IMS Mobile - getting started

© 2015 IBM Corporation

IMS Mobile Solution

Getting Started

IBM Information Management System (IMS)

© 2015 IBM Corporation2


Getting started with the IMS mobile solution © 2015 IBM Corporation2

Outline

� A graphic view of the IMS mobile solution and the components involved

� Installation options:− Option 1. You already have WAS/z Liberty Profile V8.5.5.5 or later

− Option 2. You do not have WAS/z Liberty Profile

� Two security configuration scenarios:− Scenario 1. Basic authentication for a quick installation verification

− Scenario 2. RACF security

� Installation walkthroughs with the following scenarios:− Scenario 1. You already have WAS/z Liberty Profile

1a. You want to use basic authentication for a quick installation verification

1b. You want to use RACF security.

− Scenario 2. You do not have WAS/z Liberty Profile

2a. You want to use basic authentication for a quick installation verification

2b. You want to use RACF security.




IMS Mobile Solution: A graphical view

WebSphere

Application Server

for z/OS

Liberty ProfileJSON

HTTPTCP/IP

Mobile applications

IMS Mobile

Feature Pack

z/OS Connect IMS

Connect

O

T

M

A

IMS Transaction

Manager

IMS

application

DB2

IMS

DB

IMS

applicationIMS

application

� WebSphere Application Server for z/OS Liberty Profile (WAS/z Liberty): The application server

� z/OS Connect: A feature for WAS/z Liberty that serves as the gateway for discovering and invoking applications and data on z/OS from mobile, cloud, and web applications. In the context of IMS mobile solution, this is the IMS gateway.

� IMS Mobile Feature Pack: A service provider for WAS/z Liberty that handles:

− Data transformation (XML <-> byte array)

− Interaction with IMS Connect

− Service management through IMS Explorer for Development, which provides the user interface for service creation, testing, and management

Web browser / REST client




IMS Mobile Solution: Tooling for IMS mobile service creation,

testing, and management

WebSphere

Liberty ProfileJSON

HTTPTCP/IP

IMS Enterprise Suite Explorer

for Development

(IMS Explorer)

Mobile applications

IMS Mobile

Feature Pack

z/OS Connect IMS

Connect

O

T

M

A

IMS Transaction

Manager

IMS

application

DB2

IMS

DB

IMS

applicationIMS

application

• Eclipse-based tool on Windows for IMS mobile

service creation, testing, and management• A component in IMS Enterprise Suite V3.1 that

you can download

Web browser / REST client




Mobile service creation, testing, and deployment tool--

IMS Explorer for Development installation

IMS Explorer

Download IBM Explorer for z/OS and IBM Installation Manager from the IBM Explorer for z/OS website.

1.

Extract and run the Launchpad.exe file to install both IBM Installation Manager and IBM Explorer for z/OS.

2.

Add a repository to point to where the IMS Explorer .zip file is stored.

3.

Select IMS Explorer from the Install Packages window.

4.

Download IMS Explorer (a .zip file) from the IMS Enterprise Suite download website.

1.

Launch IBM Installation Manager.

2.

Click Check for Other Versions, Fixes, and Extension.

3.

Click Install in the main window.

4.

Do you already have IBM Installation Manager installed?

Yes No

For installation information, see:

http://www.ibm.com/support/knowledgecenter/SS9NWR_3.1.0/com.ibm.ims.explorer31.doc/wb_installing_shellshare.htm




IMS Explorer: Getting started task launcher for IMS Mobile

• Click Start > All Programs > IBM Explorer for z/OS > IMS Enterprise Suite

Explorer for Development to launch IMS Explorer

• Getting started tasks are provided in the Task Launcher




Server runtime component installation options

Installation option 1: You already have WAS/z Liberty Profile V8.5.5.5 or later

� Download from the WAS/z Liberty Profile repository the following required

feature:

− IMS Mobile Feature Pack

Repository location: https://developer.ibm.com/wasdev/downloads/

Installation instructions are provided on the repository page.

Installation option 2: You do not have WAS/z Liberty Profile

� Order IMS Enterprise Suite V3.1.1 (5655-TDA) from Shopz at https://www-

304.ibm.com/software/shopzseries/ShopzSeries_public.wss.

