Db2 User Group | June 2025

[00:00:00] – Amanda Hendley
It looks like everyone made it safely out of the waiting room. We’ve got one more person that hopefully pops in here in just a second. If we haven’t met, my name is Amanda Hendley. I am the Managing Editor at Planet Mainframe, and you’re here today for our virtual user group on Db2. Thanks for joining us. And as you are coming in, Joe just mentioned how he wants to do Q&A today. I’ll remind everyone in a couple of minutes. All right, I see one person stuck in the waiting room. We’re going to go ahead and get started. As I said, I’m Amanda Hendley. Thanks for joining us. I want to welcome you to today’s session.

[00:00:43] – Amanda Hendley
We’re going to have quick introductory remarks. That’s me. That’s my part. And then I’m going to turn it over to Joe. We’ll have time for some Q&A. We will talk about some news and articles that might be relevant to you. See some questions or comments popping And then we’ll announce our next meeting. So we’ve got a pretty clear-cut agenda. I can get my next slide to advance. This group would benefit greatly from a virtual user group sponsor. So if you know anyone that would like to sponsor a virtual user group, you can reach out to me. I’m amanda@planetmainframe.com, usually, or ahendley@planetmainframe.com will also get to me.

[00:01:28] – Joe Winchester
Planet Mainframe is going to be at SHARE in a little over a month. So that should be a really fun conference if you can join us. It’s in Cleveland. I think the Rock and Roll Hall of Fame might be in Cleveland, but we’ll be there. I’ll be doing some on-site video interviews. If you’ve got something fun we should talk about, reach out to me. We’re going to be doing Trivia. We’re going to celebrate our influential mainframers, and there’ll be lots of fun prizes. So come to our booth and check it out. And I’d love to see you in person. If I cant see you in person in August, I might then get to see you again this fall in the UK.

[00:02:11] – Joe Winchester
I want to also put out there that we’ve got our Cheryl Watson’s Tuning Letter. Lots of satisfied customers. I was a little concerned when I first briefly read this testimonial that says, “I’m only on the second page of your list of considerations, and I’m already on my second Prozac”. But I think that that’s probably a positive for the tuning letter. And next issue is August fifth. If you want to check it out, reach out to me and might be able to get you some sample articles or at least get you set up with a subscription for the tuning letter.

[00:02:47] – Amanda Hendley
As Joe mentioned today, we’re going to do a Q&A as we go. Drop it in chat. I’ll monitor the chat, or he and I’ll both monitor the chat. We’ll try to get your questions answered. You can always wait till the end as well. And obviously, if it’s a really deep question you need to ask, drop a little bit of it in chat, and you’re welcome to come off mute and clarify. And with that, I think it’s my turn to stop sharing. We’re here for Db2 and Zowe, everything everywhere all at once. And now I have to figure out how to stop my screen share, Joe. Done. Now it’s your turn to share yours.

[00:03:29] – Joe Winchester
Oh, Awesome. Thank you so much.

[00:03:31] – Amanda Hendley
I’ll give you a brief intro while you’re figuring out which button to press. Joe is a senior technical staff member at IBM zSystems, and he’s ready to go. So I’ll just turn it over to you.

[00:03:46] – Joe Winchester
All right. Thanks, Amanda. By the way, Amanda and I were having a little discussion. If you look at Amanda’s background, we think it’s a z14. I know it’s not a z16 and a 17 because I’ve actually seen those in the flesh or in the silicon or plastic or whatever. Anyway, so if anybody thinks it’s not a z14… No, you think… Anyway, you thought maybe it was a z15. Anyway, we’re people who love looking at backgrounds.

[00:04:12] – Amanda Hendley
Yeah, you all figure it out and let me know if you think it’s a Z, whatever Z you think it is. And then we were wondering the lights. I think they should be lit up, backlit. But Joe said they might be using- I’m pretty sure they’re just hard plastic, hard painted plastic.

[00:04:29] – Joe Winchester
Anyway. Yeah, missed opportunity. It’s not lit up. All right. So thanks, everybody. By the way, the first thing I want to say to all of you who’ve joined, thank you so much for giving up some of your time today. I have a bunch of slides. I have a rough agenda, so I can drive the bus around the track a couple of times. I can point out some highlights and stuff. You can just sit back and relax and enjoy. But I would much rather that you ask me where you want to go. And if we end up completely on a different route to what I planned, but that’s a more enjoyable journey for you, that’s great. This is your dime. I’m just your driver, effectively. You let me know where you want to go. I think it’s booked on the On the website, it said it was two hours long. I will be here until the last person leaves, which will be me. I’m very happy to stick around for two hours, and I could probably talk for about 10 hours. But if there’s anything Do you want me to do earlier or do you just want to check out after half an hour or 40 minutes, don’t worry, we’re still friends.

[00:05:37] – Joe Winchester
Cool. Okay, so upcoming virtual Db2 meeting. Normally when I do this in the room, I would say, Now, now, now. I have children, they’ve grown up now, but I used to say to my children, We’re going out now. Then 15 minutes later, it’s like you haven’t even got your shoes on. You just started a new video game. Because they’re like, Oh, let me just finish my previous one. So Then you have to introduce like there’s a now versus a now, now, and a now versus a now, now, no. Anyway, so this is not upcoming. We’re in it. We’re in the meeting. Okay, so this is very Db2-focused, and I wanted to throw together a number of questions that generally in my world, when I meet Db2 people, they ask me. This is what I’ve got in my head. Again, throw into the chat because I have figured out I’ve got two monitors and I can look at what I’m showing you and I can look at the chat as well, which is a first because I’ve never been able to do that before. I managed to separate it. I want to talk about what’s going on in the Db2 world, which is why this is an interesting webinar, I think.

[00:06:38] – Joe Winchester
What the heck has this got to do with Zowe? A little bit of background about myself. I work on a bunch of stuff for IBM and the open source community, one of which is a project called Zowe. I want to talk about why the intersection of Db2 and Zowe is interesting. I’ve given them a preview of the answer. There’s two interesting things going on in the Db2 space. There’s something called Db2 Administration Foundation or Db2AF that uses the Zowe desktop. I spend quite a lot of my time talking to customers, generally CISPROGS, trying to install that software stack, running into a number of issues. We get support tickets raised against IBM. Some of them are quite tricky to solve, some of them are more simple to solve. I’m going to go through that scenario and I’ve got some use cases for where people tend to generally trip up. Then there’s also another side towards Db2 and Zowe, which is the Db2 have an extension for Visual Studio Code, which is more focused towards the developer persona called Db2 developer for zOS. The Zowe project has an extension for VS Code as well for the Zowe Explorer.

[00:07:49] – Joe Winchester
I’ll show a little bit of those on their own, and I’ll show a little bit of them working together because they’re actually quite cool bedfellows. Normally, I do the order differently. Normally, I talk about all the really cool client software like VS Code because it’s an absolute crowd pleaser. Everybody loves it. You submit jobs, you open JES spool. Then I do the zOS side at the end. I focus on developers first and CISPROGs. Today, I’m going to do it in a different order. I’m going to focus on the CISPROGs first because I assume you’re mostly a CISPROG crowd. Normally, I’d be like show of hands who’s a developer who’s a CISPROG. Most mainframe crowds I talk to are generally the CISPROGs. For the frogs. But if you’re developing, you want me to focus more on the developer side, again, give me a holler, and we can just spin the bus right around and do the route backwards. Then I’m going to talk at the Zowe. That’s basically what I’m going to talk about, cool ya? When I used to, not that long ago, I worked on a software tooling stack that IBM still has. It’s still based upon a piece of desktop software called the Eclipse or the Eclipse desktop.

[00:09:00] – Joe Winchester
I’ve got a little screenshot here of Db2 data studio for Z. It’s a cute little GUI thing that you can point and shoot, and it basically lets you do stuff in a graphical user interface, so you don’t have to log in and start doing spoofy and running DB tools, DB tools on a 3270 emulator. I’m not trashing that. That’s a great world. If that’s your world, then that’s going to solve the problem that you’re in. But if you want more of a touchy-feely world or you’re dealing with people who are perhaps new to Z or haven’t yet learned their spurs to be able to drive that 3270 interface, and it’s also very powerful because it’s graphical. So lots of things render very nicely in their visual explain and things. Now, here’s the kicker. The support for that ended on March 31st, 2025, and we now July the 15th, March, April, May, June, July. Some of you out there might be hanging on to this tool. Out of my cold dead fingers, I’m going to let go of this because perhaps this is something that you’ve been using for the last decade and you’re very comfortable with.

[00:10:11] – Joe Winchester
I think IBM did already add a couple of extra snooze alarms to when it would go out of support, just to give people time to transition off it. But it is most definitely out of support now. Ibm also doesn’t support it. I did reach out to the product manager earlier today and say, Please tell mez some good news. She said, Well, no, I can’t have any good news. It is out of support. It is most definitely not coming back into support. But if you are a customer and you still use it because you don’t have a migration strategy off of it, then You can get it to limp along. If you use Db2 version 13, release 1, modification 100, then it will work in a limited scope. I don’t know exactly what that limited scope is. I think visual explain doesn’t work, but some bits do. I’ll try and get the list done. I’m really sorry, I haven’t got the list, but bits of it will work, bits of it will not work. If you get error messages in the logs and it looks like it’s basically just creaking and groaning, and leaking oil, 1,800 IBM is not going to rescue you.

[00:11:18] – Joe Winchester
You’re basically out of support. Okay, cool. David Simpson said, Visual Explains still works in Db2, 13, FL 500. Great. So Visual Explains does work, but certainly bits of it don’t work. If anybody If somebody wants to say what bits do and don’t work, there is a way to make it work, but 1,800 IBM support is not going to get your back. Okay. Data Studio thinks Db2, 13 is Db2, 90. Yeah. Okay, so you can see. DSM, which is the other power tool that people used to have that went out of support a year and three months ago. Let’s keep going forward. A little cool reveal. Don’t let me need a PowerPoint animation. Meet your replacement. Db2 developer extension for VS Code and Db2AF. Cool. I’m just going to repeat this slide because I was given it by the Db2 product manager this morning. She sent me a really nice deck of slides, and I just ripped out some that I thought were really relevant. If you haven’t already seen this, this is going to be in the deck, and I’m sure… Anyway, Amanda will make ways to get the deck available to you. If not, just hit me on LinkedIn and I can share these with you.

[00:12:31] – Joe Winchester
But if you look at the four different columns, they’re very persona-based, whether you’re developing and testing. Left-hand side, we’ve got the very VS code type scenario. And then on the very right-hand side, we’ve got let’s just administer it. With basically a Query Workload Tuner, dashboard style, very nice Zowe installed desktop, and then we’ve got some tuning and some discovery in the middle. One of the interesting things, the Db2 Administration Foundation for zOS, the client for that is just a web browser. If you have… One of the issues that the Eclipse software tooling stack had, and I always get this with zOS customers, is I would go to zOS customers on other parts of that and say, This is great. If you want to administer your Db2, just install a Java virtual machine on your laptop, get a clips, get a plugin, wire them together. Me as a developer, I find that quite easy to do because I work for IBM I have my own desktop, and I have quite a lot of privileges over what I can do in that desktop. If you work for a bank or a government agency, your desktop is going to be more locked down.

