Quick Reference |
Note:
This section lists all EntireX Broker parameters. Not all parameters are applicable to all supported operating systems.
The Broker attribute file contains a series of parameters (attributes) that control the availability and characteristics of clients and servers, as well as of the Broker itself. You can customize the Broker environment by modifying the attribute settings.
This document covers the following topics:
The name and location of the broker attribute file is platform-dependent.
Platform | File Name/Location |
---|---|
z/OS | Member EXBATTR in the EntireX Broker source library. |
Each entry in the attribute file has the format:
ATTRIBUTE-NAME=value
The following rules and restrictions apply:
A line can contain multiple entries separated by commas.
Attribute names can be entered in mixed upper and lowercase.
Spaces between attribute names, values and separators are ignored.
Spaces in the attribute names are not allowed.
Commas and equal signs are not allowed in value notations.
Lines starting with an asterisk (*) are treated as comment lines. Within a line, characters following an * or # sign are also treated as comments.
The CLASS
keyword must be the first keyword in a service
definition.
Multiple services can be included in a single service definition section. The attribute settings will apply to all services defined in the section.
Attributes specified after the service definition (CLASS
, SERVER
,
SERVICE
keywords) overwrite the default
characteristics for the service.
Attribute values can contain variables of the form
${variable name}
or
$variable name
:
Due to variations in EBCDIC codepages, braces should only be used on ASCII (UNIX or Windows) platforms or EBCDIC platforms using the IBM-1047 (US) codepage.
The variable name can contain only alphanumeric characters and the underscore (_) character.
The first non-alphanumeric or underscore character terminates the variable name.
Under UNIX and Windows, the string
${variable name}
is replaced with the value of the corresponding environment
variable.
On z/OS, variable values are read from a file defined by the DD name
ETBVARS
. The syntax of this file is the same as the attribute file.
If a variable has no value: if the variable name is enclosed in
braces, error 00210594 is given, otherwise
$variable name
will be used as the variable value.
If you encounter problems with braces (and this is quite possible in a z/OS environment), we suggest you omit the braces.
The broker-specific attribute section begins with the keyword
DEFAULTS=BROKER
. It contains attributes that apply to the broker.
At startup time, the attributes are read and duplicate or missing
values are treated as errors. When an error occurs, the broker stops
execution until the problem is corrected.
Tip:
To avoid resource shortages for your applications, be sure to specify
sufficiently large values for the broker attributes that define the global
resources.
Attribute | Values | Opt/ Req |
Operating System | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
z/OS | UNIX | Windows | BS2000 | ||||||||||||
ABEND-LOOP-DETECTION |
YES | NO |
O | z | u | w | b | |||||||||
|
|||||||||||||||
ABEND-MEMORY-DUMP |
YES | NO |
O | z | u | w | b | |||||||||
|
|||||||||||||||
ACCOUNTING |
NO | 128-255 |
O | z | ||||||||||||
NO | YES[SEPARATOR=char] |
O | u | w | b | |||||||||||
Determines whether accounting records are created.
See also Accounting in EntireX Broker under z/OS | UNIX | Windows | BS2000. |
|||||||||||||||
ACCOUNTING-VERSION |
1 | 2 | 3 | 4 | 5 |
O | z | u | w | b | |||||||||
Determines whether accounting records are created.
This parameter applies when |
|||||||||||||||
ACI-CONVERSION |
YES | NO |
O | z | u | w | b | |||||||||
Determines the handling of ACI request and response strings of USTATUS.
Note: |
|||||||||||||||
APPLICATION-MONITORING or APPMON |
|
O | z | u | w | b | |||||||||
Enable application monitoring in EntireX Broker.
|
|||||||||||||||
AUTOLOGON |
YES | NO |
O | z | u | w | b | |||||||||
|
|||||||||||||||
AUTOSTART |
NO | YES |
O | u | w | |||||||||||
This attribute defines the autostart behavior of a broker.
Note: |
|||||||||||||||
BLACKLIST-PENALTY-TIME |
5M | n | nS | nM | nH |
R | z | u | w | b | |||||||||
Define the length of time a participant is placed on the PARTICIPANT‑BLACKLIST to prevent a denial-of-service attack.
See Protecting a Broker against Denial-of-Service Attacks under z/OS | UNIX | Windows | BS2000. |
|||||||||||||||
BROKER-ID |
A32 |
R | z | u | w | b | |||||||||
Identifies the broker to which the
attribute file applies. The broker ID must be unique per machine.