− The IMS Mobile Feature Pack in IMS Enterprise Suite contains WAS/z

Liberty Profile and z/OS Connect as a supporting program.

− For WAS/z Liberty Profile usage restrictions in this context, see the license information included in IMS Enterprise Suite for z/OS V3.1.1




Installation option 1:

You already have WAS/z Liberty Profile V8.5.5.5

or later





Go to WAS/z Liberty Profile repository at

https://developer.ibm.com/wasdev/downloads/

Configure IMS Mobile Feature Pack.

Search for the “IMS Mobile Feature Pack”

feature. Follow the instructions on the screen

to install.

3.

1.

2.

WAS/z Liberty ProfileWAS/z Liberty Profile

z/OS Connectz/OS Connect

IMS Mobile Feature PackIMS Mobile Feature Pack

server.xml:. . .. . .. . .

See installation roadmap at:http://www.ibm.com/support/knowledgecenter/SS9NWR_3.1.0/com.ibm.ims.mobile31.doc/mobile_installroadmap_option1.htm

(more detail…)




Installation steps for option 1: You already have WAS/z Liberty

Profile V8.5.5.5 or later




server.xml:. . .<imsmobile_imsServiceManager

imsRegistryHome="./registry“imsTechnicalGroup="IMS_GROUP" imsTechnicalID="IMS_USER"/>

. . .

In server.xml, add the following entries:

• Registry home: Location for the IMS

gateway server registry.

• Technical ID: The technical ID is passed

to the IMS Mobile feature on the gateway

server if authentication is turned off, or

the authenticated user ID is greater than

8 bytes.

• Technical group: An 8-byte SAF group

name for IMS transactions.

Configure IMS Mobile Feature Pack.3.

See IMS Mobile Feature Pack security process flow at:

http://www-01.ibm.com/support/knowledgecenter/SS9NWR_3.1.0/com.ibm.ims.mobile31.doc/mobile_security.htmSee installation roadmap at:

http://www.ibm.com/support/knowledgecenter/SS9NWR_3.1.0/com.ibm.ims.mobile31.doc/mobile_installroadmap_option1.htm




a. Edit the BBGZANGL procedure as a started task to start the angel process.

b. Start the angel process by issuing:START BBGZANGL

c. If RACF is enabled in IMS Connect, specify the IMS technical password.

In server.xml:

a. Configure a basic registry with z/OS Connect access roles in server.xml.

b. If RACF is enabled in IMS Connect, specify the IMS technical password.


Configure IMS Mobile Feature Pack.3.

Security scenario 2.

SAF securitySecurity scenario 1.

Basic authentication(for initial installation verification)





imsRegistryHome="./registry“imsTechnicalGroup="IMS_GROUP" imsTechnicalID="IMS_USER"/>

. . .

(more detail on next slide)(go to slide #16)

Configure IMS Mobile Feature Pack for security.4.

See installation roadmap at:http://www.ibm.com/support/knowledgecenter/SS9NWR_3.1.0/com.ibm.ims.mobile31.doc/mobile_installroadmap_option1.htm




Configure IMS Mobile Feature Pack with basic authentication.4.

Configure a basic registry with z/OS Connect access

roles in server.xml.

Configure a basic registry with z/OS Connect access

roles in server.xml.

a.

See installation WebSphere Liberty security configuration topics at:http://www-01.ibm.com/support/knowledgecenter/SSD28V_8.5.5/com.ibm.websphere.wlp.zseries.doc/ae/twlp_zconnect_security.htmlhttp://www-01.ibm.com/support/knowledgecenter/SSD28V_8.5.5/com.ibm.websphere.wlp.core.doc/ae/twlp_sec_basic_registry.html

Security scenario 1: Basic authentication

Basic Registry Configuration

Certification Configuration

User Authorization

Configuration


server.xml:. . .

<keyStore id=“keystore_id" password=“encrypted_pwd"/>

<basicRegistry id="basic1" realm="zosConnect">

<user name=“your_userName" password=“your_pwd" />

</basicRegistry>

<authorization-roles id="zos.connect.access.roles">

<security-role name="zosConnectAccess">

<user name=“user1"/>


</security-role>

</authorization-roles>




Configure IMS Mobile Feature Pack with basic authentication.