[00:13:38] – Joe Winchester
It might be running on a VM, it might be running on a JMP server, you might have to go to a different group to provision the software to run on it that might have to be source code scanned, approved, etc. It’s just a much steeper gradient. You or I probably do almost all of our interaction with the big wide world outside the Internet just through a web browser. Over time, web browsers with HTML5 and JavaScript and toolkits like React and Angular are really very good. We can go shopping, we can install an application onto our phone, maybe. Phones are probably one of the few places where people still install applications because there’s some element towards having things offline and having a less chatty client-server conversation. But most of the time on our laptop, I expect we’re ordering our bus tickets, ordering our plane doing our shopping, doing our email, probably just through our browser. The advantage of that is that when you upgrade the server, you’ve got no N plus or minus which version of which client. In the Nightmess or No, where you distribute it, it’s like 150 copies of Db2 Data Studio, and then you upgraded Db2, your 150 copies might not be compatible with your newer version of Db2.

[00:14:50] – Joe Winchester
Then if you had to go and get a newer version of the client and install it, and all 150 or work with another group, then you might be migrating from Db2 with version N, and you might have some N minus one L-pars, maybe some L minus two, maybe some N plus one. You end up with this nasty client server mismatch wiring. And it’s very hard for IBM to build and deliver that solution, and it’s hard for you to deploy it. It’s much easier if you just log on to a server, whether it’s running a Db2 version 11 or 12 or 13 or whatever, or 13 plus N, and it just goes boom-yar, and it just gives you the latest software. You and I can fall asleep and wake up the next morning and go to log in our bank’s website. It’s always going to be the most current version that our bank or our shopping portal or our train company wants to serve us. That’s the beauty of client server, just serving the web page. In a weird way, the internet is like going full circle back to what 3270 is. The server just dishes you up the user interface.

[00:15:45] – Joe Winchester
But instead of a BMS map, 3270, it’s much, much richer. It’s secured across TCPIP and transport layer security, and it’s graphical. In a weird way, you could say that this is going back to… It’s like spoofy, but graphicalised, if that makes sense. Anyway, cool. Now, here’s where it’s interesting. All of the products involved in this, this is another chart I pulled out of Jane’s deck. If you look, and I should have got some animation on this chart, maybe I’ve got a little bit of animation. For this, for everything in the purple box, I’m I’m missing it on my screen, sorry. Everything in, I think it’s purple, maybe it’s pink. Anyway, I might be slightly colour-blind on whether it’s pink or purple. I think it’s a pinky purple dash box. It occupies about 80% of the left-hand side. All of that, Db2 analytics Accelerator Admin Services for zOS, Db2 Admin Foundation for zOS. That all requires, and there’s also other things as well, Db2 DevOps experience. That all is built on a software stack that at the very bottom of that software stack is Zowe desktop. So you have to get Zowe desktop, you have to install Zowe desktop and get that running before you can unbox everything above it.

[00:16:57] – Joe Winchester
Then the right-hand side. So That’s really what I’m going to talk about today. Another architectural overview chart. I think actually, Will Poston, you posted something about what about Db2 Visualizer? I might have to phone a friend on that one. I don’t know what you mean by Db2 Visualizer. Do you mean Db2 Visual explain? Because I’m aware of Db2 Visual explain, and I’m aware that Db2 Analytics Accelerator does visualizing. It’s another client, another client software. I’ll have to get back to you on that one. Db2 Visualizer. But I’ll just carry on the path we’re on right now because I don’t know, but I will find an answer to that. Okay, cool. If you look at this software stack, today, I’m really going to focus on the Zowe part, the intersection of Zowe. On top of Zowe, by the way, is another offering called Unified Management Server, and then the Db2 stack the forks off. To get the Db2 stack working, you will need to get Zowe working, you will need to get Unified Management or server or UMS working, and then basically you can open the door and let all the Db2 tools in. I’m finding a lot of customers are struggling with this.

[00:18:16] – Joe Winchester
Does that make sense? That’s basically I’ve laid down the problem and I’ve laid down the plot for where I’m going to go. Now, Zowe, I’ll introduce Zowe a little bit. Zowe is an open source piece of software. It is built in collaboration with a number of groups, number of companies contribute to it, and it’s owned and managed by the Linux Foundation. It’s an open source piece of software, and the umbrella group that takes care of it is the Open Mainframe project. Let me just do some screen sharing quickly. A really great place to find out about Zowe is Zowe’s homepage, which is Zowe.org. If you want to download Zowe, because the very first thing you’re going to have to do before you install the Db2 tooling stack, is you’re going to have to get a distribution, a thing you can download it with. I’m going to go very quickly to version 3. On version 3, the web page here is split into server and client. Client, I’ll talk about later because that’s to do with Visual Studio code or IntelliJ or our CLI interface. So on the server, it’s shipped in three different formats.

[00:19:27] – Joe Winchester
It’s shipped as an SMP/E build, AZWE003. And it’s also we deliver rollup PTFs. So right now, if you grab that, you would grab version 3.2, which is our latest release, and you just install it, you wouldn’t have to get 3.1. 3.2 replaces 3.1 when 3.3 comes out. Now, if you’re an IBM customer, and you are because you’re getting Db2, you’re probably going to want to get it from Shop Z or Shop Z. It’s exactly the same piece of software. If you get the Zowe build from Zowe.org, IBM will still support you if you have an issue, irrespective of the provenance of where you got it from. You can get it from IBM Shop Z, or you can get it from Zowe.org, or you can actually get it from, I think, Rocket, distribute it on their software portal, and I know that Broadcom do as well. As long as it’s an There’s even checks that that’s the untampered version. So wherever you got that version from, you’re good to go. Sometimes I see people saying, Oh, I got it from Broadcom and I’m going to replace it with the one from my BM.

[00:20:43] – Joe Winchester
I’m like, If it’s the same number, it’s the same piece of software. You can even actually start sharing instances if you want to. That’s not an issue. SMP is there. Also, there’s another way you can install it, which is my favorite way you can install software, which is a convenience build, which is where you just get a PAX file. It’s a USS archive format. You literally just SFTP it across or however you want to upload it, and you just literally run an unPAX command, and you don’t have to deal with apply jobs and receive jobs and all of that stuff to do. So that’s my favorite way to get it, but we provide an SMP distribution as well. You can also get it as a portable software instance as well, if you want. It doesn’t matter. They all I’ll end up laying down the same stuff on desk. But once you’ve chosen one path, you’re generally going to stick to that path. Cool. Any questions on that or not? But that’s how that all looks great. Okay, so let me go forward a little A little bit of animation coming in there. Oh, yeah, this should have been at the start.

[00:21:48] – Joe Winchester
For those of you who don’t know, there’s a great movie with Michelle Yeoh and Jamie Lee Curtis and lots of other phenomenal actresses called Everything Everywhere All at Once, which is a wonderful film. It’s a great film. Anyway, if you haven’t watched it, I think it may have got an Oscar last year. Linux Foundation doing software. Let’s go and look. Let me see where I am in my chart deck. The person on the left… I’m just going to forward this. Okay, get back forward. I’m going to talk now about the Zowe desktop. This is the Zowe desktop. I think what I’ll do… We’ve got some more stuff in the chat. Well said. I thought it was a placing data studio. So Data Studio and DSM are both being replaced by a combination of the Zowe desktop and the tooling that sits on top of it, which I’m going to show you now, and the Db2 for zOS extension for VS code. Depending on the persona, it’s not like a one for one. So some parts of what is in Data Studio have ended up in the Zowe desktop. Some parts, such as débugging, have ended up in the Db2 developer for zOS Eclipse extension.

[00:23:08] – Joe Winchester
It’s more of a persona-based split. It’s not a one-to-one. What I’m going to do very quickly is I’m going to very quickly go towards a demo of the Zowe desktop just to show it to you, and then I’ll show you what it… The Zowe desktop, I’ve got one installed. I’m just going to click a button, and I went to port 755. Let me see if I can log into that. Let me just quickly go back. Sorry, 7554, 7556. It’s not going to crash on me, isn’t it? Anyway, I looked at it. There’s every desktop, that’s what it says on the tin. If you don’t like the background, you can play around with the background. You can change it with a bunch of tools. You can reset your password. It’s pretty powerful. It’s got some interesting utilities that you can do. You log in and log off. Where have I gone back to? I didn’t want to change my background. I didn’t want to change my password. But you end up with a bunch of applications on the left-hand side. When you launch a Zowe desktop, and some of the applications are actually pretty useful. Let me see, I’ll pick this one, IP Explorer.

[00:24:20] – Joe Winchester
It’s got a bunch of built-in stuff that comes out the box. It’s not going to crash, of course, because I’m doing a live demo, but it’s got some applications built into You can think of it like, when you get a mobile phone, you bring it back from the phone shop, the mobile phone is going to have a few things in it. It’s going to have probably a weather app, a compass, a clock, but we even lets you make phone calls. Some people, I believe, do still use their phones to make phone calls these days. But the most important application on a phone is the App Store. You can actually install additional things on top of this, and you benefit from the fact that you’re signed in once. You have a single sign on, and that lets you basically traverse an ecosystem of applications that all interoperate together. Most importantly, because from single sign on, you don’t have to reauthenticate. If you’ve got something like multifactor authentication or some outer band two-factor authentication that perhaps uses biometrics or fingerprint-based recognition or something. You don’t want to have to do that every single time you press a button.

[00:25:24] – Joe Winchester
You want to do that once and have it for at least the rest of the day or maybe the rest of the week or something like that, depending on your security policy. Okay, now what I’m going to go and look at is I’m going to look at what’s running behind the covers for the Zowe desktop. I’m literally, I’m logged into the same system, and I’m just going to go into SDSF and I’m going to look at what’s running behind the scenesSF, and I’m going to talk about these two started tasks. For you to get Zowe running, you will need to bring up these two started tasks. I’ve renamed them just because this particular system I’m just nerding out on, but this is called ZWESIS03 by default. Where you see S-0-3, you can mentally substitute STC. So that would be WSI-STC and SLSTC. If you don’t get both of those two up and running, nothing else is going to work. You need to get that as a car out the garage. One interesting thing I’m going to show you, and then I’ll talk about how it occurred, is those are two started tasks, but they’re quite busy in terms of microservices. If I type DA in here, what you’ll see is there’s a lot of stuff running, and sometimes that freaks this out.

[00:26:31] – Joe Winchester
I’ll talk a little bit later about how we’re going to actually reduce the number of that. But there are lots of microservices in flight at the same time, and that’s one of the problems. Now, if I just quickly do a PS, which takes me into Unix view. I’ve got command there. By default, you won’t see the command, but an SDSF, it’s off the right-hand side. Why I always just do, locate command in SDSF, and it takes me straight there, or I did a ARR to I haven’t changed yet. This is a really good place to go to. Now, you want to know your way around. While I’m here as well, I’m just very quickly, let me go to the Zowe docs. Often when I talk to customers, I spend quite a bit of time saying, Let’s go to the Zowe docs and I’m going to go to the Zowe architecture. This is a busy diagram, but fundamentally, if you have a look at all of our microservices, API Gateway starts with A and a G. Just picture, API Gateway is a and a G. API Discovery is a and a D. API Catalog is a and a C.

[00:27:35] – Joe Winchester
If you just mentally remember those, what you do is you’ll see down here something that says AD, and that’s because it’s application discovery. So AG is Application Gateway, AZ is the Authentication Service, AC is the catalog. What you see down here is you see the job name corresponds to the address space that’s running. That’s important because sometimes you might bring things up and somebody dies and somebody else is living, and it’s sometimes nice to know. If DS wasn’t there, I couldn’t have logged in because DS is a Zowe desktop. Let me go back to my PowerPoint chart. Another little bit more explanation about that. The Zowe client that I’ll talk about towards the end is a really cool Visual Studio code extension called the Zowe Explorer, and there’s a command line interface, and they basically connect to z/OSMF. Every time they send a request to ZUSMF, they use basic authentication with your user ID and password, or you can use Client Certificate Authentication as well. Now, When Zowe started tasks start up, that’s ZWESLSDC started tasks, it starts a lot of address spaces coming up, and all of those have ports associated with them.