Note: |
|||||||||||||||
CLIENT-NONACT |
15M | n | nS | nM | nH |
R | z | u | w | b | |||||||||
Define the non-activity time for clients.
A client that does not issue a broker request within the specified time limit is treated as inactive and all resources for the client are freed. |
|||||||||||||||
CMDLOG |
NO | YES |
O | z | u | w | b | |||||||||
|
|||||||||||||||
CMDLOG-FILE-SIZE |
1024 | n |
O | z | u | w | b | |||||||||
Defines the maximum size of the file that the command log is written to, in kilobytes. The value must be 1024 or higher. The default value is 1024. When one command log file grows to this size, broker starts writing to the other file. For more details, see Command Logging in EntireX. | |||||||||||||||
CONTROL-INTERVAL |
60S | n | nS | nM | nH |
O | z | u | w | b | |||||||||
Defines the time interval of time-driven broker-to-broker calls.
|
|||||||||||||||
CONV-DEFAULT |
UNLIM | n |
O | z | u | w | b | |||||||||
Default number of conversations that are allocated for every service.
This value can be overridden by specifying a
|
|||||||||||||||
DEFERRED |
NO | YES |
O | z | u | w | b | |||||||||
Disable or enable deferred processing of units of work.
|
|||||||||||||||
DYNAMIC-MEMORY-MANAGEMENT |
YES | NO |
O | z | u | w | b | |||||||||
If you run your broker with attribute
Caution: |
|||||||||||||||
DYNAMIC-WORKER-MANAGEMENT |
NO | YES |
O | z | u | w | b | |||||||||
If you run broker with The attribute |
|||||||||||||||
ETBCOM |
YES | NO |
O | b | ||||||||||||
Bundles the output of the various broker tasks in task ETBCOM .
|
|||||||||||||||
FORCE |
NO | YES |
O | u | ||||||||||||
Notes:
|
|||||||||||||||
HEAP-SIZE |
1024 | n |
O | z | u | w | b | |||||||||
Defines the size of the internal heap in KB.
Not required if you are using DYNAMIC‑MEMORY‑MANAGEMENT .
If you are not using dynamic memory management, we strongly recommend
specifying - as a minimum - the default value of 1024 KB.
|
|||||||||||||||
ICU-CONVERSION |
YES | NO |
O | z | u | w | b | |||||||||
Disable or enable ICU conversion.
If any of the broker service definitions uses the
character conversion approach ICU Conversion, that is,
ICU requires additional storage to run properly. If ICU conversion
is not needed, setting |
|||||||||||||||
ICU-DATA-DIRECTORY |
Folder or directory name in quotes. | O | z | u | w | ||||||||||
The location where the broker searches for ICU custom converters. See Building and Installing ICU Custom Converters under z/OS | UNIX | Windows. | |||||||||||||||
ICU-SET-DATA-DIRECTORY |
YES | NO |
O | z | u | w | ||||||||||
Disable or enable ICU custom converter usage.
|
|||||||||||||||
IPV6 |
|
O | z | u | w | b | |||||||||
This attribute applies to EntireX version 9.0 and above. |
|||||||||||||||
LONG-BUFFER-DEFAULT |
UNLIM | n |
O | z | u | w | b | |||||||||
Number of long buffers to be allocated for each service.
This value can be overridden by specifying a |
|||||||||||||||
MAX-MEMORY |
0 | n | nK | nM | nG | UNLIM |
O | z | u | w | b | |||||||||
Defines the upper limit of memory allocated by broker if DYNAMIC-MEMORY-MANAGEMENT=YES has been defined.
|
|||||||||||||||
MAX-MESSAGE-LENGTH |
2147483647 | n |
O | z | u | w | b | |||||||||
Maximum message size that the broker kernel can process. This value is transport-dependent. The default value represents the highest positive number that can be stored in a four-byte integer. | |||||||||||||||
MAX-MESSAGES-IN-UOW |
16 | n |
O | z | u | w | b | |||||||||
Maximum number of messages in a unit of work. | |||||||||||||||
MAX-MSG |
See MAX‑MESSAGE‑LENGTH .
|
||||||||||||||
MAX-TRACE-FILES |
4 | n |
O | u | w | |||||||||||
Defines the number of backup copies of the trace file ETB.LOG. Minimum number is 1; maximum is 999. A new trace file is allocated
when the value for TRACE‑FILE‑SIZE is exceeded.