If RACF is enabled in IMS Connect, specify the

IMS technical password.




4.

Configure a basic registry with z/OS Connect access roles in server.xml.Configure a basic registry with z/OS Connect access roles in server.xml.

server.xml:. . .

<imsmobile_imsServiceManager

imsRegistryHome="./registry“

imsTechnicalGroup="IMS_GROUP"

imsTechnicalID="IMS_USER“

imsTechnicalPassword="{xor}PjMzbiw7KjE="

/>. . .

This password is used for RACF authentication. Only one IMS technical password can be specified per IMS gateway server instance. This password must be set up in RACF for the user ID or IDs that are associated with the mobile service requests.

b.

a.





Technical ID and technical password

• Technical ID:

If SAF authentication turned off on WAS/z Liberty Profile, or if the authenticated user ID

from the mobile client is greater than 8 bytes, this technical ID is passed to IMS Connect

as the user ID. If the technical ID is left blank, the IMS Mobile feature uses the z/OS

Connect started job user ID

• Technical password:

The password is used for RACF

authentication if RACF is turned on

in IMS Connect.

Only one IMS technical password

can be specified per IMS gateway

server instance. This password must

be set up in RACF for the user IDs

(or the technical ID) that are

associated with the mobile service

requests.

server.xml:. . .






/>. . .




Configure IMS Mobile Feature Pack with basic authentication.


Start the server by issuing:

START BBGZSRV

Start the server by issuing:

START BBGZSRV5.


GMOIG7777I: The IMS Mobile feature

initialized successfully.

(build_number): 201411181651.

CWWKF0011I: The server imsmobile is

ready to run a smarter planet.

CWWKT0016I: Web application available

(default_host):

http://my.host.com:10443/

4.



Configure a basic registry with z/OS Connect access roles in server.xml.Configure a basic registry with z/OS Connect access roles in server.xml.




IMS technical password. b.

a.





server.xml:

. . .<safRegistry id=“saf_reg_id"

realm="zosConnect"></safRegistry>

<safAuthorization id=“saf_id“ />

<safCredentials

profilePrefix=“saf_cred_prefix"/>

<keyStore id=“keyStore_id"

password=“keystore_pwd"/＞＞＞＞

...

See IMS Mobile Feature Pack security process flow at:http://www-01.ibm.com/support/knowledgecenter/SS9NWR_3.1.0/com.ibm.ims.mobile31.doc/mobile_security.htmFor more information about security configuration for z/OS Connect, see:http://www.ibm.com/support/knowledgecenter/SSD28V_8.5.5/com.ibm.websphere.wlp.zseries.doc/ae/twlp_zconnect_security.html

SAF Registry Configuration


Security scenario 2: SAF authentication and authorization

Configure IMS Mobile Feature Pack with SAF security. Configure IMS Mobile Feature Pack with SAF security. 4.


Edit the server.xml file to configure for SAF security if this is not yet configured.

Edit the server.xml file to configure for SAF security if this is not yet configured.

a.




Edit the server.xml file to configure for SAF security if this is not yet configured.Edit the server.xml file to configure for SAF security if this is not yet configured.

Configure IMS Mobile Feature Pack with SAF security. Configure IMS Mobile Feature Pack with SAF security.

In the STARTED profile for the angel process and SERVER profile, create an authenticated user; add an unauthenticated user for READ access.

In the STARTED profile for the angel process and SERVER profile, create an authenticated user; add an unauthenticated user for READ access.

c.

Set up the angel process.Set up the angel process.b.

An angel process grants the Liberty profile server access to z/OS authorized services for System Authorization Facility (SAF) authorization, Workload Manager (WLM), resource recovery services (RRS), and SVCDUMP.


