Oracle® Transparent Gateway for DB2 Installation and User's Guide
10g Release 1 (10.1) for IBM z/OS (OS/390)
Part No. B13531-01
Oracle Net for z/OS supports network communications between Oracle applications and Oracle gateway systems across different z/OS systems and different operating systems. Oracle provides OSDI listener (ORANET). This chapter describes how to configure it. For more information on Oracle Net, refer to the Oracle Net Services Book Set.
The following topics are included:
The OSDI listener (ORANET), also referred to as the Net service, runs as a service under an OSDI subsystem. In Oracle8i, Release 8.1.7 and Oracle8i, Release 1, all TCP and LU62 connections by Oracle applications, both client and server, were performed through the Net or Net8 service. Now, all Oracle clients on z/OS open their own sockets.
The OSDI listener's primary function is to listen for inbound remote connections to an Oracle instance. For compatibility purposes, the OSDI listener still provides outbound connectivity services for Oracle9i, R1 and Oracle8i, 8.1.7 Oracle clients.
The OSDI Listener is not required for Oracle Net cross-memory protocol. The syntax of cross-memory protocol could be in either of these two forms:
Note that in the case of a database link from an OSI database instance to an OSDI gateway instance, the OSDI database instance is considered as an Oracle client in the context of OSDI listener for the Oracle gateway instance. Moreover, if the OSDI database instance resides in the same OS390 image as the OSDI gateway instance, Oracle Net cross-memory protocol could be used.
An OSDI Listener is not required for Oracle Net cross-memory protocol. The syntax of cross-memory protocol could be in either of two forms:
(DESCRIPTION= (ADDRESS= (PROTOCOL=XM) (SUBSYS=snn) (SERVICE=service_name) ) (HS=) )
where ssn is the OSDI subsystem name an service_name is the OSDI gateway service name.
(DESCRIPTION= (ADDRESS= (PROTOCOL=XM) (SID=gateway_sid) ) (HS=) )
where gateway_sid is the chosen OSDI gateway service SID.
Oracle recommends using the SID format for simplicity.
On z/OS, Oracle Net is implemented as a z/OS OSDI service running in its own address space separate from the gateway service. The OSDI service acts as a listener for the Oracle z/OS instances and gateway instances. All protocol-specific code runs inside the OSDI listener.
Remote clients that access an OSDI service through an OSDI listener are dispatched on a lightweight unit of work called an enclave SRB. An enclave is created either once per session or for each SRB depending on the ENCLAVE keyword (described under "PARM"). An SRB is scheduled each time work is required to be done by the kernel. The enclave is deleted when the SRB completes. The z/OS Workload Manager component may be used to control the execution characteristics of these enclave SRBs. Refer to the Oracle Database System Administration Guide for IBM z/OS for further details.
For client and server support, the OSDI listener uses the IBM macro implementation and a TCP/IP network to support network communications between the Oracle server and any remote OSDI listener TCP/IP client or server. For more information, refer to "TCP/IP Network Considerations".
The product documentation, Oracle Net Services Book Set, refers to files in the following form:
||is the product name.|
||is the extension.|
An example of this form is SQLNET.ORA.
These files are then converted to DDnames. The following DDnames are implemented under z/OS:
|SQLNET||defines a data set containing any SQLNET.ORA diagnostic, ASO, or Oracle names parameters. It is not necessary to allocate this DD unless these features are desired. Refer to Oracle Net Services Book Set or the Oracle Database Advanced Security Administrator's Guide for more information.|
|SQLNETTC||defines a data set into which trace output is written. It is recommended that this be defined as a SYSOUT data set in a held output class.|
|SQLNETLG||defines a data set into which any logging output is written. It is recommended that this be defined as a SYSOUT data set in a held output class.|
|TNSNAMES||defines a data set containing all the TNS connect descriptors and aliases for your installation. For further information on TNS connect descriptors, refer to the Oracle Net Services Book Set. This DDname is not necessary on server JCL unless DBLINKS originates from the server.|
|LDAP||defines the location of the LDAP server.|
|TNSNAV||TNS client navigation. (Generally not used on z/OS.)|
|INTCHG||Interchange. (Generally not used on z/OS.)|
Example of diagnostic entries in SQLNET file
trace_file_client =/trace/sysout=x,hold trace_file_server =/trace/sysout=x,hold trace_file_agent =/trace/sysout=x,hold trace_level_client = 16 trace_level_server = 16 trace_level_agent = 16 trace_functions_all = yes
Example of TNSNAMES entry for use by DBLINK definition
G4XXDB2 = (DESCRIPTION = (ADDRESS=(PROTOCOL=TCP)(HOST=your.host.tcpip.name) (PORT=port#)(SSN=net_sid)) (HS=) (CONNECT_DATA=(SID=G4XX))
To create a Network Service under OSDI, you must first define the OSDI listener as a service using the OSDI DEFINE SERVICE command. In addition to defining the service, two other items that must be set up before the service can be started are: a JCL procedure, and network protocol-specific (TCP/IP) configuration. After you have defined OSDI listener as a service and have set up the additional items, you can start the service, which creates a z/OS address space based on controls that you have specified.
