Application development with DB2 for z/OS
This chapter describes DB2 for z/OS integration with the System z platform and its capabilities as a data server for mission critical applications.
The value proposition of System z, z/OS is centered around efficient sharing of resources.
Benefits can are derived by running on the platform or direct exploitation of platform qualities and attributes by the code under the specification interfaces.
Benefits can are derived by running on the platform or direct exploitation of platform qualities and attributes by the code under the specification interfaces.
This chapter covers the following topics:
1.1 Mainframe and DB2 for z/OS
Today, mainframe computers play a central role in the daily operations of most of the world's largest corporations, including many Fortune 1000 companies. Although other forms of computing are used extensively in business in various capacities, the mainframe occupies a coveted place in today's e-business environment. In banking, finance, healthcare, insurance, utilities, government, and a multitude of other public and private enterprises, the mainframe computer continues to form the foundation of modern business.
The long-term success of mainframe computers is without precedent in the information technology (IT) field. Today, as in every decade since the 1960s, mainframe computers and the mainframe style of computing dominate the landscape of large-scale business computing.
The mainframe owes much of its popularity and longevity to its inherent reliability and stability, a result of continuous technological advances since the introduction of the IBM System/360 in 1964. No other computer architecture in existence can claim as much continuous, evolutionary improvement, while maintaining compatibility with existing applications.
The term mainframe has gradually moved from a physical description of the IBM larger computers to the categorization of a style of computing. One defining characteristic of the mainframe has been continuing compatibility.
One key advantage of mainframe systems is their ability to process terabytes of data from high-speed storage devices and produce valuable output. For example, mainframe systems make it possible for banks and other financial institutions to perform end-of-quarter processing and produce reports that are necessary to customers (for example, quarterly stock statements or pension statements) or to the government (for example, financial results).
Mainframe workloads fall into one of two categories: Batch processing or online transaction processing, which includes web-based applications:
•With mainframe systems, retail stores can generate and consolidate nightly sales reports for review by regional sales managers. The applications that produce these statements are batch applications.
•In contrast to batch processing, transaction processing occurs interactively with the user. Typically, mainframes serve a vast number of transaction systems. These systems are often mission-critical applications that businesses depend on for their core functions. Transaction systems must be able to support an unpredictable number of concurrent users and transaction types. Most transactions are ran in short time periods (fractions of a second in some cases).
The IBM relational database management system (RDBMS) offered by System z is DB2 for z/OS. It is a member of the DB2 family of databases and uses the strengths of that family and the strength of the System z platform.
DB2 for z/OS data can be accessed in various ways, such as:
•Transactions from IMS TM or CICS
•Application servers using SQLJ or JDBC (such as WebSphere Application Server)
•IBM Distributed Relational Database Architecture™ (IBM DRDA®) protocol
1.2 The System z platform
Infrastructure simplification is key to solving many IT problems. Simplification can be achieved by resource sharing among servers. It is all about sharing data, sharing applications, and simplified operational controls. The System z platform, along with its highly advanced operating systems, provides standard format, protocols, and programming interfaces that enable resource sharing among applications that are running on the mainframe or a set of clustered mainframes.
Resource sharing is intended to help reduce redundancy that often comes from maintaining multiple copies of duplicate data on multiple servers. Sharing can also improve privacy management by enabling better control and enforcing privacy regulations for data sources. Sharing data can help simplify disaster recovery scenarios because fewer servers are being deployed; therefore, sharing data means that less data must be protected during periodic back-up operations (for example, daily or weekly maintenance) compared to having multiple copies. But most of all, infrastructure simplification helps a business assess its entire computing capabilities to determine the best directions and strategy for overall, integrated workflow, and in doing so, helps to better take advantage of existing assets and drive higher returns on IT investments.
1.2.1 Using System z technology to reduce complexity
System z servers offer capabilities that can help reduce the size and the complexity of a modern IT infrastructure. The ability to “scale up,” or add processor power for additional workloads, is a traditional mainframe strength. Today’s System z servers are available with up to 54 processors in a single footprint. Businesses can order a System z server that is configured with less than the maximum amount of processor power, and upgrade it on demand, which means using a customer-initiated procedure to add processing power when it is needed to support new applications or increased activity for existing applications, without waiting for a service representative to call.
