Installing and Configuring WebSphere for z/OS Version 6

minceillusionInternet και Εφαρμογές Web

30 Ιουλ 2012 (πριν από 5 χρόνια και 3 μήνες)

995 εμφανίσεις


Installing and Configuring WebSphere for z/OS Version 6


1






Tips on Installing

and Fi
rs
t Steps Configuration of


WebSphere

for z/OS

V6

WebSphere

Integration
Test

Version (2)





















January
2
7
, 2005


Installing and Configuring WebSphere for z/OS Version 6


2


Introduction

................................
................................
................................
................................

3

The environment

................................
................................
................................
..................

3

WebSphere Installation

................................
................................
................................
..........

3

SMP/E

................................
................................
................................
................................
........

3

Websphere Configuration

................................
................................
................................
......

5

Websphere Configuration Overview

................................
................................
..............

5

Saved customization variables

................................
................................
.......................

6

Loading the security domain variables

................................
................................
........

6

Running the BBOWWPFA job

................................
................................
...........................

7

RACF

authorization errors

................................
................................
................................
.

7

Keyring mismatch

................................
................................
................................
...................

8

ADMIN console not available

................................
................................
...........................

8

JDBC providers Configuration

................................
................................
............................

8

JDBC Type 2 drivers

................................
................................
................................
............

9

DB2 JDBC Type 2 (legacy) driver

................................
................................
..............

9

DB2 Universal JDBC Type 2 driver

................................
................................
..........

10

Defining data sources for JDBC Type 2 Drivers

................................
.....................

13

Defining d
ata sources for JDBC Type 4 Drivers

................................
.....................

15

Augmenting the WebSphere Configuration

................................
................................
.

15

Adding an Application Server to an existing Cel
l

................................
...................

16

RACF and the new WebSphere Application Server

................................
...........

16

Using the ADMIN Console to define the Application Server

..........................

17

RACF Declarations

................................
................................
................................
..........

25

RACF User ID/Group started task assignment

................................
................................
.....

25

RACF server

profiles

................................
................................
................................
............

26

Application Server startup errors due to missing RACF definitions

................................
....

27

Configuring the virtual host

................................
................................
.......................

28

Federating a standalone Server into an ND Cell.

................................
..................

29

References:

................................
................................
................................
...............................

32

DB2 Environm
ents

................................
................................
................................
.............

32

SETPLEX1 environment description

................................
................................
........

32

UTCPLXJ8 environment description

................................
................................
........

32

WT0CELL configuration:

................................
................................
................................
..

33

WQ0CELL Configuration & Port Definition:

................................
..............................

33



Installing and Configuring WebSphere for z/OS Version 6


3

Introduction


This document
is
intended
for technical users, installers,

and
system administrators who are
installing

and configuring
WebSphere


V6 on z/OS

.
Th
is
paper
is the first of a series of
t
echnical

paper
s

to be published by the
WebSphere

Integration Test
(
WIT
)
,

and its
purpose
is

to

present the experiences and lessons

learned
at the
WIT

when
installing
WebSphere

V6
on z/OS
.

The
WIT

team ran through an install
ation

and configuration of
WebSphere

V6 for
z/OS
on a shared z/OS system that already had
an SMP/E environment

defined
,

which
included new SMP/E zones, target,
dis
tribution,

and HFS
libraries.

All the required DDDEFs
were defined and
the
WebSphere

SYSMODs and
latest
WebSphere

V 6.0.1
service

had been
received.

See the “Program Directory for
WebSphere

Application Server for z/OS V6.0.1 for
details on how to

set up
your SMP/E environment
. The program directory and all the other
WebSphere

publication
s

can be
found
at

the following W
eb

site:

http://www
-
306.ibm.com/software/webservers/appser
v/was/library/
.


The
objective
of t
his document is to guide users around some of the problems we
encountered in installing
WebSphere

and to improve the ‘out of the box’ experience
for
WebSphere

V6

users
.
The focus of this document is the SMP
/E apply proc
ess
es and the
implications of SMP/E apply us
ing the Java


SDK JAR command
,
configuration problems,
and issues in defining the DB2


Universal
JDBC
Drivers and the DB2
JDBC
Legacy driver.


This document
should
be used as a

supplement to the
WebSphere

public
ation
s

and
refer
s

back to the
WebSphere

publications w
here you can find more detailed discussions.


The

naming conventions and p
lanning for the installation of
WebSphere

V6

at the
WIT

was
based on a study performed at the IBM


Washington System Center and

documented in
“Washington System Center Sample
WebSphere

for z/OS ND
Configuration
”,
WebSphere

for
z/OS Version
6
. This document can be found on the web at:
www.ibm.com/support/techdocs
. Search for
docu
ment numbe
r
WP1006
5
3
under the
category

“White Papers”.

The information from this white paper has been included in the
WebSphere

Application Server for z/OS V6 “Installing your Application Serving
Environment” publication.


The e
nvironment


We i
nitially

installed
WebSphere

V6.0.1 on
z/OS
V1.6
.

We then upgraded
WebSphere

to
V6.0.2
.2

by applying new maintenance to our SMP/E environment, cop
y
ing
the contents of
the

new

target libraries

into
our execution libraries and re
-
configuring
WebSphere
. There
were n
o applications or data to migrate so the upgrade was very simple
.
We also upgraded
z/OS to V1.7.

WebSphere Installation

The section
s below

describe our experience during the installation of WebSphere V6.0.

SMP/E


SMP/E apply processing for
WebSphere

Appl
ication Server for z/OS
V6
.0.1 and V6.0.2 uses
the Java SDK JAR command to extract certain HFS files. This is discussed in the program
d
irectory but can easily be over
looked.
Without the proper Java
environment established,

the APPLY process will fail.
It
is important that APAR IR54653 be installed on your
z/OS system
. This APAR enables the use of the

profile


file when SMP/E invokes a UNIX


shell script to perform installation activities.
The “profile” refers to the /etc/profile, the

Installing and Configuring WebSphere for z/OS Version 6


4

/home/userid/.profil
e, or /.profile files under USS.
Without this APAR, the SMP/E post APPY
processing will fail when it attempts to invoke the Java JAR command to extract HFS files.

The following error will
occur

during the APPLY process if this APAR is not installed or if

the
PATH environment variable in the

profile


file is not set properly.


DATE 06/24/05 TIME 16:02:01


SMP/E 33.03

SHELL SCRIPT BBO11397 OUTPUT FOR HFS BBO11398 SEQ NUM 004744




Starting
/s/WAS601/usr/lpp/z
WebSphere
/V6R0/IBM//../systemApps/adminconsole.ear/ac.zar.
unzar.zsh script processing

BBO11398...


cd /s/WAS601/usr/lpp/z
WebSphere
/V6R0/IBM//../systemApps/adminconsole.ear

jar
-
xf /s/WAS601/usr/lpp/z
WebSphere
/V6R0/IBM//..
/systemApps/adminconsole.ear/ac.zar


jar: /s/WAS601/usr/lpp/z
WebSphere
/V6R0/IBM/BBO11397 70:

FSUM7351 not found


** Could not unjar /s/WAS601/usr/lpp/z
WebSphere
/V6R0/IBM//..

/sy
stemApps/adminconsole.ear/ac.zar: jar command exited with status=127




To correct this problem, apply APAR IR54653 and
ensure the user ID used to run the APPLY
job has the SDK bin directory i
n its Unix System Services PATH
. Our .profile set the PATH
environment as follows: “
PATH=:/java142/J1.4/bin/:/usr/sbin:$PATH

.
The PATH
environment variable can be set in the
/etc/
profile
file or the /home/userid/.profile
if your
user ID has a home directo
ry specified in
its

OMVS
segment
. O
therwise

the user ID will not
have a home directory and the /etc/profile and /.profile, if one exists, will be used. You need
to ensure you are using the proper “profile” during the USS shell invocation.



