z/OS customization variables: Managed (custom) nodes

Specify values for the variables in the Profile Management Tool to create customization data and instructions that you can use to configure a managed (custom) node.

During this customization task, you create a (temporary) cell configuration, a node configuration, and a (temporary) location service daemon.

The Profile Management Tool creates customization data and instructions that are used to configure a WebSphere Application Server for z/OS runtime environment. A z/OS runtime profile is neither created nor augmented, however, until the actions listed in the generated instructions are performed on the target z/OS system.
Tip: Use the IBM® default names the first time you install WebSphere® Application Server for z/OS® to make the installation instructions easier to follow.
Note: The cell configuration and location service daemon are temporary because they are replaced shortly after creation when the new node is federated.
The customization corresponding to the following sections sets up the names, network configuration, start procedures, and user IDs for the future node agent and application servers.

Customization Definition Name

Customization definition name
Name that identifies the customization definition

This name is used on the workstation to identify the customization data and instructions that are created. The name chosen has no effect on the WebSphere Application Server for z/OS configuration.

Response file path name (optional)
Full path name of a response file that contains the default values to be used

When this value is specified, the input fields are preloaded with the values in the response file.

Tip: A response file is written each time that a customization definition is created. This response file contains all of the variable data that was used to create the customization definition, and it can be used to preload the default values when defining a similar customization definition. Normally, you should specify a response file from a customization definition of the same type as the definition that you are about to define; however, you can use a response file of a different customization-definition type to preload most of the default values for a similar type.

Default Values

Options for generating default values for this customization definition

The default values that are generated are similar to those generated by the Washington Systems Center for use with their configuration planning spreadsheets, which are available on the WebSphere for z/OS Version 7 - Configuration Planning Spreadsheets) Web site. Read Configuration Planning Spreadsheets for z/OS for more information.

If you specified a response file for setting default values, any default selected here will override the corresponding response file values.

GID and UID defaults
Set each default GID and UID value to indicate that operating-system security is to assign an unused value

When this option is selected, each GID and UID value will be defaulted to allow operating-system security to assign an unused value. When this option is not selected, each GID and UID value will be defaulted to an IBM-provided number.

Name and userid defaults
Set default names and user IDs based on cell and system identifiers

When this option is selected, default cell, node, server, and procedure names as well as group names and user IDs are based on cell and system identifiers.

Two-character cell identifier
Two-character cell identifier (for the Network Deployment cell into which this node will be federated) to be used to create default names and user IDs
Rule: The first character must be an alphabetic character and the second character must be an alphanumeric character. Alphabetic characters can be entered in lowercase or uppercase. The case of alphabetic characters will be adjusted as appropriate for each generated default value.
Single-character system identifier
Single-character system identifier to be used to create default names and user IDs
Rule: The character must be an alphanumeric character. An alphabetic character can be entered in lowercase or uppercase. The case of the alphabetic character will be adjusted as appropriate for each generated default value.
Port defaults
Select default port values from the following port range

The port range must contain at least 10 ports.

When this option is not selected, each port value will default to an IBM-provided number. When this option is selected, each port default value will be selected from the following port number range.

Lowest default port number
Lowest number that may be assigned as a default port number
Highest default port number
Highest number that may be assigned as a default port number

