Deploying IBM Mainframe z/OS on AWS with IBM ZD&T

By Paulo Vitor Pereira, Cloud Application Architect at AWS
By Phil de Valence, Principal Solutions Architect at AWS

With an increased pace of innovation and demand for faster development and testing cycles, customers with mainframes want to adopt DevOps practices for their z/OS environments.

To facilitate these practices, IBM offers the IBM Z Development and Test (ZD&T), a hardware emulation solution that allows regular z/OS software to run on the x86 platform by emulating the IBM Z instruction set, IO, and other devices.

Aside from increasing development and test agility, IBM ZD&T can also be used for training or onboarding in a safe and isolated environment, as well as test system-wide changes without impacting production.

In this post, we will cover the steps necessary to create your own IBM ZD&T and z/OS environment on Amazon Web Services (AWS).

IBM ZD&T and its Use Cases

Development and Test Agility

Having mainframe development and test environments on an emulator on the cloud can increase the pace of innovation by enabling organizations to experiment with the ease of creating new z/OS environments very quickly.

IBM ZD&T allows you to deploy and start or stop z/OS environments on-demand with an optimized cost of entry. Using IBM ZD&T, organizations can create Continuous Integration and Continuous Delivery (CI/CD) pipelines for their mainframe development, and take advantage of DevOps best practices.

These practices increase the software development lifecycle velocity improving time to market.

Education

With the great demand for mainframe skills, it’s getting harder to replace that enterprise intelligence with new graduates. A solution to this problem is educating your own employees on mainframe concepts and technologies to fulfill available positions.

With IBM ZD&T, it’s possible to start multiple z/OS environments available separated from the production environment, avoiding unnecessary risks. It can also be used for customer employees’ onboarding by facilitating the learning of customer z/OS practices in a standalone safe environment.

Prototyping System Changes

Since you can clone data and applications from your production environment and restore them on an IBM ZD&T emulator, another benefit of having an emulated environment is to create production-like sandbox test environments.

Such a test environment is useful to prototype system-wide changes, such as a z/OS migration to a newer version, or to experiment with new PARMLIB values or network configurations, reducing risk and accelerating the process.

IBM ZD&T on AWS Architecture Overview

In this post, we focus on the IBM ZD&T Enterprise Edition version, which is best suited for deployment on AWS. It is composed of three different components:

IBM ZD&T Enterprise Edition Server

This server hosts the Enterprise Server Admin Console web application, where you can create Application Developers Controlled Distribution (ADCD) images, define target emulators, and point to license servers.

A file server is also configured in this server to host the ADCD image volumes, used to create ADCD images and transfer them to a target emulator when deploying. The ADCD is a z/OS distribution composed of packages each containing z/OS DASD volume images.

IBM ZD&T Emulator

This server hosts the target environment for running the emulator itself. It is where the ADCD image is deployed. When accessing the emulated z/OS, this is the server you have to connect to.

IBM ZD&T License Server

This server hosts the license server code, together with your licenses. Licenses are based on a hardware signature, so it’s recommended you either choose a dedicated instance for this server, or remember never to shut it down. If you do, the instance may be booted on a different host, with a different hardware signature.

Figure 1 – IBM ZD&T on AWS architecture overview.

When deployed on AWS, each IBM ZD&T component is configured in its own Amazon Elastic Compute Cloud (Amazon EC2) instance. Each EC2 instance is configured with Amazon Elastic Block Store (Amazon EBS) volumes with sufficient space to store the component data.

These instances can communicate freely within a common network subnet and a common AWS security group. An Amazon Simple Storage Service (Amazon S3) bucket contains the IBM ZD&T installation files as well as the ADCD volumes. ADCD volumes are images of z/OS volumes.

Setting Up the Infrastructure

We have provided an AWS CloudFormation template or script that allows you to provision all of the necessary components to have IBM ZD&T up and running, with the previous architecture from Figure 1. This CloudFormation template is available on GitHub.

In order to use the provided script, you’ll need to upload the IBM ZD&T installer and ADCD volumes into an S3 bucket using the following directory structure:

+-- s3-bucket-name/
|   +-- installer/
|   |   +-- ZDT_Install_EE_V12.0.4.0.tgz
|   +-- adcd/
|   |   +-- may2019/
|   |   |   +-- may2019_adcd_md5.txt
|   |   |   +-- ADCDTOOLS.XML
|   |   |   +-- volumes/
|   |   |   |   +-- D3BLZ1.gz
|   |   |   |   +-- ... (several other volumes)
|   |   |   |   +-- D3RES1.ZPD
|   |   |   |   +-- ... (several other volumes)
|   |   |   |   +-- SARES1.ZPD
|   |   |   |   +-- ZDTRKT.gz

A quick way to upload the files in this structure is to organize the directory structure on your local machine, and then upload it using the following command:

aws s3 cp /local-organized-dir s3://s3-bucket-name/ --recursive

After all of the files have been uploaded and validated, you can create a stack using the provided CloudFormation template, being careful with the descriptions of the parameters.