The following j
ob is useful to determine if you are set up correctly to execute the JAR
command during the SMP/E APPLY process. Be sure to run the following job under the user
ID used to run the SMP/E APPLY job. This job attempts to execute the JAR command under
the USS
BPXBATCH program. To make things easier it may be helpful to add the “env”
to
your “profile”
to list all the environment variables. After running this job
,

look at the output
to determine if

your “profile’ was executed
. In the output, y
ou should see the re
sults of the
“env” command, and that the
JAR command
ran
successfully.



//TESTENV JOB ,CLASS=A,


// MSGLEVEL=(1,1),MSGCLASS=H,


// USER=
APPLYUSERID



//*
----------------------------------------------------------


//RUNJAR EXEC PGM=BPXBATCH,PARM='sh jar'

//STDOUT DD PATH='/tmp/orosco/output',

//
PATHOPTS=(OCREAT,OTRUNC,OWRONLY)

//********************************************************************/

//PRINT EXEC PGM=IKJEFT01,REGION=2000K,DYNAMNBR=20,TIME=(,10)

//JESOUT DD SYSOUT=*,RECFM=V,LRECL=256


//TPSTDOUT DD PATH='/tmp/orosco/output',

// PATHOPTS=ORDONLY

//SYSTSPRT DD SYSOUT=*

//SYSTSIN DD *



OCOPY INDD(TPSTDOUT) OUTDD(JESOUT) TEXT


This job executes the JAR command
and then

copies the STDOUT output to SYSOUT
, which
is the JESOUT DD statement in this job
. If the JAR command runs successfully you will see

Installing and Configuring WebSphere for z/OS Version 6


5

the “
Usage: ja
r …..


information

in your output. If it fails
,

correct the problem before
attempting to perform the SMP/E APPLY.


After

you get this working, you can apply your maintenance and move on

to the
configuration phase.


Websphere Configuration

This section is

not intended to provide a detailed description of how to configure an
application server. You should refer to
“Washington System Center Sample
WebSphere

for
z/OS ND Configuration”,
WebSphere

for z/OS Version
6
. This document can be found on the
web at:
www.ibm.com/support/techdocs
. Search for
document numbe
r WP100643 under
the category

“White Papers”.

Websphere Configuration Overview


The
WebSphere

configuration consists of running through a set of ISP
F panels

that
fills in
information for REXX execs that
generates jobs to create a security domain and define the
WebSphere

files, load the files with executables and configuration information, and defin
e

symbolic links

to additional
WebSphere

executables.

The configuration process is simple
and straight forward
,

but there are a number of opportunities to specify
incorrect
information in the initial ISPF panels. If incorrect information is specified, the configuration
jobs may fail or
WebSphere

may fail to
start.
The following section lists the errors we
encounter
ed

at the
WIT

and our resolution. These errors were not all product err
ors.

Some
were user errors that

resulted in
attempting to take short cuts and/or entering information
incorrectly. Wh
en errors
in the configuration or startup of
WebSphere

occur
,
they are not
easy to diagnose. We found
that
searching
RETAIN

for similar errors and using
a
GOOGLE
search help
ed

us resolve

many of the
problems
.


Before starting the installation and configuration of
We
bSphere
, r
eview the
WebSphere

Application Server for z/OS
Version

6 “Installing your Application Server Environment” for
details on installing and configuring
WebSphere
. We followed the steps outlined in that
publication.


In our environment,
WebSphere

V4 and
WebSphere

V5 had
previously
been installed
,

so
most of the
base system set up had already been performed
.

T
herefore
,

we did not have to
run through the “Preparing the base
operating

system” steps.


The
nam
ing convention we
used in our configuration

was

based
on the
naming convention
documented
in the “Installing your Application Server Environment
” publication
.
It is

highly
recommended

you come up with a naming convention that will make it easy for you to
identify the various components of
WebSpher
e

in your environment and make it easy for
you to move into more complicated configurations through network deployment and
Federation. We found the naming convention documented in the “Installing your Application
Server Environment” publication to meet our

requirements.
We did not use any of the
default port assignment
s (
with few exce
ptions that attended our plan),
so we defined
ranges

of ports for our use in our configuration
,

which would be easy to tie back to our
WebSphere

configuration. We used a secu
rity
domain

in our s
tand
-
alone application
environment

to ensure
that
the RACF command
s

generated during the
WebSphere

configuration were correct.


The
s
tand
-
alone application server is very simple and a good starting point if this is your
first experienc
e installing and configuring
WebSphere
.


Installing and Configuring WebSphere for z/OS Version 6


6


Before running throug
h the configuration ISPF panels, fill in
the worksheets in the appendix
of

Installing your Application Server Environment”.
This makes

it easier to navigate
through the set of ISPF panels tha
t need to be
filled in
during the configuration process.
After

you have
reviewed the installation documentation and filled in the worksheets
you can
invoke the
BBOWSTRT REXX command to begin the customization process. The following
sections
summarize our

experiences
during this exercise and recommendations that may
help
you
avoid problems.


Saved customization v
ariables



During
WebSphere

configuration you have an opportunity to
re
load
saved or
defaulted
customization

variables
,

which are the dialog var
iables
used to

prime the ISPF
customization panels.

On our first attempt to customize
WebSphere

V6, w
e
chose to
load

and reuse
saved customization variables
that had been generated during the customization
of
WebSphere

V4 and V5 on this system.
The
intent

was

to

prime the ISPF panels with
values already customized for our share
d

environment and
minimize the amount of data we
would have to enter on the ISPF
panels
. This may seem
like a

good idea but it can be
hazardous.

What we discovered
was
that doing th
is introduce
d

dialog variables that
were
no longer
need
ed
. T
his was a minor
problem. I
t also
added
values into variables that should
have been
left blank

for
WebSphere

V6
.
In particular we had problems with the JAVA_HOME
environment variable being set inco
rrectly
and
causing
WebSphere

V6 to fail during startup.

R
unning through the ISPF panels did not expose the error with the JAVA_HOME
environment variable.


We discovered this problem by reconfiguring
WebSphere

again
,

but
t
his time loading the
default
cus
tomization

save variables that were
shipped with
WebSphere

V6
, manually filling
in all the correct values

on the ISPF panels, saving the new set of customization variables
,
then
comparing the
new
customization variables with the old customization variables

that
were

generated from the “primed” ISPF panels.
Doing the comparison exposed the dialog
variable
s

that were no longer used, and exposed the environment variable that was set
incorrectly.


If you do load and reuse an older
set of saved customization va
riables and have problems
starting
WebSphere
,
you may want to consider running through the

same process discussed
in the previous paragraph to determine if there are residual values that may have been
carried forward incorrectly.

This happened because the

Java Software
Development

Kit is
now shipped, installed and serviced as part of the
WebSphere

Application Server for z/Os
Version 6 product. The saved customization variables we used was from the
WebSphere

Application Server for z/OS

Version 5 customizati
on, which required a java home directory.


Loading the s
ecurity
d
omain

variables




As explained in the preceding section
, during the customization process, you have the
option to load the saved customization variables. When customizing the
b
ase
a
pplica
tion
s
erver, the order in which you load the security domain customization variables and the
base a
pplication server customization variables is important. Be sure to load the security
domain customization variables after loading the base application custom
ization variables to
prevent the security domain variable from being replace
d

with incorrect values that might
be saved in the base application server saved customization variable file.



Installing and Configuring WebSphere for z/OS Version 6


7

The RACF errors we encountered during our initial installation w
ere

due to the order in
which the saved customization
variables were loaded. If the
WebSphere

server fails to start
because of RACF authorization errors, validate that the saved customization variables were
loaded
in the correct order.