Processing power can also be turned on (or activated) when needed and turned off when it is no longer needed. This is useful in cases of seasonal peaks or disaster recovery situations.
Adding processing power and centralizing applications represents one strategy to help control the cost and complexity of an infrastructure. This approach can also provide a highly effective way to maximize control while minimizing server sprawl, in essence, reducing the number of single-application servers that are operating in uncontrolled environments. A number of single-application servers can typically be deployed to support business processes in both production and supporting test environments. Hot stand-by failover servers, quality assurance servers, backup servers, and training, development, and test servers are some of the types of resources that are required to support a given application. A System z server can help reduce the numbers of those servers by its ability to scale out.
The term “scale out” describes how the virtualization technology of the System z server lets users define and provision virtual servers that have all of the characteristics of distributed servers, except they do not require dedicated hardware. They coexist, in total isolation, sharing the resources of the System z server.
Virtual servers on System z can communicate between each other, using inter-server communication that is called IBM HiperSockets™. This technology uses memory as its transport media without the need to go out of the server into a real network, simplifying the need to use cables, routers, or switches to communicate between the virtual servers.
1.2.2 Business integration and resiliency
We have seen how the need to be flexible and responsive drives businesses. If the site is not up or responsive to its clients or employees when they need it, the more likely it loses customers, or it takes the employees more time to do their jobs. A resilient infrastructure and integrated applications are also critical to the success of any business.
Availability
One of the basic requirements for today’s IT infrastructure is to provide continuous business operations in the event of planned or unplanned disruptions. The availability of the installation’s mission-critical applications, which are based on a highly available platform, directly correlates to successful business operations.
System z hardware, operating systems, and middleware elements have been designed to work together closely, providing an application environment with a high level of availability. The System z environment approaches application availability with an integrated and cohesive strategy that encompasses single-server, multi-server, and multi-site environments.
The System z hardware itself is a highly available server. From its inception, all of the hardware elements have always had an internal redundancy. Starting with the energy components and ending with the central processors, all of these redundant elements can be switched automatically in the event of an error. As a result of this redundancy, it is possible to make fixes or changes to any element that is down without stopping the machine from working and providing support for the customers.
The System z operating system that sits on top of the hardware has traditionally provided the best protection and recovery from failure. For example, z/OS, the flagship operating system of the System z platform, was built to mask a failure from the application. In severe cases, z/OS can recover through a graceful degradation rather than end in a complete failure. Operating system maintenance and release change can be done in most cases without stopping the environment.
Middleware running on z/OS is built to take advantage of both the hardware and operating system availability capabilities. IBM middleware such as IBM DB2 for z/OS, IBM CICS products, IBM WebSphere Application Server, and IBM IMS can provide an excellent solution for an available business application.
The IBM Parallel Sysplex® architecture on System z allows clustered System z servers to provide resource sharing, workload balancing, and data sharing capabilities for the IT, delivering ultimate flexibility when supporting different middleware applications. Although System z hardware, operating systems, and middleware have long supported multiple applications on a single server, Parallel Sysplex clustering enables multiple applications to communicate across servers, and even supports the concept of a large, single application that spans multiple servers, resulting in optimal availability characteristics for that application.
Parallel Sysplex is a cluster solution that is implemented from the IBM hardware to the middleware layer and, as a consequence, does not have to be designed and developed in the application layer.
With Parallel Sysplex and its ability to support data sharing across servers, IT architects can design and develop applications that have a single, integrated view of a shared data store. System z shared databases also provide high-quality services to protect data integrity.
This single-view database simplicity helps remove management complexity in the IT infrastructure. And simpler IT infrastructures help reduce the likelihood of errors while allowing planned outages to have a smaller impact across the overall application space.
Figure 1-1 shows the System z high availability family solution, from single system to the IBM Geographically Dispersed Parallel Sysplex™ (IBM GDPS®).
Figure 1-1 System z availability
GDPS technology provides a total business continuity solution for the z/OS environment. GDPS is a sysplex that spans multiple sites, with disaster recovery capability, which is based on advanced automation techniques. The GDPS solution allows the installation to manage remote copy configuration and storage subsystems, automate Parallel Sysplex operation tasks, and perform failure recovery from a single point of control.