The service name for Oracle Net can be anything that you want within the content limitations described in Appendix B.
This procedure specifies the name of a service JCL procedure that you will place in one of your system procedure libraries. The procedure need not exist when DEFINE SERVICE is issued, but it must be in place before the service is started. The procedure name can be anything that you choose or that the naming standards of your installation require. The requirements for this procedure are discussed in section "OSDI Listener Region JCL".
The PARM string is used to specify additional initialization parameters that are specific to OSDI listener. These parameters are in the form of keywords and determine which protocols are initialized at OSDI listener startup as well as configuration and debugging features.
A description of the OSDI Listener keywords follows:
|OSDI Listener Keywords||Description|
||specifies support for the TCP/IP protocol.|
||specifies the duration of the enclave. When SESS is specified the enclave is created at logon and deleted at logoff. When CALL is specified the enclave is created when the server is sent a request, and is deleted when the server waits for a receive.|
||specifies the TCP/IP port number (
||may be specified at the request of Oracle Support Services. This allows the OSDI listener internal trace to be captured to the z/OS Generalized Trace Facility.|
||specifies the high level node, or nodes, of transaction dump data set names. The character string can be up to 26 characters in length, must follow the rules for z/OS data set names, and must not end with a period. When an OSDI listener transaction dump occurs, then the value defined here will be prefixed to a string that includes a time and date stamp to generate a unique data set name. The default is
DEFINE SERVICE NET92 TYPE(NET) PROC(ORANET92) - DESC(' Oracle Network Service 9.2') - SID(NETG) - PARM('HPNS GTF PORT91521) DUMP(ORACLE.TRANDMP)')
Note:if you have an active OSDI database instance, you could use an existing OSDI subsystem for the Oracle gateway instance and/or use existing NET service instance for the Oracle gateway instance.
As with a gateway service, a JCL procedure must be placed in a system procedure library prior to attempting a start of the service. The OSDI listener JCL procedure name must have an associated z/OS userid. Refer to the next topic, "TCP/IP Network Considerations" for details. The EXEC card of the JCL must be equivalent to the following:
//NET EXEC PGM=ORANET,REGION=0M
This DD statement should point to the Oracle supplied 9.2 authload which contains the gateway and Net load modules.
Connection-related informational messages, warning messages, and error messages are written to this sequential output file. Oracle Corporation recommends that it also be assigned to a JES spool file.
REGION=0M is specified to ensure that the service can allocate as much private virtual memory as it needs. Some z/OS systems may prohibit or alter a REGION parameter such as this, so you might want to check with your systems programmer to determine if any changes must be made to allow the system to accept your REGION parameter. In addition, the following DD statements are required:
Note:The OSDI listener JCL procedure name must have an associated z/OS userid. Refer to the next topic, "TCP/IP Network Considerations", for details.
