The zpmt command uses the values that
you specify for the variables defined in a response file to create
customization data and instructions for configuring a standalone application
server.
Tip: Use the IBM® default names the first time
you install WebSphere® Application Server for z/OS® to
make the installation instructions easier to follow.
Profile information
- Profile name (profileName)
- The profile name is default.
- Profile path (profilePath)
- Profile path
- Template path (templatePath)
- Template path
- Performance tuning setting (applyPerfTuningSetting)
- Performance-tuning setting that most closely matches the type
of environment in which the application server will run
- standard
- The standard settings are optimized for general-purpose usage.
- peak
- The peak-performance settings are appropriate for a production
environment where application changes are rare and optimal runtime
performance is important.
Avoid trouble: For Versions 7.0.0.15 and higher, the value
peak is
replaced with the value
production. An error
message is issued if you are running on Version 7.0.0.15 or higher
and specify the value
peak for this parameter.
gotcha
- production
- The production performance settings are appropriate for a production
environment where application changes are rare and optimal runtime
performance is important.
Avoid trouble: This value is only valid for Versions 7.0.0.15 and higher.
gotcha
Target dataset information
- Target operating system (targetOS)
- Target operating system
- High-level qualifier (zTargetHLQ)
- High-level qualifier for the target z/OS datasets that will contain
the generated jobs and instructions
When a customization definition
is uploaded to the target z/OS system, the customization jobs and
files are written to a pair of partitioned datasets. While is it possible
to reuse these datasets, it is safest to create separate datasets
for each WebSphere Application Server for z/OS configuration. The
best practice is to use the customization dataset name prefix (sometimes
referred to as "config_hlq") to indicate the version and release of
WebSphere Application Server for z/OS, the task that you are performing,
and the cell (as well as the node name in some cases) that you are
configuring. For example, you might use the following dataset name
prefix for configuring a standalone WebSphere Application Server cell
named TESTCELL for Version 7.0:
SYSPROG1.WAS70.TESTCELL.APPSERV
In
this example, the following two datasets will be created when the
customization definition is uploaded to the target z/OS system:
SYSPROG1.WAS70.TESTCELL.APPSERV.CNTL
SYSPROG1.WAS70.TESTCELL.APPSERV.DATA
The CNTL dataset will
be a partitioned dataset (PDS) with fixed block 80-byte records that
will contain the customization jobs. The DATA dataset will be a PDS
with variable length data to contain the other customization data.
Rule: The high-level qualifier can consist
of multiple qualifiers (up to 39 characters).
The generated
batch jobs and instructions will be uploaded to two z/OS partitioned
datasets:
- HLQ.CNTL
- Partitioned dataset with fixed block 80-byte records to contain
customization jobs
- HLQ.DATA
- Partitioned dataset with variable-length data to contain other
data contained in the customization definition
Tip: A multilevel high-level qualifier
can be specified as the dataset high-level qualifier.
Common group configuration
- Configuration group (zConfigurationGroup)
- Allow OS security to assign GID (zConfigurationGroupGID)
- Specify * to allow operating-system security to assign the group
ID.
- Assign user-specified GID (zConfigurationGroupGID)
- Specify an ID to use a specific ID.
Rule: GID values must be unique numeric values between 1 and
2,147,483,647.
- Servant group (zServantGroup)
- Allow OS security to assign GID (zServantGroupGID)
- Specify * to allow operating-system security to assign the group
ID.
- Assign user-specified GID (zServantGroupGID)
- Specify an ID to use a specific ID.
Rule: GID values must be unique numeric values between 1 and
2,147,483,647.
- Local user group (zLocalUserGroup)
- Allow OS security to assign GID (zLocalUserGroupGID)
- Specify * to allow operating-system security to assign the group
ID.
- Assign user-specified GID (zLocalUserGroupGID)
- Specify an ID to use a specific ID.
Rule: GID values must be unique numeric values between 1 and
2,147,483,647.