GDPS extends the resource sharing, workload balancing, and continuous availability benefits of a Parallel Sysplex environment. It also significantly enhances the capability of an enterprise to recover from disasters and other failures, and to manage planned exception conditions, enabling businesses to achieve their own continuous availability and disaster recovery goals.
Hardware and software synergy
System z Operating Systems were designed to use central processors (CP). The vital connection between the hardware and the software resulted in the development of new instructions for the central processor that over time were able to respond to new application demands. The System z platform database product DB2 for z/OS also uses the specialized instructions to speed up some basic database calculations.
IBM has introduced several “specialty engines”: Processors that can help users expand the use of the mainframe for new workloads, while helping to lower cost of ownership.
•The System Assist Processor (SAP) is standard on IBM System z servers and is a dedicated I/O processor to help improve efficiencies and reduce the impact of I/O processing of every IBM System z logical partition regardless of the operating system (z/OS, IBM z/VM®, Linux, IBM z/VSE® and z/TPF).
•The IBM Integrated Facility for Linux (IFL) is another processor that enables the Linux on System z operating system to run on System z hardware.
•The IBM System Integrated Information Processor (zIIP) is designed to help improve resource optimization for running database workloads in z/OS. DB2 for z/OS can reroute queries, DRDA activity, utilities, and asynchronous I/O to the zIIP engines.
•The IBM System z Application Assist Processor (zAAP) is used by the z/OS Java virtual machine. z/OS can shift Java workloads to this new zAAP, letting the CP focus on other non-Java workloads. zAAP can also be used for XML parsing.
Processors such as zAAP and zIIP can lower the software cost of the platform, making it more cost effective.
1.2.3 Managing the System z platform to meet business goals
When new workloads are added to a System z server, they are not simply added randomly. Usually a workload is distinguished by its importance to the business. Some workloads, such as those associated with customer ordering and fulfillment, tend to have a higher degree of importance than applications used internally. Making resources available to mission-critical applications when they need them is a priority for System z hardware and software designers.
System z servers running a single z/OS image or z/OS images in Parallel Sysplex can take advantage of the Workload Manager (WLM) function. The overall mission of these advanced workload management technologies is to use established policy and business priorities to direct resources to key applications when needed. These policies are set by the user based on the needs of the individual business. These time-tested workload management features provide the System z environment with the capability to effectively operate at average usage levels exceeding 70% and sustained peak usage levels of 100% without degradation to high-priority workloads.
Figure 1-2 shows the effect of processor sharing on a System z server with multiple and different workloads running concurrently. In an environment that is not constrained for CPU, the response time for each application is not affected by the other applications running at the same time.
Figure 1-2 Mixed workloads on the System z platform
The higher degree of workload management represents a key System z advantage. Workload management can start at the virtual server level and drill down to the transaction level, enabling the business to decide which transaction belonging to which customer has a higher priority over others.
The Intelligent Resource Director (IRD) is a technology that extends the WLM concept to virtual servers on a System z server. IRD, a combination of System z hardware and z/OS technology that is tightly integrated with WLM, is designed to dynamically move server resources to the systems that are processing the highest priority work.
1.2.4 Security
For a business to remain flexible and responsive, it must be able to give access to its systems to existing customers and suppliers as well as to new customers, while still requiring the correct authorization to access e-commerce systems and data. The business must provide access to the data that is required for the business transaction, but also be able to secure other data from unauthorized access. The business must prevent rogue data from being replicated throughout the system and to protect the data of the trusted partners. In summary, the business must be open and secure at the same time.
The System z environment, as with its previous mainframe models, has the security concept that is deeply designed in the operating system. The ability to run multiple applications concurrently on the same server demands isolating and protecting each application environment. The system must be able to control access, allowing users to get to only the applications and data that they need, not to those that they are not authorized to use.
Hardware components, such as those for the cryptographic function that is implemented on each central processor, deliver support to the System z platform for encryption and decryption of data, and for scaling up the security throughput of the system.
In addition, other security components such as IBM RACF® (Resource Access Control Facility) provide centralized security functions such as user identification and authentication, access control to specific resources, and the auditing functions that can help provide protection and meet the business security objectives.
1.3 Programming languages
System z platform offers all tools that are needed for implementing industry-standard software engineering methodologies.