[00:28:58] – Joe Winchester
We’ve got 1, 2, 3, 4, 5, 6, There are six address spaces here. This one you don’t need unless you’re running for high availability. All of those address spaces come up on different tasks. They all talk to each other. From that, that’s generally where most of Zowe’s problems occur, is because when those address spaces come up and those address spaces need to talk to each other, they need to get a certificate that they can use to talk to each other in internally within the IP stack that’s running on the Alpa on the USS. And also, externally, if you saw me when I opened my browser, I was able to connect from my laptop to that particular start of task. So they haven’t It’s an external host and port, which is just a 7554 API gateway. But internally, they need to chat to each other. And that’s generally where most of the problems occur. It’s all to do with the certificates, or they can’t to the ports because it hasn’t been set up. One quick thing to breaking news. On the next release of Zowe, which I think is coming out in August or September, I’m not completely sure we had to delay it for a bit because there were some issues that we ran into for backwards compatibility.

[00:30:15] – Joe Winchester
All of these address spaces, one, two, they’re all going to be merged into one. There will be a much nicer story going forward on Zowe 3.3. 3.2 still works. Everything works just great, which where you still need… Instead of having multiple address spaces, there’ll be one address space, you’ll be able to configure it, and that one address space is going to effectively run all of these services for you. Then basically, it still needs all of the ports available. But it’s just a simpler architecture. It’s only one moving part rather than five, potentially six moving parts. Cool. The issues that I always see, just if anybody lets me know if I’m dumbing it down when I talk about certificates or I’m dumbing it up, very quickly, I will quickly pop into demo mode. That particular system, and I’m just going to log in, that I was running there earlier. If I go and have a look. Gosh, where is it? It’s here. Yeah. Okay, so that’s running on… We’ve got some 7556 port. That’s where the Zowe desktop is involved. If I go and have a look. Whenever you launch Zowe, and I’ll quickly talk about how Zowe gets launched, there’s a started task.

[00:31:36] – Joe Winchester
I’m just going to show you what the started task looks like. Well, you saw the name of it because it was called ZWESIS03. If you go and look, we provide the JCL. Now, within… Sorry, I wanted to use this one, SLS03. How about this? Within the end of this, it points to the configuration. Now, when we ship Zowe, we ship the default configuration in a YAML file, in a USS YAML file. A lot of people have issues with that. They would rather store it in a PALM library. Zowe supports the ability to store that in a PALM library. My suggestion is that if you’re more comfortable with PALM Libs, and it’s your first time that you’ve ever dealt with YAML file configuration, you stick with PALM Libs. I run into an issue with a lot of customers editing the YAML file because they’re basically using ISPF, but I’ll show you. I have the Zowe Explorer running, which is a VS Code extension, and I can very quickly, so that’s rlppzoiinstance.YAML. When I open this, it’s all what I would call printified. It’s all colored nicely. Now, very quickly, let me just nerd out a little bit.

[00:32:52] – Joe Winchester
If I go into 3.17.

[00:33:03] – Joe Winchester
Hey, there’s a little bit of background noise, Amanda. I don’t know if that’s the question.

[00:33:15] – Amanda Hendley
I can hear it. I’m searching for the one to mute.

[00:33:19] – Joe Winchester
Hey, thank you, Amanda. Sorry, I thought I was being asked a question there. Yeah, no worries. Thanks so much for that. Okay, so again, I’m not getting any things that people think I’m going down a rabbit hole, but if you are, please stop me and interrupt me. I’m just going to go systemvar lpp, Zowe, V3 instance. So I find, and I’m just going to go into the same file that I’m doing here, pfa, Zowe. YAML. I find people doing like, E for edit on this file. Now, this is okay, but if you have a look, I don’t… Now, interesting thing here is I’ve colored this. Here’s a little trick. I think it’s called highlight C. If I do highlight C, For me, the YAML is not a language that ISPF highlights and knows. By default, I should have gone into a system where I showed it to you off, and then I would have amazed you by setting highlight C on. But I come across a lot of customers where the comment lines are indistinguishable from the actual lines of the control, the source, effectively, the uncommented lines. And that’s a real nightmare because I see people struggling And then we have a look and we’re staring at green on black.

[00:34:32] – Joe Winchester
It’s very monochromatic and a nice little power up. If you are having to use ISPF, is to literally do highlight C. And because the comments of the C language are the same as the comment of Yamal language, which is basically the… In England, we call it the hash symbol, but I think in the US, it’s called the pound symbol because our currency symbol is called the pound, just to make it confusing. But whatever you call this symbol, which is a YAML comment, this is purplarized. That’s not a real word, but you know what I mean. It’s colored differently, and that’s a good thing. Otherwise, you are just swimming in green and you don’t actually know what’s live or what’s not. My preference just is because I don’t particularly like using PF keys. That’s where my functionate and PF and all of that stuff is. I just like using the XOE Explorer for VS Code. But if you have a look, C-O-M-P-O-N-E-N-T-S, when I I go to Components down at the bottom. This lists all of the components that I want to have running. If I go back to my… Let me go back to my PowerPoint chart, this one here.

[00:35:42] – Joe Winchester
This particular instance I’ve got started up here, I want one… Let me go back. I shouldn’t have clicked it. One, two, three, four. I want to have this, but I didn’t want to have the caching service, and unfortunately, we ship the caching service on by default. So go down here and if you have a look, it says Enable This is where you can see your port number. Enable true, enable true, enable true. Caching service, by default, Zowe ships it with Enable true. It’s difficult to configure. You don’t need it on day one unless you’re configuring for high availability. My suggestion is don’t configure for high availability. Just start one up on one LPAR, get happy with that, and then you can have HA. My power up tip for the day is when you see that says true, make that false because we don’t actually need that service to begin Because if you do make it true, then you have to deal with InfiniSpan and all of the caching services or Redis or something. Okay, and there’s our app server. What else have I done that’s interesting, that’s worth talking about here? When I talked about one thing that might be interesting, I’ll just go back here, and I’m shooting from the hip a little bit here.

[00:36:54] – Joe Winchester
I have ZWSISLSTC. Those communicate to with each other. Everything in the SL STC communicates over an IP network, and they communicate to the SI task using a cross-memory connection. If I go back to the Zowe architecture, you’ll see one started I’ve got a task here. Everything in here is communicating over an IP stack, and I’ll talk about the certificate for the IP stack. Now, what’s interesting is they have to find the cross-memory server. Sometimes what I do quite a lot is I actually run different instances of the Zowe I stop on the same L-part. I want to isolate them. Perhaps I’ve got one version, I’ve installed the next version, and I’m not ready to roll it out, and I’m testing it. There’s a great question from down, Do the docs state what cert you need for what URLs and what special? They do, and I have that on a chart in five minutes time, three minutes time. But I’ll tell you what, let me stick. I said you were driving the bus, so I’ll do that question first, because if it’s fresh in your mind, then you want to do it. So yes, the issues are…

[00:38:03] – Joe Winchester
Yeah, we do stay in the docs what’s happening, but I’ll talk to you a little bit more about this, and then I’ll go to the docs to prove it’s in the docs. First thing you have to be careful about is if I look at that software stack there, docs. Zowe.org, I look at the architecture diagram. Where is it? Zowe z/OSMF. If z/OSMF isn’t running, you can get Zowe running, but you can’t get the Db2 stack up. So you do need Zowe SMF. Now, what I find a lot of customers do is they’re Let me see. That was actually a live screen. So the z/OSMF on this particular system, I’m fairly sure, 443 is the default port. So if I leave the port off and just type z/OSMF, it’ll tell me. Now, this particular z/OSMF, if you have a look at it, Interestingly, this is what I wanted to show you. It’s not a trusted certificate. What I mean by that is if I go and look at my certificate and go and look at my certificate details, it’s just self-signed. Well, it’s not self-signed. The certificate itself is issued by this, and this is issued by this, and it’s signed itself.

[00:39:22] – Joe Winchester
So the certificate authority has signed itself. My laptop doesn’t trust that certificate authority because it’s not in my trust store. So the laptop goes, I’m not that happy. And I have to go advanced. And depending on the browser, actually, it looks to me like it basically says, I’m just not even going to let you use it. So you have to get Zowe to trust that certificate. The way you get Zowe to trust that certificate is… It’s a great question that we got I’ve got there, is there’s a little bit in the YAML file where you have to say, Verify certificates, disabled. If you leave that at the default that we ship with, and I’m just saying this is all in the deck. I just wanted to show it to you live. If I said that to be strict and I bounce that Zowe started task, it would come up and it would say, I can’t handshake to Zowe SMF because Zowe SMF gave me a certificate where the certificate When the security was self-signed. You told me to have strict checking on, which basically means don’t drive through that like, Thou shalt not pass sign.

[00:40:40] – Joe Winchester
And that’s a problem. So sometimes I get calls from customers and I literally say, Change that to be disabled. And that basically tells Zowe, Bust through that, trust the OSMF. Because if we can’t trust the Zowe SMF, we basically can’t get the Db2 stack installed on top. So you need that to be disabled. If you If you don’t have Zowe SMF running, you can actually done. That’s important. There’s another one you can do as well, which is that it’s possible that the Zowe SMF certificate is a trusted certificate. So it was signed by a trusted certificate authority, but it doesn’t have the subject or the name, doesn’t have the network address in it. So I’ll show that really quickly. So this particular certificate here, I’m signing it for this address called tvt5 I don’t know, 9. If I go and look at the certificate details, if I go and look what’s called subject alternate name, which is down here, that’s the list of trusted addresses that that certificate can be issued from, which happens to correspond to this. Chrome goes, Oh, That’s fine. The IP address serving that, the certificate is presenting, is signed for that address, so I’ll let it go through.

[00:41:52] – Joe Winchester
I find a lot of customers, what they do is they create a certificate and they’ll create a trusted certificate on one LPA, and then they’ll bring it up for a different IP stack. And on the second or third or fourth IP stack, usually because they’re lazy or because they don’t want to procure a new certificate or there’s some cast or a different group they’ve got to contact or something. So it’s very easy Copying certificates is quite easy to do. So US will let you copy certificates all day long. You just pick up the serve file and just move it. But what you end up finding is you end up finding a certificate being served off an IP stack where the DNS doesn’t include the address that the certificate is exposed through. For example, it might be that you’ve wired to use the IP address and not the named address, or the DNS server can’t be reached internally, but it can be reached externally, or you have DeVypr in the way or something. If that’s the case, then that’s all going to be headwind. If that’s the case, then we actually have a value called non-strict.

[00:42:57] – Joe Winchester
What non-strict lets you do is non Strict is between disabled and strict. Strict says the certificate must be trusted, so the signing authority must be known to me, and the IP address that it’s being served with must be in the subject’s alternate name. And disabled just means ignore both of those. So that’s all or nothing. You’re in or you’re out, black or white. But it’s a gray area, and the gray area says, Well, the certificate Validate trust of the cert, but the other check is not needed. The other check is used for something called cross-site forgery. Cross-site forgery would be an attack, and it does occur on the internet, which is where… I’m going to pick a bank. I don’t want to pick on a particular bank. Let’s assume there’s a bank called Jimbank. Jimbank.com. And Jimbank.com is an amazing website. And we go in in the morning and we go to Jimbank.com and we log in and we do all our banking, we g out. It’s great. We enter all our credentials and loads of information. If I was a bad person, I could register the domain for Jimbank.com, where the I character was actually like the Turkish letter I or a character that you couldn’t distinguish based upon a US keyboard, that that was basically a fishing attack.