System locations
- System name (zSystemNane)
- System name for the target z/OS system
on which you will configure WebSphere Application Server
for z/OS
- Sysplex name (zSysplexName)
- Sysplex name for the target z/OS system
on which you will configure WebSphere Application Server
for z/OS
Tip: If you are not sure what the system name
(&SYSNAME) and sysplex name (&SYSPLEX) are, use the console
command D SYMBOLS on the target z/OS system
to display them.
- PROCLIB (zProclibName)
- An existing procedure library where the WebSphere Application
Server for z/OS cataloged procedures are added
Configuration file system customization
- Mount point (zConfigMountPoint)
- Read/write file system directory mount point where application
data and environment files are written
The customization process
creates this mount point if it does not already exist.
- Name (zConfigHfsName)
- File system dataset that you will create and mount at the above
mount point
Rule: You can specify up
to 44 characters for the dataset names.
- Directory path name relative to mount point (zWasServerDir)
- Name of the directory where WebSphere Application
Server for z/OS files reside after installation
See Product file system for more information.
- Volume, or '*' for SMS (zConfigHfsVolume)
- Specify either the DASD volume serial number to contain the above
dataset or * to let SMS select a volume. Using * requires that SMS
automatic class selection (ACS) routines be in place to select the
volume. If you do not have SMS set up to handle dataset allocation
automatically, list the volume explicitly.
- Primary allocation in cylinders (zConfigHfsPrimaryCylinders)
- Initial size allocation in cylinders for the above dataset
Recommendation: The minimum suggested size
is 420 cylinders.
- Secondary allocation in cylinders (zConfigHfsSecondaryCylinders)
- Size of each secondary extent in cylinders
Recommendation: The minimum suggested size
is 100 cylinders.
- File system type (HFS or ZFS) (zFilesystemType)
- This is the type of file system that will be used when creating
the WebSphere for z/OS configuration
file system. The default is HFS.
Product file system information customization
- Product file system directory (zSmpePath)
- Name of the directory where WebSphere Application
Server for z/OS files reside after installation
Read Product file system for more information.
- Intermediate symbolic link? (zEnableIntermediateSymlink)
- Specify true to set up an intermediate
symbolic link, and specify the path name of that link if you select
it.
If you specify an intermediate symbolic link, symbolic links
are created from the configuration file system to the intermediate
symbolic link; otherwise, they are created directly to the product
file system.
The default value for zEnableIntermediateSymlink
is true.
- Intermediate symbolic link (zIntermediateSymlink)
- The default value for zIntermediateSymlink is the zConfigMountPoint
value appended by /wassmpe.
Server customization
- Short cell name (zCellShortName)
- Name that identifies the cell to z/OS facilities
such as SAF
Rules:
- Name must be eight or fewer characters and all uppercase.
- Name must be unique among all other cells in the sysplex.
- Long cell name (cellName)
- Primary external identification of this WebSphere Application
Server for z/OS cell
This name identifies the cell as
displayed through the administrative console.
Note: If
you intend to ever add this standalone server node to a Network Deployment
cell, ensure that the standalone server cell name is different from
the Network Deployment cell name.
Rules:
- Name must be 50 or fewer characters.
- Name can be of mixed case.
- Name must be unique among all other cells in the sysplex.
- Short node name (zNodeShortName)
- Name that identifies the node to z/OS facilities
such as SAF
Rules:
- Name must be eight or fewer characters and all uppercase.
- Name must be unique within the cell.
- Long node name (nodeName)
- Primary external identification of this WebSphere Application
Server for z/OS node
This name identifies the node as
displayed through the administrative console.
Note: If
you intend to ever add this standalone server node to a deployment
manager cell, ensure that the standalone server node name is not the
same as that of any existing node in the Network Deployment cell.
Rules:
- Name must be 50 or fewer characters.
- Name can be of mixed case.
- Name must be unique within the cell.