Target Datasets

High-level qualifier (HLQ)
High-level qualifier for the target z/OS datasets that will contain the generated jobs and instructions
When a customization definition is uploaded to the target z/OS system, the customization jobs and files are written to a pair of partitioned datasets. While is it possible to reuse these datasets, it is safest to create separate datasets for each WebSphere Application Server for z/OS configuration. The best practice is to use the customization dataset name prefix (sometimes referred to as "config_hlq") to indicate the version and release of WebSphere Application Server for z/OS, the task that you are performing, and the cell (as well as the node name in some cases) that you are configuring. For example, you might use the following dataset name prefix for configuring a standalone WebSphere Application Server cell named TESTCELL for Version 7.0:
SYSPROG1.WAS70.TESTCELL.APPSERV
In this example, the following two datasets will be created when the customization definition is uploaded to the target z/OS system:
SYSPROG1.WAS70.TESTCELL.APPSERV.CNTL
SYSPROG1.WAS70.TESTCELL.APPSERV.DATA
The CNTL dataset will be a partitioned dataset (PDS) with fixed block 80-byte records that will contain the customization jobs. The DATA dataset will be a PDS with variable length data to contain the other customization data.
Rule: The high-level qualifier can consist of multiple qualifiers (up to 39 characters).
The generated batch jobs and instructions will be uploaded to two z/OS partitioned datasets:
HLQ.CNTL
Partitioned dataset with fixed block 80-byte records to contain customization jobs
HLQ.DATA
Partitioned dataset with variable-length data to contain other data contained in the customization definition
Tip: A multilevel high-level qualifier can be specified as the dataset high-level qualifier.

Configure Common Groups

WebSphere Application Server configuration group information
Group
Default group name for the WebSphere Application Server administrator user ID and all server user IDs
Allow OS security to assign GID
Select this option to have RACF assign an unused GID value.
Assign user-specified GID
Select this option to specify a GID value.
Specified GID
UNIX System Services GID number for the WebSphere Application Server configuration group
Rule: GID values must be unique numeric values between 1 and 2,147,483,647.
WebSphere Application Server servant group information
Group
Connect all servant user IDs to this group

You can use this group to assign subsystem permissions, such as DB2 authorizations, to all servants in the security domain.

Allow OS security to assign GID
Select this option to have RACF assign an unused GID value.
Assign user-specified GID
Select this option to specify a GID value.
Specified GID
UNIX System Services GID number for the servant group
Rule: GID values must be unique numeric values between 1 and 2,147,483,647.
WebSphere Application Server local user group information
Group
Group of local clients and unauthorized user IDs
Allow OS security to assign GID
Select this option to have RACF assign an unused GID value.
Assign user-specified GID
Select this option to specify a GID value.
Specified GID
UNIX System Services GID number for the local user group
Rule: GID values must be unique numeric values between 1 and 2,147,483,647.

Configure Common Users

Common controller user ID
User ID
User ID associated with all the control regions and the daemon

This user ID will also own all of the configuration file systems.

If you are using a non-IBM security system, the user ID might have to match the procedure name. Refer to your security system's documentation.

Allow OS security to assign UID
Select this option to have RACF assign an unused UID value.
Assign user-specified UID
Select this option to specify a specific UID value.
Specified UID
User identifier associated with the control region user ID
Rule: UIDs must be unique numbers between 1 and 2,147,483,647 within the system.
Common servant user ID
User ID
User ID associated with the servant and control adjunct regions

If you are using a non-IBM security system, the user ID might have to match the procedure name. Refer to your security system's documentation.

Allow OS security to assign UID
Select this option to have RACF assign an unused UID value.
Assign user-specified UID
Select this option to allow to allow a user-specified ID.
Specified UID
User identifier associated with the servant region user ID
Rule: UIDs must be unique numbers between 1 and 2,147,483,647 within the system.
WebSphere Application Server administrator
User ID
User ID of the initial WebSphere Application Server administrator

It must have the WebSphere Application Server configuration group as its default UNIX System Services group.

Allow OS security to assign UID
Select this option to have RACF assign an unused UID value.
Assign user-specified UID
Select this option to allow to allow a user-specified ID.
Specified UID
User identifier associated with the administrator user ID
Rule: UIDs must be unique numbers between 1 and 2,147,483,647 within the system.
Asynchronous administration user ID
User ID
User ID that is used to run asynchronous administration operations procedure

This user ID must be a member of the WebSphere Application Server configuration group.