[00:44:19] – Joe Winchester
It’s not phishing, so it’s a Trojan horse. It’s trying to rock up and convince me to enter it. But I would not be able to get a certificate signed for that, that would be a trusted cert. So you would have to blitz your way through that warning. So that’s why browsers get really… That’s called a cross-site forgery attack. So browsers don’t like that. But if you manage your IP stack and you have a firewall and things, you could basically say, That’s fine. Just take it. So that’s what the non-strict mode is for. Question from John. So that was just going to finish answering down. The other one that I do want to talk about quickly that causes lots of customers’ problems. I’m going to go and look at this certificate. If I go and look at the CERT, the CERT has got something called an EKU, an extended key usage. We might not actually have it on this certificate, so I might have to go to my picture. Eku is optional. This particular certificate doesn’t have an extended key usage. If I had it, I’ll show you on the next screen, it would come down and say EKU.

[00:45:27] – Joe Winchester
Let me see if I can find an EKU on another Let me do 5011. I think on this particular, this is another system. Yeah, so this system is trusted. You can see this as a better certificate. I didn’t get my hairy, scary warnings. Let me go and look at this. Connection is secure. How are we doing for time? 518. On this certificate, which is nice and valid because it’s signed by IBM as an internal route, I think I have an EKU on this one. Yeah, extended key usage. If If the extended key usage is on the certificate, it doesn’t have to be, but most people who issue… This certificate was issued by IBM certificate authority. So whoever procured it, which is probably me, I had to go into an Intel website, I had to upload a CSR and it said blah, blah, blah, blah, and it came back with it. And then I took the PEM file and moved it across and stuck it in a keyring. And that external signing authority would have had a drop-down box that I said, Do you want a server certificate or a client certificate? I need both. I need a certificate that can be used in a server and a client.

[00:46:40] – Joe Winchester
A lot of customers, they take the option when they procure something from an external signing authority where they say, Oh, this is a server. I’m just going to use this as a server certificate. And what you’ll find is you’ll find your EKU will say server authentication, but it won’t say client authentication. And if that’s the case, so we will I’ll be able to start. I can go into the docs and just show you. I think it’s called extended key usage configuring certificate. And this is, I can’t remember who asked the question. I think it was Darren who asked the question. But configuring certificates, we I have quite a lot of detail. The detail is quite terse, and I’ve got more pictures in my presentation. But the Zowe certificates have to either not have that attribute or you have to have both. Now, the error message that gets written will tell you that we do actually check it. There will be an error message quite early on in the log that says, your certificate failed because the EKU wasn’t correct. But a lot of customers sometimes don’t know how to deal with that. And that’s usually the best way to do that.

[00:47:43] – Joe Winchester
Everybody’s I came across one customer once and they were using an external third party to create their certificate and their website of that third party. It was difficult to work out which drop-down option to use to say, don’t put an EKU on it. Because once If it was on it, you can’t take it off because the certificate is signed by the private key. So if you took it off, you’d be tampering with it. But you have to basically have those. You have to have those there. I’m going to go back to my deck and John, you asked a question. Are all the fun new tasks ZipZap eligible? The answer is no, not all of them. The Java ones are Zip eligible, but the Zowe desktop, which is running a node. Js, my understanding is that node. Js, you can’t put on an IFL. It would still form part of your… I’m not an expert in how software gets charged, but there’s a monthly license charge or a TaylorFit pricing, which my understanding from what people at IBM tell me is it’s a difference between buying your minutes up front for your mobile phone, then you might not use them all, or you pair as you go usage within a rolling, I think it’s a four-hour rolling window or something.

[00:49:00] – Joe Winchester
I’m not a pricing expert, but it’s not… The Node workload is not Zip eligible, but the Java is. So when I go back to that diagram in the Zowe architecture docs, which is not a great diagram, but basically All of this yellowy stuff is running in Java, and Java is Zip eligible. This is running in C, Metal C or it’s LEC. I think this is Metal This is LEC, and this is LEC. They’re not Zip eligible, and the application server that serves the web pages is written in Node, and Node is not Zip eligible. It is possible. While I’m on that question, though, some customers I know who talk to say, Crikey, we don’t want to add all of this to our infrastructure bill. If that’s the case, if I go down, I go past high availability, you can run a configuration of Zowe, which is where, and it’s again, a apologies for the diagram, the started tasks, if you have a look, the SLSTC, if you can think back to how it was a little bit, the The Unix system services job was running the Zowe desktop and the Zowe mediation layer, which was all of those address spaces.

[00:50:26] – Joe Winchester
All of those address spaces are running on the Unix system services, so they’re just Java and Node. If Java and Node could run the Unix system services, they could run in the container. You can run all of that in a container, and that container… Let me go back to Zowe docs. Let me go back to Zowe.org, and we go to Download. The container that we have, it says, Containerization coming soon, because we don’t have it working for version 3 at the moment. But for version 2, we have a containerization build. For the containerization build, what you’re able to do is take that container and run that container in ZLinux or x86 or AMD 64. You can Basically, it’s not Zipaligible, but you can run it. It’s like a hybrid-y thing. You can run it somewhere else. Let me go back here. If you think back to that diagram, I think I was in it. No, maybe it was somewhere else. The architecture diagram. Yeah, this is running on the cross memory, so this has to be co-located. So this has to run on the Unix system services. But because everything else is a bunch of IP, we’re basically taking that and running it off.

[00:51:42] – Joe Winchester
But then you have to deal with, well, this network stack has to talk to that one. So you end up solving that problem, but you’ve got a few other ones to cross. But it’s a great question. Well, it was a long way of me saying, no, the node is not Zip eligible, the C is not Zip eligible, but the Java workload is. Cool, yeah. So let me get back to the Cert stuff. So Cert, Authority, Invalid. Who sign a certificate? This is all stuff. If anybody wants more, I’ve got some links at the end. If most of this prox They understand about signing certificates, they understand about certificate authorities and something. If you don’t, we have some quite good tutorials in the documentation. But it’s worth… What I find, what I often find… I just got some screenshots here. If your certificate is not trusted, you can always add the surf file to your laptop if you want to, but then you’d have to do that for every laptop you distribute it. It’s much better to get a particular one. Now, zero SMF certificate authority is not provided, can’t be trusted. So that’s a particular error that you get.

[00:52:53] – Joe Winchester
I show that a little bit, which is where if you’ve got verified certificates strict, dial it back to disabled, get everything running, and then go from disabled to non-strict. Non-strict will be fine because non-strict means it’s still validating the… It’s basically to do with Zowe SMF. If Zowe SMF doesn’t have a certificate that Zowe can trust, then it’s going to balk on you. Now, one thing you can do if you want to, and just literally, while I’m thinking about it, I’m literally thinking on the fly, if I go and look at my Visual Studio code, so this is how you specify in the Zowe.YAML it’s just above it, the certificate that you’re using. I’ve specified in here. There is a keyring by IBM user called HSS Keyring, and I just decided, Oh, I’m just going to configure this particular version of Zowe with that. That is a key ring. That is a key store and a trust store. The difference between the key store and a trust store, and again, sorry for mansplaining you on this, but the key store is where you’re going to be holding your private keys, and your trust store is where you’re holding public keys.

[00:54:00] – Joe Winchester
So my laptop, if I go and look at my key chain on my laptop, my laptop, interestingly, my laptop has the public keys of the certificates that I want my laptop to trust, which actually has the IBM internal route one, which is why I was able to log into that TVT-5011 and trust that certificate, and I couldn’t trust the number nine certificate. If I wanted to, I could have imported that into my Key Store, my laptop, into my Trust Store, and it would But these are not private keys. To have a private key held, my private key is basically going to… This is my trust store, what I’m trusting. My private key is held in my key store. Generally, trust stores and key stores are the same. Generally, people make it the same object. You have the ability to make them separate objects, to keep your private keys separate from where you want your public key store. But if z/OSMF was presenting to you a certificate that was signed by a certificate authority that the browsers didn’t trust, but you wanted Zowe to trust it, what you would basically do, and I’m just going to quickly do a rack dessert and show you what that keyring looks like.

[00:55:11] – Joe Winchester
So it’s what rack dessert? Was it Listring? Listring star ID. I think it was IBM user. Yeah, okay, on this particular one. Hang on. Yeah, okay, on this particular one, if you can have a look, what I’ve got is I’ve got my TBT 5 009, which is my alias for my label for my private key. That’s what’s being used to basically encrypt the traffic. I’ve got my certificate chain, which is great, and everybody’s good. If I had zO SMF coming at me with some internal sign certificate, perhaps with some IZU default route or something strange like that, I could always just do a Rackdee and connect that public key into this REST, which is my trust store, and Zowe would work. I could say verify strict if you really wanted to, and that’s fine to do it. And then at least you’re controlling that within your security manager, within Rackf or ACF2 or TopSecret. Zowe supports ACF2 and TopSecret as well, and the docs tell you the commands to do both of those. But you can do that. Then Zowe basically needs to know. It’s important in Zowe to basically make sure, look at your keyring, work out your keyring you’re to use, get your keyring looking pretty, and then basically connect Zowe to that keyring.

[00:56:35] – Joe Winchester
Zowe can generate a keyring for you if you want to. I don’t recommend it because it does magic and that magic always fails. You’re probably better off just doing it yourself. Interestingly, one of the interesting things that I do whenever I configure Zowe is I never configure… I know some customers, they create a specific keyring for every start of task, for every user ID and start a task. They end up with a proliferation of key wings that are all pointed to the same certificate, often a site certificate. Personally, I just think that’s a bad strategy to use because you end up with more complexity to manage. If you make a mistake with your key ring, like you don’t have the full certificate authority signing chain or something, you just end up in a world of hurt. If you have a look here, I’ve actually stolen somebody else’s key ring The Zowe started task. Let me show you that really quickly. Go back to that. The Zowe started task is running under a user ID called ZWESVUSR. Zwesvusr is not the owner of this keyring. My favorite deployment strategy is to not create a new keyring by Zowe started task.

[00:57:53] – Joe Winchester
I’m quite happy for security experts to have a discussion about this because I still don’t why mainframe shops that I come across want to create a keyring for one keyring per user ID when all they’re doing is they’re connecting to the same certificates because the certificate is held in SAF. For me, that’s just an area of complexity and it’s just a weak point and you’re just going to fail and you just got a friction surface and you’ve just got more to manage. I’m always in favor of taking a certificate. Interestingly, the certificate I’m using here is actually the same certificate that’s used by used by the TN 3070 job. So it’s the same certificate that’s being used to authenticate, equip the traffic for my 3070 emulator, which is running across TLS. So therefore, I know that if… And that’s not going to die, because if that dies, then We’re really hosed because we can’t log in anymore. So I much prefer reusing certs and having custom certs. Cool. So we talked a little bit about verified certificate disabled. Tls encryption will occur, but if so, you can’t do it. So that’s the thing. I talked about subject-alternate names.

[00:59:04] – Joe Winchester
I showed you a earlier that just had one. If you create a certificate, every time that certificate is presented, every bit of TLS is going to say, Is the server that’s presenting this certificate, presenting it from the address that the certificate was signed for? Because if they’re not, they could be a fake bank trying to steal your money. So who’s got a domain that looks a little bit like this enough to trick you visually, but it’s for the wrong cert and you’re just going to in a world of hurt. So TLS really says the domain that’s serving the certificate has to be the one that signed it. Otherwise, it’s basically open season. We may as well just all publish our passwords, put them on a bus stop or something and walk away. So it’s important. If you look at this particular one I’ve got here, I’ve got 5011, which was my named IP. I’ve got an internal IP address. I’ve got localhost, localhost. Domain. If you’ve got things like DeViper running and perhaps your DNS is external because that’s what DeViper does, just make sure that your certs got Everybody. And also you can wild card certs as well.

