Specify values for the variables in the Profile Management
Tool to create customization data and instructions that you can use
to configure a Network Deployment cell with an application server.
The WebSphere® Application Server for z/OS® runtime
requires four standalone cell servers: application server, deployment
manager, node agent, and location service daemon. The customization
corresponding to the following sections sets up the names, network
configuration, start procedures, and user IDs for a Network Deployment
cell with an application server.
The Profile Management Tool creates customization data and instructions
that are used to configure a WebSphere Application Server for z/OS
runtime environment. A z/OS runtime profile is neither created nor
augmented, however, until the actions listed in the generated instructions
are performed on the target z/OS system.
Tip: Use the IBM® default names the first time
you install WebSphere Application Server for z/OS to
make the installation instructions easier to follow.
Customization Definition Name
- Customization definition name
- Name that identifies the customization definition
This name
is used on the workstation to identify the customization data and
instructions that are created. The name chosen has no effect on the
WebSphere Application Server for z/OS configuration.
- Response file path name (optional)
- Full path name of a response file that contains the default values
to be used
When this value is specified, the input fields are preloaded
with the values in the response file.
Tip: A response
file is written each time that a customization definition is created.
This response file contains all of the variable data that was used
to create the customization definition, and it can be used to preload
the default values when defining a similar customization definition.
Normally, you should specify a response file from a customization
definition of the same type as the definition that you are about to
define; however, you can use a response file of a different customization-definition
type to preload most of the default values for a similar type.
Default Values
Options for generating default
values for this customization definition
The default values
that are generated are similar to those generated by the Washington
Systems Center for use with their configuration planning spreadsheets,
which are available on the WebSphere for z/OS Version 7 - Configuration Planning
Spreadsheets) Web site. Read Configuration Planning Spreadsheets for z/OS for
more information.
If you specified a response file for setting
default values, any default selected here will override the corresponding
response file values.
- GID and UID defaults
- Set each default GID and UID value to indicate that operating-system
security is to assign an unused value
When this option is selected,
each GID and UID value will be defaulted to allow operating-system
security to assign an unused value. When this option is not selected,
each GID and UID value will be defaulted to an IBM-provided number.
- Name and userid defaults
- Set default names and user IDs based on cell, cluster, and system
identifiers
When this option is selected, default cell, node, server,
cluster, and procedure names as well as group names and user IDs are
based on cell, cluster, and system identifiers.
- Two-character cell identifier
- Two-character cell identifier to be used to create default names
and user IDs
Rule: The first character
must be an alphabetic character and the second character must be an
alphanumeric character. Alphabetic characters can be entered in lowercase
or uppercase. The case of alphabetic characters will be adjusted as
appropriate for each generated default value.
- Two-character cluster identifier
- Two-character cluster identifier to be used to create default
names and user IDs
Rule: The characters
must be alphabetic characters. The alphabetic characters can be entered
in lowercase or uppercase. The case of alphabetic characters will
be adjusted as appropriate for each generated default value.
- Single-character system identifier
- Single-character system identifier to be used to create default
names and user IDs
Rule: The character
must be an alphanumeric character. An alphabetic character can be
entered in lowercase or uppercase. The case of the alphabetic character
will be adjusted as appropriate for each generated default value.
- Port defaults
- Select default port values from the following port range
When
this option is not selected, each port value will default to an IBM-provided
number. When this option is selected, each port default value will
be selected from the following port number range.
The port range
must contain at least 50 ports.
- Lowest default port number
- Lowest number that may be assigned as a default port number
- Highest default port number
- Highest number that may be assigned as a default port number
Target Datasets
- High-level qualifier (HLQ)
- High-level qualifier for the target z/OS datasets that will contain
the generated jobs and instructions
When a customization definition
is uploaded to the target z/OS system, the customization jobs and
files are written to a pair of partitioned datasets. While is it possible
to reuse these datasets, it is safest to create separate datasets
for each WebSphere Application Server for z/OS configuration. The
best practice is to use the customization dataset name prefix (sometimes
referred to as "config_hlq") to indicate the version and release of
WebSphere Application Server for z/OS, the task that you are performing,
and the cell (as well as the node name in some cases) that you are
configuring. For example, you might use the following dataset name
prefix for configuring a standalone WebSphere Application Server cell
named TESTCELL for Version 7.0:
SYSPROG1.WAS70.TESTCELL.APPSERV
In
this example, the following two datasets will be created when the
customization definition is uploaded to the target z/OS system:
SYSPROG1.WAS70.TESTCELL.APPSERV.CNTL
SYSPROG1.WAS70.TESTCELL.APPSERV.DATA
The CNTL dataset will
be a partitioned dataset (PDS) with fixed block 80-byte records that
will contain the customization jobs. The DATA dataset will be a PDS
with variable length data to contain the other customization data.
