July 7, 2021: MFA fixpack is now available. See z/VM Service APAR VM66528: RACF FIXPACK TO ADDRESS MFA ISSUES / PTFs UV99401 (7.1), UV99401 (7.2) for more information.

RSCS Query System Service
Name	RSCS Query System Service
Description	This provides a means for querying the latest APAR applied to each part that makes up the RSCS LOADLIB.
Status	Available December 4, 2018
Target availability	December 2018
Compatibility	No known incompatibilities.
Enablement	Apply PTF and re-IPL the RSCS server to activate the code.
Effect	None
ISV impact	No known impacts at this time.
Linux or hardware interaction	No known Linux or hardware interaction.
Environment variable name	N/A
Release(s)	z/VM 7.1 New Function APAR
Service details	See below for the IBM service information.
APAR	VM66174
PTF	UV99342
RSU	z/VM RSCS 7.1 - 1901

TLS/SSL Certificate Verification
Name	TLS/SSL Certificate Verification
Description	Add support to allow authentication of client certificates, host name validation and extraction of fields from a certificate. Client certificate authentication support will allow a server to verify a client by examining the client certificate to ensure it has been signed by a certificate authority that the server trusts and that it has not expired, The client authentication support that was previously added to dynamically secured Telnet connections will be expanded to the z/VM FTP and SMTP servers. Additionally, the PORT statement in the TCPIP Config file will be updated to allow client certificate authentication for statically secured connections. Host Name Validation support will allow a client to verify the identity of a server by passing a string containing a Host Name, Domain Name or IP Address on the handshake request. The string will be compared to fields in the server certificate. If the string is not contained within the server certificate, the client may decide to fail the handshake. In addition to the above support, new APIs will be provided to allow fields to be extracted from a client or server certificate. Finally, this PTF also changes the z/VM Telnet server's default CLIENTCERTCHECK setting from NONE to PREFERRED.
Status	Available June 16, 2020
Target availability	Second Quarter 2020
Compatibility	LE APAR VM66349 changes the definition of the SecureDetail structure. Any programs currently using the SecureDetail structure may need to be modified. When Host Name Verification is enabled, values inside your server's digital certificate will be checked against the hostname or IP address of the TCP/IP stack. Use of this option may potentially require new or updated digital certificates, if such fields have not already been included.
Enablement	New configuration options will be added to the SECURE statements in the FTP and SMTP server configuration files to request verification of client certificates. For statically secured connections, new options will be added to the PORT statement. New APIs will allow fields to be requested from a local or partner certificate. The new APIs include a TCPSCERTDATA call for Pascal routines and a new SIOCGCERTDATA ioctl code for IUCV and C routines. For Host Name Verification, the SecureDetailType structure has been updated with a new Version field. When the Version is set to 1, a new SecureDetailExtension can be included on a secure client call to specify an FQDN, host name or IP Address to be compared against a server certificate to verify the identity of the server. The z/VM Telnet client will be updated to use the new SecureDetailExtension. The above support requires new TCPIP, SSLSERV, NETSTAT, SRVRFTP, SMTP, FTP and TELNET modules. In addition, a new version of CMS and LE is required for the SSL servers and any users that will be issuing the new SIOCGCERTDATA ioctl. A restart of all of these clients and servers will be required. No restart of z/VM itself is required.
Effect	Because of the change to the z/VM Telnet server's default CLIENTCERTCHECK setting, connections to the z/VM Telnet server might take longer to establish and CPU consumption in the z/VM TLS/SSL servers might increase.
ISV impact	No known impacts at this time.
Linux or hardware interaction	No known Linux or hardware interaction.
Environment variable name	N/A
Release(s)	z/VM 7.1 New Function APAR
Service details	TCP/IP	CMS	LE
APAR	PH18435	VM66348	VM66349
PTF	UI69975	UM35651	UM35650
RSU	z/VM 7.1 TCP/IP - 2101	z/VM 7.1 - 2101	z/VM 7.1 - 2001

VSwitch Priority Queuing
Name	VSwitch Priority Queuing
Description	Currently all VSwitch outbound traffic to the external network is transmitted at the same priority. When VSwitch Priority Queuing is enabled, z/VM will establish multiple OSA QDIO Output queues, and transmit data to the external network at different priorities.
Status	Available May 23, 2019
Target availability	June 2019
Compatibility	No known incompatibilities.
Enablement	Apply PTFs and re-IPL z/VM. Enablement can be handled through DEFINE VSWITCH command. Priorities can be set via NICDEF or SET VSWITCH. Priority queueing on the OSA card is enabled by default.
Effect	View the VSwitch Priority Queuing performance report.
ISV impact	ISV directory maintenance support products may require changes for the new option on the NICDEF directory statement. ISV performance monitoring products may require changes for the new Monitor record fields.
Linux or hardware interaction	Priority queueing is supported on all available OSA-Express features. It does require an OSA configuration change via IOCP or HCD. No known Linux interaction.
Environment variable name	N/A
Release(s)	z/VM 7.1 New Function APAR
Service details	CP	TCPIP	DirMaint
APAR	VM66219	PH04703	VM66223
PTF	UM35465	UI62768	UV99352
RSU	z/VM 7.1 - 1902	z/VM 7.1 TCP/IP - 1902	z/VM 7.1 DirMaint - 1901
Additional information	z/VM Spotlight: Virtual Priority Queuing Virtual Switch Priority Queuing PDF presentation (16 slides, 1MB)