[01:00:17] – Joe Winchester
So certs can be wild carded. But that’s a huge problem with… I find when people set up Zowe is basically the certificates just doesn’t have the domains to match. Now, I know that if you, depending on where you get your certificates from, I think on rack dessert, you can only create a two subject-alternate names. I think there was a feature. I’ve heard that they’re going to extend that, which is long overdue. But if you’ve got that problem, Then you’re going to have to use some other tool to create that certificate and then just import it into RackF. But there’s 101 ways to create a certificate. You can use Key tool or… We got a nice comment, Certs in separate keyring. When something is changes less impacted when an error, academically easy resolution. I’m not sure, Dan, if you’re agreeing with me, but certificate and separate keyring. When something changes less impacted when an error. Okay, that’s a good point. What you’re saying is that if you have separate key rings and that key ring breaks, it’s only going to take down that one service. But that’s good. But then if I go and have a look at my If you’re creating a key ring…

[01:01:35] – Joe Winchester
Let’s go and have a look at RACKDCERT LISTSTIRNG *IDIZUSVR1 which I think is SOSMF. Not SOSMF. What is it? IDIZSVR? What’s happened on this system, and I just use systems at IBM, I torch them and burn them all the time. Somebody They’ve created this system for me, and I know in this system that it has a perfectly good site certificate. Absolutely perfectly good. They’ve created a keyring for Zowe SMF, and they’ve run a default job. They’ve called the izukeyring. Izudefault, and they put a certificate authority that signed itself. That’s why my browser was getting upset, and that’s why Zowe is going to get upset. That’s just created a world of hurt for me as a customer. I’m questioning as to why they Now, maybe the mistake was they should have done that, and then they should have connected it with a better certificate and a better certificate authority. Maybe that was the problem. But I just run into so many sites where I end up with a specific keyring, and then people provision a brand new certificate for Zowe and a brand new site. I’m like, You already have a good site certificate.

[01:02:50] – Joe Winchester
Just use that existing cert. Okay, so I’ll take that down. That’s a good point. If you wanted, you could connect it to an exist. You could create a keyring specifically for Zowe. But why create a brand new certificate? Why not just have one good certificate and then watch that and make sure that doesn’t expire? Especially as well… Okay, but But that’s what I see that. I missed that cross-site for you. I talked a little bit about that. This is the client and the server. So the certificate should be trusted. It’s written known. Certificate San and the EKU. If any of those are wrong, you’re going to end up in a world of hurt. And that’s basically what happens. Now, interestingly, there’s a website and there’s blog. I’m not publicizing my blog, but medium.com. Zowe, myself and a lot of other people, when we end up hearing the same issues from customers over and over again, we tend to write blogs about those. So if you want to know how to connect to use an existing keyring and a certificate, it won’t work by default. I mean, because it is guarded by the RACF or ACF2 or TopSecret, you do need to do a little bit of work.

[01:04:03] – Joe Winchester
There’s quite a nice blog that lets you do that. And I also have, there’s a blog here. This is not in the documentation because the documentation we have is reference documentation. It assumes that the CISPROGs know what they’re doing. But I get very frustrated when I browse IBM documentation for a subject area that I’m not an expert in, and all I read is stuff that assumes I’ve been doing this for 25 years. So these blogs are a little bit introductory But they talk about in this particular one, you have to create a CSR and then do a generated request and FTP it back up and give it and then FTP it down and do a rack, what’s that? A rack, this is an ad command. Anyway, it’s All of the commands are there, so they’re quite good to know if you need to do them. One other thing, and this is a big problem that I find for Zowe at the moment, is that quite a lot of customers are using ICFS. ICFS is great, cryptographic services facility, and where you’re basically your private key can… When you create your certificate, when you do your rack dessert command, there’s a particular attribute, I can’t remember exactly what it is, but basically the private key is stored in ICFS.

[01:05:11] – Joe Winchester
It’s all on crypto hardware. And that’s great because that’s not a… It’s just more secure. And it also runs quantum save crypts and algorithms, all that great stuff that IBM Z and IBM Power and DS 8k has to future proof people stealing your data today and looking at it tomorrow once they figured out how Because I would say 2.56 can be broken by quantum computers. So people want to use crypto hardware for private key encryption. That’s great. Unfortunately, the Java and Node, which are the two Unix-based languages that Zowe is using, they cannot read private keys held in crypto hardware. They just can’t do it. So therefore, you have to use ATTLS. ATTLS is application Application transport transport layer security. So what you effectively do is you tell Zowe, communication server is handling encryption. So Zowe goes, okay, that somebody else has got me. Somebody else is basically my airbag, my cotton wool to the outside air. So it doesn’t have to worry about encryption. So you basically dial back and then you have to configure HTLS and HTLS rules. So we… HTLS is… I’ll just click that link to see if I can open it.

[01:06:28] – Joe Winchester
I do know, so Ththisis is Sean Grady, and he’s one of the subject matter experts, the architect we have at Zowe. There’s a really good chapter. It’s in the documentation, but I often sometimes, and basically within there is all of the inbound and outbound ATTLS rules. And what we’re seeing at IBM, and also I know the other vendors who support Zowe as well, like Welcome and Rocket, because we talk to each other, we’re seeing quite a lot of people struggling to get ATTLS working. So basically just read docs. We have the rules. If you follow them, they will work for you. And we talk about high availability and multi-tenancy. I’ve got the link there. And that is the best. Attls is tricky to get, fiddly to get working. I don’t have one I could show you, but you basically go into… So this particular, Zowe. YAML, that I’ve got configured here is I’ve got ATTLS_false, false, and I’ve got the minimum and maximum TLS so it can work. By default is one, two, or one, three. So if you want to set ATTLS to true, you basically say true, true. You comment these lined out and you just bounce Zowe and it’s going to come up.

[01:07:49] – Joe Winchester
And nothing is… All of that data is going to be basically HTTP. So as far as Zowe is concerned, it’s unencrypted data. Zowe is not handing the certificate for you, but then you need to have the ATTLS rules in place. It’s a question of just read the docs and grind down the docs. But ATTLS does work. If you follow the docs, you will be able to get it to work. But I do find quite a lot of customers where they start to deploy Zowe, they get everything working without ATTLS, and they perhaps provision a certificate or they create their own certificate. Then when they move to production, And they might switch certificate where the private key is held by ICFS, and then Zowes just won’t work. But you do get OMS just telling you that. So then you have to configure ATTLS and configure the rules. And that’s just a question of, just make yourself a pot of coffee, get your favorite pack of biscuits, and just grind down that dock. There’s no shortcut to do that. I’m looking in the chat, but there’s no question. Nobody has asked a question about that. But if you’re planning for deployment and if ICFS, plan for HTTLS.

[01:09:02] – Joe Winchester
Get those rules set up in advance. Cool. Then I have a little video of… I’ll just let it play. I don’t know if that’s interesting. But that’s what… Is that video playing? That’s supposed to be a video. Something’s gone wrong. Switch to the IBM. Okay. Anyway, so I’m It’s just while I talk through, this is what you’re going to end up with. At the end of the day, I haven’t got a live demo to show you of Db2 Admin Foundation, so I basically got a screenshot of it. But this is what it looks like. This is what Db2 AF looks like if people haven’t seen it. It’s a rich graphical user interface. It’s running in a browser. It’s based on the Zowe desktop. This video is included, actually narrated by somewhere, Camrys Aram, who’s IBM senior technical staff member and architect of this. It’s a pretty good video. It’s one that she demoed. She used it when we were in IDUG in Valencia last year when there’s some terrible flooding and stuff going on. It’s an international Db2 user conference. So this video will be in here and you could watch it. But somewhere, it’s basically talking through some of the functionality.

[01:10:12] – Joe Winchester
But what I wanted to focus on for When did we start, Amanda? I’ve been talking for over an hour, haven’t I? Sorry about that.

[01:10:21] – Amanda Hendley
I mean, just right about an hour.

[01:10:23] – Joe Winchester
Right about an hour. Okay, 40 minutes.

[01:10:24] – Amanda Hendley
Is everyone still awake?

[01:10:28] – Joe Winchester
I’m awake. But hit me up with some more questions if you want to. I assume you’re mostly set as prox. I do have more information. I could talk about the Visual Studio code side, but I just wanted to just clearly make sure that everyone I’m just going to recap. There’s a thing in presentation which says, Tell them what you’re going to tell them, tell them what you told them. So sorry, I’m repeating that. Anybody’s got kids and they watch children’s TV, really young children, you’re like, Why are you showing that clip again? Because it does help to reinforce the brain. Okay, so for that beautiful A set of software to work that we’re just looking at a video of now, you will need to… So you order this from IBM, you go into IBM Shop then and order it. It’ll tell you, Oh, by the way, you need to get Zowe and you need to get unified management server as well. A lot of people struggle getting Zowe to stand up. 99% of the time, it’s because of the certificate. It’s because the certificate that they’ve got is one that Zowe doesn’t like. That’s That’s basically why I’ve obsessively talked about certificates.

[01:11:33] – Joe Winchester
I’m sure there are the problems that people solve. Then, again, what did I show you a little bit there? Just to remember, if Yamal is not your friend, it will become your friend. I get people… I was on a call with somebody the other day, and he’s a really experienced 40-year cisbrog, and he said to me at the end of the call, he said, If the person who invented Yamal isn’t dead by sunset, they will be. I mean, that’s how much he disliked working with the Aml files, because he was always used to working with PalmLib members. So we were like, Dude, stick it in a Palm library. And we do support Palm libraries, so you don’t have any of the indentation And I can see if I can find that in the docs, or if not, I will owe you PalmLib configuring, advanced server-side configuration. Yeah. So if you look at… So I don’t have a dog in the race about palm lips or YAMLs. I didn’t grow up with palm libraries. I’m not a cisprog, so I don’t find YAML a problem. But like I said, if you do, you literally… So this is your start of task.

[01:12:47] – Joe Winchester
I just picked that one, but that start of task, if it opens, it points to a config file, which can be Zowe. YAML. But if you look at the docs, and I’ll go back to the docs, you can basically modify that config file to be a palm lid, and you just to specify a palm lid member. And what’s interesting about that as well, and this is interesting if you’re dealing with HA or you’ve got multiple LPAs, that’s a concatenation of files. You can mix and match palm lid members and YAML files together. And what’s very cool about that is that if you were dealing with HA or you were wanting to bring up perhaps four instances of this on four different LPAs, what you’re able to do, and I’m I’m just going to… Let me just revert everything. I’ve got a lot of controls in my way all out. If you look at this, zoi. YAML file, a lot of it might be shared. There’s a zoi, there’s a bunch of setup stuff. I’m trying to think what, the run time directory, where you log things to. This might be Slash global because this might be shared across a cisplex, where you’re going to drop in your extensions.

[01:13:52] – Joe Winchester
If you’ve got a shared file system across a number of LPARs, bringing us where you’ve got a coupling facility in the Sysplex, and Perhaps the certificate that you’re going to use is going to be the same, but you’re just going to bring it up on different ports. What you can do is you can create a file that’s the the parent copy or the grandparent copy that’s got the defaults. Then on each individual, you can then create different other files where you just chunk out the information that’s more volatile across each particular LPA, but the information that’s common, you keep shared. That makes a boatload of sense if you’re going to bring up more than one of these, and you need to do that for HA. So if that’s the case, then having the concatenation of these is your friend. It will save you. So if, for example, you then install a new version of your run time or a new version of Java or a new version of Node or something like that, it’s all going to be up there because it’s just in one place. It’s a bit like using Simlinks. You’ve got a level of indirection, and that’s just a good thing to use.