Rule: The high-level qualifier can consist
of multiple qualifiers (up to 39 characters).
The generated
batch jobs and instructions will be uploaded to two z/OS partitioned
datasets:
- HLQ.CNTL
- Partitioned dataset with fixed block 80-byte records to contain
customization jobs
- HLQ.DATA
- Partitioned dataset with variable-length data to contain other
data contained in the customization definition
Tip: A multilevel high-level qualifier
can be specified as the dataset high-level qualifier.
Configure Common Groups
- WebSphere Application Server configuration group information
- Group
- Default group name for the WebSphere Application Server administrator
user ID and all server user IDs
- Allow OS security to assign GID
- Select this option to have RACF assign an unused GID value.
- Assign user-specified GID
- Select this option to specify a GID value.
- Specified GID
- UNIX System Services GID number for the WebSphere Application
Server configuration group
Rule: GID
values must be unique numeric values between 1 and 2,147,483,647.
- WebSphere Application Server servant group information
- Group
- Connect all servant user IDs to this group
You can use this
group to assign subsystem permissions, such as DB2 authorizations,
to all servants in the security domain.
- Allow OS security to assign GID
- Select this option to have RACF assign an unused GID value.
- Assign user-specified GID
- Select this option to specify a GID value.
- Specified GID
- UNIX System Services GID number for the servant group
Rule: GID values must be unique numeric values
between 1 and 2,147,483,647.
- WebSphere Application Server local user group information
- Group
- Group of local clients and unauthorized user IDs
- Allow OS security to assign GID
- Select this option to have RACF assign an unused GID value.
- Assign user-specified GID
- Select this option to specify a GID value.
- Specified GID
- UNIX System Services GID number for the local user group
Rule: GID values must be unique numeric values
between 1 and 2,147,483,647.
Configure Common Users
- Common controller user ID
- User ID
- User ID associated with all the control regions and the daemon
This
user ID will also own all of the configuration file systems.
If
you are using a non-IBM security system, the user ID might have to
match the procedure name. Refer to your security system's documentation.
- Allow OS security to assign UID
- Select this option to have RACF assign an unused UID value.
- Assign user-specified UID
- Select this option to specify a specific UID value.
- Specified UID
- User identifier associated with the control region user ID
Rule: UIDs must be unique numbers between
1 and 2,147,483,647 within the system.
- Common servant user ID
- User ID
- User ID associated with the servant and control adjunct regions
If
you are using a non-IBM security system, the user ID might have to
match the procedure name. Refer to your security system's documentation.
- Allow OS security to assign UID
- Select this option to have RACF assign an unused UID value.
- Assign user-specified UID
- Select this option to allow to allow a user-specified ID.
- Specified UID
- User identifier associated with the servant region user ID
Rule: UIDs must be unique numbers between
1 and 2,147,483,647 within the system.
- WebSphere Application Server administrator
- User ID
- User ID of the initial WebSphere Application Server administrator
It
must have the WebSphere Application Server configuration group as
its default UNIX System Services group.
- Allow OS security to assign UID
- Select this option to have RACF assign an unused UID value.
- Assign user-specified UID
- Select this option to allow to allow a user-specified ID.
- Specified UID
- User identifier associated with the administrator user ID
Rule: UIDs must be unique numbers between
1 and 2,147,483,647 within the system.
- Asynchronous administration user ID
- User ID
- User ID that is used to run asynchronous administration operations
procedure
This user ID must be a member of the WebSphere Application
Server configuration group.
- Allow OS security to assign UID
- Select this option to have RACF assign an unused UID value.
- Assign user-specified UID
- Select this option to specify a specific UID value.
- Specified UID
- UNIX System Services UID number for the asynchronous administration
task user ID
Rule: UID values must be
unique numeric values between 1 and 2,147,483,647.