These two attributes prevent a constantly growing ETB.LOG file. See Trace File Handling under UNIX | Windows.
|
|||||||||||||||
MAX-UOW-MESSAGE-LENGTH |
See MAX‑MESSAGE‑LENGTH .
|
||||||||||||||
MAX-UOWS |
0 | n |
O | z | u | w | b | |||||||||
The maximum number of UOWs that can
be concurrently active broker-wide. The default value is 0 (zero), which means
that the broker will process only messages that are not part of a unit of work.
If UOW processing is to be done by any service, a MAX-UOWS value must be 1 or
larger for the broker.
The |
|||||||||||||||
MESSAGE-CASE |
NONE | UPPER | LOWER |
O | z | u | w | b | |||||||||
Indicates if certain error message texts returned by the broker to
its clients or written by the broker to its log file are to be in mixed case,
uppercase, or lowercase.
|
|||||||||||||||
MUOW |
See NUM‑UOW .
|
||||||||||||||
NEW-UOW-MESSAGES |
YES | NO |
O | z | u | w | b | |||||||||
This applies to UOW when using Persistence and should not be used for non-persistent UOWs. A usage example could be the following: The broker persistent store reaches capacity and the broker shuts
down. You can set |
|||||||||||||||
NUM-BLACKLIST-ENTRIES |
256 | n |
O | z | u | w | b | |||||||||
Number of entries in the participant
blacklist. Default value is 256 entries. Together with
BLACKLIST‑PENALTY‑TIME and
PARTICIPANT‑BLACKLIST , this attribute is used to protect a
broker running with SECURITY=YES against
denial-of-service attacks. See Protecting a Broker against Denial-of-Service Attacks under z/OS | UNIX | Windows | BS2000.
|
|||||||||||||||
NUM-CLIENT |
n |
R | z | u | w | b | |||||||||
Number of clients that can access the broker concurrently. A value of 0 (zero) is invalid. | |||||||||||||||
NUM-CMDLOG-FILTER |
1 | n |
O | z | u | w | b | |||||||||
Maximum number of filters that can
be specified simultaneously.
Tip: |
|||||||||||||||
NUM-COMBUF |
1024 | 1-999999 |
R | z | u | w | b | |||||||||
Determines the maximum number of communication buffers available for processing commands arriving in the broker kernel. The size of one communication buffer is usually 16 KB split into 32 slots of 512 bytes, but it ultimately depends on the hardware architecture of your CPU. A value of 0 (zero) is invalid. | |||||||||||||||
NUM-CONVERSATION or NUM-CONV |
n | AUTO |
R | z | u | w | b | |||||||||
Defines the number of conversations that can be active concurrently.
The number specified should be high enough to account for both conversational and non-conversational requests.
(Non-conversational requests are treated internally as one-conversation requests.)
Notes:
|
|||||||||||||||
NUM-LONG-BUFFER or NUM-LONG |
4096 | n | AUTO |
R | z | u | w | b | |||||||||
Defines the number of long message containers. Long message
containers have a fixed length of 4096 bytes and are used to store requests that are larger than 2048 bytes.
Storing a request of 8192 bytes, for example, would require two long message containers.
A value of 0 (zero) is invalid. In non-conversational mode, message containers are released as soon as the client receives a reply from the server. If no reply is requested, message containers are released as soon as the server receives the client request. In conversational mode, the last message received is always kept until a new one is received. Notes:
|
|||||||||||||||
NUM-PARTICIPANT-EXTENSION |
n |
O | z | u | w | b | |||||||||
Defines the number of participant extensions to link participants as clients and servers.
A value of 0 (zero) is invalid. |
|||||||||||||||
NUM-SERVER |
n | AUTO |
R | z | u | w | b | |||||||||
Defines the number of servers that can offer services concurrently using the broker.
This is not the number of services that can be registered to the broker (see NUM‑SERVICE ).
Notes:
|
|||||||||||||||
NUM-SERVICE |
n |
R | z | u | w | b | |||||||||
Defines the number of services that
can be registered to the broker. This is not the number of servers
that can offer the services (see NUM‑SERVER ).
A value of 0 (zero) is invalid.
|
|||||||||||||||
NUM-SERVICE-EXTENSION |
n | AUTO |
O | z | u | w | b | |||||||||
Defines the number of service extensions to link servers to services.
The minimum value is Caution is recommended with this attribute:
|
|||||||||||||||
NUM-SHORT-BUFFER or NUM-SHORT |
n | AUTO |
R | z | u | w | b | |||||||||
Defines the number of short message containers. Short message
containers have a fixed length of 256 bytes and are used to store requests of
no more than 2048 bytes. To store a request of 1024 bytes, for example, would
require four short message containers.
