To clarify, z/OS is the NFS client, and something else is the NFS server,
correct?

It'd be helpful to know exactly what is the NFS server. If it's AIX, what
release? If it's NetApp's NFS server, same question.

--------------------------------------------------------------------------------------------------------
Timothy Sipples
IT Architect Executive, Industry Solutions, IBM Z and LinuxONE, AP/GCG/MEA
E-Mail: ***@sg.ibm.com

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

If AIX is the NFS server, you have specific steps to do to export the filesystem, and add the correct IP to the export list to allow it to be mounted. You will need to find a friend in either Network storage or Open system to do some of the admin setup for you.

_________________________________________________________________
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President
***@53.com
1830 East Paris, Grand Rapids, MI  49546 MD RSCB2H
p 616.653.8429
f 616.653.2717

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Munif Sadek
Sent: Sunday, December 03, 2017 10:50 PM
To: IBM-***@LISTSERV.UA.EDU
Subject: NFS on Mainframe

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected emails**

Dear Listers

I need your help in mounting pSeries (and may be NetApp) NFS folder on my zOS 2.3. I have tried it before NFS(and also SMB) but had give up on one pretext or other. Yes I am corporate slave and have no authority over Network Storage, Open system Certificate Management etc and had to get my requirements right.

Is anyone doing it and if yes, May I please get any pointers.

kind regards,
Munif

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected emails**

This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

Munif,
Sounds like you want the zNFS Client.
I am not sure how far along you are with setting up the zNFS Client, For starters I typically share this link with my customers.
For the zNFS Client only use entries in the following steps that apply to NFS Client. Steps: 1,4,6,8,10.

https://www.ibm.com/developerworks/community/blogs/e0c474f8-3aad-4f01-8bca-f2c12b576ac9/entry/Shortcut_bringing_up_z_OS_NFS?lang=en

Step 10 is missing the example filesystem syntax for the BPXPRMxx member:
FILESYSTYPE
TYPE(NFS)
ENTRYPOINT(GFSCINIT)
PARM(’biod(8)’)
ASNAME(mvsnfsc)


As David pointed out, You will need to configure an NFS export (if non-exist) on the server which you intend to use.

You can query the available exports on a server with:
/usr/lpp/NFS/showmount -e <server>

From OMVS you could mount AIX or Netapp with the following command:
/usr/sbin/mount -t nfs -f NFS.V4.MOUNT -w 0 -o "<server>:/<remote-path>,vers(4),xlat(y)" /<localmnt-point>

To start with. I am planning to l configure NFS client on my Sandbox zOS 2.3 LPAR and NFS server on sandbox AIX 7.1 LPAR (using classic IBM Hypervisor).

Depending on the outcome, I may switch zOS to be the NFS server. Our main objective is stop FTPing tens of reports but write them to NFS so that end-users (non mainframers) can pick them up.

Do not want to mention NetApp as of yet and waiting for *corporate* security guidelines, especially with the NFS <-->CIFS.


regards Munif

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

Then you have everything you need to proceed. Post your progress and/or issues.

We tried that once. Failed because of a certain application that used
commas in filenames.

-- gil

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

Are the "reports" all text; no binary; no packed decimal?

Might be practical with a script to add headers and footers and entify
"dangerous" characters, "&", "<", and ">".

And some browsers will treat a document lacking HTML headers as
preformatted text.

-- gil

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

Hi Andrew

Thanks for the hint. Last time I read about HTTPS, when I was attempting to implement SSL on our ezasocket CICS Listener. I just hope that I do not need another licensed product. I do not think HTTPS is the solution in our case but may be a replacement for FTP.

NFS is such a *out of box things* in non-Mainframe world and surprise to see its not popular/standard in Mainframe which is taken for granted to be large Data server.

I have got NFS Guide and reference 640 Pages manual to review and was expecting if any kind lister can give some pointer to implement NFS with and without security.