- WebSphere Application Server user ID home directory
- New or existing file system directory in which home directories
for WebSphere Application Server for z/OS user IDs will be created
by the customization process
This directory does not need to be
shared among z/OS systems in a WebSphere Application Server cell.
System and Dataset Names
- System name
- System name for the target z/OS system
on which you will configure WebSphere Application Server
for z/OS
Tip: If you are not sure what
the system name (&SYSNAME) is, use the console command D
SYMBOLS on the target z/OS system
to display it.
- Sysplex name
- Sysplex name for the target z/OS system
on which you will configure WebSphere Application Server
for z/OS
Tip: If you are not sure what
the sysplex name (&SYSPLEX) is, use the console command D
SYMBOLS on the target z/OS system
to display it.
- PROCLIB dataset name
- Existing procedure library where the WebSphere Application
Server for z/OS cataloged procedures are added
Cell, Node, and Server Names
- Cell names
- Short name
- Name that identifies the cell to z/OS facilities
such as SAF
Rules:
- Name must be eight or fewer characters and all uppercase.
- Name must be unique among all other cells in the sysplex.
- Long name
- Primary external identification of this WebSphere Application
Server for z/OS cell
This name identifies the cell as
displayed through the administrative console.
Rules:
- Name must be 50 or fewer characters.
- Name must be unique among all other cells in the sysplex.
- Deployment manager node names
- Short name
- Name that identifies the node to z/OS facilities
such as SAF
Rules:
- Name must be eight or fewer characters and all uppercase.
- Name must be unique within the cell.
- Long name
- Primary external identification of this WebSphere Application
Server for z/OS node
This name identifies the node as
displayed through the administrative console.
Rules:
- Name must be 50 or fewer characters.
- Name must be unique within the cell.
- The application server must be defined on its own node; no other
server can exist on the same node as the application server.
- Deployment manager server names
- Short name
- Name that identifies the server to z/OS facilities
such as SAF
Rule: Name must usually contain
seven or fewer all-uppercase characters.
- Long name
- Name of the application server and the primary external identification
of this WebSphere Application Server for z/OS server
This
name identifies the server as displayed through the administrative
console.
Rules:
- Name must be 50 or fewer characters.
- Name can include mixed-case alphabetic characters.
- Node agent and application server node names
- Short name
- Name that identifies the node to z/OS facilities
such as SAF
Rules:
- Name must be eight or fewer characters and all uppercase.
- Name must be unique within the cell.
- Long name
- Primary external identification of this WebSphere Application
Server for z/OS node
This name identifies the node as
displayed through the administrative console.
Rules:
- Name must be 50 or fewer characters.
- Name must be unique within the cell.
- The application server must be defined on its own node; no other
server can exist on the same node as the application server.
- Node agent server names
- Short name
- Name that identifies the server to z/OS facilities
such as SAF
The server short name is also used as the server JOBNAME.
Rule: Name must usually contain seven or fewer
all-uppercase characters.
- Long name
- Name of the application server and the primary external identification
of this WebSphere Application Server for z/OS server
This
name identifies the server as displayed through the administrative
console.
Rule: Name must be 50 or
fewer characters.
- Application server names
- Short name
- Name that identifies the server to z/OS facilities
such as SAF
The server short name is also used as the server JOBNAME.
Rule: Name must usually contain seven or fewer
all-uppercase characters.
- Long name
- Name of the application server and the primary external identification
of this WebSphere Application Server for z/OS server
This
name identifies the server as displayed through the administrative
console.
Rule: Name must be 50 or
fewer characters.
- Deployment manager cluster transition name
- WLM APPLENV (WLM application environment) name for the deployment
manage
If this server is converted into a clustered server, this
name becomes the cluster short name. The cluster short name is the
WLM APPLENV name for all servers that are part of the same cluster.
See z/OS JCL cataloged procedures for more
information.
Rule: Name must be eight
or fewer characters and all uppercase.
- Application server cluster transition name
- WLM APPLENV (WLM application environment) name for the application
server
If this server is converted into a clustered server, this
name becomes the cluster short name. The cluster short name is the
WLM APPLENV name for all servers that are part of the same cluster.
See z/OS JCL cataloged procedures for more
information.
Rule: Name must be eight
or fewer characters and all uppercase.