Allow OS security to assign UID
Select this option to have RACF assign an unused UID value.
Assign user-specified UID
Select this option to specify a specific UID value.
Specified UID
UNIX System Services UID number for the asynchronous administration task user ID
Rule: UID values must be unique numeric values between 1 and 2,147,483,647.
WebSphere Application Server user ID home directory
New or existing file system directory in which home directories for WebSphere Application Server for z/OS user IDs will be created by the customization process

This directory does not need to be shared among z/OS systems in a WebSphere Application Server cell.

Configure Additional Users

This panel only displays if you click Window > Preferences > Profile Management Tool in WebSphere Customization Tools Version 7.0.0.1 or later, select Enable unique user IDs for daemon and adjunct, and click Apply.
Controller adjunct user ID
User ID
User ID associated with the control adjunct
Allow OS security to assign UID
Select this option to have RACF assign an unused UID value.
Assign user-specified UID
Select this option to specify a specific UID value.
Specified UID
User identifier associated with the control adjunct user ID
Rule: UIDs must be unique numbers between 1 and 2,147,483,647 within the system.
Daemon user ID
User ID
User ID associated with the daemon
Allow OS security to assign UID
Select this option to have RACF assign an unused UID value.
Assign user-specified UID
Select this option to allow to allow a user-specified ID.
Specified UID
User identifier associated with the daemon user ID
Rule: UIDs must be unique numbers between 1 and 2,147,483,647 within the system.

System and Dataset Names

System name
System name for the target z/OS system on which you will configure WebSphere Application Server for z/OS
Tip: If you are not sure what the system name (&SYSNAME) is, use the console command D SYMBOLS on the target z/OS system to display it.
Sysplex name
Sysplex name for the target z/OS system on which you will configure WebSphere Application Server for z/OS
Tip: If you are not sure what the sysplex name (&SYSPLEX) is, use the console command D SYMBOLS on the target z/OS system to display it.
PROCLIB dataset name
Existing procedure library where the WebSphere Application Server for z/OS cataloged procedures are added

Node Names

Note: A cell short name of BBOTEMP and a cell long name of bbotemp will be assigned to the unfederated managed node. These names will no longer be used after the managed node is federated into a Network Deployment cell.
Node names
Short name
Name that identifies the node to z/OS facilities such as SAF
Rules:
  • Name must be eight or fewer characters and all uppercase.
  • Name must be unique within the cell.
Long name
Primary external identification of this WebSphere Application Server for z/OS node

This name identifies the node as displayed through the administrative console.

Rules:
  • Name must be 50 or fewer characters.
  • Name must be unique within the cell.
  • The application server must be defined on its own node; no other server can exist on the same node as the application server.

Configuration File System

Note: The cell long name is included in the default mount point and the cell short name is included in the default dataset name. If you plan to federate this application server into a Network Deployment cell, you might want to change the cell long and short names in these default values to the actual long and short names of the cell into which this node will be federated.
Mount point
Read/write file system directory mount point where application data and environment files are written

The customization process creates this mount point if it does not already exist.

Directory path name relative to mount point
Relative path name of the directory within the configuration file system in which the configuration resides
Dataset name
File system dataset that you will create and mount at the above mount point
Rule: You can specify up to 44 characters for the dataset name.
File system type
Type of file system that will be used when creating the WebSphere for z/OS configuration file system
Hierarchical File System (HFS)
This will allocate and mount your configuration file system dataset using HFS.
zSeries® File System (ZFS)
This will allocate and mount your configuration file system dataset using ZFS.
Volume, or '*' for SMS
DASD volume serial number to contain the above dataset or * to let SMS select a volume

Using * requires that SMS automatic class selection (ACS) routines be in place to select the volume. If you do not have SMS set up to handle dataset allocation automatically, list the volume explicitly.

Primary allocation in cylinders
Initial size allocation in cylinders for the configuration file system dataset
Tip: The minimum suggested size is 300 cylinders.
Secondary allocation in cylinders
Size of each secondary extent in cylinders
Tip: The minimum suggested size is 100 cylinders.

WebSphere Application Server Product File System

Product file system directory
Name of the directory where WebSphere Application Server for z/OS files reside after installation

Read Product file system for more information.