Notes:
|
|||||||||||||||
NUM-UOW |
0 | n |
O | z | u | w | b | |||||||||
The maximum number of UOWs that can
be concurrently active broker-wide. The default value is 0 (zero), which means
that the broker will process only messages that are not part of a unit of work.
If UOW processing is to be done by any service, a
NUM-UOW value must be 1 or larger for the
broker. (MAX-UOWS is an alias for this
attribute.)
The |
|||||||||||||||
NUM-WORKER |
1 | n (max. 10 )
|
R | z | u | w | b | |||||||||
Number of worker tasks that the
broker can use. The number of worker tasks determines the number of functions
(SEND , RECEIVE ,
REGISTER , etc.) that can be processed concurrently.
At least one worker task is required; this is the default value.
|
|||||||||||||||
NUM-WQE |
1-32768 |
R | z | u | w | b | |||||||||
Maximum number of requests that can
be processed by the broker in parallel, over all transport mechanisms.
Each broker command is assigned a worker queue element, regardless of the transport mechanism being used. This element is released when the user has received the results of the command, including the case where the command has timed out. |
|||||||||||||||
PARTICIPANT-BLACKLIST |
YES | NO |
R | z | u | w | b | |||||||||
Determines whether participants attempting a denial-of-service attack on the broker are to be put on a blacklist.
See Protecting a Broker against Denial-of-Service Attacks under z/OS | UNIX | Windows | BS2000. |
|||||||||||||||
PARTNER-CLUSTER-ADDRESS |
A32 |
R | z | u | w | b | |||||||||
This is the address of the load/unload broker in transport-method-style.
Transport methods TCP and SSL are supported. See Transport-method-style Broker ID for more details.
This attribute is required if the attribute RUN-MODE is specified.
|
|||||||||||||||
PERCENTAGE-FOR-CONNECTION-SHORTAGE-MESSAGE |
90 | 1-100 |
O | z | u | w | b | |||||||||
Broker will issue a message if the defined percentage value of TCP/IP connections (available file descriptors) is exceeded. Default is 90 percent of the available file descriptors. | |||||||||||||||
POLL |
|
O | z | u | |||||||||||
In earlier EntireX versions, the maximum number of TCP/IP connections per communicator was limited; see Maximum TCP/IP Connections per Communicator for platform-specific list.
With attribute POLL introduced in EntireX version 9.0, this restriction can be lifted under z/OS and UNIX.
Note: Setting this attribute to
We recommend |
|||||||||||||||
POSTPONED-QUEUE |
YES | NO |
O | z | u | w | ||||||||||
Enable or disable the creation of a postponed queue for Broker.
|
|||||||||||||||
PSTORE |
NO | HOT | COLD |
O | z | u | w | b | |||||||||
Defines the status of the persistent store at broker startup, including the condition of persistent units of work (UOWs).
With any value other than NO , PSTORE-TYPE must be set.
Note: |
|||||||||||||||
PSTORE-REPORT |
NO | YES |
O | z | u | w | b | |||||||||
Determines whether PSTORE report is created.
See also Persistent Store Report. |
|||||||||||||||
PSTORE-TYPE |
DIV (z/OS) | CTREE (UNIX, Windows) | ADABAS (all platforms) | FILE (UNIX, Windows)
|
O | z | u | w | b | |||||||||
Describes the type of persistent store driver required.
|
|||||||||||||||
PSTORE-VERSION |
2 | 3 | 4 | 5 |
O | z | u | w | b | |||||||||
Determines the version of the persistent store.
PSTORE=COLD is not needed to upgrade the PSTORE to version 3. Any broker restart with
PSTORE-VERSION=3 will upgrade the PSTORE version.
The DIV PSTORE requires
Caution:
Note: |
|||||||||||||||
RUN-MODE |
STANDARD | STANDBY | PSTORE-LOAD | PSTORE-UNLOAD |
O | z | u | w | b | |||||||||
Determines the initial run mode of the broker.
Note: |
|||||||||||||||
SECURITY |
NO | YES |
O | z | u | w | b | |||||||||
Determines whether EntireX Security is activated.
See EntireX Security. |
|||||||||||||||
SERVER-DEFAULT |
n | UNLIM |
O | z | u | w | b | |||||||||
Default number of servers that are allowed for every service.
This value can be overridden by specifying a
|
|||||||||||||||
SERVICE-UPDATES |
YES | NO |
O | z | u | w | b | |||||||||
Switch on/off the automatic update mode of the broker.
|
|||||||||||||||
SHORT-BUFFER-DEFAULT |
UNLIM | n |
O | z | u | w | b | |||||||||
Number of short buffers to be allocated for each service.
This value can be overridden by specifying a |
|||||||||||||||
STORAGE-REPORT |
NO | YES |
O | z | u | w | b | |||||||||
Create a storage report about broker memory usage.
See Storage Report. |
|||||||||||||||
STORE |
OFF | BROKER |
O | z | u | w | b | |||||||||
Sets the default STORE attribute for all units of work.
This attribute can be overridden by the STORE field in the Broker ACI control block.
|
|||||||||||||||
TRACE-DD |
A255 |
O | z | ||||||||||||
A string containing data set attributes enclosed in quotation marks.
These attributes describe the trace output file and must be defined if you are using using a GDG (generation data group)
as output data set.
See Flushing Trace Data to a GDG Data Set under Tracing EntireX Broker.
The following keywords are supported as part of the
Refer to your JCL Reference Manual for a complete description of the syntax. Example: TRACE-DD = "DSNAME=EXX.GDG, DCB=(BLKSIZE=1210,DSORG=PS,LRECL=121,RECFM=FB), DISP=(NEW,CATLG,CATLG), SPACE=(CYL,(100,10)), STORCLAS=SMS" Note: |
|||||||||||||||
TRACE-FILE-SIZE |
n | nK | nM | nG |
O | u | w | |||||||||||
Defines the size of one trace file in kilobytes, megabytes or gigabytes.
If this size is exceeded, a new trace file is allocated until the maximum number of trace files specified with MAX‑TRACE‑FILES is reached.
There is no default value.
These two parameters help prevent a constantly growing ETB.LOG file.
See Trace File Handling under UNIX | Windows.
|
|||||||||||||||
TRACE-LEVEL |
0-4 |
O | z | u | w | b | |||||||||
The level of tracing to be performed while the broker is running.
Trace levels 2, 3 and 4 should be used only when requested by Software AG Support. If you modify the |
|||||||||||||||
TRANSPORT |
TCP-NET | TCP | SSL | NET |
O | z | b | |||||||||||
TCP | SSL |
O | u | w | ||||||||||||
The broker transport may be specified as any combination of one or more of the following methods:
Examples:
The parameters for each transport method are described in the respective section: TCP | SSL | NET. |
|||||||||||||||
TRAP-ERROR |
nnnn |
O | z | u | w | b | |||||||||
Where nnnn is the four-digit API error number that triggers the trace handler,
for example 0007 (Service not registered). Leading zeros are not required. There is no default value.
|
|||||||||||||||
TRBUFNUM |
n |
O | z | u | w | b | |||||||||
Changes the trace to write trace data to internal trace buffers.
n is the size of the trace buffer in 64 KB units.
There is no default value.
|
|||||||||||||||
TRMODE |
WRAP |
O | z | u | w | b | |||||||||
Changes the trace mode. WRAP is the only possible value.
This value instructs broker to write the trace buffer (see TRBUFNUM ) if an event occurs.
This event is triggered by a matching TRAP‑ERROR
during request processing or when an exception occurs.
|
|||||||||||||||
UMSG |
See MAX‑MESSAGES‑IN‑UOW .
|
||||||||||||||
UOW-DATA-LIFETIME |
1D | nS | nM | nH | nD |
O | z | u | w | b | |||||||||
Defines the default lifetime for units of work for the service.
If the UOW is inactive - that is, is not processed within the time
limit - it is deleted and given a status of
|
|||||||||||||||
UOW-MSGS |
See MAX‑MESSAGES‑IN‑UOW .
|
||||||||||||||
UOW-STATUS-LIFETIME |
no value | n[S] | nM | nH | nD |
O | z | u | w | b | |||||||||
The value to be added to the UOW‑DATA‑LIFETIME (lifetime of associated UOW).
If a value is entered, it must be 1 or greater; a value of 0 will result in an error.
If no value is entered, the lifetime of the UOW status information will be the same as the lifetime of the UOW itself.
This attribute is ignored if The lifetime determines how much additional time the UOW status is
retained in the persistent store and is calculated from the time at which the
associated UOW enters any of the following statuses:
Note: |
|||||||||||||||
UWSTAT-LIFETIME |
Alias for UOW‑STATUS‑LIFETIME .
|
||||||||||||||
UWSTATP |
0 | n |
O | z | u | w | b | |||||||||
Contains a multiplier used to compute the lifetime of a persistent status for the service.
The UWSTATP value is multiplied by the UOW‑DATA‑LIFETIME value
(the lifetime of the associated UOW) to determine the length of time the status will be retained in the persistent
store.