- JVM mode
- 31 bit
- Specifies that the JVM in each application server is to run in
31-bit mode
- 64 bit
- Specifies that the JVM in each application server is to run in
64-bit mode
Deployment Manager Configuration File System
- Mount point
- Read/write file system directory mount point where application
data and environment files are written
The customization process
creates this mount point if it does not already exist.
- Directory path name relative to mount point
- Relative path name of the directory within the configuration file
system in which the configuration resides
- Dataset name
- File system dataset that you will create and mount at the above
mount point
Rule: You can specify up
to 44 characters for the dataset name.
- File system type
- Type of file system that will be used when creating the WebSphere for z/OS configuration
file system
- Hierarchical File System (HFS)
- This will allocate and mount your configuration file system dataset
using HFS.
- zSeries® File System (ZFS)
- This will allocate and mount your configuration file system dataset
using ZFS.
- Volume, or '*' for SMS
- DASD volume serial number to contain the above dataset or * to
let SMS select a volume
Using * requires that SMS automatic class
selection (ACS) routines be in place to select the volume. If you
do not have SMS set up to handle dataset allocation automatically,
list the volume explicitly.
- Primary allocation in cylinders
- Initial size allocation in cylinders for the configuration file
system dataset
Tip: The minimum suggested size is 420 cylinders.
- Secondary allocation in cylinders
- Size of each secondary extent in cylinders
Tip: The
minimum suggested size is 100 cylinders.
Deployment Manager Product File System
- Product file system directory
- Name of the directory where WebSphere Application
Server for z/OS files reside after installation
Read Product file system for more information.
- Intermediate symbolic link
- Select this option to allow to set up an intermediate symbolic
link, and specify the path name of that link if you select it
If
you specify an intermediate symbolic link, symbolic links are created
from the configuration file system to the intermediate symbolic link;
otherwise, they are created directly to the product file system.
Selecting
this option will allow you to specify the path name of an intermediate
symbolic link. This link will be created by the customization jobs,
pointing to the product file system directory.
- Path name of intermediate symbolic link
- Path name of intermediate symbolic link
Error Log Stream and CTRACE
Parmlib Member
This panel only displays if you click
Window
> Preferences > Profile Management Tool in WebSphere Customization
Tools Version 7.0.0.5 or later, select
Enable error log stream
and CTRACE parmlib member, and click
Apply. Alternatively,
you can use the administrative console to set these values.
- Error log stream
- Error log stream name (optional)
- Name of the error log stream that you create
Rules:
- Name must be 26 or fewer characters.
- Do not put quotes around the name.
- CTRACE parmlib member
- CTRACE parmlib member suffix (optional)
- Value that is appended to CTIBBO to form the name of the CTRACE
parmlib member that is used by the associated WebSphere Application
Serve for z/OS daemon
The BBOCTIOO sample parmlib member in the
SBBOJCL dataset can be used to create this CTRACE parmlib
member.
Application Server Configuration File System
- Mount point
- Read/write file system directory mount point where application
data and environment files are written
The customization process
creates this mount point if it does not already exist.
- Directory path name relative to mount point
- Relative path name of the directory within the configuration file
system in which the configuration resides
- Dataset name
- File system dataset that you will create and mount at the above
mount point
Rule: You can specify up
to 44 characters for the dataset name.
- File system type
- Type of file system that will be used when creating the WebSphere for z/OS configuration
file system
- Hierarchical File System (HFS)
- This will allocate and mount your configuration file system dataset
using HFS.
- zSeries File System (ZFS)
- This will allocate and mount your configuration file system dataset
using ZFS.
- Volume, or '*' for SMS
- DASD volume serial number to contain the above dataset or * to
let SMS select a volume
Using * requires that SMS automatic class
selection (ACS) routines be in place to select the volume. If you
do not have SMS set up to handle dataset allocation automatically,
list the volume explicitly.
- Primary allocation in cylinders
- Initial size allocation in cylinders for the configuration file
system dataset
Tip: The minimum suggested size is 420 cylinders.
- Secondary allocation in cylinders
- Size of each secondary extent in cylinders
Tip: The
minimum suggested size is 100 cylinders.
Application Server Product File System
- Product file system directory
- Name of the directory where WebSphere Application
Server for z/OS files reside after installation
Read Product file system for more information.
- Intermediate symbolic link
- Select this option to allow to set up an intermediate symbolic
link, and specify the path name of that link if you select it
If
you specify an intermediate symbolic link, symbolic links are created
from the configuration file system to the intermediate symbolic link;
otherwise, they are created directly to the product file system.