Running the
BBOWWPFA

job


The
WebSphere

customization process generates a number of jobs. You have the
opportunity to update the jobs card
s

for these jobs. The BBOWWPFA job runs for 25 to 30
minutes
,

and in our environment
,

it timed out. We had to specify a time parameter on t
he
job card

to give it enough time to complete. In our environment
,

we used
TIME=
1440 to get
around the job time
outs.



Another issue that you may face is

the
BBOWWPFA
job
terminating

with
reason code 512,

BBOOHFSWR ‘/tmp/bbowwpfa_63543.out’:

INSTCONFPA
RTIALSUCCESS: The profile now
exists, but errors occurred
.

BBOOHFSWR ‘/tmp/bbowwpfa_63543.err’:

Could not load dll:
<WASHOME>/lib/libbboujuu.so,
which is a symbolic link to hlq.SBBOLOAD(BBOUJUU).


What happens here is that the job spawns new processes to r
un an executable program in
the hierarchical file system, which does not inherit
the STEPLIB of the login job’s JCL
.
One
option

to circumvent this problem

is

to use the _BPX_SHAREAS=YES environment variable.
This
variable
causes
the
spawned servant process
es to run in the same address space as
the login address space

and thereby inherit

the STEPLIB of the login job’s JCL. This
process

will get around the problem of not having the STEPLIB specified in a valid user “profile” ,
either /etc/profile or /home/use
rid/.profile, but is not recommended because there are
restriction
s

when running in this mode. It is recommended
that
the “profile” be set up with
the proper STEPLIB environment variable.

For example, use
:


#FOR
WebSphere

for z/OS V6



export STEPLIB=

SYS1.WAS601.SBBOLPA:SYS1.WAS601.SBBOLD2:SYS1.WAS601.SBBOLOAD:$STEPLIB


instead of:


# Set variable for shared address space

_
BPX_SHAREAS=YES


export _BPX_SHAREAS



RACF authorization errors


RACF

user
IDs, k
eyring values,
and
USS file permission bits can all cause authorization
problems durin
g
WebSphere

start
up processing if any errors are made in the generation of
the
WebSphere

installation jobs. For the RACF errors
,

the message
s

are fairly explicit and
identify the
problem. The
se problems
can be resolved by ensuring
that
the
generated
RACF
j
obs
have the correct values and were run successfully.


Some of the RACF errors we encountered
during our installation were due

to “typos

:


BBOS0116I
WebSphere

security has detected that the default RACF realm could
not be obtained from RACF.



Installing and Configuring WebSphere for z/OS Version 6


8

Keyri
ng m
ismatch


These error
s were corrected after correcting

the incorrect information in the ISPF panels.


We found problems that involved HFS file permissions to be a little more difficult to
diagnose initially. These errors may look like RACF errors

but are really due to the file
permission not being set up correctly. One of the errors we encountered was due to the fact
that our
WebSphere

home directory had incorrect file permissions. We received the
following error
because of
this condition:



ICH40
8I USER(W2ACRU ) GROUP(W2CFG ) NAME(WAS DAEMON CR )


/WAS601/w2cell/W2CELL2.W2NODE2.W2SR012.HOME/properties/servic


e/logs/applyPTF.out


CL(DIRSRCH ) FID(01E2E3D6D9F2F8000F24000000000003)


INSUFFICIENT AUTHORITY TO STAT


ACCESS INTENT(
--
X) ACCESS ALLOWED(OTHER
---
)


EFFECTIVE UID(0000003411) EFFECTIVE GID(0000003500)


We received this error because the permission bits on the /WAS60
1 were not set to allow
the user or group to access the file system.
To
get around this problem we used the CHMOD
command to change the
file
permission
s
on the /WAS601 directory to 775,
which gave

the
user ID

the authority to access this directory.




A
DMIN c
onsole not available



If accessing the ADMIN Console
after starting
WebSphere

fails with “page not found”,
en
sure the admin

console

files have been extracted from the ac.zar file.
This
action
is done
during the SMP/E Apply

process.
You can check that the files have been extracted

by
using
the CD command to change
to the
{
WebSphere
_home_directory
}
/systemApps/admin
consol
e.e
a
r directory and listing the
contents. You should see a number of admin

con
so
le files and symbolic links

in that
subdirectory
.
If
this is not the case,
the admin

console files were not extracted and you will
have to run the
Java

jar

command against the ac.zar archive file in that directory
to extract
them. Use the
jar

command with the “

xf


options

to extrac
t the files. If you have this
condition
,

it is probably due to your SMP/E APPLY process failing.
It

is
best to go back and
fix the SMP/E APPLY process

and re
-
run the APPLY process to extract these files. See the
section that discusses the SMP/E environmen
t.



JDBC

p
roviders


Configuration


This section discusses a
few observations w
hen it comes to configuring the JDBC drivers
under
WebSphere
. There are two
types of
DB2 Universal
JDBC

drivers that can be
configured:
a T
ype
4
,

which uses a distributed protoc
ol to connect and access DB2
,

and a
T
ype

2
,

which uses RRSAF to connect to a local DB2. There is also a
DB2

T
ype

2 JDBC driver
known as the legacy driver that uses RRSAF to connect to a local DB2. The focus in this
section will be the T
ype
2 drivers.


Be

aware of
the following two points
when configuring the JDBC
drivers
:




Installing and Configuring WebSphere for z/OS Version 6


9



You can NO
T configure the JCC driver and l
egacy driver on the same server at the same
time.

This has to do with PATH definitions and common method names used between
the two drivers.



Sw
itching between the JCC and l
egacy driver configuration on a server requires

the
WebSphere

server to be recycled.
The reason that the servant region must be restarted

is because the classloader directories must be reestablished. The classloader
will appe
nd
directories and .jar's to the list that it is using when a new data
source is created and
used,
but it does not delete from the list.

JDBC Type 2
d
rivers


When configuring the JDBC Type 2 drivers, either the
DB2 Universal JDBC

(also known

as
JCC
)

or
the
DB2 JDBC
(also known

as
legacy
)

drivers,
the DB2 RRSAF modules must be
loadable.
The following DB2 libraries,

hlq.SDSNEXIT, hlq.SDSNLOAD, and hlq.SDSNLOD2
,
must be included in the
WebSphere

Application Servant’s JCL procedure
. Hlq.SDSNLOAD
and hlq.SDSNLOD
2 may be included in the
z/OS LNKLIST

instead
. If the dat
a

sets are not
available
,

the invocation of the JDBC Type 2 driver will fail with the following errors

during
the connection process:


JDBC type 2 legacy driver

test

on the
first try:




If you atte
mpt to connect again you will see the following error:




Once the DB2 executable modules are found,
a DB2 subsystem must be identified as the
local DB2 subsystem for the initial connection. For both drivers the default subsystem is
provided in the DSNHDE
CP module
, which

is loaded using the search sequence listed in the
STEPLIB
that is
s
pecified in the
WebSphere

Application Servant’s JCL
procedure
.


If you want to o
verrid
e

this

value
,

you can use the JDBC
d
rivers
p
roperties file
,

which
is

explained in the

next two sections.



DB2 JDBC Type 2

(legacy)

d
river



Installing and Configuring WebSphere for z/OS Version 6


10

When configuri
ng the DB2 JDBC Type 2 driver (l
egacy driver), a
default
driver
properties
file
, db2sqljjdbc.properties,
is used to configure the driver. The driver properties file
contains
various ent
ries of the form key=value.

The location of the db2sqljjdbc.properties
file

or its
equivalent

is
specified

through the use of
WebSphere

variables as described
following the keyword discussion.


The key values for
establishing the local DB2 subsystem is “
DB2SQLJSSID”. This key
identifies the subsystem (not location) to be used by the Type 2 legacy driver
for the initial
DB2
connection.
Considering
our SETPLEX1
environment
,
DB2SQLJSSID can be
DT1G

(group attach name), or one of the DB2 subsystem member name
s

(
DT11 or DT12
). See
the section “
R
eferences


at the end of this article.