RACF registrations for angel process

RACF registrations for SAF authorization



RDEFINE SERVER BBG.SECPFX.BBGZDFLT UACC(READ)

RDEFINE APPL BBGZDFLT UACC(NONE)

PERMIT BBGZDFLT ID(SGEN3) ACCESS(READ) CLASS(APPL)

RDEFINE EJBROLE

BBGZDFLT.zos.connect.access.roles.zosConnectAccess

UACC(NONE)

PERMIT

BBGZDFLT.zos.connect.access.roles.zosConnectAccess

CLASS(EJBROLE) ID(SGEN3) ACCESS(READ)

RDEF SERVER BBG.ANGEL UACC(NONE)

RDEF SERVER BBG.AUTHMOD.BBGZSAFM UACC(NONE)

RDEF SERVER BBG.AUTHMOD.BBGZSAFM.SAFCRED UACC(NONE)

RDEF SERVER BBG.AUTHMOD.BBGZSAFM.ZOSWLM UACC(NONE)

RDEF SERVER BBG.AUTHMOD.BBGZSAFM.TXRRS UACC(NONE)

RDEF SERVER BBG.AUTHMOD.BBGZSAFM.ZOSDUMP UACC(NONE)


4.

a.

See the Liberty profile on z/OS server administration topic at:

http://www.ibm.com/support/knowledgecenter/SS7K4U_8.5.5/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/twlp_admin_zos.htmlFor more information about authorizing access to administrative roles, see:

http://www.ibm.com/support/knowledgecenter/SS7K4U_8.5.5/com.ibm.websphere.zseries.doc/ae/tsec_tselugradro.html




Set up the angel process.Set up the angel process.

START the angel process:

a. Edit the BBGZANGL procedure to start the angel process if you have not done so already.

b. Start the angel process by issuing:

START BBGZANGL

See the Liberty profile on z/OS server administration topic at:

http://www.ibm.com/support/knowledgecenter/SS7K4U_8.5.5/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/twlp_admin_zos.html



Configure IMS Mobile Feature Pack with SAF security. Configure IMS Mobile Feature Pack with SAF security.

In the STARTED profile for the angel process and SERVER profile, create with an authenticated user; add an unauthenticated user for READ access.In the STARTED profile for the angel process and SERVER profile, create with an authenticated user; add an unauthenticated user for READ access.

c.

b.

4.

Edit the server.xml file to configure for SAF security if this is not yet configured.Edit the server.xml file to configure for SAF security if this is not yet configured.a.

d.




Start the IMS gateway server by issuing:

START BBGZSRV5.



initialized successfully. (build_number):

201411181651.

CWWKF0011I: The server imsmobile is ready

to run a smarter planet.


(default_host): http://my.host.com:10443/


Configure IMS Mobile Feature Pack with SAF security. Configure IMS Mobile Feature Pack with SAF security. 4.




Installation option 2:

You do not have WAS/z Liberty Profile




Install IBM Installation Manager for z/OS by following the steps in Program Directory for IBM Installation Manager for z/OS.Install IBM Installation Manager for z/OS by following the steps in Program Directory for IBM Installation Manager for z/OS.


Order IMS Enterprise Suite V3.1 (5655-TDA) from Shopz.Order IMS Enterprise Suite V3.1 (5655-TDA) from Shopz.

Prerequisites:

1.

2.

You will receive the following FMIDs that you need for the IMS mobile solution:• Base Services (FMID HAHF310)• IMS Mobile Feature Pack (FMID JAHF31A)• IBM Installation Manager for z/OS (FMID HGIN140)

• SMP/E process the FMID HGIN140.• Check for and apply the latest PTFs for Installation Manager for

z/OS to upgrade to V1.5.3 or later. • Follow the “Activating IBM Installation Manager for z/OS” section in

the IBM Installation Manager Program Directory and the instructions in the installation JCL jobs to complete the installation.





Edit and submit GMORECV#,

GMOALLOC, GMOZFS,

GMODDEF4…. GMOAPPLY,

GMOACCEP.

Create and mount the file

system for installing the run-time

code for IMS Mobile Feature

Pack.

Follow the installation instructions in the Program Directory (GI10-8964) to install IMS Mobile Feature Pack.

Follow the installation instructions in the Program Directory (GI10-8964) to install IMS Mobile Feature Pack.

Use SMP/E process to put all code onto the target system.Use SMP/E process to put all code onto the target system.

Edit GMOIMCFS to create and mount the file system. Edit GMOIMCFS to create and mount the file system.

1.

a.

b.