//NET EXEC PGM=ORANET,REGION=0M //STEPLIB DD DSN= ORAN.ORAV.AUTHLOAD,DISP=SHR //NET8LOG DD SYSOUT=X
2000034 09:50:35.0 MIN0017I message service subtask initialized 2000034 09:50:35.0 MIN0016I command service subtask initialized 2000034 09:50:35.1 MIN0018I bind/unbind service subtask initialized 2000034 09:50:35.2 MIN0026I timer service subtask initialized 2000034 09:50:35.2 MIN0002I networking service NETC initialization complete 2000034 09:50:35.2 MIN0005I global vector is at 19F0A000 2000034 09:50:35.2 MIN0024I connected to WLM subsystem OSDI 2000034 09:50:50.4 MIN0700I HPNS INITAPI call performed. RC=0000, EC=00000 2000034 09:50:50.5 MIN0724I HPNS GHBY INITAPI call performed. RC=0000, EC=00000 2000034 09:50:51.1 MIN0728I HPNS KID INITAPI call performed. RC=0000, EC=00000 2000034 09:50:51.1 MIN0728I HPNS KID INITAPI call performed. RC=0000, EC=00000 2000034 09:50:51.1 MIN0728I HPNS KID INITAPI call performed. RC=0000, EC=00000 2000034 09:50:51.2 MIN0728I HPNS KID INITAPI call performed. RC=0000, EC=00000 2000034 09:50:51.2 MIN0728I HPNS KID INITAPI call performed. RC=0000, EC=00000 2000034 09:50:51.2 MIN0728I HPNS KID INITAPI call performed. RC=0000, EC=00000 2000034 09:50:51.2 MIN0713I I am listening on port 01522 socket 00000 2000034 10:05:58.8 MIN0733I Socket 0000 connected Subtask Kid1, IP 144.025.040.217, Port 01129. 2000034 10:05:58.8 MIN0733I Socket 0000 connected Subtask Kid2, IP 144.025.040.217, Port 01130. 2000034 12:00:13.9 MIN0098I networking service NETC termination in progress 2000034 12:00:18.9 MIN0722I HPNS Kid #003 shut down. 2000034 12:00:18.9 MIN0722I HPNS Kid #001 shut down. 2000034 12:00:18.9 MIN0722I HPNS Kid #006 shut down. 2000034 12:00:18.9 MIN0722I HPNS Kid #002 shut down. 2000034 12:00:18.9 MIN0722I HPNS Kid #005 shut down. 2000034 12:00:18.9 MIN0722I HPNS Kid #004 shut down. 2000034 12:00:18.9 MIN0723I HPNS Gethostbyname subtask ended. 2000034 12:00:18.9 MIN0721I HPNS shut down, GoodBye. 2000034 12:00:18.9 MIN0091I timer service subtask terminated 2000034 12:00:18.9 MIN0095I bind/unbind service subtask terminated 2000034 12:00:18.9 MIN0093I command service subtask terminated 2000034 12:00:18.9 MIN0094I message service subtask terminated MIN0000I End of Net8 Log.
If the IBM stack is being used, then particular attention must be paid to the MAXFILEPROC and MAXSOCKETS parameters (under AF_INET) in the BPXPRMxx member of SYS1.PARMLIB. These parameters must be set high enough to support the expected connection load. Both of these parameters can limit the number of connections that the OSDI listener will be able to open. Also, the OSDI listener JCL procedure name must have an associated z/OS userid in order to use TCP/IP, which is controlled by z/OS UNIX System Services. The userid must have an OMVS RACF segment (or equivalent, if a product other than RACF is used) if the installation is not using a default OMVS segment.
In addition, the interface resolves names through the standard GETHOSTBYNAME API. Thus the resolution depends on how IBM TCP/IP is configured. If a DNS is defined to TCP/IP, then it will be used. Otherwise, TCP/IP will default the processing to its SITEINFO file. Also, IBM's Language Environment runtime library (LE) must be available through a STEPLIB DD or linklist to the OSDI listener address space in order for
GETHOSTBYNAME to work. This is an IBM requirement. TNS does a
GETHOSTBYNAME call at startup to test the function. This call may take minutes to complete if a busy name server is involved. The interface is not ready for work until the MIN0713I message is displayed on the system console. For more information on the GETHOSTBYNAME API, refer to the relevant IBM documentation on TCP/IP.
Note:In this section, the term 'client' refers to the Oracle integrating server in the context of a database link session to an OSDI gateway instance.
Remote (inbound) clients access Oracle gateway instances through the OSDI listener as follows:
The OSDI network service listens on a single endpoint (network address) for each protocol. All remote clients that go through a particular OSDI listener with a particular protocol use the same network address regardless of which gateway instance they want to access. All TCP/IP clients specify the same hostname (or IP) and port number.
Clients indicate the target gateway instance that they want with the
))' clause in the OSDI listener address string.
The following is an example of a tnsname entry for a database link from a remote Oracle database server to an OSADI gateway instance through TCP/IP.
(DESCRIPTION= (ADDRESS= (PROTOCOL=TCP)(HOST=MVS08)(PORT=1999) ) (HS=) (CONNECT_DATA=(SID=TGD4) ) )
MVS08 is the hostname that the gateway resides in. 1999 is the port number that OSDI NET listens on that serves the gateway instance. TGD4 is the OSDI TG4DB2 SID it's trying to connect to.
Note that if the remote Oracle database server is an OSDI database instance of release 9.1 or below, you would need to specify SSN parameter (within the ADDRESS specification) that specifies the OSDI NET SID that serves the outbound traffic for the OSDI database instance.
For MPM and OSDI compatibility, refer to Chapter 11.
Oracle clients on z/OS are also able to use an Oracle Names or LDAP server running on another platform to resolve connection requests. The following samples of the OSDI listener configuration file are required to make use of this service.