- The application server must be defined on its own node; no other
server can exist on the same node as the application server.
- Short server name (zServerShortName)
- This value identifies the server to z/OS facilities
such as SAF.
Note: The server short name is also used
as the server JOBNAME.
Rule: Name
must usually contain seven or fewer all-uppercase characters.
- Long server name (serverName)
- Name of the application server and the primary external identification
of this WebSphere Application Server for z/OS server
This
name identifies the server as displayed through the administrative
console.
Rules:
- Name must be 50 or fewer characters.
- Name can include mixed-case alphabetic characters.
- Cluster transition name (zClusterTransitionName)
- WLM APPLENV (WLM application environment) name for this server
Note: If this server is converted into a clustered server, this
name becomes the cluster short name. The cluster short name is the
WLM APPLENV name for all servers that are part of the same cluster.
See
z/OS JCL cataloged procedures for more
information.
Rule: Name must be
eight or fewer characters and all uppercase.
- JVM mode (zJvmMode)
- Specify whether the JVM mode is 31 or 64 bit.
- Admin asynch operations procedure name (zAdminAsynchProcName)
- This specifies the JCL procedure name of a started task that is
launched by way of the START command by node agents or application
servers to perform certain asynchronous administrative operations
(such as node synchronization) and add and remove a node. See z/OS JCL cataloged procedures for more information.
- Asynchronous administration user ID (zAdminAsynchTaskUserid)
- This user ID is used to run asynchronous administration operations
procedure. It must be a member of the WebSphere Application
Server configuration group.
- Asynchronous administration UID (zAdminAsynchTaskUid)
- User identifier associated with the user ID is used to run asynchronous
administration operations procedure
Rule: UIDs
must be unique numbers between 1 and 2,147,483,647 within the system.
- WebSphere Application Server user ID home directory (zUserIDHomeDirectory)
- New or existing file system directory in which home directories
for WebSphere Application Server for z/OS user IDs will be created
by the customization process
- Install administrative console? (zInstallAdminConsole)
- Specify whether you do (true) or do not
(false) want to deploy the WebSphere Application
Server for z/OS administrative console.
Note: These applications
are not supported in a Network Deployment cell.
- Install default application? (zInstallDefaultApp)
- Specify whether you do (true) or do not
(false) want to deploy the default WebSphere Application Server for z/OS application.
- Install samples? (zInstallSamples)
- Specify whether you do (true) or do not
(false) want to deploy the WebSphere Application
Server for z/OS sample applications (the Samples Gallery).
Note: These
applications are not supported in a Network Deployment cell.
Install
the sample applications to use the application server and evaluate
the latest technological advancements. The sample applications are
not recommended for deployment to production application server environments.
- Samples password (samplesPassword)
- Password for the samples user account
Server address space information customization
Rule: In the following, unless specified otherwise,
names must be eight or fewer characters.
Controller information
- Procedure name (zControlProcName)
- Name of member in your procedure library to start the application
server controller
Rule: Name must usually
contain seven or fewer all-uppercase characters.
- User ID (zControlUserid)
- User ID associated with the application server controller
Note: If you are using a non-IBM security system, the user ID
might have to match the procedure name. Please refer to your security
system's documentation.
- UID (zControlUid)
- User identifier associated with this user ID
Rule: UIDs must be unique numbers between 1 and 2,147,483,647
within the system.
Servant information
- Procedure name (zServantProcName)
- Name of member in your procedure library to start the application
server servant
Rule: Name must usually
contain seven or fewer all-uppercase characters.
- User ID (zServantUserid)
- User ID associated with the application server servant
Note: If you are using a non-IBM security system, the user ID
might have to match the procedure name. Please refer to your security
system's documentation.
- UID (zServantUid)
- User identifier associated with this user ID
Rule: UIDs must be unique numbers between 1 and 2,147,483,647
within the system.
Control region adjunct information
- Procedure name (zAdjunctProcName)
- Name of the member in your procedure library that starts the control
region adjunct
Rule: Name must usually
contain seven or fewer all-uppercase characters.
- User ID (zAdjunctUserid)
- User ID associated with application server control region adjuncts
in the node
- UID (zAdjunctUid)
- User identifier associated with this user ID
Rule: UIDs must be unique numbers between 1 and 2,147,483,647
within the system.
Server TCP/IP information customization
Note: Do
not choose port values already in use.
- Node host name (hostName)
- IP name or address of the system on which the server is configured
This
value is used by other WebSphere Application Server
for z/OS functions to connect to this server.
Note: The node host name must always resolve to an IP stack
on the system where the application server runs. The node host name
cannot be a DVIPA or a DNS name that, in any other way, causes the
direction of requests to more than one system.
- SOAP JMX Connector port (zSoapPort)
- Port number for the JMX HTTP connection to this server based on
the SOAP protocol
JMX is used for remote administrative functions,
such as invoking scripts through wsadmin.sh.
Rule: Value cannot be 0.
- ORB Listener IP name (zOrbListenerHostName)
- IP address on which the server's ORB listens for incoming IIOP
requests
The default is *, which instructs the ORB to listen on
all available IP addresses.
- ORB port (zOrbListenerPort)
- Port for IIOP requests that acts as the bootstrap port for this
server and also as the port through which the ORB accepts IIOP requests
Rule: Value cannot be 0.
- ORB SSL port (zOrbListenerSslPort)
- Port for secure IIOP requests
The default is 0, which allows
the system to choose this port.
- HTTP transport IP name (zHttpTransportHostname)
- IP address on which the server's Web container should listen for
incoming HTTP requests
The default is *, which instructs the Web
container to listen on all available IP addresses.
Note: The
transport host name becomes the hostname in the virtualhosts.xml file,
which makes setting a specific IP address here less than ideal because,
if you do so, you are restricting yourself to that IP address until
you go into the administrative console and add another virtual host.
- Administrative console port (zAdminConsolePort)
- Port for HTTP requests to the administrative console
- Administrative console secure port (zAdminConsoleSecurePort)
- Port for secure HTTP requests to the administrative console
- HTTP transport port (zHttpTransportPort)
- Port for HTTP requests
Rule: Value
cannot be 0.
- HTTPS transport port (zHttpTransportSslPort)
- Port for secure HTTP requests
Rule: Value
cannot be 0.
- Administrative interprocess communication port (zAdminLocalPort)
- Port for the JMX connector that listens on the loopback adapter
The
connector uses "local comm" communications protocol, which means that
the port is used only for communications that are local to the z/OS
system image (or sysplex).
- High Availability Manager communication port (zHighAvailManagerPort)
- Port on which the High Availability Manager listens
Rule: Value cannot be 0.
- Service integration port (zServiceIntegrationPort)
- Port for service-integration requests
Rule: Value cannot be 0.
- Service integration secure port (zServiceIntegrationSecurePort)
- Port for secure service-integration requests
Rule: Value cannot be 0.
- Service integration MQ interoperability port (zServiceIntegrationMqPort)
- Port for service-integration MQ interoperability requests
Rule: Value cannot be 0.
- Service integration MQ interoperability secure port (zServiceIntegrationSecureMqPort)
- Port for secure service-integration MQ interoperability requests
Rule: Value cannot be 0.
- Session initiation protocol (SIP) port (zSessionInitiationPort)
- Port for session initiation requests
Rule: Value cannot be 0.
- Session initiation protocol secure port (zSessionInitiationSecurePort)
- Port for secure session initiation requests
Rule: Value cannot be 0.
Location service daemon customization
The location
service daemon is the initial point of client contact in WebSphere Application Server for z/OS.
The server contains the CORBA-based location service agent, which
places sessions in a cell. All RMI/IIOP IORs (for example, for enterprise
beans) establish connections to the location service daemon first,
then forward them to the target application server.