Selecting
this option will allow you to specify the path name of an intermediate
symbolic link. This link will be created by the customization jobs,
pointing to the product file system directory.
- Path name of intermediate symbolic link
- Path name of intermediate symbolic link
Optional Application Deployment
- Deploy the administrative console
- Specify whether to install a Web-based administrative console
that manages the application server.
Deploying the administrative
console is recommended, but if you deselect this option, the information
center contains detailed steps for deploying it after the profile
exists.
- Deploy the default application
- Specify whether to install the default application that contains
the Snoop, Hello, and HitCount servlets.
- Deploy the sample applications
- Specify whether to install the sample applications (the Samples
Gallery).
Install the sample applications to use the application
server and evaluate the latest technological advancements. The sample
applications are not recommended for deployment to production application
server environments.
Process Definitions
- Deployment manager controller process
- Job name
- Job name, specified in the MVS START
command JOBNAME parameter, associated with the control region
This
is the same as the server short name and it cannot be changed through
the tool.
- Procedure name
- Name of member in your procedure library to start the control
region
Rule: Name must be seven or fewer
characters.
- Deployment manager servant process
- Job name
- Job name used by WLM to start the servant regions
This is set
to the server short name followed by the letter "S", and it cannot
be changed through the tool.
- Procedure name
- Name of member in your procedure library to start the servant
regions
Rule: Name must be seven or fewer
characters.
- Application server controller process
- Job name
- Job name, specified in the MVS START
command JOBNAME parameter, associated with the control region
This
is the same as the server short name and it cannot be changed through
the tool.
- Procedure name
- Name of member in your procedure library to start the control
region
Rule: Name must be seven or fewer
characters.
- Application server controller adjunct process
- Job name
- Job name used by WLM to start the application server control region
adjunct
This is set to the server short name followed by the letter
"A", and it cannot be changed through the tool.
- Procedure name
- Name of the member in your procedure library that starts the control
region adjunct
Rule: Name must be seven
or fewer characters.
- Application server servant process
- Job name
- Job name used by WLM to start the servant regions
This is set
to the server short name followed by the letter "S", and it cannot
be changed through the tool.
- Procedure name
- Name of member in your procedure library to start the servant
regions
Rule: Name must be seven or fewer
characters.
- Admin asynch operations procedure name
- Specifies the JCL procedure name of a started task that is launched
by way of the START command by node agents or application servers
to perform certain asynchronous administrative operations (such as
node synchronization) and add and remove a node
Read z/OS JCL cataloged procedures for more information.
Port Values Assignment
Deployment manager
ports:
- Node host name or IP address
- IP name or address of the system on which the server is configured
This
value is used by other WebSphere Application Server
for z/OS functions to connect to this server.
Note: The node host name must always resolve to an IP stack
on the system where the application server runs. The node host name
cannot be a DVIPA or a DNS name that, in any other way, causes the
direction of requests to more than one system.
- JMX SOAP connector port
- Port number for the JMX HTTP connection to this server based on
the SOAP protocol (SOAP_CONNECTOR_ADDRESS)
JMX is used for remote
administrative functions, such as invoking scripts through wsadmin.sh.
Rule: Value cannot be 0.
- Cell discovery address port
- Port number used by node agents to connect to this deployment
manager server (CELL_DISCOVERY_ADDRESS)
- ORB listener IP address
- IP address on which the server's ORB listens for incoming IIOP
requests
The default is *, which instructs the ORB to listen on
all available IP addresses.
- ORB port
- Port for IIOP requests that acts as the bootstrap port for this
server and also as the port through which the ORB accepts IIOP requests
(BOOTSTRAP_ADDRESS and ORB_LISTENER_ADDRESS)
Rule: Value cannot be 0.
- ORB SSL port
- Port for secure IIOP requests (ORB_SSL_LISTENER_ADDRESS)
The
default is "0", which allows the system to choose this port.
- HTTP transport IP address
- IP address on which the server's Web container should listen for
incoming HTTP requests
The default is *, which instructs the Web
container to listen on all available IP addresses.
Note: The
transport host name becomes the host name in the virtualhosts.xml file,
which makes setting a specific IP address here less than ideal. If
you do so, you are restricting yourself to that IP address until you
go into the administrative console and add another virtual host.
