Before installing Zowe™ z/OS components, ensure that your z/OS environment meets the prerequisites. The prerequisites you need to install depend on what Zowe z/OS components you want to use and how you want to install and configure Zowe on z/OS. Assess your installation scenario and install the prerequisites that meet your needs.
All Zowe server components can be installed on a z/OS environment, while some can alternatively be installed on Linux or zLinux via Docker. The components provide a number of services that are accessed through a web browser such as an API catalog and a web desktop.
- System requirements
z/OS system requirements
Be sure your z/OS system meets the following prerequisites:
z/OS version is in active support, such as Version 2.4 and 2.5.
Note: Zowe Version 2.11 or higher is required when using z/OS Version 3.1
Note: z/OS V2.3 reached end of support on 30 September 2022. For more information, see the z/OS v2.3 lifecycle details https://www.ibm.com/support/pages/zos23x-withdrawal-notification
zFS volume has at least 1200 mb of free space for Zowe server components, their keystore, instance configuration files and logs, and third-party plug-ins.
(Optional, recommended) z/OS OpenSSH
Some features of Zowe require SSH, such as the Desktop's SSH terminal. Install and manage Zowe via SSH, as an alternative to OMVS over TN3270.
(Optional, recommended) Parallel Sysplex.
To deploy Zowe for high availability, a Parallel Sysplex environment is recommended. For more information, see Configuring Sysplex for high availability.
Node.js v16.x or v18.x
Node is not included with z/OS so must be installed separately. To install Node.js on z/OS, follow the instructions in Installing Node.js on z/OS.
Note: If you are a software vendor building extensions for Zowe, when using Node.js v14.x or later, it is highly recommended that plug-ins used are tagged. For more information, see Tagging on z/OS.
- IBM SDK for Java Technology Edition V8
(Optional, recommended) IBM z/OS Management Facility (z/OSMF) Version 2.4, Version 2.5 or Version 3.1.
z/OSMF is included with z/OS so does not need to be separately installed. If z/OSMF is present, Zowe will detect this when it is configured and use z/OSMF for the following purposes:
Authenticating TSO users and generating a single sign-on JSON Web Token (JWT). Ensure that the z/OSMF JWT Support is available via APAR and associated PTFs. If z/OSMF is not available, then Zowe is still able to provide SSO by generating its own JWT and making direct SAF calls.
REST API services for Files (Data Sets and USS), JES, and z/OSMF workflows. These are used by some Zowe applications such as the Zowe Explorers in the Zowe Desktop. If z/OSMF REST APIs are not present, other Zowe desktop application, such as the File Editor that provides access to USS directories and files as well as MVS data sets and members, will work through the Zowe Z Secure Services (ZSS) component to access z/OS resources.
- For non-production use of Zowe (such as development, proof-of-concept, demo), you can customize the configuration of z/OSMF to create what is known as "z/OS MF Lite" that simplifies the setup of z/OSMF. As z/OS MF Lite only supports selected REST services (JES, DataSet/File, TSO and Workflow), you will observe considerable improvements in startup time as well as a reduction in the efforts involved in setting up z/OSMF. For information about how to set up z/OSMF Lite, see Configuring z/OSMF Lite (non-production environment).
- For production use of Zowe, see Configuring z/OSMF.
User ID requirements
Specific user IDs with sufficient permissions are required to run or access Zowe.
This is a started task ID for
The task starts a USS environment using
BPXBATSL that executes the core Zowe Desktop (ZLUX) node.js server, the Java API Mediation Layer, and the Z Secure Services C component. To work with USS, the user ID
ZWESVUSR must have a valid OMVS segment.
|CSFSERV||READ||To generate symmetric keys using ICSF that is used by Zowe Desktop cookies. The list of IDs to enable include |
|FACILITY||READ||To allow Zowe ZWESLSTC processes to access the Zowe ZIS cross memory server.|
|FACILITY||UPDATE||To allow Zowe to run code on behalf of the API requester's TSO user ID. For more information, see Security Environment Switching.|
|APPL||READ||To allow Zowe to run code on behalf of the API requester's TSO user ID. This permission is also required from a requester's TSO user. You can skip this requirement when the resource |
|FACILITY||READ||To allow z/OS address spaces for unix processes to be renamed for ease of identification.|
|FACILITY||READ||To allow Zowe to obtain information about OMVS segment of the user profile using |
|FACILITY||READ||Optional To allow Zowe to map an X.509 client certificate to a z/OS identity.|
|FACILITY||READ||Optional To allow Zowe to map an ditributed identity to a z/OS identity.|
|FACILITY||READ||Optional To allow API Mediation Layer to issue SMF 83 records about activity of Personal Access Tokens.|
This is a started task ID used to run the PROCLIB
ZWESISTC that launches the cross memory server (also known as ZIS). It must have a valid OMVS segment.