(neither I have LDAP or Kerberos customized in our mainframe, so there will be heavy lifting)

Thanks a lot,
Kind regards
Munif

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

Network File System Guide and Reference Version 2 Release 3
Naming MVS files
The z/OS NFS server uses the comma (,) as a delimiter to a list of file attributes.
Do not use a comma as a special character in file name. For example, you can
enter this command:
$ vi "/u/smith/new,text"

This indicates to NFS that a file called new is being edited in the attribute text
mode, not file new,text.

And while the delimiter can be changed, (perhaps entirely disabled, unlike ISPF's
delimiter), this is in global options and may adversely affect other users who
depent on using ',' as a delimiter.

-- gil

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

Yes, there is a z/OS NFS "Quick Setup Guide," available here:

https://www.ibm.com/developerworks/community/blogs/e0c474f8-3aad-4f01-8bca-f2c12b576ac9/entry/Shortcut_bringing_up_z_OS_NFS?lang=en

This guide covers both the NFS Server and NFS Client. If you're setting up
only the NFS Client (and expect to stay that way), you can skip the NFS
Server-only steps.

--------------------------------------------------------------------------------------------------------
Timothy Sipples
IT Architect Executive, Industry Solutions, IBM Z and LinuxONE, AP/GCG/MEA
E-Mail: ***@sg.ibm.com

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

z/OS 2.2 is also going to be withdrawn from marketing soon, on January 28,
2018. If you have interest in that particular release and haven't ordered
it yet, please do.

IBM Multi-Version Measurement (MVM) should mean, in practice, that you just
reflexively order every new release that interests you, or might interest
you. I explain that logic here:

http://millennialmainframer.com/2017/05/ibm-multi-version-measurement/

--------------------------------------------------------------------------------------------------------
Timothy Sipples
IT Architect Executive, Industry Solutions, IBM Z and LinuxONE, AP/GCG/MEA
--------------------------------------------------------------------------------------------------------

E-Mail: ***@sg.ibm.com

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

Or don't transfer files and shift toward "in place" computing, APIs,
microservices, database interfaces, MQ messages, and so forth -- "online"
computing, broadly speaking. You might currently be using FTP, FTPS, SFTP,
and/or NFS to lash together two or more information processing systems, but
maybe that choice was never the best option for the mission.

If you don't like FTPS or SFTP, if you like (or at least genuinely need)
FTP, and if you need to get that in-flight data encrypted, then you can use
the IBM Encryption Facility for z/OS together with any OpenPGP-compliant
communicating system. Indeed, in many ways the Encryption Facility for z/OS
is a better, more secure option -- even if you have implemented/in
conjunction with FTPS and/or SFTP -- because you can encrypt different
files with different keys and keep them encrypted through the entire
transport loop, even if it's multi-hop. You can even have a .zip (or
comparable) archive file containing multiple files, each encrypted with
Encryption Facility for z/OS, each encrypted with a separate key.

Another transport-level encryption option (only) is unencrypted FTP (or
NFS) over an encrypted IPSec tunnel. IPSec works best if you have a
permanent or semi-permanent, reasonably finite set of communicating
systems. z/OS IPSec is a substantially zIIP-eligible workload.

Yet another option is TLS/SSL encrypted SMTP (e-mail) transmission. You can
do that straight from CICS Transaction Server using IBM SupportPac CA1Y,
available at no additional charge:

http://www.ibm.com/support/docview.wss?uid=swg24033197

SupportPac CA1Y is, at least in principle, bi-directional. That is, CICS
Transaction Server can both send mail (SMTP) and retrieve mail (IMAP or
POP3). The latter is not something IBM has tested in this particular
environment, but there are no known issues. CA1Y is using JavaMail, a
common codebase. Thus SupportPac CA1Y is substantially zIIP-eligible
workload.

z/OS CSSMTP is another option, and it can send mail unidirectionally
outbound, from z/OS to a SMTP server. It too supports TLS/SSL encrypted
connections, at least via z/OS AT-TLS.