1.3.1 Language Environment
IBM Language Environment® for z/OS and z/VM (Language Environment) provides a single runtime environment for C, C++, COBOL, Fortran, PL/I, and assembler applications. See Figure 1-3. The Language Environment common library includes common services such as messages, date and time functions, math functions, application utilities, system services, and subsystem support. All of these services are available through a set of interfaces that are consistent across programming languages. You can either call these interfaces yourself or use language-specific services that call the interfaces. All of this provides consistent and predictable results for your applications, independent of the language they are written in.
Figure 1-3 Language Environment
1.3.2 Java
Java is an object-oriented programming language that is developed by Sun Microsystems Inc. Java can be used for developing traditional mainframe commercial applications as well as Internet and intranet applications that use standard interfaces.
Java is an increasingly popular programming language that is used for many applications across multiple operating systems. IBM is a major supporter and user of Java across all of the IBM computing platforms, including z/OS. The z/OS Java products provide the same, full-function Java APIs as on all other IBM platforms. In addition, the z/OS Java licensed programs have been enhanced to allow Java access to z/OS unique file systems. Programming languages such as Enterprise COBOL and Enterprise PL/I in z/OS provide interfaces to programs written in Java.
The various Java Software Development Kit (SDK) licensed programs for z/OS help application developers use the Java APIs for z/OS, write or run applications across multiple platforms, or use Java to access data that is on the mainframe. Some of these products allow Java applications to run in only a 31-bit addressing environment. However, with 64-bit SDKs for z/OS, pure Java applications that were previously storage-constrained by 31-bit addressing can run in a 64-bit environment. System z processors support zAAP for running Java applications. Using a zAAP engine adds capacity to the platform without increasing software charges. Java programs can be run interactively through z/OS UNIX or in batch.
1.3.3 Business application languages
The Java platform offers many attractive characteristics for building modern software systems. Programmers that are already experienced with object-oriented languages typically find Java relatively easy to learn and use. But developers familiar with procedural programming, fourth-generation languages (4GLs), and other traditional development technologies often find Java complex—so much so that they resist opportunities to use it. They instead continue developing with the programming technologies (such as COBOL, PL/I, Assembler, C/C++) with which they are most comfortable.
Enterprise Generation Language (EGL) is designed to help the traditional developer take advantage of all of the benefits of Java and COBOL, yet avoid learning all of its details. EGL is a simplified high-level programming language that enables you to quickly write full-function applications that are based on Java and modern web technologies. For example, developers write their business logic in EGL source code, and from there, the EGL tools generate Java or COBOL code, along with all runtime artifacts needed to deploy the application to the wanted execution platform.
EGL hides the details of the Java and COBOL platform and associated middleware programming mechanisms. This frees developers to focus on the business problem rather than on the underlying implementation technologies. Developers who have little or no experience with Java and web technologies can use EGL to create enterprise-class applications quickly and easily.
IBM Rational® COBOL Generation Extension for System z provides the ability to continue reaping the benefits of the highly scalable, 24x7 availability of the System z platform by enabling procedural business developers to write full-function applications quickly while focusing on the business aspect and logic and not the underlying technology, infrastructure, or platform plumbing.
Built on open standards, Rational COBOL Generation for System z adds valuable enhancements to the IBM Software Development Platform so you can:
•Provide an alternative path to COBOL adoption.
•Construct first-class services for the creation and consumption of web Services for service-oriented architecture.
•Hide middleware and runtime complexities.
•Achieve the highest levels of productivity.
•Migrate from existing technologies to a modern development platform.
•Deliver applications that are based on industry standards that interoperate with existing systems.
•Easily retrain procedural business programmers to be highly productive in the Java Platform, Enterprise Edition world.
•Use visual programming techniques for web development and code automation capabilities for rapid development of application business logic.
1.4 Integrated application and database on z/OS
The applications that run directly on the System z platform under z/OS take advantage of the benefits of locating applications and data in the same technical environment. Communications between the application servers and the database manager use an efficient cross-memory mechanism.
The operations team has a single environment to manage.
The classic applications that are written in languages such as COBOL or PL/I run within a classic z/OS transaction manager such as CICS or IMS.
The new applications can also be written in Java and run within CICS or IMS as well or benefit from WebSphere Application Server for z/OS, a certified Java Platform, Enterprise Edition application server running on the System z platform.
1.4.1 Data consolidation on the System z platform
Many organizations have many applications and the data that those applications manipulate is scattered in many places. Data consolidation on the System z platform without having to change the applications can bring many benefits.
Data consolidation on the System z platform helps reduce:
•The number of data copies, and hence the risk of disparate data
•The cost and complexity of backup and recovery
•The network traffic
•The amount of storage that is needed through centralization and efficient hardware
data compression
data compression
•The database administration and management tasks
•The risk that is associated with distributed privacy, security, and audit policies
With data consolidation, customers take advantage of System z technology through:
•The use of Parallel Sysplex clustering for scalability, availability, and performance
•Data-sharing capabilities that allow for them to get a single view of data
•Centralized backup, recovery, privacy, security, and audit policies
Figure 1-4 illustrates data consolidation on the System z platform.
Figure 1-4 Consolidating data on z/OS
With the change in virtual storage in DB2 10, more work can run in one DB2 subsystem, allowing a consolidation of LPARs as well as DB2 members, and storage monitoring is also reduced. The net result for this virtual storage constraint relief is reduced cost, improved productivity, easier management, and the ability to scale DB2 much more easily.
DB2 10 increases the limits for CTHREAD, MAXDBAT, IDFORE, IDBACK, MAXOFILR threads. Specifically, the improvement allows a 10 times increase in the number of these threads (meaning 10 times the current supported value at your installation, not necessarily 10 times 2000). So, for example, if in your installation you can support 300-400 concurrently active threads that are based on your workload, you might now be able to support 3000-4000 concurrently active threads.
1.4.2 Data consolidation and integration of the applications on z/OS
From a technical point of view, the solution that brings the most value to the enterprise is having the data consolidated on the z/OS environment with the applications are running there as well. Figure 1-5 shows a before-and-after illustration of this data consolidation and application integration.
Figure 1-5 Consolidating data and integrating applications on z/OS
This situation is obvious for customers who are already running applications on the z/OS platform and must extend them. It represents a good move in other cases where enterprises can benefit from the portability of Java Platform, Enterprise Edition distributed applications to WebSphere Application Server on z/OS.
This solution increases the benefits that we already stated, and adds new ones:
•In this environment, the management of identities is more consistent, and the solution enhances auditability.
•The z/OS system is optimized for efficient use of the resources it is allowed to use.
•Transaction processing and batch work can be done at the same time on the same data: it improves availability and versatility.
•If an issue occurs, the integrated problem determination and diagnosis tools quickly help solve it.
•Automatic recovery and rollback ensure a superior level of transactional integrity.
The Java workload that are created by Java Platform, Enterprise Edition applications can benefit from the specialty processor System z Application Assist Processor (zAAP).
1.5 The synergy between z/OS and DB2 for z/OS
IBM DB2 for z/OS is the leading relational database for the System z platform.
The requirements of mission-critical environments can best be achieved through deep integration of the data server with the hardware, operating system, middleware, and tools.
As a result, DB2 for z/OS delivers important benefits that are not possible from other relational database management systems on other platforms. It is this integration that enables System z servers to provide the highest levels of availability, reliability, scalability, security, and utilization capabilities as seen by the application users. That solid foundation is critical for data servers because they are at the center of enterprise applications. Any weaknesses in the underlying infrastructure are reflected all the way through the applications to users.
1.5.1 How DB2 for z/OS uses the System z platform
DB2 for z/OS builds on the System z platform and drives some of the requirements for its evolution.
DB2 for z/OS Version 8, available since March 2004, was redesigned to take advantage of the 64-bit virtual addressing capabilities that are provided by the architecture of the System z hardware platform since 2000 and of z/OS since IBM OS/390® Version 10. It benefits from a much larger virtual storage. The internal management tasks for large databases have been modified to take advantage of this enhanced virtual storage to again improve scalability
and availability.
and availability.
Parallel Sysplex
The advanced clustering functions of the System z platform, the Parallel Sysplex, are based on the concept of “share everything” by opposition to other clustering environments that are based on the “share nothing” approach. In this latter approach, some processing power is tied to a fraction of the data. In Parallel Sysplex systems, all of the DB2 data included in a DB2 group can be accessible by all of the system images participating in the cluster.
This approach is backed up by efficient locking mechanisms that allow data that is accessed by several instances of an application running in different operating system images to be read or modified consistently.