See installation roadmap at:


Follow the installation instructions in the Program Directory (GI10-8964).Follow the installation instructions in the Program Directory (GI10-8964).



Edit GMOIMINS to install IMS Mobile Feature Pack using IBM Installation Manager for z/OS. • Specify the installation directory and

repository location for use by IBM Installation Manager.

• Specify registry home, technical ID, and technical group for use by the IMS mobile solution.

• Submit the job to install.

Edit GMOIMINS to install IMS Mobile Feature Pack using IBM Installation Manager for z/OS. • Specify the installation directory and

repository location for use by IBM Installation Manager.

• Specify registry home, technical ID, and technical group for use by the IMS mobile solution.


1.

a.

b.

c.


• Registry home: Location for the IMS gateway server registry.

• Technical ID: The technical ID is passed to the IMS Mobile feature on the gateway server if the authenticated user ID is greater than 8 bytes.

• Technical group: An 8-byte SAF group name for IMS transactions.

server.xml:. . .




imsTechnicalID="IMS_USER"/>

. . .

GMOIMINS







Modify server.xml to specify the server host name and port numbers.Modify server.xml to specify the server host name and port numbers.

2.





. . .

<httpEndpoint host="*"

httpPort="10443"

httpsPort="9443"

id="defaultHttpEndpoint"/>

Edit GMOIMINS to install IMS Mobile Feature Pack using IBM

Installation Manager for z/OS.

• Specify the installation directory and repository location for use

by IBM Installation Manager.

• Specify registry home, technical ID, and technical group for use

by the IMS mobile solution.


Edit GMOIMINS to install IMS Mobile Feature Pack using IBM

Installation Manager for z/OS.

• Specify the installation directory and repository location for use

by IBM Installation Manager.

• Specify registry home, technical ID, and technical group for use

by the IMS mobile solution.


c.


GMOIMINS



Follow the installation instructions in the Program Directory (GI10-8964).Follow the installation instructions in the Program Directory (GI10-8964).



1.

a.

b.







Modify server.xml to specify the server host name and port numbers.Modify server.xml to specify the server host name and port numbers.

2.





. . .

<httpEndpoint host=“my.host.com"

httpPort="10443"

httpsPort="9443"

id="defaultHttpEndpoint"/>


a. In server.xml, configure SAF registry.

b. Set up the angel process by editing and running:

• GMOEXTAT job• GMOZANGL procedure

c. Configure SAF for the IMS gateway server.

In server.xml:

a. Configure a basic registry with z/OS Connect access roles in server.xml.

b. If RACF is enabled in IMS Connect, specify the IMS technical password.


SAF security


Basic authentication(for initial installation verification)

(more detail on next slide) (go to slide #30)

Edit the server.xml file to configure for security.Edit the server.xml file to configure for security.3.






Configure a basic registry with z/OS Connect access roles.Configure a basic registry with z/OS Connect access roles.

a.

server.xml:. . .

<keyStore id=“keystore_id" password=“encrypted_pwd"/>

<basicRegistry id="basic1" realm="zosConnect">

<user name=“your_userName" password=“your_pwd" />

</basicRegistry>

<authorization-roles id="zos.connect.access.roles">

<security-role name="zosConnectAccess">



</security-role>

</authorization-roles>

See installation WebSphere Liberty security configuration topics at:http://www.ibm.com/support/knowledgecenter/SSD28V_8.5.5/com.ibm.websphere.wlp.zseries.doc/ae/twlp_zconnect_security.html

http://www.ibm.com/support/knowledgecenter/SSD28V_8.5.5/com.ibm.websphere.wlp.core.doc/ae/twlp_sec_basic_registry.html

Basic Registry Configuration


User Authorization

Configuration


Edit the server.xml file to configure for basic authentication.Edit the server.xml file to configure for basic authentication.3.





See IMS Mobile Feature Pack security process flow at:http://www-01.ibm.com/support/knowledgecenter/SS9NWR_3.1.0/com.ibm.ims.mobile31.doc/mobile_security.htmSee installation roadmap at:


If RACF security is enabled in IMS Connect, configure the IMS technical password.If RACF security is enabled in IMS Connect, configure the IMS technical password.


b.

server.xml:. . .