- Daemon home directory (zDaemonHomePath)
- Directory in which the location service daemon resides
This
is set to the configuration file system mount point/Daemon and cannot
be changed.
- Daemon job name (zDaemonJobname)
- Job name of the location service daemon, specified in the JOBNAME
parameter of the MVS start command used to start the location
service daemon
Caution: When configuring a new cell, be sure
to choose a new daemon job name value.
Note: A server
automatically starts the location service daemon if it is not already
running.
- Procedure name (zDaemonProcName)
- Name of the member in your procedure library to start the location
service daemon
Rule: Name must usually
contain seven or fewer all-uppercase characters.
- User ID (zDaemonUserid)
- User ID associated with the location service daemon
- UID (zDaemonUid)
- User identifier associated with this user ID
Rule: UIDs must be unique numbers between 1 and 2,147,483,647
within the system.
- IP name (zDaemonIPName)
- Fully qualified IP name, registered with the Domain Name Server
(DNS), that the location service daemon uses
The default is your
node host name.
Note:
- In a sysplex, you should consider using a virtual IP address (VIPA)
for the location service daemon IP name.
- Select the IP name for the location service daemon carefully.
Once you have chosen a name, it is difficult to change, even in the
middle of customization. This name must not be a numeric, such as,
3.7.2543.
- Daemon listen IP (zDaemonListenIP)
- The default value is *.
Rule: The
default is * or a numeric IP address.
- Port (zDaemonPort)
- Port number on which the location service daemon listens
Note: Select the port number for the location service daemon
carefully. You can choose any value you want, but, once chosen, it
is difficult to change, even in the middle of customization.
- SSL Port (zDaemonSSLPort)
- Port number on which the location service daemon listens for SSL
connections
- Register daemon with WLM DNS (zDaemonRegisterWlmDns)
- If you use the WLM DNS (connection optimization), you must select true to
register your location service daemon with it. Otherwise, select false.
Note: Only one location service daemon per LPAR can register
its domain name with WLM DNS. If you have multiple cells in the same
LPAR and register one location service daemon and then a second, the
second will fail to start.
SSL customization
If you plan to enable
administrative security at some point, as is recommended, fill in
the following SSL values:
- Certificate authority keylabel (zSSLCaKeylabel)
- Name of the key label that identifies the certificate authority
(CA) to be used in generating server certificates
- Generate certificate authority (CA) certificate (zGenerateCaCertificate)
- Select true to generate a new CA certificate.
Select false to have an existing CA certificate
generate server certificates.
- Expiration date for certificates (zCaAuthorityExpirationDate)
- Expiration date used for any X509 Certificate Authority certificates
as well as the expiration date for the personal certificates generated
for WebSphere Application Server for z/OS servers.
You
must specify this even if you selected false for
Generate Certificate Authority (CA) certificate.
- Default SAF key ring name (zDefaultSAFKeyringName)
- Default name given to the RACF® key ring used by WebSphere Application Server for z/OS
The
key ring names created for repertoires are all the same within a cell.
- Enable writable SAF keyring support (zEnableWritableKeyring)
- Select true if you want to enable writable
SAF key ring support
- Enable SSL on location service daemon (zEnableSslOnDaemon)
- Select true if you want to support secure
communications using Inter-ORB Request Protocol (IIOP) to the location
service daemon using SSL. If you specify true,
a RACF key ring will be generated for the location
service daemon to use.
Security customization
You can choose one
of the following three options for administrative security.
- Option 1: z/OS-managed security (zAdminSecurityType=websphereForZos)
- Use the z/OS system's SAF-compliant security database
to define WebSphere Application Server users. The
EJBROLE profile will be used to control role-based access to applications.
An administrator user ID and an unauthenticated user ID will be
created and defined in the security database. Select this option
if the WebSphere Application Server environment
will run entirely on z/OS with a shared SAF-compliant
(Local OS) user registry, or if you plan to implement a non-Local
OS user registry (such as LDAP) with mapping to SAF user IDs.