- Administrative console port
- Port for HTTP requests to the administrative console
- Administrative console secure port
- Port for secure HTTP requests to the administrative console
- Administrative interprocess communication port (K)
- Port for the JMX connector that listens on the loopback adapter
The
connector uses "local comm" communications protocol, which means that
the port is used only for communications that are local to the z/OS
system image (or sysplex).
- High Availability Manager communication port (DCS)
- Port on which the High Availability Manager listens (DCS_UNICAST_ADDRESS)
Rule: Value cannot be 0.
- DataPower® appliance manager secure inbound
port
- Port used to receive events from DataPower appliances that are
managed by the DataPower appliance manager (DataPowerMgr_inbound_secure)
Node agent ports:
- JMX SOAP connector port
- Port number for the JMX HTTP connection to this server based on
the SOAP protocol (SOAP_CONNECTOR_ADDRESS)
JMX is used for remote
administrative functions, such as invoking scripts through wsadmin.sh.
Rule: Value cannot be 0.
- ORB port
- Port for IIOP requests that acts as the bootstrap port for this
server and also as the port through which the ORB accepts IIOP requests
(BOOTSTRAP_ADDRESS and ORB_LISTENER_ADDRESS)
Rule: Value cannot be 0.
- ORB SSL port
- Port for secure IIOP requests (ORB_SSL_LISTENER_ADDRESS)
The
default is "0", which allows the system to choose this port.
- Node agent interprocess communication port (K)
- Port for the JMX connector that listens on the loopback adapter
The
connector uses "local comm" communications protocol, which means that
the port is used only for communications that are local to the z/OS
system image (or sysplex).
- High Availability Manager communication port (DCS)
- Port on which the High Availability Manager listens (DCS_UNICAST_ADDRESS)
Rule: Value cannot be 0.
- Node discovery port
- Defines the TCP/IP port to which the node agents listens for discovery
requests that originate from the deployment manager (NODE_DISCOVERY_ADDRESS)
- Node multicast discovery port
- Defines the multicast port through which the node agent sends
discovery requests to its managed servers (NODE_MULTICAST_DISCOVERY_ADDRESS)
The
multicast IP address on which the discovery port is opened is defaulted
by WebSphere Application Server for z/OS to 232.133.104.73. This default
address can be changed using the administrative console. This is a
CLASS D address. The valid IP range is from 224.0.0.0 to 239.255.255.255.
- Node IPv6 multicast discovery port
- Defines the IPv6 multicast port through which the node agent sends
discovery requests to its managed servers (NODE_IPV6_MULTICAST_DISCOVERY_ADDRESS)
Application server ports:
- JMX SOAP connector port
- Port number for the JMX HTTP connection to this server based on
the SOAP protocol protocol (SOAP_CONNECTOR_ADDRESS)
JMX is used
for remote administrative functions, such as invoking scripts through
wsadmin.sh.
Rule: Value cannot be
0.
- ORB port
- Port for IIOP requests that acts as the bootstrap port for this
server and also as the port through which the ORB accepts IIOP requests
(BOOTSTRAP_ADDRESS and ORB_LISTENER_ADDRESS)
Rule: Value cannot be 0.
- ORB SSL port
- Port for secure IIOP requests (ORB_SSL_LISTENER_ADDRESS)
The
default is "0", which allows the system to choose this port.
- HTTP transport port
- Port for HTTP requests (WC_defaulthost)
Rule: Value cannot be 0.
- HTTPS transport port
- Port for secure HTTP requests (WC_defaulthost_secure)
Rule: Value cannot be 0.
- Administrative local port
- Port for the JMX connector that listens on the loopback adapter
(IPC_CONNECTOR_ADDRESS)
The connector uses "local comm" communications
protocol, which means that the port is used only for communications
that are local to the z/OS system image (or sysplex).
- High Availability Manager communication port (DCS)
- Port on which the High Availability Manager listens (DCS_UNICAST_ADDRESS)
Rule: Value cannot be 0.
- Service integration port
- Port for service-integration requests (SIB_ENDPOINT_ADDRESS)
Rule: Value cannot be 0.
- Service integration secure port
- Port for secure service-integration requests (SIB_ENDPOINT_SECURE_ADDRESS)
Rule: Value cannot be 0.