/>. . .

This password is used for RACF authentication. Only one IMS technical password can be specified per IMS gateway server instance. This password must be set up in RACF for the user ID or IDs that are associated with the mobile service requests.

Configure a basic registry with z/OS Connect access roles.Configure a basic registry with z/OS Connect access roles.a.






Technical ID and technical password

• Technical ID:

If SAF authentication is turned off on the IMS gateway server, or if the authenticated

user ID is greater than 8 bytes, the technical ID is passed to IMS Connect as the user

ID. If the technical ID is left blank, the user ID that started the IMS gateway server is

used.

• Technical password:

The password is used for RACF

authentication if RACF is turned on

in IMS Connect.

Only one IMS technical password

can be specified per IMS gateway

server instance. This password must

be set up in RACF for the user IDs

(or the technical ID) that are

associated with the mobile service requests.

server.xml:. . .






/>. . .




Start the IMS gateway server by issuing:START GMOZSRVStart the IMS gateway server by issuing:START GMOZSRV

4.

See installation roadmap at:http://www-01.ibm.com/support/knowledgecenter/SS9NWR_3.1.0/com.ibm.ims.mobile31.doc/mobile_installroadmap_option1.htm

NC0000000 TESTMVS 14365 22:18:40.31 SGEN3 00000290 S GMOZSRV

N 0200000 TESTMVS 14365 22:18:40.35 STC07567 00000291 $HASP100 GMOZSRV ON STCINRDR

N 0020000 TESTMVS 14365 22:18:40.39 STC07567 00000290 IEF695I START GMOZSRV WITH JOBNAME GMOZSRV IS ASSIGNED TO USER

STC

S , GROUP SYSPROC

N 4000000 TESTMVS 14365 22:18:40.39 STC07567 00000090 $HASP373 GMOZSRV STARTED

N 0000000 TESTMVS 14365 22:18:40.39 STC07567 00000090 IEF403I GMOZSRV - STARTED - TIME=22.18.40

N 0020000 TESTMVS 14365 22:19:12.02 STC07567 00000090 GMOIG7777I: The IMS Mobile feature initialized successfully.

(build_numb

S er): 201411181651.

N 4000000 TESTMVS 14365 22:19:13.28 STC07567 00000090 +CWWKF0011I: The server imsmobile is ready to run a smarter planet.

Launching imsmobile (WebSphere Application Server 8.5.5.2, WAS FOR Z/OS 8.5.5.2/wlp-1.0.5.cl50220140403-1858) on IBM J9 VM,

version Launching pmz6470sr6fp1-20140108_01 (SR6 FP1) (en_US)

[AUDIT ] CWWKE0001I: The server imsmobile has been launched.

[AUDIT ] CWWKG0028A: Processing included configuration resource:

/usr/lpp/ims/imses/V3R1/rest_gw/imsmobile/usr/servers/imsmobile/ims-services.xml

[AUDIT ] CWWKZ0058I: Monitoring dropins for applications.

[AUDIT ] GMOIG7777I: The IMS Mobile feature initialized successfully. (build_number): 201411181651.

[AUDIT ] CWWKF0015I: The server has the following interim fixes installed: PI16677,PI18279,PI16652.

[AUDIT ] CWWKF0011I: The server imsmobile is ready to run a smarter planet.

[AUDIT ] CWWKT0016I: Web application available (default_host): http://xxxxxx.xxxxxx.ibm.com:10443/

SYSLOG

JOBLOG (STDOUT)







server.xml:

. . .<safRegistry id=“saf_reg_id"

realm="zosConnect"></safRegistry>

<safAuthorization id=“saf_id“ />

<safCredentials

profilePrefix=“saf_cred_prefix"/>

<keyStore id=“keyStore_id"

password=“keystore_pwd"/＞＞＞＞

...

For more information about security configuration for z/OS Connect, see:http://www.ibm.com/support/knowledgecenter/SSD28V_8.5.5/com.ibm.websphere.wlp.zseries.doc/ae/twlp_zconnect_security.html

SAF Registry Configuration




Edit the server.xml file to configure for SAF security.Edit the server.xml file to configure for SAF security.3.




