Download Methods and Locations

8119

03 November 2023

27 August 2019

You can download products and download solutions from Broadcom Support using HTTPS or Secure FTP. .

To optimize downloads from Broadcom Support, configure the downloads.broadcom.com URL for HTTPS and Secure FTP in your network security software, firewalls, or both.

Sites that regulate access through an IP address are required to allow network access to 141.202.253.110.

For more information, see:

HTTPS via Browser Method

Hypertext Transfer Protocol Secure (HTTPS) uses web browser protocol with Secure Socket Layer (SSL) or Transport Layer Security (TLS) to encrypt the connection. The HTTPS download URL for products and solutions is: downloads.broadcom.com.

Secure FTP Method

File Transfer Protocol (FTP) is used to transfer computer files between a server and a client connected through a standard network. To add a layer of security to FTP communications, you can use:

  • FTPS (File Transfer Protocol Secure, also called FTPES).
    FTPS is an FTP extension that uses SSL or TLS for encryption. Like FTP, FTPS uses a control channel and a data channel. Before any login details are presented to protect the authentication, we recommend that you establish an encrypted (explicit) control change. TLS 1.2 and 1.3 are supported.

    To enable the FTP client program for TLS 1.2, there are several statements in the FTP.DATA file that must be considered:

    SECURE_FTP                  REQUIRED
    SECURE_MECHANISM  TLS
    TLSRFCLEVEL                RFC4217
    TLSMECHANISM          ATTLS
    SECURE_DATACONN    PRIVATE
    ESPSV4                         TRUE
  • SFTP (Secure File Transfer Protocol).
    SFTP uses Secure Shell (SSH) protocol on a single channel to encrypt authentication and data packets as they are being transferred. Unlike FTP, SFTP encrypts the session, including password, user ID, commands, and data.

    To use the secured SFTP features, the transfer must take place using UNIX System Services (USS) where the SSH protocol is available. This requirement means that you must first copy the files to be transferred to the USS file system before you can transfer them using SFTP.

    Note: You may also need to adjust USS security so that you can create directories and files within the USS file system. You can use the same host for FTP and SFTP.

Certificates and keyring entities must also be configured (see Configure the Server Certificate).

Note: We recommend FileZilla or WinSCP for FTP and SFTP downloads.

To download using Secured FTP, the hostname is: downloads.broadcom.com.

After logging in, a list of order directories is available in the root directory. To find the PAX file or solution number, hover over the order number.  The full pathname is not required.  Specify the file name.  For example, SO01234.bin or DVD0123456789.pax.Z. 

You can transfer these files using standard, unsecured FTP (ports 21 and 20) or explicit secured FTP (port 21 and a data channel port in the range 28000 to 28500).

For mainframe software products and solutions, you can use the following input JCL samples to download an order from the Broadcom Support Portal. We also provide a JCL file sample using FTP processing to retrieve HOLDDATA and ASSIGN statements. To download JCL file samples for FTP processing, see Sample FTP and SFTP JCL zip at the end of this document.

Configure the Server Certificate

A Digicert Certificate Authority (CA) certificate is required to acquire solutions and process maintenance requests through the supportftp.broadcom.com server. FTP with SSL uses password authentication. A user certificate is not required. 

Use the following procedure to download, upload, and configure z/OS security to access supportftp.broadcom.com using FTP with SSL:

1. Download the Digicert Intermediate Broadcom certificate:

https://ftpdocs.broadcom.com/cadocs/0/certs/digi-inter-new/digicert_intermediate_2031.crt

2. Upload the certificates to your z/OS system in ASCII format to a variable blocked RECFM=VB sequential data set. For example:

ASCII
QUOTE SITE WRAP LRECL=84 RECFM=VB
PUT cert_file_name 'your.zos.dataset.name' (REPLACE
quit

3. Add both Digicert Broadcom certificates to the security database.

  • For ACF2, specify:
SET PROFILE(USER) DIV(CERTDATA)
INSERT CERTAUTH.yourcertname
DSN(‘dataset.name.with.certificate’) LABEL(yourlabelname) TRUST
  • For Top Secret, specify:
TSS ADD(CERTAUTH) DIGICERT(‘yourcertname’) -LABLCERT(‘yourlabelname’) -
DCDSN(‘dataset.name.with.certificate’) TRUST
  • For IBM RACF, specify:
RACDCERT CERTAUTH ADD(‘dataset.name.with.certificate’) WITHLABEL(‘yourlabelname’) TRUST

4. Grant UPDATE access to the IBMFAC(IRR.DIGTCERT.LISTRING) to the user ID submitting the FTP JCL.

  • For ACF2, specify:
$KEY(IRR.DIGTCERT.LISTRING) TYPE(FAC) UID(userid) SERVICE(UPDATE) ALLOW
  • For Top Secret, specify:
TSS PER(userid) IBMFAC(IRR.DIGTCERT.LISTRING) ACC(UPDATE)
  • For IBM RACF, specify:
PERMIT IRR.DIGTCERT.LISTRING ClASS(FACILITY) ID(userid) ACCESS(UPDATE)

The user that submits the FTP JCL is able to use a virtual CERTAUTH key ring to authenticate the FTP server. The certificate does not need to be added to the key ring of the FTP user.