Intermediate symbolic link
Select this option to allow to set up an intermediate symbolic link, and specify the path name of that link if you select it

If you specify an intermediate symbolic link, symbolic links are created from the configuration file system to the intermediate symbolic link; otherwise, they are created directly to the product file system.

Selecting this option will allow you to specify the path name of an intermediate symbolic link. This link will be created by the customization jobs, pointing to the product file system directory.
Path name of intermediate symbolic link
Path name of intermediate symbolic link

Error Log Stream and CTRACE Parmlib Member

This panel only displays if you click Window > Preferences > Profile Management Tool in WebSphere Customization Tools Version 7.0.0.5 or later, select Enable error log stream and CTRACE parmlib member, and click Apply. Alternatively, you can use the administrative console to set these values.
Error log stream
Error log stream name (optional)
Name of the error log stream that you create
Rules:
  • Name must be 26 or fewer characters.
  • Do not put quotes around the name.
CTRACE parmlib member
CTRACE parmlib member suffix (optional)
Value that is appended to CTIBBO to form the name of the CTRACE parmlib member that is used by the associated WebSphere Application Serve for z/OS daemon

The BBOCTIOO sample parmlib member in the SBBOJCL dataset can be used to create this CTRACE parmlib member.

Process Definitions

Controller process
Procedure name
Name of member in your procedure library to start the control region
Rule: Name must be seven or fewer characters.
Controller adjunct process
Procedure name
Name of the member in your procedure library that starts the control region adjunct
Rule: Name must be seven or fewer characters.
Servant process
Procedure name
Name of member in your procedure library to start the servant regions
Rule: Name must be seven or fewer characters.
Admin asynch operations procedure name
Specifies the JCL procedure name of a started task that is launched by way of the START command by node agents or application servers to perform certain asynchronous administrative operations (such as node synchronization) and add and remove a node

Read z/OS JCL cataloged procedures for more information.

Location Service Daemon Definitions

The location service daemon is the initial point of client contact in WebSphere Application Server for z/OS. The server contains the CORBA-based location service agent, which places sessions in a cell. All RMI/IIOP IORs (for example, for enterprise beans) establish connections to the location service daemon first, then forward them to the target application server.

Daemon home directory
Directory in which the location service daemon resides

This is set to the configuration file system mount point/Daemon and cannot be changed.

Daemon job name
Specifies the job name of the location service daemon, specified in the JOBNAME parameter of the MVS start command used to start the location service daemon
Caution: When configuring a new node, be sure to choose a new daemon job name value.
Note: A server automatically starts the location service daemon if it is not already running.
Procedure name
Name of the member in your procedure library to start the location service daemon
Rule: Name must be seven or fewer characters.
Target deployment manager does not reside in same sysplex [Fix Pack 11 or later]
IP Name
The fully qualified IP name, registered with the Domain Name Server (DNS), that the location service daemon uses
The default value is your node host name.
Notes:
  • In a sysplex, you should consider using a virtual IP address (VIPA) for the location service daemon IP name.
  • Select the IP name for the location service daemon carefully. Once you have chosen a name, it is difficult to change, even in the middle of customization.
Listen IP
Address at which the daemon listens

Select either * or a dotted decimal IP address for this value.

The default value is *.

Choose the value carefully. It is difficult to change, even in the middle of customization.

Port
Port number on which the location service daemon listens
Note: Select the port number for the location service daemon carefully. You can choose any value you want; but once chosen, it is difficult to change, even in the middle of customization.
SSL port
Port number on which the location service daemon listens for SSL connections
Register daemon with WLM DNS
If you use the WLM DNS (connection optimization), you must select this option to register your location service daemon with it; otherwise, do not select it.
Note: Only one location service daemon per LPAR can register its domain name with WLM DNS. If you have multiple cells in the same LPAR and register one location service daemon and then a second, the second will fail to start.