SQLNET DD or SQLNET.ORA Definitions
############### # Names .........: (CONNECT_TIMEOUT = 0) -MUST- be specified ############### NAMES.DEFAULT_DOMAIN = world NAMES.DEFAULT_ZONE = my.domain.com NAMES.DIRECTORY_PATH = (TNSNAMES,ONAMES,LDAP) NAMES.PREFERRED_SERVERS = (ADDRESS_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP) (HOST = names_host) (Port = 1575) ) (CONNECT_TIMEOUT = 0) ) ) ##
ORSS START NET
This command would start the OSDI listener defined in the earlier example for "Example of Network Service Definition" if the subsystem were named 'ORSS'. You should then see the OSDI listener PROC start up followed by the following messages from the OSDI listener address space:
MIN0001I networking service initializing MIN0002I networking service NET8 initialization complete MIN0713I I am listening on port 01521 socket 00000
F name,cccc pppppp
||is the jobname or identifier of the OSDI listener|
||is a command verb from the table below|
||represents an appropriate parameter for that command|
Table 6-1 Command Verbs for z/OS MODIFY (or F) System Operator Command
||Starts support for the specified protocol in the OSDI listener.|
||Stops support for the specified protocol.|
||Display information about existing connections for the specified protocol or storage pool statistics.|
The OSDI listener can be stopped with the z/OS stop command (STOP or P), as in '
p net', or via the OSDI subsystem stop command, as in '
ORSS STOP NET'. In either case, the following messages will be seen on the console:
MIN0098I networking service NET termination in progress MIN0721I HPNS shut down, GoodBye. MIN0099I networking service termination complete
The OSDI listener service will also respond to the OSDI subsystem '
display' and '
display long' commands with appropriate information from the address space. Finally, the OSDI subsystem '
drain' command will prevent any new connections on either protocol. Existing connections will not be affected. The OSDI subsystem '
RESUME' command will restore the ability of clients to establish new connections through the OSDI listener.
The OSDI listener provides a utility program called TRCASST that formats the trace files OSDI listener can produce. You may be asked to run TRCASST to help gather diagnostic information required by Oracle Support Services. Sample JCL for TRCASST is provided in oran.orav.SRCLIB(TRCASST).
Before you use TRCASST, ensure that the trace files have not been created with carriage control. TRCASST will be unable to process such files.
When TRCASST runs, the TNSUSMSG DDname must point to a PDS containing a TNSUS message file. This file was placed into oran.orav
.MESG(TNSUS) during OSDI listener installation.
The OSDI listener supports CHECKSUM and encryption algorithms. The following sections describe a basic method of verifying this feature, if it is to be used by your site. The easiest way to tell if Oracle Advanced Security Option (ASO) encryption is attempting to work is to deliberately set wrong configuration parameters and attempt a connection between the server and client. Incorrect parameters cause the connection to fail.
After receiving the expected failure message, set the configuration parameters to the correct settings and try the connection again. ASO encryption is working properly if no further error messages are received.
Perform the following steps to set up ASO encryption:
Set ASO encryption parameters for the server.
Set ASO encryption parameters for the client.
Use ISPF to edit the OSDI listener configuration file on the z/OS system (server system) to add the following parameters and values. If the server is remote (not z/OS), then use the appropriate editor for the server platform to change SQLNET.ORA.
SQLNET.CRYPTO_CHECKSUM_SERVER = REJECTED SQLNET.ENCRYPTION_SERVER = REJECTED SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER = (MD5) SQLNET.ENCRYPTION_TYPES_SERVER = (DES40,RC4_40) SQLNET.CRYPTO_SEED = "abcdefg"
The value shown for
SQLNET.CRYPTO_SEED is only an example. Set it to the value you want. Refer to the Oracle Database Advanced Security Administrator's Guide for more information.
Edit the OSDI listener configuration file on the client system to add the following parameters:
SQLNET.CRYPTO_CHECKSUM_CLIENT = REQUIRED SQLNET.ENCRYPTION_CLIENT = REQUIRED SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT = (MD5) SLQNET.ENCRYPTION_TYPES_CLIENT = (DES40,RC4_40) SQLNET.CRYPTO_SEED = "abcdefg"
The value shown for
SQLNET.CRYPTO_SEED is only an example. Set it to the same value used on the server system.
After completing Steps 1 and 2 of the configuration procedure, you are ready to test the operation of the ASO encryption.
Connect client and server.
Reset configuration parameters on server.
Attempt a connection between the server and client systems. You should receive the following error message:
Change the ASO encryption parameters on the server to:
SQLNET.CRYPTO_CHECKSUM_SERVER = REQUIRED SQLNET.ENCRYPTION_SERVER = REQUIRED
Attempt the connection between the client and server again. If no error message is returned and the connection completes, then ASO encryption is working properly.