- Service integration MQ interoperability port
- Port for service-integration MQ interoperability requests (SIB_MQ_ENDPOINT_ADDRESS)
Rule: Value cannot be 0.
- Service integration MQ interoperability secure port
- Port for secure service-integration MQ interoperability requests
(SIB_MQ_ENDPOINT_SECURE_ADDRESS)
Rule: Value
cannot be 0.
- Session initiation protocol (SIP) port
- Port for session initiation requests (SIP_DEFAULTHOST)
Rule: Value cannot be 0.
- Session initiation protocol (SIP) secure port
- Port for secure session initiation requests (SIP_DEFAULTHOST_SECURE)
Rule: Value cannot be 0.
Location Service Daemon Definitions
The location
service daemon is the initial point of client contact in WebSphere Application Server for z/OS.
The server contains the CORBA-based location service agent, which
places sessions in a cell. All RMI/IIOP IORs (for example, for enterprise
beans) establish connections to the location service daemon first,
then forward them to the target application server.
- Daemon home directory
- Directory in which the location service daemon resides
This
is set to the configuration file system mount point/Daemon and cannot
be changed.
- Daemon job name
- Specifies the job name of the location service daemon, specified
in the JOBNAME parameter of the MVS start
command used to start the location service daemon
Caution: When configuring a new cell, be sure
to choose a new daemon job name value.
Note: A server
automatically starts the location service daemon if it is not already
running.
- Procedure name
- Name of the member in your procedure library to start the location
service daemon
Rule: Name must be seven
or fewer characters.
- IP Name
- The fully qualified IP name, registered with the Domain Name Server
(DNS), that the location service daemon uses
The default value is
your node host name.
Notes:
- In a sysplex, you should consider using a virtual IP address (VIPA)
for the location service daemon IP name.
- Select the IP name for the location service daemon carefully.
Once you have chosen a name, it is difficult to change, even in the
middle of customization.
- Listen IP
- Address at which the daemon listens
Select either * or a dotted
decimal IP address for this value.
The default value is *.
Choose
the value carefully. It is difficult to change, even in the middle
of customization.
- Port
- Port number on which the location service daemon listens
Note: Select the port number for the location service daemon
carefully. You can choose any value you want, but once chosen, it
is difficult to change, even in the middle of customization.
- SSL port
- Port number on which the location service daemon listens for SSL
connections
- Register daemon with WLM DNS
- If you use the WLM DNS (connection optimization), you must select
this option to register your location service daemon with it. Otherwise,
do not select it.
Note: Only one location service daemon
per LPAR can register its domain name with WLM DNS. If you have multiple
cells in the same LPAR and register one location service daemon and
then a second, the second will fail to start.
SSL Customization
- Certificate authority keylabel
- Name of the key label that identifies the certificate authority
(CA) to be used in generating server certificates
- Generate certificate authority (CA) certificate
- Select this option to generate a new CA certificate. Deselect
this option to have an existing CA certificate generate server certificates.
- Expiration date for certificates
- Expiration date used for any X509 Certificate Authority certificates,
as well as the expiration date for the personal certificates generated
for WebSphere Application Server for z/OS servers
You
must specify this even if you did not select the option to generate
a certificate authority (CA) certificate.
Rule: The date must be specified in YYYY/MM/DD format.
- Default SAF keyring name
- Default name given to the RACF® key ring used by WebSphere Application Server for z/OS
The
key ring names created for repertoires are all the same within a cell.
- Enable writable SAF keyring support
- Select this option if you want to enable writable SAF key ring
support
- Enable SSL on location service daemon
- Select this option if you want to support secure communications
using Inter-ORB Request Protocol (IIOP) to the location service daemon
using SSL. If you do not select this option, a RACF key
ring will be generated for the location service daemon to use.
Administrative Security Selection
- Use a z/OS security product
- Use the z/OS system's SAF-compliant security database
to define WebSphere Application Server users
- The SAF security database will be used as the WebSphere Application
Server user registry.
- SAF EJBROLE profiles will be used to control role-based authorization,
including administrative authority.
- Digital certificates will be stored in the SAF security database.
Choose this option if you plan to use the SAF security database
as your WebSphere Application Server user registry or if you plan
to set up an LDAP or custom user registry whose identities will be
mapped to SAF user IDs for authorization checking.
- Use WebSphere Application Server
- Use built-in facilities of WebSphere Application Server to manage
users, groups, and authorization policy
- A simple file-based user registry will be built as part of the
customization process.