[01:14:58] – Joe Winchester
There’s some great information the documentation about that. You can also use templating as well, which is interesting. Templating, it talks about here in the docs, a lot of the information that you have in those YAML files is repeated. If I go into the YAML file and I enter… Oh, gosh, I’m trying to think what I could enter, ZWV3, that occurs six times. It’s just part of my high-level qualifier. It’s no big deal, but if I were to change it, I would have to change it in six places. It’s always nice There’s a phrase that they use, which is people who do really extreme go hiking into the mountains for days on ends. I think it’s actually in the Air Force, they have an expression which is never go to battle with two watches. What do you do if you look at your watch in your left hand and your right-hand and they’ve got a different time? You don’t know what time of day it is. It’s much better to have one watch that’s always accurate. So that’s why, let’s say I have the value six times. I might change it five times and forget the six one.

[01:16:00] – Joe Winchester
Which one is correct? And it’s not a mess. It’s much better to have the value only stored once in a third normal form way. And that’s where that templating is your friend. So this is not a templated file, but if you get to the point where you’ve got lots of these and you only want to change something once, you can use templating. That’s a really good thing to do. It just saves you a bunch of work. That’s also interestingly why… Aviators, I’m sure now they don’t even have watches because it’s all TPS and they’ve got the time of day and stuff. But that’s why really premium brands for watches, like the Brightling and stuff, so they grew up, which is like, We’re just going to create an amazing watch that works when we’re upside down, when we’re freezing cold, when we’re going at max three and things like that. That’s why some aviator watches are just really good because it’s like, You need to know exactly what the time is. It’s important when you’re… Anyway, maybe there’s pilots on the call who know more than me about it, but I have pilot friends and things, and they were just like, Yeah, it’s a really good idea to have one watch.

[01:17:02] – Joe Winchester
Cool. So it’s a really good idea. So where are we? Let me go back to my PowerPoint presentation. So that’s really telling what I told them. If you do want to enter any problems as well, you will get support. You will get support from whoever gives you support. If your Db2 customer and Db2 Admin Foundation is failing, you get support entitlement with that. So you can just raise a help ticket with IBM. Or if you get your Zowe support through Broadcom or Rocket, hit them. Whoever your favorite person is to throw a rock at. We also will collaborate. One interesting thing is you can do as well is I’m just going to quickly show you. We have a Slack channel. I’m just going to bring it So it’s all public. So I’m not sharing any information that’s not public. There’s information on Zowe.org. If I go to Zowe.org, where are we? Where are we? Zowe.org. I think if I go down here, so we desktop. It’s called Zowe Application Framework. Don’t ask me why. It’s got about three different names. But there is something in here that says connect on slack, and that should take you straight to our Slack channel.

[01:18:10] – Joe Winchester
And if you’re not a member, it’ll prompt you to ask you. Unfortunately, some customers can’t get access to Slack, but we have Slack channels, and you can join Slack channels. And it looks like somebody asked a question that I probably should reply to because it looks like Sergei replied to it a week ago. That’s nice. So that’s Serguei Kumovitz. He works for Broadcom. Super guy. So again, people are having problems starting up, Zowe, and things like that. Actually, I asked a customer once, and Elaina is asking some questions. So it’s a good idea to ask questions here if you run into problems. Another thing you can do, connect on GitHub. And if I click that link, it It should. Yeah, boom, yeah. It took me straight to a repository in GitHub. Assuming you’ve got access to GitHub. IBM.com, you will need to have an ID. You can basically look at issues and just create an issue. You can create a new issue and you just put a bug report in there. And what happens every Friday, all new issues are triaged. So if I go back a little bit more on Zowe.org and let me go and look at community.

[01:19:14] – Joe Winchester
Where I go and look at community meetings because so is open source. One of the things I love about open source is so much is done transparently. You haven’t got vendors secretly plotting to charge you lots of money and take things off support and roll things out without telling you and stuff. Not that that occurs. But this squad here called the WebUI Squad, they meet every Friday. That’s 2: 00 PM. That’s my time. So let me do the math. I guess that’s nine o’clock Eastern. So you have to wake up a little bit early from the West Coast, but you’re probably used to that by now. And you just register and you join that call and everybody’s welcome. And every new issue will always be discussed. So if you raise a new issue during the week and if you join that Friday’s call, the Scrum lead will call out all new issues and then the people there will discuss it and decide, Are we going to fix it? Is it in the backlog? And we’ll put it to next release. And it’s always really nice if the person that raised the issue is on that call as well, then they just come off mute, put something in the chat and go, You know why that didn’t work for me?

[01:20:14] – Joe Winchester
Everybody loves nothing more than just mucking in and getting people back on the side of the road, because it might literally be like there’s a doc link that was wrong or something like that. So that’s a really good place to get support. I’m going to pause there. So Amanda, it looks like I’m going to go for the full 2 hours on this one, doesn’t it? I think we started at 4:30 and it’s now almost.

[01:20:35] – Amanda Hendley
You are? Okay.

[01:20:37] – Joe Winchester
Well, it’s up to you. It’s completely up to you. I did promise I would be the last person to close the room. So we’re going to go look at Visual Studio code now. Okay, so I’m very quickly going to… I’ve got some slides, but my slides might be a little bit out of a sequence, so I might just fast forward to this particular slide. Okay, so there’s two extensions that are interesting. The first thing I’m going to do, I guess I’ve already showed the end of the movie before the start of the movie. Amanda, unless you need to go, I don’t know, is that your dog barking in the background or not?

[01:21:12] – Amanda Hendley
That’s my dog barking, but she barks anyway.

[01:21:15] – Joe Winchester
What’s her name?

[01:21:17] – Amanda Hendley
Regardless of anything.

[01:21:19] – Joe Winchester
You’re all good. Amanda, what’s your dog’s name? I’m a dog person.

[01:21:22] – Amanda Hendley
Daryl.

[01:21:24] – Joe Winchester
Darryl? Your name is Daryl.

[01:21:25] – Amanda Hendley
My name is Daryl.

[01:21:27] – Joe Winchester
Awesome. Hey, Daryl. Daryl’s really well behaved. Make sure Daryl has some snacks afterwards. A big separate. Okay. Okay, cool. What I’m very quickly going to do is I’m just going to literally just pop the car into fifth or sixth gear, and I’m going to talk to you in Visual Studio code. If you think about the Eclipse world where the Db2data studio for Z was and all of that great stuff in there, that was a space I used to actually work in. But from 15 to about 10 years ago in my career, or 20, 10 years ago, I worked in that space. I love that space to bits. Think of Visual Studio Code as a child of that. It’s very similar technology externally. It has a plugin architecture. You install plugins, you install it on your laptop, and you do cool stuff. I’ve got Visual Studio Code downloaded now. And if I have Visual Studio Code downloaded, you have a marketplace. So you can do things like spell checking, and you can download plugins to do a spell checking. It’s a little bit like a bookstore, and you can go, Oh, that’s a quarter of a million people like that one.

[01:22:37] – Joe Winchester
That’s probably a good one. There might be another one in here that maybe, I don’t know, five people like. Maybe this one, 452 people, and nobody liked it. Be careful with this one. Be like, buy something off the internet and you’re the first customer and it looks too cheap. Maybe wait a little bit. I’m not saying that this isn’t a great extension. It’s just like… In here as well, because of the open source license of the Studio Code. You can even directly click to see the source code repository of the person that delivered it because VS Code marketplace enforces this visibility. You can even see the person who’s the developer of it, and you can click here. It’s a very good way to connect. It’s a bit like a food packaging label where you know directly the provenance of everything that’s in it all the way back from farm to plate. It’s a really good thing, VS Code. Now, within VS Code, VS Code is marvelous for working with files on disk. So this is my laptop, and I have all of these folders, and I can just right mouse click, and I can just say, Add folder to workspace, and just point and shoot in my folder.

[01:23:42] – Joe Winchester
And it’s great. It’s really, really very good. I love Visual Studio Code. But Visual Studio Code, by default, doesn’t have any connectivity to the mainframe, which it doesn’t. Within Zowe, built a product called the Zowe Explorer. If you haven’t installed I installed it before. Sorry, that says IBM kicks. It’s not the kicks one. I could talk about that, but this is a Db2 crowd. But if anyone wanted to stay afterwards, I can happily talk about the kicks extension. Zowe Explorer, if you’ve never been here before, you hit a button called Install, and after you… And just blah, blah, blah, it just takes care of itself. It won’t fail. And then you hit this. And what you’re going to get here… Actually, let me just unload the kicks one quickly because I’ve got the kicks one unloaded. I’m just going to disable that, which if you notice anyway, a little thing called kicks. You basically I have three views or three user interfaces here. And within these, you get these particular views. They’re like ISPF 3. 4, ISPF 3. 17, and a SDSF-type jobs for you. I don’t know. SDSF is an IBM vendor product, so obviously there are other tools out there like eJazz and things like that that are great, but we only work…

[01:24:55] – Joe Winchester
We basically use the z/OSMF REST APIs to get this. So we don’t prereck SDSF. It’s SDSF-like, if that makes sense. Interestingly, if this is your first time you’ve ever used this, one thing… We did talk about this in the dark, but I do want to just point this out because this is another thing that people fail on. Sorry, I just got some notifications on my chatbot, and I’m just going to pause those because I might have somebody contacting me saying something private about IBM. Sorry, I’m not sure what they did. Not that we have anything that’s private. Just in case they said, Oh, have you had that call yet? We track that knowledge about Db230. Okay, so I’ve got a user ID called Winsjay, and I’m just going to do an L-U on my user ID. It’s important that to use the Zowe Explorer, that the user ID, that these things are here. Group equals IZU_user, auth equals use. Now, I also, on this particular user ID, I’m connected to ZW Admin. You don’t need to be. That’s just because I’ve got a little bit of superpower. But you need to have user authority to one of those two groups.

[01:26:10] – Joe Winchester
Otherwise, you’re going to 404. What we are doing to get Zowe to work for this is we effectively… Let me go back to here. Let me go back to Chrome really quickly because this might help to explain it. If I go and look at the… Let me go into Login to Zowe SMF. So we see your SMF has… I’ve completely bought your SMF on this system. By Wait. Oh, that was so cool. Did you see? No. Did it work? No, it didn’t work. Okay. What I’m trying to do… Yes. Okay. Oh, my goodness. Sorry, let me just pause. Let me do that again more slowly for you because that was actually pretty awesome. And Google Chrome, other web browsers exist. What’s happened now? And I’m really pleased I got to show this to you because it’s quite exciting. It’s just like a comment, a flying past. It’s like, quickly, let’s slow it down. I’ll show you what happened. Okay. Me, Joe Winterstaer, Joseph, as my parents, Chris and me, has come across a problem because this particular system that I’m showing you, because it’s It’s a shared system and people are messing around with it all the time.

