This document covers the following topics:
Intel Linux
EntireX now supports SuSE Linux ES 15 and Red Hat 8 for Intel Linux platforms.
zLinux
EntireX now supports Red Hat 8 under zLinux.
Note:
For Linux platform Red Hat 8 (Intel and zLinux) you need to install the package libnsl
, which is not included in the default installation.
Additionally, if you want to link your own C applications with EntireX libraries, you need to install package glibc-devel
.
See also UNIX Prerequisites.
Generation of Adapter Assets via REST
See EntireX Adapter Enhancements below.
API Enablement
Users of webMethods Integration Server version 10.7 will benefit from the following Integration Server enhancements:
For outbound mainframe REST scenarios Calling REST from COBOL | Calling REST from Natural:
you can select operations while importing a Swagger as a consumer when you create the REST Application Descriptor
additional AUTH
support for Swagger consumers where you can now use API_KEY
, OAuth
etc.
For inbound mainframe REST scenarios Calling COBOL from REST | Calling Natural from REST:
support for additional HTTP methods such as HEAD
in the created REST resource
support of OpenAPI 3.0 as provider when you create a REST Application Descriptor
For more information refer to your Integration Server 10.7 Release Notes and Documentation.
CICS Socket Listener User Transaction Support
With User Transaction Support, RPC requests run in separate CICS tasks, the user transactions.
This, together with a customized name of the user transaction, is useful for accounting purposes.
For more information on running CICS programs in a separate user transaction, see:
EntireX CICS Socket Listener in the z/OS | z/VSE Installation documentation
Configuring the CICS Socket Listener Side in the RPC Server for CICS Socket Listener documentation
Connection Parameters for CICS Socket Listener Connections in the EntireX Adapter documentation
Generation of Adapter Assets via REST
A REST API is now provided for the following actions:
Creating adapter connections, adapter services, and adapter listeners
Updating adapter connections, adapter services, and adapter listeners
Extracting IDL
Extracting IDL and creating a listener connection service
See Extracting IDL using the REST API and Creating or Updating Connections using the REST API in the EntireX Adapter documentation.
FIPS-140 Compliant SSL Communication
EntireX Adapter now supports FIPS-140 compliant SSL communication. See FIPS Mode
under Configuring Direct RPC.
In the EntireX perspective, the deprecated Navigator view has been replaced by the Project Explorer view.
FIPS-140 Compliant SSL Communication
See Security Enhancements below.
Authentication using SSL Client Certificates
EntireX Broker on z/OS supports authentication of participants with their SSL certificate.
See Using SSL Certificates for Authentication in the EntireX Security documentation for z/OS. See also SSL/TLS Changes under Other Changes and Enhancements below.
FIPS-140 Compliant SSL Communication for RPC Servers
Parameter fips_mode
has been added to enable FIPS-140 compliant SSL communication. Available for:
EntireX RPC Server for CICS ECI | CICS Socket Listener | IBM MQ | IMS Connect | Java | XML/SOAP | AS/400
RPC-ACI Bridge
Listener for IBM MQ | Listener for XML/SOAP
EntireX Java clients
See SSL/TLS Parameters for SSL Clients under SSL/TLS, HTTP(S), and Certificates with EntireX in the platform-independent Administration documentation.
The following EntireX RPC servers can be administered using Command Central.
Here you can specify parameter FIPS-140 mode
under Broker Configuration:
CICS Socket Listener |
IBM MQ |
IMS Connect |
Java |
XML/SOAP.
The corresponding parameter BrokerFipsMode
is also provided if you are using the Command Central command-line interface.
FIPS-140 Compliant SSL Communication for EntireX Adapter
EntireX Adapter now supports FIPS-140 compliant SSL communication. See FIPS Mode
under Configuring Direct RPC.
FIPS-140 Compliant SSL Communication on z/OS
All commponents on z/OS can be FIPS-enabled, see Achieving FIPS Compliance in the z/OS Administration documentation.
Authentication using SSL Client Certificates
EntireX Broker on z/OS supports authentication of participants with their SSL certificate.
See new attribute CERT-AUTHENTICATION
below and Using SSL Certificates for Authentication in the EntireX Security documentation for z/OS.
New Attributes
The following new attributes can be defined:
CERT-AUTHENTICATION
. See also Using SSL Certificates for Authentication in the EntireX Security documentation for z/OS.
POSTPONED-QUEUE
. Enable or disable the posponed queue. See also Postponing Units of Work under Using Persistence and Units of Work in the platform-independent Administration documentation.
The new CIS interface version 12 enables you to shut down participants by using process ID (JOB-ID
on z/OS) and host name.
See field descriptions for HOST-NAME
and PROCESS-ID
and also PARTICPANT SHUTDOWN HOST-NAME
and PROCESS-ID
under Broker CIS Data Structures in the ACI Programming documentation.
New field CREATE-TIME-CL32
replaces deprecated field CREATE-TIME
, which can only handle timestamps up to January 2038. See CREATE-TIME-CL32
under Information Reply Structures.
New CIS Information Service field VERIFIED-USER-ID
returns the USER-ID
verified by the security system. Under z/OS and using SSL certificates for authentication, this is the USER-ID
coresponding to SSL certificate of the participant.
See VERIFIED-USER-ID
under Information Reply Structures.
Note:PROCESS-ID
and THREAD-ID
are only available with Broker kernel and Broker stub
of EntireX version 10.7 and above. Java clients and Java servers of EntireX version 10.7 do not support PROCESS-ID
and THREAD-ID
.
User Request Handling
With new operating commands FREEZE
and RUN
you can freeze and resume user request processing in Broker.
See Participant-specific Commands under Operator Commands in the z/OS Administration documentation.
Monitoring
A new section introduces the various monitoring approaches provided by EntireX. It also shows common scenarios using these
approaches. Links are provided to other sections of the EntireX documentation, where these approaches are described in greater
detail. See Monitoring EntireX.
Enhanced Socket Pool Management for Broker Stubs
With new environment variables ETB_POOLSIZE
and ETB_POOLTIMEOUT
you can configure the size of the socket pool and define the maximum wait time for a free TCP/IP connection.
See Configuring the Socket Pool under UNIX | Windows.
The following special characters are now additionally supported in IDL group and parameter names: ø, Ø, å, Å. See Rules for Coding Group and Parameter Names in the IDL Editor documentation.
If you are extracting from a Natural RPC environment, you can additionally replace special characters ø, Ø, å, Å in Natural parameter names with underscores. See Extracting IDL Parameter Names in the IDL Extractor for Natural documentation.
SSL/TLS Changes
To make sure that each SSL participant (thread) presents a valid certificate for authentication using SSL client certificates,
existing SSL functionality has changed as follows:
The ACI function SETSSLPARMS
no longer applies to all threads. Instead, this function needs to be performed for each thread to create an SSL connection
to the broker.
This is relevant only if you are using native ACI programming in combination with threads.
When you use SSL transport, socket pooling (environment variable ETB_SOCKETPOOL
) is ignored. More info
Note:
These changes apply to all platforms where the broker stub directly supports SSL/TLS transport. See Transport: Broker Stubs and APIs.
Trace Utility
An additional column Certuid has been introduced between columns Userid and Token. It displays the user ID to which the SSL certificate is assigned. This applies only to RACF under z/OS.