The db2.jdbc.profile.pathname key identifie
s

the location of the JDBC profile file. The
DB2SQLJPLANNAME key value identifies the plan name used to c
onnect to DB2
; t
he default
is

DSNJDBC. The first two key values are critical to establish
ing

a connection to DB2. There
are other key values that can be specified but we do not address them here. The key values
we used are listed below.


DB2SQLJSSID=
DT12



DB2SQLJPLANNAME=
DSNJDBC


db2.jdbc.profile.pathname
=/WIC/LegacyDriver/classes/DSNJDBC_JDBCProfile.ser



For

WebSphere

to locate the d
river properties file

for the legacy driver
,

you need to define
the

“DB2SQLJPROPERTIES” environment variable to specify a fully qualified properties file
name. Define this environment variable using
the
WebSphere

Admin console under
Environment
-
>
WebSphere

Variables.
If you don’t find it in the default list provided by the
product, you must add
it
as a new variable.

Below are the two
WebSphere

Environment
variables required for the DB2 for z/OS JDBC driver:





Note:
Other configuration keywords can be spe
cified in the properties file but they are not
discussed in this document.


DB2 Universal JDBC
Type 2
d
river



When, the DB2 Universal JDBC Driver is defined to
WebSphere

Application Server for z/OS
,
one must set the
:
DB2UNIVERSAL_JDBC_DRIVER_PATH
and

UN
IVERSAL_JDBC_DRIVER_PATH
WebSphere

Environment variables to indicate the fully qualified paths of the DB2 Universal
JDBC driver /jcc/classes and /universalDriver/lib respectively. If the driver version being
used requires native files, those that have the
.so file type, specify the
DB2UNIVERSAL_JDBC_DRIVER_NATIVEPATH


WebSphere

E
nvironment
V
ariables to indicate the
fully qualified paths of the
native .so files, /jcc/lib. If the driver version does not require the
native files this environment variable can b
e left blank.



Additionally
, one must define the location of the
DB2 Universal JDBC Driver
properties file
which will contain the name of the
target
DB2

sub
system

and other driver variables and
attributes. Default values will be used
if

a driver propert
ies file is not
specified

but it is
recommended that this file be
explicitly

specified.




Installing and Configuring WebSphere for z/OS Version 6


11

The way the
WebSphere

Application Server for

z/OS InfoCenter
suggests

a driver properties
file be explicitly specified is through the declaration of the
db2.jcc.prop
ertieFile

JVM
property
. This JVM property value contains the
fully qualified location of the
DB2 Universal
JDBC Driver
properties file

which is used during driver initialization.
. Since
JVM properties
can only be defined on a servant basis
, one must defi
ne the
db2.jcc.propertieFile

property under each servant.


Note:

It so happens that
currently

the DB2 Universal JDBC Driver support for the type 4
driver does not make use of the properties file
.
However, this
may
chang
e

in the future so
the type 4 drive
r support may also be affected.
Also,
the type 4 driver
may
start using the
properties file for control purposes.


Reading the
DB2 documentation,
we can see that
there are other ways that DB2 locates the
properties file
. The
WebSphere

Application Server f
or

z/OS InfoCenter

doesn’t document

all
possible ways the DB2 properties file can be configured to
WebSphere

Application Server for

z/OS
.



The
WebSphere

Application Server for

z/OS InfoCenter suggests configuring the DB2
Universal JDBC Provider

and its pr
operties file
at the server level to avoid possible
coexistence problems with the legacy driver.

This is also the recommended configuration for
a
multi
-
system en
vironment.



In a multi
-
system environment where the type
-
2 driver is being used and there is d
isruption
resulting in a system failure which requires transaction
s

indoubt resolution, it is imperative
that the WebSphere server be able to connect to the DB2 subsystem to which it was
originally connected to resolve the indoubt transactions.
This may n
ot
occur

if there is a
cross system restart,
common properties

file used which contains the DB2 group attach
name, and recovery is done on a system with a member of the same datasharing group
active.

This is a consideration for
WebSphere releases prior to
WAS 6.0.2 or if z/OS 1.5 or
below is being
used. The recommendation for a multi
-
system environment is that every
servant should be setup with a properties file that is specific to the node on which it resides.


WebSphere for z/OS V
6.0.2 running on z/OS 1.6

or higher with HA Manager
,
changes the
behavior described above, but
is not topic of this document.
More information about this
configuration can be found at the
WebSphere Application Server for

z/OS.



In a single system environment where a cross system
restart will not occur, an

alternative
way

to provide the properties file ins
tead of defining the
db2.jcc.propertiesFile

JVM
property to the servants,
is to
do the
following:




Define a
DB2 Universal JDBC Driver
properties configuration file with the name
D
B2JccConfiguration.properties

(required by DB2)

and set the properties

needed
into this file.



Convert the
DB2JccConfiguration.properties

file from EBCDIC to ASCI.



Put the file in a jar file. For e
x
ample put it a
DB2ConfigProps.jar



When defining the Univer
sal JDBC Provider to
WebSphere

Application Server for

z/OS
, add the fully qualified path of the
jar

file to the
CLASSPATH

defined by the
provider.


Note:

S
ome of DB2 properties defined in the properties file are not really me
ant

to be
shared across servant

regions.



Installing and Configuring WebSphere for z/OS Version 6


12

The examples below show the definition we have made for the WIT
SETPLEX1

environment.


1.

Set the
WebSphere

Environment Variables to let
WebSphere

find the
Define a DB2
Universal JDBC Driver Provider
:



F
rom the
WebSphere

Application Server for z/
OS Administrative Console, go to
:


Environment >

WebSphere

Variables,
set the right scope,
and update the values of
the following environment variables

as follows
:


CLASSPATH

${DB2UNIVERSAL_JDBC_DRIVER_PATH}/db2jcc.jar


${UNIVERSAL_JDBC_DRIVER_
PATH}/db2jcc_license_cu.jar


${DB2UNIVERSAL_JDBC_DRIVER_PATH}/db2jcc_license_cisuz.jar


Native Library path

${DB2UNIVERSAL_JDBC_DRIVER_NATIVEPATH}






2.

Bind the required DB2 packages


The utility used for binding the DB2 Universal JDBC Driver,
requires the server name
or the IP address for the DB2 target system.


3.

Set up to handle in
-
doubt transaction


4.

Define a
db2.jcc.propertiesFile


a.

From the
WebSphere

Application Server for z/OS Administrative Console, go to:

Servers > Application Servers, a
nd select the server you want to work with


b.

From the selected server page go to > Server Infrastructure > Java and Process
Management > Process Definition and then Servant


c.

From the Servant page go to > Java Virtual Machine under the
Additional
Properties



d.

From the
Java Virtual Machine page go to > Custom Properties under the
Additional Properties


e.

From the Custom Properties page click on New

and update the values
. For
example:




Installing and Configuring WebSphere for z/OS Version 6


13



Click Apply and then Save to save the new JVM property.




For both the J
CC Type 2 and l
egacy Type 2 drivers
you can get more detailed information by
looking at the
readme

file under the subdirectory that contains the bin, classes, and lib sub
-
directory for the DB2 Type 2 legacy driver
. If

you
change

to the
JCC

subdirectory und
er that
same directory, you will find the
readme

file
that

discusses

the JCC drivers.


Defining
data sources
for JDBC Type 2 Drivers


What is important to note here is that you do not specify the local DB2 subsystem name on
the panels used to configure th
e data source for the Type 2 drivers.

The DB2 subsystem
name is specified in the driver properties file.

The database name specification under the
DB2 Universal data source properties list is really the
location name

for the DB2 you want
to eventually con
nect too
.

During the T2 connection processing to DB2, the driver first
identifies to the local DB2 using the
local DB2 connection protocol, then issues a DB2
CONNECT to the name specified in the database name field. If this name is not the same as
the DB2
subsystem that was identified in the driver properties file, DB2 will attempt to
create a DRDA connection to the new location. To avoid this specify the local DB2’s location
name.
To get this value right run the DB2 command: DISPLAY DDF, as follows:


RESPO
NSE=STLABD1


DSNL080I
-
DT11 DSNLTDDF DISPLAY DDF REPORT FOLLOWS:


DSNL081I STATUS=STARTD


DSNL082I LOCATION LUNAME GENERICLU


DSNL083I

DSNT1

NATIVE.STD0DT11 NATIVE.STD0DT1G


DSNL084I IPADDR TCPPORT RESPORT


DSNL085I 9.30.132.102 8010 8011


DSNL086I SQL DOMAIN=DB2GRPS


DSNL086I RES
YNC DOMAIN=DT11


DSNL099I DSNLTDDF DISPLAY DDF REPORT COMPLETE

Also, you will need to
specify

the driver type
, i
n the case of the
Type

2 driver
.


As mentioned above,
if the location name is not the local
DB2 subsystem name, DB2 will
attempt to establish a remote connect to that location and expect to find the name defined
in the
SYSIBM.LOCATIONS

table.
For example, we defined four

different data source
s

to
use the type 2 driver (legacy driver in this exa
m
ple). One was defined with data base name
=
DSNT1
, which i
s our DB2 system location name, another

was defined
as
DT
1G, which is

Installing and Configuring WebSphere for z/OS Version 6


14

or Group Attach name, and
the
two others
were defined
as
DT
11 and
DT
12, which are the
DB2 members in our data sharing group:







When we try

to test
the
connection with a data source other than t
he one with data
base
name= DSNT1,

even though
we

are
trying to do a local connection,

we
get

the following
error message:




If the DDF is stopped, you get the following message:






When we try to test
the
connection with a data source other than the

one with data
base
name= DSNT1 via JCC type 2 driver, even though we are trying to do a local connection,
we get the following error message:




Installing and Configuring WebSphere for z/OS Version 6


15



Defining data sources
for JDBC Type 4 Dr
ivers


Defining a DB2 Universal JDBC driver Type 4 or Type 4 XA, as well as data sources
associated to them is very straight forward
. When testing the connection
and DDF is
stopped:


--
DT12 DIS DDF


DSNL080I
-
DT12 DSNLTDDF DISPLAY DDF REPORT FOLLOWS:


DSNL081I
STATUS=STOPDQ



DSNL082I LOCATION LUNAME GENERICLU


DSNL083I DSNT1 NATIVE.STD0DT12
NATIVE.STD0DT1G


DSNL084I IPADDR TCPPORT RESPORT


DSNL085I 9.30.132.103 8010 8012


DSNL086I SQL DOMAIN=DB2GRPS


DSNL086I RESYNC DOMAIN
=DT12


DSNL099I DSNLTDDF DISPLAY DDF REPORT COMPLETE



you may get

the following message:





Augmenting the
WebSphere

Configuration


This section
describes our experience when adding an addi
tional Application server to an
exiting Websphere configuration and our experience in Federating a Networked deployed
WebSphere system. The objective is to provide insight into these processes through our
experience

and is not intended to be
a
detailed des
cription of either process. References to
supporting documentation are made where appropriate.



For the following discussion we used our environment UTCPLXJ8
. See the section

References
” at the end of this article.


Installing and Configuring WebSphere for z/OS Version 6


16

Addin
g an Application Server to an existing Cell



Here we will describe the steps taken to add a new WebSphere Application Server to an
existing Network Deployment Cell

(
WT0CELL
),
installed on the UTCPLXJ8 system
,

w
hich w
as
the target system for this exercise.

This is a development environment so to simplify the
security definitions, the same user ID

w
as used for each new application server.



The user ID used in this exercise, WT0SSR0, was defined out of the initial Websphere
installation. It had the required
authorizations to start the initial application server WT0SR0.


The naming conventions used for the Application server component such as the server
control region, servant, and ClusterTransitionName
would
allowed generic RACF Profiles to
be used to simpli
fy the security declaration
s but generics were not used in this exercise.
Explicit RACF class names were used. More experienced RACF administrator may want to
take advantage of generic profile declarations.



This document is not intended to provide a de
tailed description of the security mechanisms
use
d

to protect the Web
S
phere server resources. Only a brief discussion of RACF Server and
Started classes is provided. It is assumed the reader has some familiarity with RACF. For a
more detailed discussion o
f RACF classes used to protect WebSphere server resources refer
to the following IBM Advanced Technical Support Tec
h
doc, TD10118 at:
http://www
-
03.ibm.com/support/techdo
cs/atsmastr.nsf/WebIndex/TD101118


This document will focus on the additional RACF commands that were created in support of
the
new application server added to the WebSphere cell WT0CELL. This document will
explain one technique for adding an application
server and provide a simple description of
the interaction between RACF server profiles and WebSphere.

RACF and the new
WebSphere Application Server


Defining a new application server in the Network Deploy
ment

WebSphere cell, WT0CELL,
requires the proper

RACF object to be defined and proper user access to be declared. Failure
to do so will result in RACF authorization errors when the new application server attempts to
start. During a normal installation of WebSphere a set of RACF commands are generated t
o
provide the required object definitions and authorization to start up Web
S
phere and in our
case one application server. When new application servers are defined, additional RACF
objects and user id assignments are required.


The WT0CELL cell follows a
well defined naming convention and a TCP/IP port numbering
scheme. The port number scheme is not discussed in this document since it is not relevant
to this exercise. Some of the names used in the creation of the WT0CELL cell are listed
below.


Cell sho
rt name federated




WT0CELL




Cell long name





wt0cell

Federated
node short name




WT0Z3

Federated
node long name




wt0z3

ND node short name





WT
0
NODE

ND node long name





wt
0
node

Application Server short names



WT0SRn (n=0,1,2,..)


Cluster shor
t name

(ClusterTransitionName)

WT0SRCL
n


Where n=0,1,2,x which maps to the App Server suffix







Installing and Configuring WebSphere for z/OS Version 6


17

Cluster long name





wt0srcl
n


Where n=0,1,2,x which maps to the App Server suffix

Common UserID/Group




wt0ssr0/wt0cfg



Application Servers
-

Control Regi
on / Servant

/ Cluster

Transition

Name



WT0SR0 / WT0SR0S

/ WT0SRCL0


1
st

App server

WT0SR1 / WT0SR1S

/ WT
0
SRCL1


2
nd

App server

WT0SR2 / WT0SR2S

/ WT0SRCL2


3
rd

App server


During this exercise existing RACF declarations from the original Web
S
phere instal
lation
covered some of the requirements for the new application server creation. The remaining
RACF declarations which were required are the focus of the remaining discussion.


The values used when defining a new
a
pplication
s
erver determine the RACF pro
file

names

that are required to be defined and permitted to be used by the common user

ID or Group.


The following section illustrates the steps required to define a new
a
pplication
s
erver. The
values used during the
s
pplication
s
erver definition which
ar
e used to construct the RACF
profile names are
identified.

The required RACF commands to define the required RACF
profiles follow the
s
pplication
s
erver definition process section.


Using the ADMIN Console to
define
the
Application Server


L
og into the
Admin Console and begin the process of defining the new WebSphere
Application Server. From the initial login page, expand the Servers box then double click on
Application Servers. From this display you can see that two application servers currently
exist,
one is running and the other is stopped.




To add a new application server click on “New”



Installing and Configuring WebSphere for z/OS Version 6


18




Select the wt0z3 node from
the pull down list which is the node where we want to add the
servant
. For “server name” use wt0sr1 which is the assigned name for t
he

2
nd

application
server.



The

wt0sr2

server
,
which is the 3
rd

server
,
was created earlier

and not used in this exercise.

Click “NEXT”; take the “defaultZOS” template, then click “NEXT” again.




Uncheck the “Generate Unique Http Ports” box because ex
plicit ports will be specified that
follow the WIT port assignment scheme. Click “NEXT”.


Confirm the selection and click “FINISH”. Now you will see the new server in the list of
servers.



Installing and Configuring WebSphere for z/OS Version 6


19



Double click the new server; update the Server short name, the
n save the changes to
preserve the name change.



Change the “* short name” field from the default, “BBOS001”, to “WT0SR1” so that it
adheres to the established naming convention. This name will be the name of the
application sever control region starte
d task
,
an “S” will be append to this name for the
servant started task
, and an “A” will be appended to this name for the control region
Adjunct started task
.

The control region adjunct started task
is started if
a Service
Integration Bus (SIB) is defined
for this application server.



RACF started class profile
s

are
required to cover the started tasks and assign a user ID.

Refer to the next section for how this is done.



Installing and Configuring WebSphere for z/OS Version 6


20


Click “APPLY”, “OK” then save the changes.


Double click the new server again to
continue the configuration. Expand the Administration
item under the “Server Infrastructure” category.




Double click the “
Custom Properties
” under the expanded “Server Infrastructure” list.





Double click the
ClusterTransitionName

to change the na
me to WT0SRCL
1 which is the
c
luster

t
ransition

n
ame assigned to the second
a
pplication
s
erver.



Installing and Configuring WebSphere for z/OS Version 6


21



The cluster transition name must be unique within your Websphere application server for
the
z/OS cell. If this server is converted into a clustered server,
this name becomes the
cluster short name. The cluster transition name is the WLM APPLENV name for this server
and all servers that are part of the same cluster.


RACF
server
profile
s

are
required
for the new application server with profile names
based on
the previous specified values
;


Application server short name
,
Cluster transition name
,
Cell
short fedrated name

.


Refer to the next section for how this is done.





Click “APPLY”, click “OK”, then save the changes.


Next update all the port assig
nments to comply with the WIT Port assignment scheme. To
update the port numbers, go back to the application server and double click the new server
again. Expand the “
Ports
” item under “Communications”.





Click on “Details”.


Installing and Configuring WebSphere for z/OS Version 6


22




Double click each entr
y except JMSSERVER and update the port numbers to conform to the
port number scheme.





Installing and Configuring WebSphere for z/OS Version 6


23

Save the changes


Next update the “
HTTP Transports





On the Application servers page, double click the “
HTTP Transport
” under “Container
Settings” to change the t
ransport port value.






Double click the “Host” column to get the details for the HTTP Transport. Update both port
numbers to conform to the port assignment scheme, also select the correct SSL name from
the pull down list. Note the false and true value
s under SSL enabled. Selecting the first
entry, false, produces the following screen where the new port number and SSL value is
shown. Note the SSL enabled box is
not

checked.



Installing and Configuring WebSphere for z/OS Version 6


24




The SSL was changed to use wt
0
node/DefaultHTTPS from the pull down list. “A
pply” the
change; click OK and move on to the next entry.


Double click the second entry, which has “SSL Enabled true” and update the port number to
conform to the port assignment scheme, and update the SSL value as shown.




Note the SSL enabled is che
cked and the SSL value wt0z3/DefaultHTTPS was selected from
the pull down list.


“SAVE” the changes.


Installing and Configuring WebSphere for z/OS Version 6


25

RACF Declarations



In support of the new application server, new RACF profiles must be defined and additional
permissions must be granted. As indicated

earlier the values used in the definition of the
new application server are used to construct the new
RACF
resources. This section will
describe the additional RACF profiles and permissions th
at

were
declared in our environment
to successfully start the n
ew application server “wt0sr1”. Referring back to the application
server declaration the following values were used:


User

ID/Group name



WT0SSR0/WT0CFG

Application Server Short name

WT0SR1

Cluster transition name


WT0SRCL1


The generated started tasks na
mes will be:


Application servant started task

WT0SR1S

Control region adjunct started task

WTOSR1A


RACF
User

ID/Group
started task
assignment



One of the first requirements when adding a new application server is to set up the started
task user ID assig
nment. To set up the proper RACF declaration to assign a user ID to the
started task that will be created for the new application server, a new RACF started class
profile

is defined.
This assignment will associate a user ID to the application server contro
l
region
,
application servant
, and application control region adjunct

started tasks. Based on
the naming convention above the application server’s control region started task will have
the name WT0SR1, the application servant started task name will
be
WT0
SR1S
, and the
application control region adjunct started task will be named WT0SR1A
. Knowing this the
following RACF command can be issued to assign a user ID to the new
application
server
started

tasks.


The application control region adjunct task will o
nly be started if a Service Integration Bus
(SIB) is defined. This profile is defined in anticipation of defining a SIB for this application
server.



RDEFINE STARTED WT0SR1S.* STDATA(USER(WT0SSR0) GROUP(WT0CFG) TRACE(YES))

RDEFINE STARTED WT0SR1
A
.* S
TDATA(USER(WT0SSR0) GROUP(WT0CFG) TRACE(YES))


The new application servers control region started task is covered by an assignment that
was issued during the initial installation of Web
S
phere. That command was:


RDEFINE STARTED WT0SR.* STDATA(USER(WT0SC
R0) GROUP(WT0CFG) TRACE(YES)


Since the application server control region is started using the WT0SR task, it gets assigned
the user ID WT0SCR0. The command to start the application server is:

S WT0SR,JOBNAME=WT0SR1,ENV=WT0CELL.WT0Z3.WT0SR1

which starts
with the WT0SR
task which eventually initialized the job WT0SR1 but after the user ID has been assigned.
The application server control region then starts the application servant task using the name
WT0SR1S.



The application server control region
,
appli
cation servant started task
, and application
server control region adjunct started tasks
will now have
WT0SSR0/WT0CFG
assigned

as
their user ID, group id
.


Installing and Configuring WebSphere for z/OS Version 6


26


When a RDEFINE command is issued, the new definitions have to be activated. This is
accomplished w
ith the SETROPTs command.


SETROPTS RACLIST(STARTED) GENERIC(STARTED) REFRESH



The user ID WT0SSR0 included read access to the facility named BPX.WLMSERVER. In the
event this had not been the case, the following RACF command would have added th
is
authorization to this user ID.


PERMIT BPX.WLMSERVER CLASS (FACILITY) ID (WT0SSR0) ACCESS (READ)


RACF server profiles



Additional RACF server profiles are required to address the new application server that was
defined. Some of the requir
ed server profiles which were defined during the initial
Websphere installation may also cover the new application server. To determine which
generic profiles
may
address the new application server and what needs to be defined, the
current list of RACF ser
ver profiles should be listed.


Using a TSO user ID with “super” authority, list
the RACF database using the SR MASK(CB)
CLASS(SERVER)
RACF
command
.

The output from this command, after deleting all entries
except the ones associated with the WT0CELL

cell
, is shown below.
Shown are the
defined
server profiles in the RACF database
.


CB.WT0SR0.WT0SRCL0.WT0BASE

CB.WT0SR0.WT0SRCL0.WT0CELL

-

Defined for wt0sr0 from the initial WebSphere install


CB.*.WT0DMG (G)

CB.*.WT0DMG.* (G)


CB.*.WT0SRCL0 (G)



-

Defined for wt0sr0 from the initial WebSphere install

CB.* (G)



The required RACF server profiles for the new application server are:


CB.WT0SR1.WT0SRCL1.WT0CELL



-

dynamic application enviro
nment

CB.WT0SR1.WT0SRCL1




-

static application environment

CB.WT0SR1.WT0SRCL1ADJUNCT.WT0CELL

-

control region adjunct server profile



All the server profile names
are constructed using the values specified during the application
sever declaration. The s
erver profiles

names
include the following definitional values.

CB
.
Application server short name
.
Cluster transition name
<
.
Cell short fedrated name
>



The following RACF command can be issued to define the required RACF server profiles.