[01:27:31] – Joe Winchester
Somebody has started to see a SMF with a really dodgy certificate. Now, actually, you see, I do have that proceed unsafe. Incognito mode allowed me to do that. But in the non-incognito mode, I wasn’t able to do that first time round. I don’t know if you noticed, but that button wasn’t available. I’m just going to quickly show you what I did. There is an Easter egg left in Google Chrome by one of the developers. And Google haven’t withdrawn it because so many people rely on it. If you end up with a challenge in your browser where your browser says, I’m really unhappy with the certificate, I’m blocking it, I’m really, really frightened. What you can do is you can type the word, this is unsafe. So you literally click into the white area The thing is, now I’ve done it, I can’t undo it, which is really annoying. I’d have to stop and start Chrome. But let me put my money where my mouth is. Okay. Sorry, that’s a very British expression. I hope it translates well. I haven’t offended anybody. Let me just bomb out of all of this. Chrome is dead. Let’s get Chrome back in the board.

[01:28:51] – Joe Winchester
Come on, Chrome. Come on. C1 to C7. Okay, let’s go back into Chrome. I have I’ve all started Chrome. Excellent. So Chrome is now telling me that the certificate is invalid and Chrome isn’t giving me the ability to proceed because it said, I really don’t like that certificate. Now, what you can’t see me doing is I’m going to click my cursor into the white area of the screen, effectively what’s known as the pain, and I’m literally going to go to the keyboard and it won’t be echoed back at me, but I’m going to type the words this This is unsafe with no spaces. So T-H-I-S-I-S-U-N-S-A-F-E. Actually, I think I made a typo there. So let me just pause. I think I got that wrong. This is unsafe. If you looked, Chrome was listening to my keystrokes. I didn’t have to hit Enter, and Chrome got me through a certificate violate error message where I didn’t actually have a proceed to run safe button. That’s a really cool little undocumented Easter egg. You might find it on Stack Overflow or Reddit forums or things like that, but that basically gets me through. It’s a really cool thing to do.

[01:30:11] – Joe Winchester
Anyway, so now I’m here, I can log I can log in. But what we do with… I’m just going to go there. I can log in with my password. Actually, it looks like Zowe SMF isn’t rendering me properly, so maybe I spoke too soon. But XOSMF has the ability to do APIs as well. Let me just go to 3. 1. 3. 1, z/OSMF REST APIs. Xosmf REST APIs, they’re actually very cool. Let me go and take a simple one like jobs, list jobs. List jobs for an owner. Let me just pick this one. Just copy that. Effectively, what I should be able to do is I’m going to go into here and just go sourcemf jobs. I’m just going to enter. I still got the same thing. Now I have to do this is unsafe. That’s going to authenticate me. That’s an annoying thing that’s going on because it’s doing another check. But fundamentally, if you can’t log into Zowe SMF, you can’t use the ZO Explorer. Once you’ve used the ZO Explorer, you’ve got… So let’s take it for a little spin. Sorry, I showed you too much cis-boggy things there. So my favorite thing about the ZO Explorer for data sets is if I look at data sets, I can do a search.

[01:31:42] – Joe Winchester
I could just do winchj.Star. I can look at data sets. Let me get rid of everything here. I’ve got some JCL. If I’ve got JCL, let me go and open a job. Let me do hello, Db2, planet, I mainframe, lovely. Users. I’m just going to save that. If I’ve got some JCL and I’ve got a job called from, and I’m going to call it PMDb2. I just wrote some JCL. What you’ll see here is that it’s quite nice. It’s quite typy. I’ve got like, Intelsense, Content Assist. I’ve got all that cool stuff I can use. I’m going to submit that job. It validates it in a typy phase. I did understand. I can right-mouse click here and I can do lots of interesting things. I mean, interesting things I could do. I can just create a new member, I can just call it Bob. Let me just call it Bob. Hello, Bob. All of the cool stuff that I would expect. And Bob is here. Bob is somewhere here. But I can do, copy, I can do submit job, and I can just go over here and click it. So it’s actually quite nice.

[01:33:04] – Joe Winchester
I use this a lot, even though I can drive ISPF. I’m quite competitive driving ISPF. What I love about this as well, if you open a member that’s very large, you can scroll down. One of the interesting things that I find, there are a few little power-ups. I’ve got winchj. Jcl. I’m now going to go add to favorites. If I go and look at favorites, I’ll show you what favorites are. Yeah, I’ve got user. Proclam and winchj. Jcl. What you can do is a bit like a bookmark. If you had… Let me do another one. I’m going to do another high-level qualifier. Ibm user. Zwe. Let me just do that one. Let’s assume that this is a really important data set for me. I don’t know why. Maybe it is. I can just do add to favorite. What it means is that when you disconnect and reconnect, one of the problems that ISP F3. 4 has got is you enter the high-level qualifier, and then you have to go back and enter a high-level one or enter lots of panels, and it can be quite messy. Your favorites are just a way that you can recall your favorites.

[01:34:11] – Joe Winchester
It’s like having a browser history, which is quite cool. If you have something with lots of members, my user. Proclive isn’t that deep there. I can probably see it on the same screen. But if you go to bigparmlib or something like that, you can also do user. … I can do user. Palmlib, and I can search for all of them. Maybe I’ve got more palm. Okay, I’ve got a few more palm libraries. But you can also use. Palmleb. P star if I wanted to. So you can filter. You can filter, you can get Yeah, okay, we got page in. So you can use it to create sets of what you just want to look at, then add them to your favorites. And that’s actually quite cool. So you might be compiling something, have some JCL, maybe have some REX, and you can just arrange that working set together. They don’t have to have the same provenance in terms of high-level qualifiers. So that’s actually pretty cool. Everything that you would expect you can do from here, you can create things, you can do allocate like. Uploading is pretty cool. If you’ve got something on your laptop, you want to upload it, just point and shoot, upload it.

[01:35:21] – Joe Winchester
Don’t need to FTP it anymore. You can filter. Lots of great stuff in here. But Unix system UnixSystem Services is great. I showed that earlier, but I use Unix System Services a lot. If I download something, I almost always now just do upload from here. I tend not to use FTP to upload because FTP, you have to navigate to the directory and have them be in the right direction. It’s just a mess for FTP. And also FTP does have security issues. This is running over HTPS. So this is going to be signed by your service certificate. So this is basically… It’s more secure, it’s less snaffable. So you just download stuff. And one of the things I wanted to show you about jobs. And interestingly, I wanted to show you. So that Zowe, when I went over here and I was going to… Boom, yeah, S-T, Z-W-E-S-I-S-L-S-T-C. So let’s say I want to debug this and I want to diagnose it. I can go like M, I can get to to the bottom, and I think B to the bottom. Where is it? Why didn’t that work? What did I do wrong for that? That should have worked.

[01:36:44] – Joe Winchester
I find it hard to read this. I know you can go up 10 and I can go write 10 and stuff like that. Sorry, write 10 and I can use my PF keys. But navigating around this is difficult to use. It’s a wide log. It’s got lots of things in there. This is so much easier. What I’m going to do here is I’m going to create a filter and I’m just going to do this. My job is what ZWESL, I think it was, and I’m going to submit it. This is a bit like my pre and everything. I’m going to go into here and I’m going to open it. This is a really powerful way to look at logs. It might be a big log. It might take a… This is going to crash on I think, how many lines is this log? It’s got 273,000 lines, so maybe I shouldn’t have done that. Okay, so interestingly, I can think I can… Yeah, well, it actually wasn’t too bad. It was about six seconds. But I’ve got all of that now. Now, okay, that’s a big log. That’s somewhere as a quarter of a million lines.

[01:37:50] – Joe Winchester
But what I can do in this log is let’s assume I had an error message in it. I can just search for the word critical, which, of course, has occurred quite a lot of times. You can bounce around. It’s just a very nice way to basically navigate. I can enter the word TLS, and it shows me, okay, it’s 169 times. But if I have a look, it’s got on the left-hand side, I can see all of the occurrences of TLS. They’re all co-located. They’re all here. They’re all in. If you look at the right-hand side, anyway, then if you can see it, but on my quarter of a million, they’re all co-located. If I type in another error message as well, let’s type in the word certificate. Certificate is quite a bit. Let’s type in the word Java. I’m trying to think. Java, they will bundle at the top of the log. It’s quite nice. It’s a bit like having it over the horizon radar. You can see what’s in the visible 40 lines you’ve got, but you can see what’s coming over the next. You can go, Okay, well, they were clustered at the start, so maybe they don’t matter, or like, Oh, this one’s right at the end.

[01:38:55] – Joe Winchester
Obviously, you can scroll to the right, and we have a little cute thing that tells you, 500 is a bigger ciss out. I do like this a lot. I do actually think that compared to using a 3270 emulator, using this is basically a huge power up, even for somebody as an experienced system programmer. You can even do things as well. If you’ve got authority to do it, obviously the syslog is protected, I tend to go here and I tend to look at the syslog here because I just prefer it. If I’m configuring anything, I can just go here and I can just go, Sorry, I got it wrong. You can see security violations. You can see things here. It’s quite cool as well. You can right mouse click and you can say pin. What pin does is it just keeps it here and you can pop it over here and all the stuff that you would expect with a modern editor. The Visual Studio Code, so the Explorer, jobs editor, I think is just an absolute killer app. The others as well, I think this is superior to ISPF 3. 17 just in general. I think for data sets as well, this is still pretty good as well.

[01:40:09] – Joe Winchester
3.4 is still pretty good and 3. 2, but this is getting better. Then we’ve got other things as well. We’ve got like, what have we got here? We’ve got search PDS members. I think I entered. Let me see if it works. I’m searching for coffee. I didn’t find any. Sorry about that. Did it find any? Let me search for that string now. Sorry. Where was it? Sorry. I hope it should have found something. I didn’t actually rehearse this. Yeah, it did. It find it. It’s pretty good at searching numbers. Okay, down to your question. If I get Zowe to work, every desktop requires CLI install and not just a browser to access. No. If you get the Zowe desktop to work, you don’t I need the Zowe command line interface. I think that’s what. What author you granted an IZ user that you granted to public, basically. What you’re giving is you’re giving the ability for that user to connect to the Zowe SMF server, but they still have to… But everything that Zowe SMF is going to use is still going to be protected by whatever the facility classes are that are protecting the resource on the back-end.

[01:41:30] – Joe Winchester
It’s just that to be a user of Zowe SMF, you have to be connected to that IZU group user ID. Just the same way to be a user of kicks, you have to be connected to kicks user or something like that. But what I’m showing now has got nothing to What does it do with the Zowe desktop? This is a Visual Studio code plugin that you can get working in isolation to the Zowe desktop. I think, Darren, I think that answers your question. If I get Zowe to work, every desktop requires CLI install and not just a browser access. So I haven’t talked about the Zowe command line interface yet. So everything I’ve shown you, everything in the Zowe desktop works without the Zowe Explorer. The Zowe Explorer is completely separate. I We should have stopped the movie and then we should have taken a break, gone to the bar, had a drink, had a cup of green tea and come back. And it’d be like, well, here’s a completely different movie in a completely different movie theater. There is some overlap because we share some of the same SSO single sign on tokens, but it’s a completely different scenario.

[01:42:33] – Joe Winchester
The reason I wanted to show you this scenario, and I’ll go back to the PowerPoint chart now, because I probably spent enough of it on here. Okay, let me go forward a little bit. Okay, that’s pretty much what I showed you. The Visual Studio, the Db2 developer for zOS extension. I’ll just go forward here, is a different extension, and I’ll show you what that extension does. Now, just play the movie because I haven’t got system. What that extension lets you do is it’s independent from the Zowe Explorer, but that lets you connect to Db2. Db2 address spaces, and basically run. Let’s go and see where the movie is. We’ve got some sequel, run sequel. Sequel, and what you see is it’s got some sequel tuning options and run all. This effectively lets you run sequel. Darren, great. Getting pushback that we need to install stuff on every desktop. You do not. You do not to install stuff on every desktop. So to get the Db2 Administration Foundation working, the only thing you need in a desktop is Google Chrome, nothing else, or Firefox or whatever that you’re going to have already there. You don’t need to install something on every desktop.