DB2 data sharing support allows multiple DB2 subsystems within a sysplex to concurrently access and update shared databases. DB2 data sharing uses the coupling facility to efficiently lock data to ensure consistency, and to buffer shared data. DB2 serializes data access across the sysplex through locking. DB2 uses coupling facility cache structures to manage the consistency of the shared data. DB2 cache structures are also used to buffer shared data within a sysplex for improved sysplex efficiency.
Accessibility
•Unicode handling
To handle the peculiarities of the different languages of the world (accented letters, special characters, and so forth) computer users use different sets of characters named code pages. It creates many difficulties to exchange data internationally.
Unicode (http://www.unicode.org) is a set of standards that provides a consistent way to encode multilingual plain text.
DB2 for z/OS understands Unicode, and users do not have to convert existing data. DB2 can integrate newer Unicode data with existing data and handle the translations. The synergy between DB2 and z/OS Unicode Conversion Services helps this process to be high performing.
IBM z/Architecture® instructions exist that are designed just for Unicode conversions. There have been significant Unicode functional and performance enhancements in the System z platform starting with z/OS 1.4, z990, and DB2 Version 8.
•Multiple encoding schemes
In addition to the EBCDIC support, support for ASCII tables was added in DB2 for z/OS V5, and Unicode was added in Version 7. DB2 V8 completed the integration of multiple encoding schema support by enabling SQL access to EBCDIC, ASCII, and Unicode in the same SQL statement. The majority of the DB2 catalog tables has been converted to Unicode. Key DB2 processes such as program preparation and SQL parsing are done in Unicode.
•XML support
The IBM pureXML® feature on DB2 offers sophisticated capabilities to store, process, and manage XML data in its native hierarchical format. By integrating XML data intact into a relational database structure, users can take full advantage of DB2 relational data management features.
DB2 pureXML starts the z/OS XML system services for XML parsing. As a result, the XML parsing request becomes 100% zIIP- or zAAP-eligible, depending on whether the parsing or schema validation request is driven by DRDA through a database access thread (DBAT) or through an allied DB2 thread.
DB2 9 for z/OS provided expanded support of XML data type, native storage of XML documents, integration of the XPath language, and catalog extensions to support definitions of XML schemas. Utilities support creation and maintenance of XML data. DB2 10 expanded the support with XQuery, binary format for Java, and engine managed document verification.
For details, see Extremely pureXML in DB2 10 for z/OS, SG24-7915.
Networking capabilities
The System z platform supports the TCP/IP V6 standard, which is the new de facto standard for interactions between nodes in a network. This capability strengthens the role of this platform as a data serving hub.
Specialty processor for data serving
The IBM System z9® Integrated Information Processor (zIIP) is designed so that a program can have all or a portion of its enclave Service Request Block (SRB)1 dispatched work that is directed to the zIIP. z/OS, acting on the direction of the program running in SRB mode, controls the distribution of the work between the general-purpose processor (CP) and the zIIP. Using a zIIP can help free up capacity on the general-purpose processor.
DB2 for z/OS uses the zIIP processor starting from z/OS V1R6.
The following types of workloads are eligible for the zIIP processor:
•Network-connected applications
An application (running on UNIX, Linux, Intel, Linux on System z, or z/OS) might access a DB2 for z/OS database that is hosted on a System z. Eligible work that can be directed to the zIIP is portions of those requests that are made from the application server to the host, through SQL calls through a DRDA over TCP/IP connection (like that with
IBM DB2 Connect™).
IBM DB2 Connect™).
DB2 for z/OS gives z/OS the necessary information to direct portions of the eligible work to the zIIP. Examples of workloads that might be running on the server that is connected through DRDA over TCP/IP to the System z9 can include Business Intelligence, ERP, or CRM application serving.
Database workloads such as CICS, IMS, WebSphere for z/OS with local JDBC type 2 access, stored procedures, and batch have become increasingly efficient and cost effective on the mainframe and are not concerned with zIIP. One key objective with the zIIP is to help bring the costs of network access to DB2 for z/OS more closely in line with the costs of running similar workloads under CICS, IMS, or Batch on the System z platform.
Figure 1-6 illustrates the way zIIP helps reduce the workload of general processors on the System z platform for eligible workloads.