RDEFINE SERVER CB
.
WT0SR1
.
WT0SRCL1

UACC(NONE
)

RDEFINE SERVER CB
.
WT0SR1
.
WT0SRCL1
.
WT0CELL


UACC(NONE)


RDEFINE SERVER CB
.
WT0SR1
.
WT0SRCL1
ADJUNCT
.
WT0CELL


UACC(NONE)




To permit WT0SSR0 to have read access to these server profiles the following RACF permit
command
s

are req
uired.



Installing and Configuring WebSphere for z/OS Version 6


27

PERMIT CB
.
WT0SR
1
.
WT0SRCL
1

CLASS(SERVER) ID(WT0SSR0) ACC(READ
)

PERMIT CB
.
WT0SR
1
.
WT0SRCL
1
.
WT0CELL


CLASS(SERVER) ID(WT0SSR0) ACC(READ
)

PERMIT CB
.
WT0SR
1
.
WT0SRCL
1ADJUNCT
.
WT0CELL


CLASS(SERVER) ID(WT0SSR0) ACC(READ
)


To activate the new RACF definition
s issue the following command.


SETROPTS RACLIST(SERVER) GENERIC(SERVER) REFRESH


All the RACF command must be issued using a TSO id that has the proper level of authority
to administer RACF security.


By listing the RACF database again, the new
s
erver
p
r
ofile can be seen.
Issue the
MASK(CB
.WT0SR1
) CLASS(SERVER)
RACF
command

to list the new RACF profiles defined
for the new application server.



SR MASK(CB.WT0SR1) CLASS(SERVER)

CB.WT0SR1.WT0SRCL1

CB.WT0SR1.WT0SRCL1.WT0CELL

CB.WT0SR1.WT0SRCL1ADJUNCT.WT0CELL


To list the user

IDs

or group IDs that are authorized to read or alter the server profiles,
issue the

RLIST SERVER server
-
profile
-
name ALL


RACF command.


Once the RACF objects have been defined, the permit
commands

have

been issued and the
RACF definitions have been refreshed, the new application server can be started.
Start the
application server by checking the box next to the new application server name and clicking
on “start”.

The application server should start

successfully. If it fails review the job output
log of the started tasks.

Application Server

startup errors due to missing RACF definitions



If the proper RACF definitions or permits have not been issued any number of
authorization

errors

can occur dur
ing the starup of the new application server.
Th
ese
error
s

can
normally
be seen in the job output log of the
failing application server started tasks.



If the started task profile has not been defined you will see that that new application server
starts u
sing a defaulted user ID such as (SETUP) and fails because it is not authorized to
access the server profile;

ICH408I USER(
SETUP

) GROUP(
DEFAULT

) NAME(WIT T0 APPSVR SR 1 )


CB.WT0SR1.WT0SRCL
1
.WT0CELL

CL(SERVER )


INSUFFICIEN
T ACCESS AUTHORITY


FROM CB.* (G)


ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )



Use the command above to define the started task profile and assig
n it the proper user ID
and group ID.


If the proper server profiles are not defined or the started task user id is not authorized to
read the server profile the following error occurs;



ICH408I USER(WT0SSR0 ) GROUP(WT0CFG ) NAME(WIT T0 APPSVR SR 1 )


CB.WT0SR1.WT0SRCL
1
.WT0CELL

CL(SERVER )


INSUFFICIENT ACCESS AUTHORITY


FROM CB.* (G)


Installing and Configuring WebSphere for z/OS Version 6


28


ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )



To correct this problem use the commands described above to create the server profile and
permit the user

ID to read the profile.



Configuring the virtual host


The virtual host construct allows a single host machine to resemble multiple h
ost machines.
A virtual host, in this case the “default host” needs to have an entry added to represent the
new application server. If this is not done the application server will not be recognized when
a deployed application in the new application server
is referenced by its representative URL.


To add the new application server to the list of servers represented by the default host, add
the host name and port numbers for the HTTP transport defined during the new application
server configuration
. To

the l
ist of virtual host alias defined for the “default host”

and add
the new entries follow the instruction below
.


1.

Log into the admin console

2.

Go to “Environment
-
>Virtual Hosts




3.

Double click the “default_host”




4.

Double click “Host Aliases” to add a new

host alias


Installing and Configuring WebSphere for z/OS Version 6


29




5.

Double click “New” and add two new aliases for z3eip.pdl.pok.ibm.com: 19120 and
19121. Save the changes.


This completes the discussion on adding a new application server. For a more detailed
discussion of RACF and Web
S
phere security refer

to the Web
S
phere V6 publications. This
document was designed for the non
-
RACF administrator interested in getting a basic
understanding of the role RACF plays in controlling new application servers.


Federating a standalone Server into an ND Cell.


This
section is not intended to provide a detailed description of how to federate a standalone
application server into a ND Cell. You should refer to
“Washington System Center Sample
WebSphere

for z/OS ND Configuration”,
WebSphere

for z/OS Version
6
. This docum
ent can
be found on the web at:
www.ibm.com/support/techdocs
. Search for
document numbe
r
WP100643 under the category

“White Papers”.


For the following discussion we used our environment UTCPLXJ8

and W
Q0CELL
configuration
. See the section “
References
” at the end of this article.


To federate a server, basically one needs to run the BBOWADDN job, which will execute the
addNode.sh.
Before perform
ing

the instructions created

in
BBOANINS

to federate
a

standalone application

server into
a N
etwork Depl
o
yment cell, the following has to be
verified:


Installing and Configuring WebSphere for z/OS Version 6


30

o

Has the stand
-
alone
application

server being started at least once and is it working
well before being
federated?

o

Is the Deployment M
anager Server started
?

o

Is the
stand
-
alone
application

server

stopped?

o

T
he jobs
must be executed
from the system where the standalone applicat
i
on server
is configure
d.


In addition you must certify that when federating a

standalone server the
cluster transi
tion
name

and the
node agent short name

MUST be unique across all the servers in the
distributed cell.


During our exercise we tried
the
federat
ion of
the server WQ0SR1 from node WQ0Z2 into
the ND WQ0CELL, using the same
cluster transition name

as the WQ0S
R0 from node
WQ0Z1 (WQ0SRCL0), and the addNode failed with the following error message:


ADMU0181E: Duplicate Entry Exception: An exception occured while checking
existence of cluster transition name WQ0SRCL0, node wq0z2 in the Deployment
Manager cell.


T
o
correct this,
the cluster transition name for server WQ0SR1 on node wq0z2 was changed
to
WQ0SRCL1

via Admin Console and running the following RACF commands:


RDEFINE SERVER CB.WQ0SR1.WQ0SRCL1.WQ0BASE UACC(NONE)

SETROPTS RACLIST(SERVER) GENERIC(SERVER)
REFRESH

PERMIT CB.WQ0SR1.WQ0SRCL1.WQ0BASE CLASS(SERVER) ID(WQ0SSR0) ACC(READ)

SETROPTS RACLIST(SERVER) GENERIC(SERVER) REFRESH


RDEFINE SERVER CB.WQ0SR1.WQ0SRCL1.WQ0CELL UACC(NONE)

SETROPTS RACLIST(SERVER) GENERIC(SERVER) REFRESH

PERMIT CB.WQ0SR1.WQ0SRCL
1.WQ0CELL CLASS(SERVER) ID(WQ0SSR0) ACC(READ)

SETROPTS RACLIST(SERVER) GENERIC(SERVER) REFRESH


Continuing with our exercise we
tried the federation of the server WQ0SR1 from node
WQ0Z2 into the ND WQ0CELL, using the same
node short name

as the WQ0SR0 from

node
WQ0Z1 (
WQ0AGN
), and the addNode failed with the following error message:


ADMU0183E: Duplicate Entry Exception: An exception occu
r
red while checking
existence of node agent short name WQ0AGN in the Deployment Manager cell. The
node agent short name a
lready exists in the distributed cell.