[01:43:57] – Joe Winchester
If you want what I’m showing you now, and I’m just going to stop now. If you want this extension, which is Db2 developer for zOS running, and or the Zowe Explorer, then yes, you wanted to store Visual Studio code on every desktop, and you willing to install those extensions on every desktop to get it to work. Now, I want to be careful here. I don’t want to sell you anything that IBM offers because other software vendors exist. But for people who cannot install that on a desktop and would rather have a hybrid cloud deployment, then you can install it in a Red Hat OpenShift container. The Red Hat is an IBM company. So you can get, and it’s not for free, there is a price attached to it. I don’t know what that is. But you can install all of that software that I’m showing you running on my laptop can be installed in the Red Hat OpenShift container. And then you basically connect to the Red Hat OpenShift container through the browser and you still have the same experience, but you’re making a hop to that Red Hat OpenShift container, very much the same way that you can hop to a VM to virtualize a desktop, and that will have that software in it.

[01:45:14] – Joe Winchester
You asked a question about Zowe command line interface, and just because it’s getting late, so if anybody’s still there, I’ll quickly touch on the Zowe command line interface, and I had it earlier on the… The Zowe command line interface is… Something that I’m just going to introduce. I’m sorry for confusing. Zowe command line interface is literally something that you can install on your laptop. Sorry. I just want to make sure. It’s basically the ability for you to run commands from a PC or workstation that has extensions as well. I can do things like I can literally go, Zowe jobs, list jobs. This is going to list a bunch of jobs for me. I can do lots of very cool stuff. I can submit jobs and I can have a very chatty conversation. That requires is a command. That requires software to be installed on my desktop. But this is not… Generally, you don’t want to install this on your desktop. What you generally want to do… Let me go back a little bit because I think I had some charts on this. I skipped it. I’ve gone a bit out of order. Let me start with Zowe command line interface.

[01:46:26] – Joe Winchester
The Zowe command line interface, basically from a terminal of a I can run commands and list data sets and do cool stuff. From that same machine, the idea behind the command line interface is that it should be scripted. What you really want, if you’ve got the scenario, let me go forward a little bit of slides. By the way, it can also run Db2 commands. It can run Db2 execute, sequel, do sequel, select, queries, call store procedures and stuff like that. What I find with most customers, I’m just going to go forward to the next one, there’s a blog written by this remarkably handsome English blogger here we’ve seen two times before called How to Configure It, because it’s a little bit tricky to configure. You have to have a license for Db2 connect. There’s either a server activate or client activate. The scenario for the command line interface is not meant to be on a personal desktop. It’s meant to be on a machine, on a robot. So this is a particular customer who came to IBM a while back, I think it was about two or four years ago, and they had a DevOps pipeline And in their DevOps pipeline, they had a Jenkins server, and their Jenkins server was basically the orchestrator.

[01:47:36] – Joe Winchester
You don’t need to use Jenkins for it. There’s other servers around, like Tecton, or you couldn’t be using GitLab. It doesn’t really matter. But they had an orchestrator doing a lot of cool stuff for them. And they wanted that orchestrator to be able to build and test zOS artifacts and run tests and get results and do queries and do puts and upload files, submit jobs, do verification, FET testing. So they basically got the Zeri command line interface installed on that machine. A bit like if you’re building a CSED pipeline, you’re probably going to want to run scripts in that pipeline. They’re going to talk to the machines that you’re building it for. That’s the power usage for the Zeri command line interface. It’s not really meant to be something that people have on their desktop, unless they particularly want to, because it’s not really designed for that usage. It’s quite cool. I love demoing it on a desktop. If you got it on your desktop, it’s cool. But I wouldn’t just roll it out on people’s desktops. You want to roll it out on a machine so they’re running the scripts, and those machines are going to be some agent running in a pipeline.

[01:48:45] – Joe Winchester
You can have it on your desktop while you’re developing the script, but you very quickly want to get that script committed to something else that’s going to be running it for you, which is very much the modern, like GitOps world, which is where all your operations are being being driven by a pipeline machine rather than by a user’s desktop, because that’s very old school to have the user doing something touching a system. You want the user to really create a script, deliver the script to a repository, and then have some action kick in. And you want that machine to be the one that’s actually doing the action. There’s just lots of advantages for that. But that’s a good question. Amanda, I think I’ve almost been talking for 2 hours now. Don’t worry, Amanda’s left. I think Amanda’s dog is she’s sitting there working the screen now.

[01:49:31] – Amanda Hendley
I just got back from taking her for a walk.

[01:49:33] – Joe Winchester
How was it?

[01:49:34] – Amanda Hendley
It was wonderful. About 3 miles.

[01:49:39] – Joe Winchester
Wow. So you missed the most exciting part of this webinar.

[01:49:42] – Amanda Hendley
I did.

[01:49:43] – Joe Winchester
But I am just getting to the end of this. So that was a great question, Darren. So don’t feel pressurized to install client software on your laptop because somebody’s asking you to do it. I I don’t see the use case for that. Visual Studio code, I see a very powerful use case for it. And if you got a pushback for that, and I really did not want to make this an IBM commercial, there is a solution for that, which is to get Red Hat open to your containers. But Amanda’s staring at me now because I’m not pushing an IBM software on it. I really want to make this everything in the open source community. But that’s a different product. But talk someone at IBM or just hit me on LinkedIn or something, and I could put you in touch with smarter people. But you’ve probably got a way of having VMs. You’ve probably got a way of provisioning VMs or something within your company or some Citrix desktop or something. There’s a hundred and one ways to… And there’s free bits of software. I know people who use ProxMox and things like that. There’s all sorts of free…

[01:50:43] – Joe Winchester
There’s all sorts of ways to skin that rabbit. Sorry, I don’t want to talk about killing rabbits at the end of the call. Please don’t kill rabbits. Rabbit are your, rabbits are our friend. Anyway, I think I might wrap up there, Amanda. Does anybody have any I’ve got questions that I want to ask me. I was going to show you this really cool thing here, which is if you have the Zowe desktop installed and you open a file that has some SQL in it, and you have the Db2 developer for XOS extension installed, and you have it all configured correctly, and I’ve got a link for this, then… Come on, show me something. Then you can open a sequel file that has a sequel source file, and you can… Well, come on, show me. And you can swipe it and select it and right-mouth click and just do run it. I’m pretty sure that was supposed to work. Maybe that didn’t work. But anyway, maybe I cut that video up. But that coexistence story that you’ve got is you have the Zowe Explorer I know a lot of customers where developers are like, they’re cobalt developers and they’ve got an exec, kicks, run, sequel.

[01:51:53] – Joe Winchester
They’re doing some dynamic sequel. The sequel is in line in their source code. They use Zowe Explorer to access the source code. Dbt developer for zOS, they swipe it, right, mouse, click it, go, run, boom, they’re off to the races, and they come back with money in their pockets. I’m not going to stop sharing. My goodness, there’s 34 of you still here. Thank you so much for giving up 2 hours of your time, assuming you didn’t all go off and walk your dogs. But it would have been a good time to do that. But that’s Amanda. So Amanda, how do you want to wrap this one up?

[01:52:24] – Amanda Hendley
I’m going to wrap it up by sharing a couple of things on my screen. I’ll I’ll keep it really brief. So we’ll post the video and the deck, Joe, if you’ll share it, and a transcript on our site. Here are some news and articles from our recent Db2 month, but I Also a quick plug for the AIOPS corner podcast on here. But there’s news and articles, and are there any other questions coming in?

[01:52:57] – Joe Winchester
We need to be conscious of and pause. Yes, so Darren is doing a last minute one. By the way, Darren and everybody else who answers a question. Thank you so much. If we’re ever in the same town, I’m going to buy you a tea or a coffee or give you a hug or whatever because you’re super. And Ty said, Can I have a copy for you? And of course you can. Yes. We actually have sample Yammer’s, and what I will do is I will update the chart. I will put them in the chart. I don’t want them to break up, but we do have sample files. Data Studio replacement. If you’re just doing admin tasks, install Zowe, configure Zowe SMF, get the IBM Db2 admin stack on it. Like I said, there’s an awful lot of functionality there, including visual explain, query tuning, with lots of very cool stuff there. You probably don’t need to install anymore. But if you have developers who are authoring code with embedded sequel and they want to be able to run and to debug those stored procedures. I’ll get back to you on whether you have to install VS code on the desktop.

[01:54:07] – Joe Winchester
My understanding was that it’s sharing a huge amount of the same code, and you can actually do visual explain as well using Zowe Explorer on the Db2 developer for ZRS on the desktop. But we’re not mandating that you do it. It’s just that we have a lot of developers who are doing that already and who wanted to be able to have a rich developer experience without switching context, without changing channel. So a lot of that functionality is actually served in both places with the right form factor that made sense for a browser, which is very much at a point and shoot, and a desktop, which is very much right mouse, click, and drag and draw. But I will find that matrix because talking to you guys has made me realize that we actually do need that, and I’ll feed that back to the team. Thank you. Sorry for stealing three of your last five minutes, Amanda.

[01:54:56] – Amanda Hendley
That’s quite all right. The last thing I’ll leave you with is an announcement for our next session. We will meet again in September.

[01:55:03] – Joe Winchester
Oh, that’s Colin Knight? Yes. Oh, wow. He’s a rock star. I’m going to show up to that. All right, do it. Tag me on your invite. Yes, please. Okay. Yeah. He’s a fellow Brit as well. Yes. You guys are going to get bored of us. Well, great.

[01:55:21] – Amanda Hendley
Well, Jo, thank you so much. Thank you all for participating today. And like I said, it’ll probably take a week or so, but we’ll get the video and the transcript and everything It might feel like a week.

[01:55:31] – Joe Winchester
It was only two hours, Amanda. Give me credit.

[01:55:34] – Amanda Hendley
Yeah. I mean, everyone deserves an award and a cup of coffee.

[01:55:39] – Joe Winchester
Yeah, none less than me.

[01:55:40] – Amanda Hendley
Drinks on Joe if you’re at GS UK?

[01:55:45] – Joe Winchester
I’m sorry, what did you say?

[01:55:46] – Amanda Hendley
Did you say- Drinks on You at GS UK or IDug this fall?

[01:55:51] – Joe Winchester
I’m not going to IDug. I missed the call for papers. I’m really annoyed. I sent them an email saying, I missed it. Is it okay? They were like, No, I’m really sorry. We finalized our agenda, so I don’t get to go. But fingers crossed, I’m going to be at Share.

[01:56:05] – Amanda Hendley
In Cleveland?

[01:56:07] – Joe Winchester
Yeah. The Db2 people go to Share or not? I don’t know. If you’re there, hunt me down in a nice way. Hunt me down with a coffee or vice versa. Yeah, and GS UK, GuideShare UK. Yeah, that’s where… That’s really fun because it’s dark and it’s rainy and it’s wet and it’s England.

[01:56:25] – Amanda Hendley
There’s nothing to distract you from great sessions.

[01:56:29] – Joe Winchester
Yeah. And I think we have Fireworks Day there, November the fifth. So we might be blowing some stuff up. Yeah, in a good way.

[01:56:36] – Amanda Hendley
I like it.

[01:56:37] – Joe Winchester
All right.

[01:56:40] – Amanda Hendley
Well, thanks you all for hanging out. And we’ll see you in a little while.

[01:56:44] – Joe Winchester
Yeah. Thanks, Amanda. Thanks, everybody. Stay safe. Take care and be cool. Bye. Bye.