Figure 1-6 Using zIIP for enterprise applications
•Data warehousing applications
Applications can run queries to a DB2 for z/OS database that is hosted on a System z9. Eligible work that can be directed to the zIIP is portions of requests that use complex star schema parallel queries. DB2 for z/OS gives z/OS the necessary information to direct portions of these queries to the zIIP. Examples of these applications can include Business Intelligence (BI) applications.
•Utility functions
Some DB2 for z/OS utility functions (Load, Reorg, and Rebuild Index) are written in SRB mode. They are performing processes related to maintenance of index structures. Those portions of those utility functions that run in SRB mode are eligible as work that can be directed to the zIIP. DB2 for z/OS gives z/OS the necessary information to direct a portion of these functions to the zIIP.
•Asynchronous I/O
Starting with DB2 10, asynchronous I/O ran by buffer pool prefetch engines and deferred write engines is 100% zIIP eligible. Buffer pool prefetch includes dynamic prefetch, list prefetch, and sequential prefetch activities. Buffer pool prefetch activities are asynchronously initiated by the database manager address space (DBM1) and are ran in a dependent enclave. Redirection to zIIP can be even more significant with index compression and insert processing with index I/O parallelism.
Workload management
z/OS includes policy-driven workload management functions that benefit all subsystems that are based on it, especially DB2. These functions grant workloads the correct priority access to key technical resources to meet business goals. Workload Manager (WLM) and Intelligent Resource Director (IRD) monitor the system to adapt to changes in both workload and configuration to meet the defined goals.
Synergy with disk hardware architecture
Disk hardware has evolved significantly since IBM introduced its first direct access storage device (DASD) back in 1956, the IBM 350. Over the years, newer disk hardware resulted in the advantages of more space per device, a smaller footprint, faster throughput of data, and improved functionality such as automatic data encryption. DB2 has made many changes to keep pace and use the disk improvements. DB2 integrates with the storage management software and continues to deliver synergy with IBM FICON® (fiber connector) channels and disk storage features.
Because I/O rates are increasing, existing applications must perform according to SLA expectations. To support existing SLA requirements in an environment of rapidly increasing data volumes and I/O rates, DB2 for z/OS uses features in the Data Facility Storage Management Subsystem (DFSMS) that help to benefit from performance improvements in DFSMS software and hardware interfaces:
•DB2 uses Parallel Access Volume and Multiple Allegiance features of the IBM TotalStorage Enterprise Storage Server® (ESS) and IBM System Storage® DS8000®.
•IBM FlashCopy® on ESS and DS8000 increases the availability of your data while running DB2 utilities.
•DB2 integrates with z/OS to deliver solutions applicable to recovery, disaster recovery, or environment cloning needs.
•Larger control interval sizes help performance with table space scans, and resolve some data integrity issues.
•The MIDAW function, improves FICON performance by reducing channel utilization and increasing throughput for parallel access streams.
•Support for solid-state drives and row level sequential detection algorithm help to reduce the need for Reorgs.
•Higher processor capacity requires greater I/O bandwidth and efficiency. High Performance FICON (zHPF) enhances the IBM z/Architecture and the FICON interface architecture to provide greater I/O efficiency. zHPF is a data transfer protocol that is optionally employed for accessing data from an IBM DS8000 storage subsystem. Both the DS8800 and the zHPF provide great improvements when used with DB2 for z/OS.
•DB2, in combination with z/OS and System z functions, can use Extended Address Volumes for all types of data sets, and by using Extended Addressability for the SMS-managed catalog, can allocate DSSIZE greater than 4 GB.
Shared memory and distributed connections
Distributed connections to DB2 for z/OS benefit from z/OS V1R7 changes. Its distributed communication processes (the distributed address space) access data directly from the database manager address space, instead of moving the data. The distributed address space also uses 64-bit addressing, as the database manager and lock manager address spaces do today with V8.
This internal change benefits new and existing workloads, where distributed communications are configured with another logical partition (LPAR) or to an application running on the System z platform.
Security synergy with Security Server for z/OS
DB2 for z/OS has strong and granular access control. It controls access to its objects by a set of privileges. Default access is none. Until access is granted, nothing can be accessed. This is called discretionary access control (DAC).
DB2 has extensive auditing features. For example, you can answer such questions as, “Who is privileged to access which objects?” and “Who has accessed the data?”