To

correct this,
the node agent short name
of the
federate server WQ0SR1 on node wq0z2
was changed to
WQ0AGN1

via the Customizations Panels and regenerating the jobs
.


When configuring WebSphere, names play an impor
tant role and unique names are often
required.


It is not advisable to discover this lesson while in the middle of federating nodes
in a network deployment.



For example, it is important to note that the "Cluster Transition Name" for an application
server

is also the "WLM Application Environment Name".


Furthermore, it is important to
remember that a server involves more than one address space, and WLM is used to start
the servant regions.


It is important to remember when configuring a server that may
eve
ntually be clustered, that its


"cluster transition name" will become the “cluster short
name”.


In addition, the short name will correspond to the WLM application environment for
each cluster member.


Installing and Configuring WebSphere for z/OS Version 6


31



In conclusion, we would like to emphasize the importa
nce of understanding these
relationships prior to establishing your naming convention plan.


A well thought out naming
convention plan will dramatically increase the usability of the system.



The white paper: WP100653
-

“Washington System Center Sample We
bSphere for z/OS ND
Configuration”, is a good reference with respect to the relationships that must be
understood prior to developing a naming convention plan.















Authors:

Almeida, M. Sueli
--

sueli@us.ib
m.com


Orosco, Fred
--

orosco@us.ibm.com


WebSphere

for z/OS Integration
Test


Please provide any feedback on this paper to
sueli@us.ibm.com

and
orosco@us.ibm.com
:

-

What other problems are you experiencing that you would like advice on?

-

What other recommendations do you
need
?

-

What other information would you like included

in this series of papers
?



Acknowledgements
:




Special thanks to:




Doug Macintosh, Gary Picher and Mike Everett for their tremendous

help
along the
way with their feedback and contributions for this paper.



Mike Cox and all those who helped us reviewing and making sugges
tions to make
this paper useful for its readers.


Installing and Configuring WebSphere for z/OS Version 6


32

References:

This document has been written based on the following environment configuration:

DB2 Environments

SETPLEX1 environment description

The DB2 WIC/SET Sysplex environment is a shared everything para
llel Sysplex
environment. Some of its attributes include:




There are 2 systems: STLABD1 and STLABD2.



All syste
ms live within a single JES2 MAS.



There is one DB2 data sharing group which span
s

the 2 systems.

o

DB2 level: V8

o

Group

name: DSNT1

o

Group attach na
me: DT1G

o

Group members: DT11 and DT12

o

DDF information for DT12 member:

LOCATION
:

DSNT1

LUNAME
:

NATIVE.STD0DT12

GENERICLU
:

NATIVE.STD0DT1G

IPADDR
:

9.30.132.103

TCPPORT
:

8010

RESPORT
:

8012


SQL DOMAIN=DB2GRPS

RESYNC DOMAIN
=DT12



There is a single shared RACF data set.



A shared HFS has been implemented.



There is a Distributing VIPA stack for Sysplex distributor capability.


UTCPLXJ8
e
nvironment
d
escription

The DB2 WI
T QA
Sysplex environment is a shared everything parallel
Sysplex

environment.
Some of its attributes include:




There are
3
systems:
Z1
,

Z2

and Z3
.



All syste
ms live within a single JES2 MAS.



There is one DB2 data sharing group which span
s

the 2 systems.

o

DB2 level: V8

o

Group name:
DSNWQ1G

o

Group attach name:
WQ1G

o

Group members:
WQ
11
, WQ
12

and WQ13



DDF information for
WQ11
member:

LOCATION:

USIBMWQ1GDB2

LUNAME:

USIBMT6.DB2WQ11


GENERICLU:

NONE


IPADDR:

9.
12.20.159

/
9.12.20.162 / 9.12.20.161


TCPPORT:

50100

RESPORT:

50101

/
50102

/ 50103

SQL DOMAIN=

usibmwq1gdb2.utcplxj8.pdl.pok.ibm.com


RESYNC DOMAIN=

db2wq11.usibmwq1gdb2.utcplxj8.pdl.pok.ibm.com



There is a single shared RACF data set.



A shared HFS has been implemented.



There is a Distributing VIPA stack for
Sysplex

distribut
or capability.



Installing and Configuring WebSphere for z/OS Version 6


33

WT0CELL

configuration:


Th
e WT0CELL
is designed for our development environment.

















WQ0CELL Configuration

& Port Definition
:


Th
e WQ0CELL
is designed for our
Quality Assurance or Validation
environment.




Security

OFF

WQ0SR1

WQ0Z2

SR

C
R

Z2

WQ0AGN

WQ0SR2

WQ0Z1

SR

WQ0DMN0

C
R

C
R

C
R

Z1

WQ0Z2

SR

Z2

WQ0AGN1

CR

HFS

HFS

HFS

WQ0NODE0

WQ0DMG

C
R

A

WQ0DMN0

CR

WQ1G

WQ2G

CF

WQ0SR0

WQ0SR1

WQ0SR3

CR

C
R


SR

SR

CR

Security

ON

WQ0SR1

SR

C
R

WQ0SR2

SR

CR

WQ0SR3

SR

CR

CLUSTER

WQ0CL0

WQ0CELL

Security
OFF
WQ0AGN
WQ0SR0
WQ0Z1
S
R
C
R
C
R
Security
ON
WT0Z3
HFS
WD1G
WT0SR0
CR
SR
WT0SR2
CR
SR
WT0SR1
CR
SR
CR
WT0AGN
HFS
WT0NODE0
WT0DMG
CR
A
CR
WT0DMN0
Z3
WT0CELL
Security
OFF
WQ0AGN
WQ0SR0
WQ0Z1
S
R
C
R
C
R
Security
ON
WT0Z3
HFS
WD1G
WT0SR0
CR
SR
WT0SR2
CR
SR
WT0SR1
CR
SR
CR
WT0AGN
HFS
WT0NODE0
WT0DMG
CR
A
CR
WT0DMN0
Security
OFF
WQ0AGN
WQ0SR0
WQ0Z1
S
R
C
R
C
R
Security
ON
WT0Z3
HFS
WD1G
WT0SR0
CR
SR
WT0SR2
CR
SR
WT0SR1
CR
SR
CR
WT0AGN
Security
OFF
WQ0AGN
WQ0SR0
WQ0Z1
S
R
C
R
C
R
Security
ON
WT0Z3
HFS
HFS
WD1G
WD1G
WT0SR0
CR
SR
WT0SR0
CR
SR
WT0SR2
CR
SR
WT0SR2
CR
SR
WT0SR1
CR
SR
WT0SR1
CR
SR
CR
WT0AGN
CR
WT0AGN
HFS
WT0NODE0
WT0DMG
CR
A
HFS
WT0NODE0
HFS
HFS
WT0NODE0
WT0DMG
CR
A
WT0DMG
CR
A
CR
WT0DMN0
CR
WT0DMN0
Z3
WT0CELL

Installing and Configuring WebSphere for z/OS Version 6


34





Daemon

Deployment

Manager

Node

Agent

App Srv #



01

02

HTTP



19440



19500

19520

HTTP SSL



19441



19501

19521

High availability manager
communication port



19442

19432

19502

19522

JMX Soap



19443

19433

19503

19523

Bootstrap/ORB II
OP

19402

19445

19435

19505

19525

ORB SSL

19403

19446

19436

19506

19526

Cell/Node Discovery



19447

19437





Node Multicast Discovery
Port





19438





Service Integration port







19508

19528

Service Integration secure
port







19509

19529

Serv
ice Integration MQ
Interoperability port







19510

19530

Service Integration MQ
Interoperability secure port







19511

19531

JMS Direct







19512

19532

JMS Queued







19513

19533

Interim Values for Base App Server's
Daemon





ORB IIOP

19400





ORB SSL

19401