HCL Workload Automation for Z Small Programming Enhancements released in November 2022

The following features were provided with HCL Workload Automation for Z small programming enhancements (SPEs) released for Version 10.1, in November 2022 (APAR HC00005).

Self-Service Catalog enhancements

A new and improved version of the Self-Service Catalog is available. You can now launch your services quickly and easily and check on them at any time by accessing the Self-Service Catalog from any device.

To use the Self-Service Catalog you do not need to be a Workload Automation expert, but you can leverage on services based on automation capabilities in no time, provided that you are connected to the Dynamic Workload Console in Single Sign-On (SSO). For more information, see Configuring the Dynamic Workload Console for Single Sign-On.

The HCL Workload Automation scheduler or application designer creates annotations in the Dynamic Workload Console and marks them as services, so that they are available for managing from the Self-Service Catalog interface.

To create and edit SSC-ready annotations, it is recommended that you use the Dynamic Workload Console. For more information about defining SSC-ready annotations, see the online help for annotation definitions in the Dynamic Workload Console.

Deploying z-centric and dynamic agents on Kubernetes to orchestrate your workload on cloud

A cloud deployment ensures access anytime anywhere and is a fast and efficient way to get up and running quickly. It also simplifies maintenance, lowers costs, provides rapid upscale and downscale, minimizes IT requirements and physical on-premises data storage.

To ensure a fast and responsive experience when using HCL Workload Automation for Z, you can now deploy z-centric and dynamic agents on a Kubernetes cluster. With the sample Helm Chart provided, you install and configure the agent with a single yaml file.

Orchestrating your Kubernetes workload from a containerized agent optimizes allocations of resources in your cluster and reduces the chance of human errors. Find out more in the video Orchestrating Your Workload on Cloud from IBM Z Workload Scheduler on the Workload Automation YouTube channel.

For details, see Deploying z-centric and dynamic agents on Kubernetes.

Better performance and stronger security with TLS V1.3
HCL Workload Automation for Z supports TLS V1.3, which provides a faster and more responsive connection and more secure cipher suites for encryption. By supporting the Server Name Indication (SNI), an extension of the TLS protocol, HCL Workload Automation for Z is enabled to securely connect any z-centric agent deployed on a cloud cluster.

For details about how to configure TLS, see Customizing TLS to connect components with HCL Workload Automation for Z.

Advanced password encryption
Security is a major concern in today's interconnected world. Government organizations, financial institutions, healthcare providers, and insurance companies are just a few examples of the types of entities who are taking security seriously.

You can optionally encrypt the passwords that you will use while installing, upgrading, and managing HCL Workload Automation. The encryption of the passwords performed by the secure command is based on the AES method. For details, see Encrypting passwords (optional).

Installing the agents on IBM i with a user different from QSECOFR
You can use a user different from QSECOFR to install z-centric and dynamic agents on IBM i. In this case, the new allObjAuth parameter is required when running the twsinst command, to indicate that the user has the required ALLOBJ authority. Ensure that the user is existing and is assigned ALLOBJ authorization. The agent is started after connecting to the system with the TWSUSER or the user defined at installation time.

When you upgrade or uninstall the agent, a check is performed to ensure that you are using the same user who performed the installation. If you used allObjAuth parameter at installation time, specify it again when upgrading or uninstalling the agent.

The name of the user used to perform the installation is maintained in the TWA_DATA_DIR/installation/instInfo/instUser file.

For more information, see Installing agents on IBM i systems, Upgrading agents on IBM i systems, and Uninstalling HCL Workload Automation Agent on IBM i systems

Enable SAF Keyring Support for TCPOPTS
Reduce vulnerabilities with TCPIP connections by providing RACF key ring support
To strengthen security, preventing loss of data and service outage, you can now set a single SAF key ring for HTTP and TCP/IP communications. This applies to the communications between:
  • Tracker and Z controller
  • Data store and Z controller
  • Server and remote interface
For details, see the SSLKEYSTORETYPE parameter of the TCPOPTS statement.