SSL Customization

Certificate authority keylabel
Name of the key label that identifies the certificate authority (CA) to be used in generating server certificates
Expiration date for certificates
Expiration date used for any X509 Certificate Authority certificates, as well as the expiration date for the personal certificates generated for WebSphere Application Server for z/OS servers

You must specify this even if you did not select the option to generate a certificate authority (CA) certificate.

Rule: The date must be specified in YYYY/MM/DD format.
Default SAF keyring name
Default name given to the RACF® key ring used by WebSphere Application Server for z/OS

The key ring names created for repertoires are all the same within a cell.

You might want to set the managed node's SAF key ring name to be the same as that of the Network Deployment cell into which it will be federated.

Enable writable SAF keyring support
Select this option if you want to enable writable SAF key ring support

Administrative Security Selection

Use a z/OS security product
Use the z/OS system's SAF-compliant security database to define WebSphere Application Server users
  • The SAF security database will be used as the WebSphere Application Server user registry.
  • SAF EJBROLE profiles will be used to control role-based authorization, including administrative authority.
  • Digital certificates will be stored in the SAF security database.

Choose this option if you plan to use the SAF security database as your WebSphere Application Server user registry or if you plan to set up an LDAP or custom user registry whose identities will be mapped to SAF user IDs for authorization checking.

Use WebSphere Application Server
Use built-in facilities of WebSphere Application Server to manage users, groups, and authorization policy
  • A simple file-based user registry will be built as part of the customization process.
  • Application-specific role bindings will be used to control role-based authorization.
  • The WebSphere Application Server console users and groups list will control administrative authority.
  • Digital certificates will be stored in the configuration file system as key stores.

Choose this option if you plan to use an LDAP or custom user registry without mapping of identities to SAF user IDs. The simple file-based user registry is not recommended for production use.

Do not enable security
Do not configure or enable administrative security.

This option is not recommended because it allows anyone to make changes to the WebSphere Application Server configuration.

Your WebSphere Application Server environment will not be secured until you configure and enable security manually.

Federate Application Server

Application server access
WebSphere Application Server home directory path name
Home directory
Configuration file system mount point
Read/write file-system directory mount point where application data and environment files are written
Directory path name relative to mount point
Relative path name of the directory within the configuration file system in which the application server configuration resides
Deployment manager access
Node host name or IP address
IP name or address of the system on which the deployment manager server is configured

This value, equivalent to "cell host" in addNode.sh, is used by other WebSphere Application Server for z/OS functions to connect to this server in order to federate the designated node into the deployment manager cell.

The node host name must always resolve to an IP stack on the system where the deployment manager runs. The node host name cannot be a DVIPA or a DNS name that, in any other way, causes the direction of requests to more than one system.

Deployment manager JMX connection type
RMI
Connect to the deployment manager using an RMI connection
SOAP
Connect to the deployment manager using a SOAP connection
Deployment manager JMX port
JMX (Java Management Extensions) SOAP (Simple Object Access Protocol) connector port that the add-node request uses to connect to the deployment manager

It provides the federation process with knowledge of which deployment manager is the target of the federation.

Deployment manager connection requires security information
Indicates whether a user ID (and associated password) with full administration privileges is required to connect to the deployment manager

The user ID and password are required when global security is enabled on the Network Deployment cell unless an RMI connector is being used. If an RMI connector is being used, the identity information will be extracted from the thread of execution of the addNode job if the user ID and password are not specified.

User ID
User ID with full administrative privileges for the Network Deployment cell
Password
Password for the user ID that has full administrative privileges for the Network Deployment cell
Node agent definitions
Server name (short)
Name of the node agent server
This is the server's jobname, as specified in the MVS START command JOBNAME parameter. This value identifies the server to certain z/OS facilities used by WebSphere Application Server for z/OS (SAF for example).
Rule: Name must contain seven or fewer all-uppercase characters.
Server name (long)
Name of the node agent and the primary external identification of the node agent server

This name identifies the server as displayed through the administrative console. The node agent server long name is set to the fixed value of nodeagent.

