Welcome
Integrating
HCL DevOps Deploy (Deploy) supports integrations with other IBM® and HCL products, products from others, and certain cloud systems.
Deploying components to the z/OS® platform
Use the toolkit to deploy to the IBM® z/OS® platform.
Security requirements on IBM® z/OS® computers
Specific security definitions are used to secure HCL DevOps Deploy (Deploy) functions for the IBM® z/OS® environment. To deploy applications to an IBM z/OS environment, the user accounts on the agent computer must have adequate access permissions. You must also identify specific directories and data sets to the authorized program facility.

Release Notes
This section includes what's new, defect fixes, and deprecations and removals in all releases.
System Requirements
This document includes information about the hardware, containers, prerequisite software, supported operating system, and database requirements with component level detail for the HCL DevOps Deploy (Deploy).
Getting Started
Quickly become productive with HCL DevOps Deploy (Deploy).
Installing
A HCL DevOps Deploy (Deploy) installation consists of a Deploy server, a database server, and at least one agent.
Upgrading and Migrating
Stay updated with latest features and functionalities by upgrading HCL DevOps Deploy (Deploy) server, agents, and relays. This section also provides instruction on how to migrate your Deploy instance.
Integrating
HCL DevOps Deploy (Deploy) supports integrations with other IBM® and HCL products, products from others, and certain cloud systems.
- Integrating with DevOps Test Performance
  When you use HCL DevOps Test Performance (Test Performance), you can create tests and run those tests in HCL DevOps Deploy (Deploy) by using the Test Performance Deploy plug-in.
- z/OS considerations for DevOps Deploy
  HCL DevOps Deploy (Deploy) includes support for the z/OS platform. Although the articles in this Knowledge Center for using Deploy to deploy applications, certain platform-specific configuration factors must be considered when using a z/OS model.
- Deploying components to the z/OS® platform
  Use the toolkit to deploy to the IBM® z/OS® platform.
  - Ship list files
    The ship list file describes the files from the build to include in the new component version to deploy. Ship list files can also use generic artifacts to describe changes that are not physical files, such as configuration changes.
  - Generating Ship list for Endevor and Changeman packages
    You can generate shiplist.xml using Endevor SCL and Changeman configurations. Generated shiplist.xml can later be used to create component version using buztool.sh.
  - Searching the z/OS environment inventory
    The z/OS search feature is available for any application that contains a z/OS type component. Search is performed for a specific file in the artifacts belonging to the z/OS components deployed to that environment.
  - Creating z/OS® component versions
    You can create z/OS component version by running the buztool.sh command from job control language (JCL) or from the z/OS® UNIX™ System Services command line. You can also create z/OS component version by using the z/OS File Source Config plug-in.
  - Security requirements on IBM® z/OS® computers
    Specific security definitions are used to secure HCL DevOps Deploy (Deploy) functions for the IBM® z/OS® environment. To deploy applications to an IBM z/OS environment, the user accounts on the agent computer must have adequate access permissions. You must also identify specific directories and data sets to the authorized program facility.
    - IBM® z/OS® agent user accounts
      If you run the agent from a UNIX™ command line, the agent user account is the account that you use to log in to the UNIX shell. If you run the agent as a started task, the agent user account is assigned by the Resource Access Control Facility (RACF®) using the started procedures table (ICHRIN03) or the STARTED class. To learn more about RACF, see the z/OS® Security Server RACF System Programmer's Guide, SA23-2287-00.
    - IBM® z/OS® authorized program facility
      To deploy applications to an IBM® z/OS® environment, you must identify specific directories and data sets to the authorized program facility (APF).
    - IBM® z/OS® directories and data sets
      To deploy applications to an IBM® z/OS® environment, the user accounts on the agent computer must have adequate access permissions. You must also identify specific directories and data sets to the authorized program facility.
    - IBM® z/OS® tokens
      Tokens are used to authenticate with the HCL DevOps Deploy (Deploy) server when z/OS® component versions are imported.
    - IBM® z/OS® component versions
      Component versions for IBM® z/OS® are imported from the build LPAR by using the buztool.sh command.
    - Security configuration related to z/OS
      Information for the HCL DevOps Deploy (Deploy) server’s security model and the security configurations related to server agent communication for IBM® z/OS® are referenced in this topic.
  - Troubleshooting problems on z/OS®
    To troubleshoot problems on agent computers that are running IBM® z/OS®, examine the agent log files.
Administering
Learn how to administer settings in HCL DevOps Deploy (Deploy) elements and communication between the elements.
Managing Security
HCL DevOps Deploy (Deploy) uses a flexible team-based and role-based security model that maps to your organizational structure.
Modeling Software Deployment
Modeling software deployment in HCL DevOps Deploy (Deploy) includes configuring components and component processes and adding those components to applications. Then, you use processes to deploy the components to environments.
Deploying
Learn how to deploy applications in HCL DevOps Deploy (Deploy).
Reporting
Provides several different deployment and security reports.
Extending Product Function
Learn how to extend the function of HCL DevOps Deploy (Deploy).
Troubleshooting and Support
Learn how to troubleshoot some common issues with HCL DevOps Deploy (Deploy).
Security Considerations
You can act to ensure that your installation is secure and set up user access controls.

Security requirements on IBM® z/OS® computers

Specific security definitions are used to secure HCL DevOps Deploy (Deploy) functions for the IBM® z/OS® environment. To deploy applications to an IBM® z/OS® environment, the user accounts on the agent computer must have adequate access permissions. You must also identify specific directories and data sets to the authorized program facility.

The topics in this section present the security configurations related to the agent started task, data sets, file systems, user IDs, impersonation and security configurations related to the z/OS Utility plugin.

Note: This document does NOT cover the Deploy server’s security model and the security configurations related to server agent communication. Refer to Security configuration related to z/OS.

Agent started task and agent user ID

The Deploy IBM® z/OS® agent is a long running Java process in the IBM® z/OS® UNIX System Services. The Deploy server distributes work, known as deploy processes, to an agent to execute. For each step in the deploy process, the agent starts a separate work process. The work process inherits the agent user ID’s security environment, unless the process is configured to use impersonation.

z/OS Server Agent Architecture diagram — Figure 1. z/OS Server Agent Architecture

Agent impersonation

The su command is used to impersonate users. This figure shows a deployment scenario with two logical environments, DEV and TEST, in the same logical partition (LPAR). The deployment process is configured so that the agent impersonates USERA when deploying to DEV and USERB when deploying to TEST.

z/OS Impersonation diagram — Figure 2. z/OS Impersonation

Limitations

HardwareCryptography IBMJCECCA is not supported.
RACFdigital certificates are not supported. Deploy uses keystore and keytool provided by Java to generate and manage certifications to be used for the agent/server communication.

To add feedback about this topic, select the following checkbox:

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners Four, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site. Personal data should not be shared in this comment box. See our Privacy Statement to understand how personal data is used.