There are LOTS of options to improve your security posture...and you should
have made those improvements long ago, but better late than never.

--------------------------------------------------------------------------------------------------------
Timothy Sipples
IT Architect Executive, Industry Solutions, IBM Z and LinuxONE, AP/GCG/MEA
E-Mail: ***@sg.ibm.com

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

And you won't be able to order them with a z/OS upgrade after they are
withdrawn, so you will have to use another method to get them included
on your new system.

Thank you Mr Sipples

Got my NFS client started successfully (ignored following warning as no security initially and target Unix server is PINGable)
GFSC284I NETWORK FILE SYSTEM CLIENT COULD NOT GET GSS CREDENTIALS
FOR THE NFS CLIENT : GSS API krb5_get_default_realm() FAILED
WITH GSS MAJOR STATUS 96C73ADF GSS MINOR STATUS 00000000

Now when I am trying to mount a UNIX file via zOS command
MOUNT FILESYSTEM(NFS) +
TYPE(NFS) +
MOUNTPOINT('/NFS') +
MODE(RDWR) +
PARM('nnn.nnn.nnn.nnn:"/nfs,",') +
NOSETUID +
TAG(TEXT,1047) +
WAIT
I am getting
BPXF135E RETURN CODE 00000079, REASON CODE 6E017015. THE MOUNT FAILED FOR FILE SYSTEM NFS
or
BPXF135E RETURN CODE 00000079, REASON CODE 6E017017. THE MOUNT FAILED FOR FILE SYSTEM NFS
Cant find anywhere Reason Code "6E017017" including in IBM SR, Google.
Cant find any incoming / outgoing packets between zOS and Unix server
Did try to run a CT on mvsnfsc with OPTIONS All, but component trace is not recording any data.

Thanks once again for your advise, and helping me out

kind regards
Munif

Can someone please give me simple syntax for zOS NFS client MOUNT please or point me in the right direction.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

Apologies Listers

Falls alarm..Message is documented in SC23-6883-30 as Parm invalid. Now I am in much better place with IP packets trace and following error messages
BPXF162E ASYNCHRONOUS MOUNT FAILED FOR FILE SYSTEM NFS.
BPXF135E RETURN CODE 00000081, REASON CODE 6E050002. THE MOUNT FAILED FOR FILE SYSTEM NFS.

Kind regards Munif.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

You were close. You had some empty parms (optional for the client). You need to omit the comma's if you are not going to epecify any.

Try:
MOUNT FILESYSTEM(NFS) +
TYPE(NFS) +
MOUNTPOINT('/NFS') +
MODE(RDWR) +
PARM('nnn.nnn.nnn.nnn:"/nfs"') +
NOSETUID +
TAG(TEXT,1047) +
WAIT

But if you want some ascii<->ebcidc translation you will want to
drop the tag add xlat(y).
Try:
MOUNT FILESYSTEM(NFS) +
TYPE(NFS) +
MOUNTPOINT('/NFS') +
MODE(RDWR) +
PARM('nnn.nnn.nnn.nnn:"/nfs",xlat(y)') +
NOSETUID +
WAIT

Hi Allan

BPXMTEXT does not support reason code qualifier 6E05

From Network File System Guide and Reference Version 2 Release 3
SC23-6883-30

6E Indicates NFS Client modules (that is, GFSCxxxx).

05 NFS reason codes yyyy See Table 74 on page 457.

0002 NFSERR_NOENT No such file or directory
A component of a specified path name does not exist, or the
path name is an empty string.
Action: Ensure that the file or directory exists.

Got my NFS client working and now off to NFS server before venturing in to NFS security and encryption.
Component trace for mvsnfsc also worked like a charm, just need doco to interpret trace entries although errors are error code stands out.

Thanks a lot.
Kind Regards
Munif

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN