Z/OS November 8, 2025 3 Minutes
I was at the GS UK conference recently (which was bigger than ever) and learned so many new things.
I’ll give some short descriptions of what I learned. There is no order to these topics. Some items come in more than one area.
-
Python is very popular and widely used.
-
pyracf for issuing RACF commands from OMVS
-
pysdsf accessing SDSF from OMVS (z/OS 3.2)
-
Use ssh to access z/OS instead of ISPF
-
Many Unixy commands ported to z/OS through zopen project
-
/dfds to access data sets
-
Possibly faster than through ISPF
-
vscode is the most commonly used IDE with lots of plugins. Can edit z/OS data sets, files, submit jobs and look at spool – via Zowe
-
Git is the standard repository
-
Edit in vscode -…
Z/OS November 8, 2025 3 Minutes
I was at the GS UK conference recently (which was bigger than ever) and learned so many new things.
I’ll give some short descriptions of what I learned. There is no order to these topics. Some items come in more than one area.
-
Python is very popular and widely used.
-
pyracf for issuing RACF commands from OMVS
-
pysdsf accessing SDSF from OMVS (z/OS 3.2)
-
Use ssh to access z/OS instead of ISPF
-
Many Unixy commands ported to z/OS through zopen project
-
/dfds to access data sets
-
Possibly faster than through ISPF
-
vscode is the most commonly used IDE with lots of plugins. Can edit z/OS data sets, files, submit jobs and look at spool – via Zowe
-
Git is the standard repository
-
Edit in vscode
-
check-in to Git
-
on z/os pull from Git
-
compile and run from ssh window
-
can edit on your workstation and process on z/OS
-
use Zowe/vscode to edit datasets and files in vscode, submit JCL and look at the spool. Can use zowe command line interface for issuing stuff to z/OS ( eg list files, issue operator commands)
-
People like my blog posts – Wow ! I never really knew. If you like/use anyone’s post please “like it” so the author knows. If it has been really helpful make a comment “I found this very useful”.
-
Lots of capturing data and displaying it in tools like grafana.
-
Python used to capture data
-
Monitoring dashboards are so last year.
-
Now have modern tools (AI) to detect changes from historical data, then alert people to differences, who then use the dashboards.
-
SDSF version 3.2 can intercept RACF writes to SMF and can display the activity, so if RACF is configured you can display OK access to resources. You just get the failures reported on syslog
-
You’ve been hacked
-
Often there is evidence months before hack – you just need to spot it
-
Pat is a z/OS sysprog who comes to work, has a coffee and starts working at 0930. Today there were two password validation failures at 0430. Is this unusual – yes. Do something
-
The password failures occurred at 0925 and 0926 – is this unusual.. you might want to check
-
You had a connection from an IP address you’ve never seen before – what do you do? Slow down their traffic and notify someone
-
Prepare for this
-
Have an integrated playbook.
-
Populate panels with the suspicious userid, and have a pull down to disable. It takes longer to type data into a RACF command than use from pre populated fields. (Eg userid COLIN Click here to disable it. )
-
Have people use the play book so they know what to do when an incident occurs. You do not have time to learn as you go along.
-
You have minutes to act. Getting someone out of bed is too long.
-
What software is running where? File Integrity Monitoring
-
I thought this was module ABC CSECT CS123 PTF level UK987654. No. If someone has zapped the module how do you know? And when did they do it? This helps you know how far you need to restore from,
-
Take each module and CSECT and create an encrypted checksum for each component. Store the information system id/library/module/CSECT/hash code. Check it weekly If someone has zapped the module – it will have a different hash. You can also see which systems are back level.
-
Do the same for configuration files eg parmlib.
-
If it has changed there should be a matching change request.
-
Regulations are in. If you have hacker insurance you will have to comply with regulation standards- such as
-
have you implemented File Integrity Monitoring (above).
-
Do you follow the standards for isolation of responsibilities.
-
“Yes” is the wrong answer. You need to demonstrate proof.
-
eg password strength. You need tests to validate it
-
prove this TCPIP connection is encrypted
-
Certificates should be reissued every 30-60 days. Not the n years it used to be.
-
OpenTelemetry tracing system. Configure applications and subsystems, to emit “here I am” to central monitoring to show path transaction took. Eg MQ client, into CICS transaction… to another CICS and back. Can do it for all – or just a sample of some requests.
-
Lots of youngster involved with z/OS.
-
Lots of old familiar faces who love working with z/OS, and should have retired years ago . This includes me (grin).
Published November 8, 2025