This is a group that
ZWESIUSR should belong to. It must have a valid OMVS segment.
If z/OSMF is used for authentication and serving REST APIs for Zowe CLI and Zowe Explorer users, the TSO user ID for end users must belong to one or both of the groups
The following ports are required for Zowe. These are default values. You can change the values by updating variable values in the
|Port number||zowe.yaml variable name||Purpose|
|7552||zowe.components.api-catalog.port||Used to view API swagger / openAPI specifications for registered API services in the API Catalog.|
|7553||zowe.components.api-catalog.port||Discovery server port which dynamic API services can issue APIs to register or unregister themselves.|
|7554||zowe.components.gateway.port||The northbound edge of the API Gateway used to accept client requests before routing them to registered API services. This port must be exposed outside the z/OS network so clients (web browsers, VS Code, processes running the Zowe CLI) can reach the gateway.|
|7555||zowe.components.caching-service.port||Port of the caching service that is used to share state between different Zowe instances in a high availability topology.|
|7556||zowe.components.app-server.port||The Zowe Desktop (also known as ZLUX) port used to log in through web browsers.|
|7557||zowe.components.zss.port||Z Secure Services (ZSS) provides REST API services to ZLUX, used by the File Editor application and other ZLUX applications in the Zowe Desktop.|
|7558||zowe.components.jobs-api.port||Port of the service that provides REST APIs to z/OS jobs used by the JES Explorer.|
|7559||zowe.components.files-api.port||Port of the service that provides REST APIs to MVS and USS file systems.|
|zowe.components.explorer-jes||Port of the JES Explorer GUI for viewing and working with jobs in the Zowe Desktop.|
|zowe.components.explorer-mvs||Port of the MVS Explorer GUI for working with data sets in the Zowe Desktop.|
|zowe.components.explorer-uss||Port of the USS Explorer GUI for working with USS in the Zowe Desktop.|
Zowe Containers requirements
Zowe (server) containers are available for download as an alternative to running Zowe servers on z/OS through the Zowe convenience and SMP/E builds Check Zowe Containers Prerequisites page for more details.
Zowe Desktop requirements (client PC)
The Zowe Desktop is powered by the Application Framework which has server prereqs depending on where it is installed
The Zowe Desktop runs inside of a browser. No browser extensions or plugins are required. The Zowe Desktop supports Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Edge releases that are at most 1 year old, except when the newest release is older. For Firefox, both the regular and Extended Support Release (ESR) versions are supported under this rule.
If you do not see your browser listed here, please contact the Zowe community so that it can be validated and included.
Zowe has several optional features that have additional prerequisites as follows.
Multi-Factor Authentication (MFA)
Multi-factor authentication is supported for several components, such as the Desktop and API Mediation Layer. Multi-factor authentication is provided by third-party products which Zowe is compatible with. The following are known to work:
Note: To support the multi-factor authentication, it is necessary to apply z/OSMF APAR PH39582.
For information on using MFA in Zowe, see Multi-Factor Authentication.
Note: MFA must work with Single sign-on (SSO). Make sure that SSO is configured before you use MFA in Zowe.
Single Sign-On (SSO)
Zowe has an SSO scheme with the goal that each time you use multiple Zowe components you should only be prompted to login once.
- IBM z/OS Management Facility (z/OSMF)
API Mediation Layer OIDC Authentication
Zowe requires ACF2 APAR LU01316 to be applied when using the ACF2 security manager.
Zowe's components have following memory requirements:
|Component name||Category||Average memory usage|
|Gateway service||API Mediation Layer||512MB|
|Discovery service||API Mediation Layer||512MB|
|API Catalog||API Mediation Layer||512MB|
|Metrics service||API Mediation Layer||512MB|
|Caching service||API Mediation Layer||512MB|
|App Server||Application Framework||350MB|
Each of the above components can be enabled or disabled to optimize your resource consumption according to your use cases. Zowe can use more memory if there are extensions installed.