Node host name
IP address or host name of the system on which the node resides
JMX SOAP connector port
Port number for the JMX HTTP connection to this server based on the SOAP protocol (SOAP_CONNECTOR_ADDRESS)

JMX is used for remote administrative functions and is invoked through scripts such as wsadmin.sh.

Rule: Value cannot be 0.
ORB listener IP address
IP address on which the server's ORB listens for incoming IIOP requests

The default is *, which instructs the ORB to listen on all available IP addresses.

ORB port
Port for IIOP requests that acts as the bootstrap port for this server and also as the port through which the ORB accepts IIOP requests (BOOTSTRAP_ADDRESS and ORB_LISTENER_ADDRESS)
Rule: Value cannot be 0.
ORB SSL port
Port for secure IIOP requests (ORB_SSL_LISTENER_ADDRESS)
Node discovery port
Defines the TCP/IP port to which the node agents listens for discovery requests that originate from the deployment manager (NODE_DISCOVERY_ADDRESS)
Node multicast discovery port
Defines the multicast port through which the node agent sends discovery requests to its managed servers (NODE_MULTICAST_DISCOVERY_ADDRESS)

The multicast IP address on which the discovery port is opened is defaulted by WebSphere Application Server for z/OS to 232.133.104.73. This default address can be changed using the administrative console. This is a CLASS D address. The valid IP range is from 224.0.0.0 to 239.255.255.255.

Node IPv6 multicast discovery port
Defines the IPv6 multicast port through which the node agent sends discovery requests to its managed servers (NODE_IPV6_MULTICAST_DISCOVERY_ADDRESS)
Administrative local port
Port for the JMX connector that listens on the loopback adapter (IPC_CONNECTOR_ADDRESS)

The connector uses "local comm" communications protocol, which means that the port is used only for communications that are local to the z/OS system image (or sysplex).

High Availability Manager communication port (DCS)
Port on which the High Availability Manager listens (DCS_UNICAST_ADDRESS)
Node group name
Node group into which the node will be placed

Specify DefaultNodeGroup if the node is in the same sysplex as the deployment manager.

Launch the node agent after node federation
Indicates whether the node agent is to be started automatically after federating a node

Security Certificate

Default personal certificate
Issued to distinguished name
Identifier of the personal certificate
It can be customized if necessary. The default syntax for the distinguished name is:
cn=<host>,ou=<cell>,ou=<node>,o=<company>,c=<country>
Issued by distinguished name
Identifier of the root signing certificate
It can be customized if necessary. The default syntax for the distinguished name is
cn=<host>,ou=Root Certificate,ou=<cell>,ou=<node>,
o=<company>,c=<country>
Expiration period in years
The default personal certificate is valid for one year. The maximum expiration is ten years.
Root signing certificate
Expiration period in years
The default signing (root) certificate is a self-signed certificate. It has a default validation period of twenty years. The maximum validation period is twenty-five years.
Default keystore password
Default password for all keystores

It should be changed to protect the security of the keystore files and SSL configuration.

Double-byte characters as well as certain ASCII characters such as the asterisk (*) and ampersand (&) are invalid characters for the keystore password.

Job Statement Definition

All the customization jobs that will be tailored for you will need a job statement. Enter a valid job statement for your installation. The customization process will update the job name for you in all the generated jobs, so you need not be concerned with that portion of the job statement. If continuation lines are needed, replace the comment lines with continuation lines.
Job statement 1
Job statement 2
Job statement 3
Job statement 4



Related concepts
z/OS application server naming conventions
z/OS basic naming convention
z/OS standard naming convention
Related reference
z/OS customization worksheet: Managed (custom) nodes for Version 7.0
Related information
Planning for new managed (custom) nodes
Reference topic Reference topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: May 16, 2013 11:33:12 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=v701sca&product=was-nd-mp&topic=rins_defvar4def
File name: rins_defvar4def.html