For the Liberty runtime environment on the z/OS® platform, there are two types of process:
the server process and the angel process.
- Server process (bbgzsrv)
- The server process is a Java™ virtual
machine (JVM) running the Liberty code in much the same way as it
does on any other operating system. You can start the server process
either from the MVS™ operator
console by using the angel process or
from the shell. How a user identity is associated and validated depends
on how you start the server:
- If you start the server from an operator console, the identity
that is associated with the STARTED profile created by using a z/OS security product such as RACF® is used to control server
access: start bbgzsrv,parms='defaultServer'
- If you start the server from the shell, you must also stop the
server from the shell. The identity of the shell is used for the server:
The JVM start options for the server process can come from
three sources:
- If you define a file name in the JAVAOPTS DD in the proc for the
server process, Java command-line
arguments are read from this file.
- If you do not define a file name in the JAVAOPTS DD, Java command-line arguments are read from the jvm.options file
in the server configuration directory.
- If the jvm.options file does not exist, the
JVM uses the value of the IBM_JAVA_OPTIONS environment variable.
- Angel process (bbgzangl)
- The angel process runs in an authorized key and provides facilities
to server process to load and access system services in a way that
protects the integrity of the operating system. You start the angel
process from the MVS console
by using a proc.
- The angel does not need any configuration and exists independently
of the server. All the Liberty profile servers that are running on
a z/OS image can share a single
angel, regardless of the level of code that the servers are running.
Use
the MODIFY command to give a list of all the servers that are using
the angel process.
MODIFY [jobname.]identifier,display,servers
- If no z/OS system authorized
services are enabled for any server on a system, the angel does not
need to be active. The angel process is not required for the command
processing services (the command processing services uses unauthorized z/OS services for command support).
- If the server is configured to attempt to use authorized services
but either the angel is not available, or if the effective owner of
the process is not authorized to use the angel, the authorized service
is not available to be used on that server. In some cases, an unauthorized
service might be used instead. See Liberty profile: Unauthorized services used by the SAF registry.
For more information, see Administering the Liberty profile on z/OS