Note: |
|||||||||||||||
UWTIME |
Alias for UOW‑DATA‑LIFETIME .
|
||||||||||||||
WAIT-FOR-ACTIVE-PSTORE |
NO | YES |
O | z | u | w | b | |||||||||
Determines whether broker should wait for the Adabas Persistent Store to become active, or until c-tree PSTORE files become
available.
|
|||||||||||||||
WORKER-MAX |
32 | n (min. 1 , max. 32 )
|
O | z | u | w | b | |||||||||
Maximum number of worker tasks the broker can use. | |||||||||||||||
WORKER-MIN |
1 | n (min. 1 , max. 32 )
|
O | z | u | w | b | |||||||||
Minimum number of worker tasks the broker can use. | |||||||||||||||
WORKER-NONACT |
70S | n | nS | nM | nH |
O | z | u | w | b | |||||||||
Non-activity time to elapse before a worker tasks is stopped.
Caution: |
|||||||||||||||
WORKER-QUEUE-DEPTH |
1 | n (min. 1 )
|
O | z | u | w | b | |||||||||
Number of unassigned user requests in the input queue before another worker task gets started.
The default and recommended value is 1 .
A higher value will result in longer broker response times.
|
|||||||||||||||
WORKER-START-DELAY |
internal-value | n |
O | z | u | w | b | |||||||||
Delay after a successful worker task invocation before another worker task can be started to handle current incoming workload. This attribute is used to avoid the risk of recursive invocation of worker tasks, because starting a worker task itself causes workload increase. If no value is specified, an internal value calculated by the broker is used to optimize dynamic worker management. This calculated value is the maximum time required to start a worker task. |
Each section begins with the keyword DEFAULTS=SERVICE
.
Services with common attribute values can be grouped together. The attributes
defined in the grouping apply to all services specified within it. However, if
a different attribute value is defined immediately following the service
definition, that new value applies. See also the sections
Wildcard Service Definitions and
Service Update Modes below the table.
Attribute | Values | Opt/ Req |
Operating System | ||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
z/OS | UNIX | Windows | BS2000 | ||||||||||||||||||||||
APPLICATION-MONITORING or APPMON |
YES | NO |
O | z | u | w | b | |||||||||||||||||||
|
|||||||||||||||||||||||||
APPLICATION-MONITORING-NAME or APPMON-NAME |
A100 |
O | z | u | w | b | |||||||||||||||||||
Specifies the application monitoring name.
Used to set the value of the ApplicationName KPI.
If omitted, the default value from the
|
|||||||||||||||||||||||||
CLASS |
A32 (case-sensitive)
|
R | z | u | w | b | |||||||||||||||||||
Part of the name that identifies the
service together with the SERVER and
SERVICE attributes.
CLASS must be specified first, followed
immediately by SERVER and
SERVICE . The following rules apply:
See also the restriction for |
|||||||||||||||||||||||||
CLIENT-RPC-AUTHORIZATION |
N | Y |
O | z | b | |||||||||||||||||||||
Determines whether this service is subject to RPC authorization checking.
To allow conformity with Natural Security, the
|
|||||||||||||||||||||||||
CONV-LIMIT |
UNLIM | n |
O | z | u | w | b | |||||||||||||||||||
Allocates a number of conversations especially for this service.
A value of 0 (zero) is invalid. |
|||||||||||||||||||||||||
CONV-NONACT |
5M | n | nS | nM | nH |
R | z | u | w | b | |||||||||||||||||||
Non-activity time for connections.
A value of 0 (zero) is invalid. If a connection is not used for the specified time, that is, a server or a client does not issue a broker request that references the connection in any way, the connection is treated as inactive and the allocated resources are freed. |
|||||||||||||||||||||||||
CONVERSION |
A255
|
O | z | u | w | b | |||||||||||||||||||
Defines ICU conversion or SAGTRPC user exit for character conversion. See Internationalization with EntireX.
The Notes:
TRACE If tracing is switched on, the trace output is written to the broker log file. The following trace levels are available:
OPTION See table of possible values under |
|||||||||||||||||||||||||
DEFERRED |
NO | YES |
O | z | u | w | b | |||||||||||||||||||
|
|||||||||||||||||||||||||
LOAD-BALANCING |
YES | NO |
O | z | u | w | b | |||||||||||||||||||
|
|||||||||||||||||||||||||
LONG-BUFFER-LIMIT |
UNLIM | n |
O | z | u | w | b | |||||||||||||||||||
Allocates a number of long message buffers for the service.
