Welcome
IBM® Z Workload Scheduler
Welcome to the IBM® Z Workload Scheduler documentation, where you can find information about how to install, maintain, and use the product.
Scheduling End-to-end with Fault Tolerance Capabilities
Customizing
Setting the security features
Setting for work across firewalls
Prior to IBM Z Workload Scheduler version 8.2, running the commands to start or stop a workstation or to get the standard list, required opening a direct TCP/IP connection between the originator and the destination nodes. In a firewall environment, this forces users to break the firewall to open a direct communication path between the master and each fault-tolerant agent in the network.

Product requirements
This section contains links to the IBM® Workload Scheduler Download Documents, System Requirements, and Release Notes.
Fix Pack readmes
For the latest information about a Fix Pack, see the appropriate Readme File.
Product Library in PDF format
This section contains links to the PDF versions of all the publications provided in IBM Documentation for IBM Workload Automation.
Considerations for GDPR readiness
Overview
Mobile Applications Userʼs Guide
Dynamic Workload Console User's Guide
AI Data Advisor (AIDA) User's Guide
Scheduling Job Integrations with IBM Workload Automation
IBM® Workload Scheduler
Welcome to the IBM® Workload Scheduler documentation, where you can find information about how to install, maintain, and use IBM Workload Scheduler. The documentation has been updated for IBM Workload Scheduler Version 10.1 Fix Pack 6.
IBM® Z Workload Scheduler
Welcome to the IBM® Z Workload Scheduler documentation, where you can find information about how to install, maintain, and use the product.
- Memo to Users
- Program Directory
- Dynamic Workload Console Readmes
  For the latest information about a Dynamic Workload Console fix pack, see the appropriate Readme File.
- Planning and Installation
- Customization and Tuning
- Managing the Workload
  You can plan when and how your workload runs and manage it as part of a plan.
- Scheduling End-to-end with z-centric Capabilities
- Scheduling End-to-end with Fault Tolerance Capabilities
  - About this publication
  - Overview
    An overview of end-to-end scheduling with fault tolerance capabilities.
  - Installing
  - Customizing
    - Defining centralized and non-centralized scripts
      A job can use two kinds of scripts, centralized or non-centralized. A centralized script is a script that resides in IBM Z Workload Scheduler and that is downloaded to the fault-tolerant workstation every time the job is submitted.
    - Setting the security features
      - Setting strong authentication and encryption
      - Setting for work across firewalls
        Prior to IBM Z Workload Scheduler version 8.2, running the commands to start or stop a workstation or to get the standard list, required opening a direct TCP/IP connection between the originator and the destination nodes. In a firewall environment, this forces users to break the firewall to open a direct communication path between the master and each fault-tolerant agent in the network.
    - Tuning global and local options in distributed network
    - Tuning network timeouts
      Network issues that make the connection to specific agents too slow can impact the performance of overall scheduling. IBM Workload Scheduler provides network timeout settings that you can tune to avoid problems with specific agents that affect the entire system.
    - Selecting end-to-end server messages
  - Managing end-to-end scheduling
  - Changing the topology of the network
- Quick Reference
- Diagnosis Guide and Reference
- Workload Automation Programming Language for z/OS User's Guide and Reference
- Driving IBM Z Workload Scheduler
Messages and Codes
Glossary
Installing IBM® Workload Scheduler
How to monitor your IBM® Workload Scheduler using the Dynamic Workload Console
How to create your scheduling environment using the Dynamic Workload Console
Notices

Setting for work across firewalls

Prior to IBM Z Workload Scheduler version 8.2, running the commands to start or stop a workstation or to get the standard list, required opening a direct TCP/IP connection between the originator and the destination nodes. In a firewall environment, this forces users to break the firewall to open a direct communication path between the master and each fault-tolerant agent in the network.

The FIREWALL configurable attribute of the CPUREC statement can be configured to send commands following the domain hierarchy, instead of making the master or the domain manager open a direct connection.

In the design phase of an IBM Workload Scheduler network, the administrator must know where the firewalls are positioned in the network, which fault-tolerant agents and which domain managers belong to a particular firewall, and what are the entry points into the firewalls. When this has been clearly understood, the administrator should define the FIREWALL option for all workstations whose link with the corresponding domain manager is across a firewall. This keyword corresponds to behind firewall in the workstation's definition in the IBM Workload Scheduler database.

When the FIREWALL option is set to YES for a workstation by using the CPUREC statement, it means that a firewall exists between that particular workstation and its domain manager, and that the link between the domain manager and the workstation (which can itself be another domain manager) is the only allowed link between the respective domains. Also, for all the workstations having this option set to YES, the commands to start (start wkstation) or stop (stop wkstation) the workstation or to get the standard list (showjobs) and the download of centralized scripts, follow the domain hierarchy instead of opening a direct connection between the master (or domain manager) and the workstation. This makes a significant improvement in security and performance. The default value for FIREWALL is NO, meaning that there is no firewall boundary between the workstation and its domain manager.

To specify that an extended agent is behind a firewall, set the FIREWALL keyword for the host workstation. The host workstation is the IBM Workload Scheduler workstation with which the extended agent communicates and where its access method resides.