- Application-specific role bindings will be used to control role-based
authorization.
- The WebSphere Application Server console users and groups list
will control administrative authority.
- Digital certificates will be stored in the configuration file
system as keystores.
Choose this option if you plan to use an LDAP or custom user
registry without mapping of identities to SAF user IDs. The simple
file-based user registry is not recommended for production use.
- Do not enable security
- Do not configure or enable administrative security.
This option
is not recommended because it allows anyone to make changes to the
WebSphere Application Server configuration.
Your WebSphere Application
Server environment will not be secured until you configure and enable
security manually.
Security Managed by the z/OS Product
- SAF profile prefix (optional)
- SAF profile prefix
To distinguish between APPL or EJBROLE profiles
based on SAF profile prefix, provide an alphanumeric SAF profile prefix
of one to eight characters.
Internally, this sets "SecurityDomainType"
to the string "cellQualified". All servers in the cell will prepend
the SAF profile prefix that you specify to the application-specific
J2EE role name to create the SAF EJBROLE profile for checking.
Note: The
SAF profile prefix is not used, however, if role checking is performed
using WebSphere Application Server for z/OS bindings.
The
SAF profile prefix is also used as the APPL profile name and inserted
into the profile name used for CBIND checks. The RACF jobs create
and authorize the appropriate RACF profiles for the created nodes
and servers.
If you do not want to use a SAF profile prefix,
leave this field blank.
- WebSphere Application Server unauthenticated
user
- User ID
- User ID associated with unauthenticated client requests
This
user ID is sometimes referred to as the "guest" user ID. It should
be given the RESTRICTED attribute in RACF to prevent it from inheriting
UACC-based access privileges.
- Allow OS security to assign UID
- Select this option to have RACF assign an unused UID value.
- Assign user-specified UID
- Select this option to specify a specific UID value.
- UID
- UNIX System Services UID number for the user ID that will be associated
with unauthenticated client requests
Rule: UID
values must be unique numeric values between 1 and 2,147,483,647.
Security Managed by the WebSphere Family
Product
Specify a user name and password to login to the
administrative console and perform administrative tasks.
- User name
- User name for the administrator
- Password
- Password for the administrator
Rule: This
password must not be blank.
Specify a user name and password to login to
the Samples user account.
- Sample applications
- User name
- User name for the samples user account
- Password
- Password for the samples user account
Security Certificate
- Default personal certificate
- Issued to distinguished name
- Identifier of the personal certificate
It can be customized
if necessary. The default syntax for the distinguished name is:
cn=<host>,ou=<cell>,ou=<node>,o=<company>,c=<country>
- Issued by distinguished name
- Identifier of the root signing certificate
It can be customized
if necessary. The default syntax for the distinguished name is
cn=<host>,ou=Root Certificate,ou=<cell>,ou=<node>,
o=<company>,c=<country>
- Expiration period in years
- The default personal certificate is valid for one year. The maximum
expiration is ten years.
- Root signing certificate
- Expiration period in years
- The default signing (root) certificate is a self-signed certificate.
It has a default validation period of twenty years. The maximum validation
period is twenty-five years.
- Default keystore password
- Default password for all keystores
It should be changed to protect
the security of the keystore files and SSL configuration.
Double-byte
characters as well as certain ASCII characters such as the asterisk
(*) and ampersand (&) are invalid characters for the keystore
password.
Web Server Definition
- Create a Web server definition
- Indicates whether to create a Web server definition.
- Web server type
- Select the Web server type from the list of supported Web servers.
- Web server operating system
- Operating system where the Web server is located
- Web server name
- Name used in defining the Web server to WebSphere Application
Server
- Web server host name or IP address
- IP name or address of the system on which the Web server is located
- Web server port
- HTTP port on which the Web server listens
- Web server installation directory path
- Name of the directory where the Web server is installed
- Web server plug-in installation directory path
- Name of the directory in where the Web server plug-ins are installed
Job Statement Definition
All the customization
jobs that will be tailored for you will need a job statement. Enter
a valid job statement for your installation. The customization process
will update the job name for you in all the generated jobs, so you
need not be concerned with that portion of the job statement. If continuation
lines are needed, replace the comment lines with continuation lines.
- Job statement 1
- Job statement 2
- Job statement 3
- Job statement 4