A value of 0 (zero) is invalid. If |
|||||||||||||||||||||||||
MAX-MESSAGES-IN-UOW |
16 | n |
O | z | u | w | b | |||||||||||||||||||
Maximum number of messages in a UOW. | |||||||||||||||||||||||||
MAX-MESSAGE-LENGTH |
2147483647 | n |
O | z | u | w | b | |||||||||||||||||||
Maximum message size that can be sent to a service.
This is transport-dependent. The default value represents the highest positive number that can be stored in a four-byte integer. |
|||||||||||||||||||||||||
MAX-MSG |
See MAX‑MESSAGE‑LENGTH .
|
||||||||||||||||||||||||
MAX-UOW-MESSAGE-LENGTH |
See MAX‑MESSAGE‑LENGTH .
|
||||||||||||||||||||||||
MAX-UOWS |
0 | n |
O | z | u | w | b | |||||||||||||||||||
Specify |
|||||||||||||||||||||||||
MUOW |
See MAX‑UOWS .
|
||||||||||||||||||||||||
NOTIFY-EOC |
NO | YES |
O | z | u | w | b | |||||||||||||||||||
Specifies whether timed-out conversations are to be stored or discarded.
If a server is not ready to receive an EOC notification, it can be stored or discarded. If it is stored, the server is notified, if possible, when it is ready to receive. Caution: |
|||||||||||||||||||||||||
NUM-UOW |
Alias for MAX‑UOWS .
|
||||||||||||||||||||||||
POSTPONE-ATTEMPTS |
0 | n |
O | z | u | w | ||||||||||||||||||||
Defines the number of attempts putting a received unit of work (UOW) due to SYNCPOINT option CANCEL on the postponed queue for later processing.
Note: |
|||||||||||||||||||||||||
POSTPONE-DELAY |
0 | n | nS | nM | nH |
O | z | u | w | ||||||||||||||||||||
The length of time a UOW is kept in status POSTPONED .
The status of the UOW will be changed from Note: |
|||||||||||||||||||||||||
SERVER |
A32 (case-sensitive)
|
R | z | u | w | b | |||||||||||||||||||
Part of the name that identifies the service together with the CLASS and SERVICE attributes.
Valid characters for server name are letters a-z, A-Z, numbers 0-9, hyphen and underscore. Do not use dollar, percent, period or comma. |
|||||||||||||||||||||||||
SERVER-DEFAULT |
n | UNLIM |
O | z | u | w | b | |||||||||||||||||||
Default number of servers that are allowed for every service.
A value of 0 (zero) is invalid. This value can be overridden by specifying a |
|||||||||||||||||||||||||
SERVER-LIMIT |
n | UNLIM |
O | z | u | w | b | |||||||||||||||||||
Allows a number of servers especially for this service.
A value of 0 (zero) is invalid. If Note: |
|||||||||||||||||||||||||
SERVER-NONACT |
5M | n | nS | nM | nH |
R | z | u | w | b | |||||||||||||||||||
Non-activity time for servers.
A server that does not issue a broker request within the specified time limit is treated as inactive and all resources
for the server are freed.
If a server registers multiple services, the highest value of all the services registered is taken as non-activity time for the server. |
|||||||||||||||||||||||||
SERVICE |
A32 (case-sensitive)
|
R | z | u | w | b | |||||||||||||||||||
Part of the name that identifies the service together with the CLASS and SERVER attributes.
The |
|||||||||||||||||||||||||
SHORT-BUFFER-LIMIT |
UNLIM | n |
O | z | u | w | b | |||||||||||||||||||
Allocates a number of short message buffers for the service.
If |
|||||||||||||||||||||||||
STORE |
OFF | BROKER |
O | z | u | w | b | |||||||||||||||||||
Sets the default STORE attribute for all units of work sent to the service.
This attribute can be overridden by the |
|||||||||||||||||||||||||
TRANSLATION |
NO | name (A255) |
O | z | u | w | b | |||||||||||||||||||
Activates translation user exit for character conversion.
The |
|||||||||||||||||||||||||
UMSG |
Alias for MAX‑MESSAGES‑IN‑UOW .
|
||||||||||||||||||||||||
UOW-DATA-LIFETIME |
1D | nS | nM | nH | nD |
O | z | u | w | b | |||||||||||||||||||
Defines the default lifetime for units of work for the service.