The catalog tables describe the DB2 objects, such as tables, views, table spaces, packages, and plans. Other catalog tables hold records of every granted privilege or authority. Every catalog record of a grant contains information such as name of the object, type of privilege, IDs that receive the privilege, ID that grants the privilege, and time of the grant.
The audit trace records changes in authorization IDs, changes to the structure of data, changes to values (updates, deletes, and inserts), access attempts by unauthorized IDs, results of GRANT and REVOKE statements, and other activities that are of interest to auditors.
You can use the System z platform Security Server (also know as Resource Access Control Facility (RACF)) or equivalent to:
• Control access to the DB2 environment
• Facilitate granting and revoking to groups of users
• Ease the implementation of multilevel security in DB2 (see details below)
• Fully control all access to data objects in DB2
DB2 defines sets of related privileges, called administrative authorities. You can effectively grant many privileges by granting one administrative authority.
Security-related events and auditing records from RACF and DB2 can be loaded into DB2 databases for analysis. The DB2 Instrumentation Facility Component can also provide accounting and performance-related data. This kind of data can be loaded into a standard set of DB2 tables (definitions provided). Security and auditing specialists can query this data easily to review all security events.
For regulatory compliance reasons (for example, Basel II, Sarbanes-Oxley, EU Data Protection Directive), and other reasons such as accountability, audit ability, increased privacy, and security requirements, many organizations focus on security functions when designing their IT systems. DB2 10 for z/OS provides a large set of options that improve and further secure access to data held in DB2 for z/OS to address these challenges.
•Separating the duties of database administrators from security administrators
•Protecting sensitive business data against security threats from insiders, such as database administrators, application programmers, and performance analysts
•Further protecting sensitive business data against security threats from powerful insiders such as SYSADM by using row-level and column-level access controls
•Using the RACF profiles to manage the administrative authorities
•Auditing access to business sensitive data through policy-based SQL auditing for tables without having to alter the table definition
•Auditing the efficiency of existing security policies using policy-based auditing capabilities Benefitting from security features that were introduced recently by z/OS Security Server, including support for RACF password phrases (z/OS V1R10) and z/OS identity propagation (z/OS V1R11)
For details about DB2 security functions, see Security Functions of IBM DB2 10 for z/OS, SG24-7959.
Data encryption
System z servers have implemented leading-edge technologies such as high-performance cryptography, large-scale digital certificate support, continued excellence in Secure Sockets Layer (SSL) performance, and advanced resource access control function.
DB2 ships a number of built-in functions that enable you to encrypt and decrypt data. IBM offers an encryption tool that is called the IBM Data Encryption for IMS and DB2 Databases, program number 5799-GWD. This section introduces both DB2 encryption and the IBM Data Encryption tool. It also describes recent hardware enhancements that improve
encryption performance.
encryption performance.
Data encryption has several challenges. These include changing your application to encrypt and decrypt the data, encryption key management, and the performance impact
of encryption.
of encryption.
DB2 encryption is available at the column level and at the row level.
Security and networking: SSL sessions
The System z platform provides an efficient mechanism to support secure communications over the SSL protocol.
Security and external media storage encryption
Data administrators often think a lot about securing active data. Access is not granted to everyone and data can be encrypted as seen above.
However, the removable media storage, such as cartridges, that are used for back-up copies often contain enterprise data in readable format. If these media are stolen, enterprise data is at risk.
The System z platform provides efficient ways to secure external media storage based on hardware and software facilities.
Security certifications
The data-serving environment that is based on the System z platform benefits from the use of the following security certifications.
The reference information is available at:
Java applications
The Java programming language is the language of choice for portable applications that can run on multiple platforms. The System z platform has been optimized to provide an efficient Java virtual machine.
The IBM Data Server Driver for JDBC and SQLJ is a single driver that includes JDBC type 2 and JDBC type 4 behavior. When an application loads the IBM Data Server Driver for JDBC and SQLJ, a single driver instance is loaded for type 2 and type 4 implementations.
The driver has a common code base for Linux, UNIX, Windows, and z/OS. This largely improves DB2 family compatibility. For example, it enables users to develop on Linux, UNIX, and Windows, and to deploy on z/OS without having to make any change.
IBM Data Server Client Packages are available from:
1 An enclave is a specific “business transaction” without address space boundaries. It is dispatchable by the operating system. It can be of system or sysplex scope.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.