Sample Download JCL

For mainframe software only, you can use one of the input JCL samples to download an order: (user@test.com is the anonymous email address)

To find the PAX file or PTF number, hover over the order number.  The full pathname is not required.   Just specify the file name in the JCL.  For example, SO01234.bin or DVD0123456789.pax.Z. 

GIMZIP Sample JCL:

//GIMZIP   EXEC PGM=GIMSMP,DYNAMNBR=120,REGION=0M
//SMPCSI   DD DSN=your_CSI_data_set,DISP=SHR
//SMPNTS   DD PATH='your_package_directory',PATHDISP=KEEP
//SYSPRINT DD SYSOUT=*
//SMPOUT   DD SYSOUT=*
//SMPCNTL  DD *
   SET BOUNDARY(GLOBAL).
   RECEIVE FROMNETWORK(
           SERVER(SMPSRVR)
           CLIENT(SMPCLNT)
                        ) .
//SMPCLNT  DD *
<CLIENT
 downloadmethod="https"
 downloadkeyring="*AUTH*/*"
 javahome="your_javahome_directory"
 classpath="your_smpe_classpath"
 >
</CLIENT>

//SMPSRVR  DD *

** retrieve SERVER XML from Broadcom Support Portal **

JCL to download a zip file:

//INPUT DD *
downloads.broadcom.com
user@test.com Password
bin
get <ordernumber>.zip /**yourUSSDirectory**/<ordernumber>.zip
quit

You can use the CAUNZIP utility to unzip the file and generate RECEIVE JCL. For instructions about using this utility, see CAUNZIP Utility.

JCL to download mainframe product installation files: 

//INPUT DD *
downloads.broadcom.com
user@test.com Password
bin
cd <ordernumber>
get <filename>/**yourUSSdirectory**/<ordernumber>.zip
quit

JCL to download solutions to a data set:

//INPUT DD *
downloads.broadcom.com
user@test.com Password
bin
cd /<ordernumber>
locsite LR=80 REC=FB BLOCKSI=0
locsite PRI=50 SEC=10 CY
get <solutionnumber.bin> 'yourDataSetName' (REPLACE
quit

JCL to download ++ASSIGN Statements for Recommend Service Solutions:

To  download a monthly report, specify:

//INPUT DD *
ftp.broadcom.com 21
anonymous
youremailaddress
cd /pub/ASSIGNS/
dir
asc
locsite LR=80 REC=FB BLOCKSI=0
locsite PRI=50 SEC=10 CY
get CARyymm.TXT 'zOS.cars.assign.file' (REPLACE
quit

To download a yearly report, specify:

//INPUT DD *
ftp.broadcom.com
anonymous
youremailaddress
cd /pub/ASSIGNS/YEARLY/
dir
asc
locsite LR=80 REC=FB BLOCKSI=0
locsite PRI=50 SEC=10 CY
get YEARyyyy.TXT 'zOS.data.set' (REPLACE
quit

JCL to download SECINT files using secure FTP:

To download the SECINT files, specify the JSON or CSV file names:

//INPUT DD *
ftp.broadcom.com 21
portal email
portal password
cd /pub/MSD/SECINT
locsite LR=1024 REC=VB BLOCKSI=27998
locsite PRI=5 SEC=5 CY
get secint.csv 'your_dsn.CSV' (REPLACE
get secint.json 'your_dsn.JSON' (REPLACE
quit

Sample FTP and SFTP JCL.zip

For mainframe software only, sample JCL is provided in this zip file to upload customer files to support cases or download solutions and product packages. Sample JCL is also provided to download SMP/E ASSIGN statements and HOLD data. This zip file contains the following JCL file samples for FTP and SFTP processing:

  • Standard FTP for HOLD and ASSIGN
    Sample JCL is provided to assign CARS and HIPER source IDs to PTF solutions in bulk or to download the most current ERROR and FIXCAT HOLD data details. This data is stored on the ftp//ftp.broadcom.com server and can be downloaded into standard 80-byte files. You can use the same JCL with minor changes to retrieve the HOLD data and ASSIGN data at the same time.
  • SFTP (Solutions and Products)
    Use this JCL sample to download solution and product package files from the Broadcom directory that is specified in the order details. This job uses SSH SFTP.
  • Standard FTP (support case) terse
    Use this JCL to terse and upload z/OS files to the files_from_customer directory on supportftp.broadcom.com. These files include unprintable data or large physical sequential files.
  • Standard FTP (support case) simple
    Use this JCL to upload a standard (simple) physical sequential file in ASCII or binary mode to the files_from_customer directory on supportftp.broadcom.com.
  • Standard FTP (support case) PDS and terse
    Use this JCL to upload tersed z/OS partitioned data sets (PDS or PDSE) to the files_from_customer directory on supportftp.broadcom.com.
  • SFTP (support case)
    Use this JCL to transfer files between the Broadcom case files directory (files_from_customer directory on supportftp.broadcom.com) and a z/OS OMVS (or USS) filesystem.

These sample jobs are designed to use explicit secure FTP with TLS AUTH (FTPS or FTPES) through control port 21 and a data port in the range 28000-28500. Or, they can run without special security using the standard FTP ports (21/20). The USESEC variable determines whether secured FTP is used (set to 1) or standard, unsecured FTP is used (set to 0).