Create the STARTED profile for the angel process and SERVER profile with an authenticated user; add an unauthenticated user for READ access.

Create the STARTED profile for the angel process and SERVER profile with an authenticated user; add an unauthenticated user for READ access.


a.


Set up an angel process.Set up an angel process.4.

An angel process grants the Liberty profile server access to z/OS authorized services for System Authorization Facility (SAF) authorization, Workload Manager (WLM), resource recovery services (RRS), and SVCDUMP.




RDEFINE SERVER BBG.SECPFX.GMOZDFLT UACC(READ)

RDEFINE APPL GMOZDFLT UACC(NONE)

PERMIT GMOZDFLT ID(SGEN3) ACCESS(READ) CLASS(APPL)

RDEFINE EJBROLE

GMOZDFLT.zos.connect.access.roles.zosConnectAccess

UACC(NONE)

PERMIT

GMOZDFLT.zos.connect.access.roles.zosConnectAccess

CLASS(EJBROLE) ID(SGEN3) ACCESS(READ)

RDEF SERVER BBG.ANGEL UACC(NONE)

RDEF SERVER BBG.AUTHMOD.BBGZSAFM UACC(NONE)

RDEF SERVER BBG.AUTHMOD.BBGZSAFM.SAFCRED UACC(NONE)

For a sample JCL to create the STARTED and SERVER profiles with an authenticated user for the angel process, see:http://www.ibm.com/support/knowledgecenter/SS9NWR_3.1.0/com.ibm.ims.mobile31.doc/mobile_saf_config.htmFor more background information about authorizing access to administrative roles, see:

http://www.ibm.com/support/knowledgecenter/SS7K4U_8.5.5/com.ibm.websphere.zseries.doc/ae/tsec_tselugradro.html




For more information about SAF configuration for IMS mobile solution, see:

http://www.ibm.com/support/knowledgecenter/SS9NWR_3.1.0/com.ibm.ims.mobile31.doc/mobile_saf_config.htmFor more information about extended attributes, see:http://www.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.bpxa500/xattr.htm





Create the STARTED profile for the angel process and

SERVER profile with an authenticated user; add an

unauthenticated user for READ access.




a.

Edit and run the GMOEXTAT job to add the extended attribute (p) for files before starting the angel process.

Edit and run the GMOEXTAT job to add the extended attribute (p) for files before starting the angel process.

b.

//**************************************************************/

//* PROC NAME: GMOEXTAT */

//* GMOZSRV VERSION: 3.1.1.0 */

//* */

//* DESCRIPTION: THIS SAMPLE JCL ADDS THE ATTRIBUTE P TO */

//* FILES AS A REQUIREMENT TO BRING UP ANGLE */

//* SERVER */

//* */

//* NOTES: */

//* 1) CHANGE THE JOB CARD TO MEET YOUR SYSTEM'S REQUIREMENTS. */

//* 2) CHANGE -PathPrefix1- TO THE LOCATION WHERE IMS MOBILE */

//* IS INSTALLED(IT ENDS WITH rest_gw) */

//* 3) CHANGE -PathPrefix2- TO THE LOCATION WHERE JAVA IS */

//* INSTALLED(IT ENDS WITH SR7) */

//* 4) USER MUST HAVE AT LEAST READ ACCESS TO THE FOLLOWING */

//* CLASS FACILITY: */

//* BPX.FILEATTR.APF */

//* BPX.FILEATTR.PROGCTL */

//* 5) USER MUST HAVE WRITE PERMISSION TO THE DIRECTORY WHERE */

//* OUTPUT IS WRITTEN(IT IS /tmp IN THIS CASE) */

//* */

//**************************************************************/




Edit the GMOZANGL procedure for the angel process. Edit the GMOZANGL procedure for the angel process.

c.

For more information about enabling z/OS authorized services on Liberty profile on z/OS, see:http://www.ibm.com/support/knowledgecenter/SSD28V_8.5.5/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/twlp_config_security_zos.html





Edit and run the GMOEXTAT job to add the extended

attribute (p) for files before starting the angel process.



b.







a.