This template will provision all three instances, create a virtual private cloud (VPC), a subnet, and all of the required components of the solution, including an AWS Identity and Access Management (IAM) Role for the Enterprise Server EC2 instance to access and copy the files from the S3 bucket.

After the stack creation is complete, some processes will still be running in the instances, such as packages updates, installation of the IBM ZD&T binaries, copy of the files from the S3 bucket, and others.

You can follow along the installation of dependencies, IBM ZD&T packages and volumes being copied by issuing the following command:

tail -f /tmp/part-001.log

When the initial bash script ends, you’ll see the following messages in the logs of each server:

# License Server
echo "License Server installation finished, a script scheduled on cron will be checking if the license update files is uploaded to the S3 bucket."

# Enterprise Server
echo "Enterprise Server installation finished, a script scheduled on cron will be checking if the license_applied file exists in the S3 bucket."

# Emulator Server
echo "Emulator Server installation finished."

Once they all finish, the License Server will have uploaded a file to the S3 bucket with a file name in the following format:

*hostname*_*unixepochtimestamp*.zip (e.g. ip-10-0-0-38_us-west-2_compute_internal_1602073533.zip)

You then have to send this file to your IBM representative, so they can generate an update file with the following format:

*hostname*_*unixepochtimestamp*_update.zip (e.g. ip-10-0-0-38_us-west-2_compute_internal_1602073533_update.zip)

If need be, you can find the complete manual installation instructions in the IBM ZD&T documentation.

Deploying Target Emulators

Next, we continue the deployment of the target emulator assuming you used the CloudFormation template for installation.

Once you receive the update file, upload it to the S3 bucket with the same name format. The License Server will be polling for it in five-minute intervals.

You can check the polling progress and last poll timestamp by issuing the following command on the License Server:

tail -f /tmp/check_license.log

The License Server will find the file and apply the license, and then it will upload an empty file to the S3 bucket with the name license_applied. The Enterprise Server will be polling for this file in the S3 bucket every five minutes as well.

You can also check the polling progress and last poll timestamp using the same command above, but in the Enterprise Server.

Once the Enterprise Server finds license_applied in the S3 bucket, it will fire a deploy of the ADCD image it created into the Emulator Server, which may take several minutes.

You can check its progress by opening the Enterprise Server Admin Console, by accessing the “Outputs” section of the CloudFormation stack, and clicking on the URL beside EnterpriseServerAdminConsoleURL, with the user and password beside EnterpriseServerAdminConsoleUser and EnterpriseServerAdminConsolePassword, respectively.

Tip: If you are connected to a VPN or on an office network, it may block port 9443. Try accessing it from outside the VPN or a different network.

Figure 2 – IBM ZD&T admin console.

Once authenticated in the Admin Console, click on MONITOR AND MANAGE, and then in TARGET ENVIRONMENTS you’ll be able to expand and check the deployment progress.

Figure 3 – Verifying the ADCD deployment progress.

Under the TARGET ENVIRONMENTS section in Figure 3, when the progress reaches 100 percent the image has been successfully deployed on the target emulator.

If you choose to deploy a new target emulator manually using the Enterprise Edition web interface, you can find the instructions in the IBM ZD&T Enterprise Edition User’s Guide.

Accessing and Using z/OS

In order to access z/OS itself, you should use the Emulator Server public IP address, which is available in the “Outputs” section of the CloudFormation stack, as well as in the EC2 console itself.

The TN3270 service is running on z/OS and listening on ports 23 and 2023, with the latter using a TLS connection and being the one you should use.

Figure 4 – Configuring TN3270 terminal emulation connection.

In order to access z/OS, we use a TN3270 terminal emulator and configure the connection as shown on Figure 4.

Figure 5 – Accessing the ADCD z/OS.

Once the TN3270 terminal emulator is configured, we start the connection and see the z/OS welcome screen as shown in Figure 5.

Since the ADCD z/OS also runs a SSHD service, you can access z/OS using the same IP as above and port 2022, since port 22 is being used to access the underlying Linux OS running the emulator.

Credentials can be found in the ADCD documentation received together with the volumes.

Go Build

With the IBM ZD&T emulator running z/OS with CICS, DB2, IMS, WebSphere Application Server, and other products, you can set up your own CI/CD pipeline, start training employees, and experimenting.

If you’re interested in deploying IBM ZD&T on AWS and don’t have a license, installer and ADCD volumes, contact your IBM representative who will assist you.

For automated IBM ZD&T deployment on AWS using the CloudFormation template, see the GitHub repository.

If you would like to have more information related to the use of IBM ZD&T, check out this IBM Redbook.

If you need more details on the IBM ZD&T installation steps, feel free to read through IBM’s documentation.

Or, if you would like to understand how the ADCD image that is delivered together with the IBM ZD&T license is organized, check IBM’s documentation.