- Option 2: Product-managed security (zAdminSecurityType=websphereFamily)
- Use a simple file-based registry to define WebSphere Application
Server users. An administrator user ID will be created and defined
in the file-based registry.
- Option 3: No security (zAdminSecurityType=none)
- Do not enable administrative security. This option is not recommended.
Your WebSphere Application Server
environment will not be secured until you configure and enable security
manually.
Depending on the security option you choose, there
may be additional values you need to set.
Security customization—z/OS-managed security
For
this security option, you must decide whether to set a SAF profile
prefix and choose an administrator user ID as well as an unauthenticated
(guest) user ID.
- Use SAF profile prefix in RACF profiles (zSecurityDomainId)
- Set this to true if you wish to include
a SAF profile prefix in certain SAF security checks (APPL, CBIND,
EJBROLE).
- SAF profile prefix (zSAFProfilePrefix)
- Valid SAF profile prefix
Rule: Prefix
must be eight or fewer characters.
- Administrator user ID (zAdminUserid)
- For Administrator user ID, enter a valid SAF user ID which will
become the initial cell administrator. If this user ID already exists,
it must have the WebSphere Application Server configuration
group for this cell as its default UNIX® System
Services group.
- Administrator UID (zAdminUid)
- Valid UID for this user ID
Rule: UIDs
must be unique numbers between 1 and 2,147,483,647 within the system.
- Unauthenticated User ID (zAdminUnauthenticatedUserid)
- Enter a valid SAF user ID which will be associated with unauthenticated
client requests.
- Unauthenticated UID (zAdminUnauthenticatedUid)
- Valid UID for this user ID
Rule: UIDs
must be unique numbers between 1 and 2,147,483,647 within the system.
Security customization—product-managed security
For
this security option, you must choose an administrator user ID and
password.
- Administrator user ID (adminUserName)
- Enter an alphanumeric user ID that you will use to log on to
the administrative console and perform administrative tasks. This
user ID and its password will initially be the only entry in the file-based
user registry.
- Administrator password (adminPassword)
- This password must not be blank.
Security customization—no security
For this
security option, there are no other choices to make. Your WebSphere Application Server environment
will not be secured until you configure and enable security manually.
Security certificate customization
- Default personal certificate
- Issued to distinguished name (personalCertDN)
- Identifier of the personal certificate
- Issued by distinguished name (signingCertDN)
- Identifier of the root signing certificate
- Expiration period in years (personalCertValidityPeriod)
- The default personal certificate is valid for one year. The maximum
expiration is ten years.
- Root signing certificate
- Expiration period in years (signingCertValidityPeriod)
- The default signing (root) certificate is a self-signed certificate.
It has a default validation period of twenty years. The maximum validation
period is twenty-five years.
- Default keystore password (keyStorePassword)
- The default value for the keystore password should be changed
to protect the security of the keystore files and SSL configuration.
Web server customization
Note: Only one
Web server can be defined on a standalone application server.
- Create a Web server definition (webServerCheck)
- Web server type (webServerType)
- Valid values: IHS, HTTPSERVER_ZOS, APACHE, IPLANET, DOMINO, IIS
- Web server operating system (webServerOS)
- Valid values: Windows®, Linux®,
Solaris, AIX®, HPUX, OS390, OS400
- Web server name (webServerName)
- Name used in defining the Web server in the administrative console
- Web server host or IP address (webServerHostname)
- IP name or address of the z/OS system on which the Web server
is located
- Web server port (webServerPort)
- HTTP Port on which the Web server is listening
- Web server install directory path (webServerInstallPath)
- Varies by user configuration
- Web server plugin install directory path (webServerPluginPath)
- Varies by user configuration
Job statement customization
- Job statement 1 (zJobStatement1)
- Job statement 2 (zJobStatement2)
- Job statement 3 (zJobStatement3)
- Job statement 4 (zJobStatement4)