//**************************************************************/

//* */

//* PROC NAME: GMOZANGL */

//* GMOZSRV VERSION: 3.1.1.0 */

//* */

//* DESCRIPTION: THIS PROC STARTS THE LIBERTY ANGLE PROCESS */

//* */

//* NOTE: */

//* */

//* CHANGE ROOT TO THE WLP DIRECTORY THAT IS LOCATED IN */

//* THE IMS MOBILE INSTALLATION DIRECTORY */

//* */

//* YOU NEED TO RUN THE SAMPLE JCL GMOEXTAT BEFORE STARTING */

//* THIS PROC */

//* */

//**************************************************************/

//GMOZANGL PROC PARMS='',COLD=N

//*------------------------------------------------------------------

// SET ROOT='/usr/lpp/ims/imses/V3R1/rest_gw/wlp'

//*------------------------------------------------------------------

//* Start the Liberty angel process

//*------------------------------------------------------------------

//STEP1 EXEC PGM=BPXBATA2,REGION=0M,

// PARM='PGM &ROOT./lib/native/zos/s390x/bbgzangl COLD=&COLD &PARMS'

//STDOUT DD SYSOUT=*

//STDERR DD SYSOUT=*

//* ================================================================ */




Edit the GMOZANGL procedure for the angel process. Edit the GMOZANGL procedure for the angel process. c.

For more information about enabling z/OS authorized services on Liberty profile on z/OS, see:http://www.ibm.com/support/knowledgecenter/SSD28V_8.5.5/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/twlp_config_security_zos.html

For more background information about WAS/z security, see: http://www.ibm.com/support/knowledgecenter/SS7K4U_8.5.5/com.ibm.websphere.zseries.doc/ae/welc_security.html









b.







a.

Start the angel process by issuing:

START GMOZANGLStart the angel process by issuing:

START GMOZANGL

d.




For more information about SAF configuration for the IMS mobile solution, see:

http://www.ibm.com/support/knowledgecenter/SS9NWR_3.1.0/com.ibm.ims.mobile31.doc/mobile_saf_config.htm

Start the IMS gateway server by issuing:

START GMOZSRVStart the IMS gateway server by issuing:

START GMOZSRV5.


initialized successfully.

(build_number): 201411181651.

CWWKF0011I: The server imsmobile is

ready to run a smarter planet.


(default_host):

http://my.host.com:10443/



Set up an angel process.Set up an angel process.

Edit the server.xml file to configure for SAF security.Edit the server.xml file to configure for SAF security.

4.

3.

Edit the GMOZANGL procedure for the angel process. Edit the GMOZANGL procedure for the angel process. c.





b.







a.

Start the angel process by issuing:START GMOZANGLStart the angel process by issuing:START GMOZANGL

d.




Verifying installation

Use the HTTP PUT method to invoke the IMSPingService service:

https://hostname:port/zosConnect/services/IMSPingService?action=

invoke

{

message: "The ping request for the IMS gateway server was

successful."

}




Communicating to IMS

To test the communication with IMS:

1. Turn off IMS Connect RACF security (RACF=N).

IMS Mobile is considered a trusted client to IMS Connect because authentication and

authorization are handled by WAS/z Liberty Profile and z/OS Connect.

2. Use the HTTP PUT method to invoke the IMSPingService service and specify the host

name, port number, and the IMS data store name:

https://hostname:port/zosConnect/services/IMSPingService?action=

invoke&HOSTNAME=my.ims.host.com&PORT=9999&DATASTORE=IMS1

{

message: "The ping request for the IMS gateway server was successful."

pingTestResults: "Ping request for HOSTNAME: my.ims.host.com, PORT:

9999, DATASTORE: IMS1 was successful"

}




What’s next?

� Creating, testing, and publishing IMS mobile services

− Use IMS Explorer for Development

� Accessing and managing services

− Use the supported HTTP actions to:

• Start, stop, and invoke a service

• Obtain service status, statistics, JSON schema, and configuration information

• Check for available services

• Obtain IMS mobile service provider statistics

For an end-to-end tutorial that turns the IMS phonebook application into a Contacts mobile

application, see IMS Exchange: http://ibm.co/1vuJHNH

IMS Mobile - getting started

Technology

Transcript of IMS Mobile - getting started