This attribute is ignored if If the unit of work (UOW) is inactive, that is, not processed within
the time limit, it is deleted and given a status of
|
|||||||||||||||||||||||||
UOW-MSGS |
Alias for MAX‑MESSAGES‑IN‑UOW .
|
||||||||||||||||||||||||
UOW-STATUS-LIFETIME |
no value | n[S] | nM | nH | nD |
O | z | u | w | b | |||||||||||||||||||
The value to be added to the UOW‑DATA‑LIFETIME lifetime of associated UOW).
If a value is entered, it must be 1 or greater; a value of 0 will result in an error.
If no value is entered, the lifetime of the UOW status information will be the same as the lifetime of the UOW itself.
The lifetime determines how much additional time the UOW status is
retained in the persistent store and is calculated from the time at which the
associated UOW enters any of the following statuses:
Note: |
|||||||||||||||||||||||||
UWSTATP |
0 | n |
O | z | u | w | b | |||||||||||||||||||
Contains a multiplier used to compute the lifetime of a persistent
status for the service. The UWSTATP value is
multiplied by the UOW‑STATUS‑LIFETIME value (the lifetime of
the associated UOW) to determine the length of time the status will be retained
in the persistent store.
This attribute is ignored if Note: |
|||||||||||||||||||||||||
UWSTAT-LIFETIME |
Alias for UOW‑STATUS‑LIFETIME .
|
||||||||||||||||||||||||
UWTIME |
Alias for UOW‑DATA‑LIFETIME .
|
The special names of CLASS = *
,
SERVER = *
and SERVICE = *
are allowed in the service-specific and authorization rule-specific sections of the broker
attribute file. These are known as "wildcard" service definitions. If this name
is present in the attribute file, any service that registers with the broker
and does not have its own entry in the attribute file will inherit the
attributes that apply to the first wildcard service definition found.
For example, a server that registers with
CLASS=ACLASS
,
SERVER=ASERVER
and
SERVICE=ASERVICE
can inherit attributes from any
of the following entries in the attribute file (this list is not necessarily
complete):
CLASS = *, SERVER = ASERVER, SERVICE = ASERVICE CLASS = ACLASS, SERVER = *, SERVICE = * CLASS = *, SERVER = *, SERVICE = *
Of course, if there is a set of attributes that are specifically defined
for CLASS=ACLASS
,
SERVER=ASERVER
,
SERVICE=ASERVICE
, then all of the wildcard
service definitions will be ignored in favor of the exact matching
definition.
EntireX has two modes for handling service-specific attributes. See broker-specific attribute SERVICE‑UPDATES
.
In service update mode
(SERVICE-UPDATES=YES
), the service configuration
sections of the attribute file are read whenever the first replica of a
particular service registers.
In non-update mode
(SERVICE-UPDATES=NO
), the attribute file is not
reread. All attributes are read during startup and the broker does not honor
any changes in the attribute file. This mode is useful if
there is a high frequency of REGISTER
operations, or
the attribute file is rather large and results in a high I/O rate for the broker.
The disadvantage to using non-update mode is that if specific attributes are modified, the broker must be restarted to effect the changes. Generally, this mode should be used only if the I/O rate of the broker is considerably high, and if the environment seldom changes.
The different option values allow you to either handle character conversion deficiencies as errors, or to ignore them:
Do not ignore any character conversion errors and force an error
always (value STOP
). This is the default behavior.
Ignore if characters cannot be converted into the receiver's
codepage, but force an error if sender characters do not match the sender's
codepage (value SUBSTITUTE-NONCONV
).
Ignore any character conversion errors (values SUBSTITUTE
and
BLANKOUT
).
Situations 1 and 2 above are reported to the broker log file if the
TRACE
option for CONVERSION
is set to level 1.
The codepage-specific attribute section begins with the keyword
DEFAULTS=CODEPAGE
as shown in the sample attribute file. You can
use the attributes in this section to customize the broker's locale string
defaults and customize the mapping of locale strings to codepages for character conversion with ICU conversion and SAGTRPC
user exit.
See Internationalization with EntireX for more information.
Attribute | Values | Opt/ Req |
Operating System | |||
---|---|---|---|---|---|---|
z/OS | UNIX | Windows | BS2000 | |||
DEFAULT_ASCII |
Any ICU converter name or alias. See also Additional Notes below. | O | z | u | w | b |
Customize the broker's locale string defaults by assigning the
default codepage for EntireX components (client or server). See Broker's Locale String Defaults.
This value is used instead of the broker's locale string defaults if
Example: DEFAULTS=CODEPAGE * Broker Locale String Defaults DEFAULT_ASCII=windows-950 For more examples, see Configuring Broker's Locale String Defaults in the Internationalization documentation and also Additional Notes below. |
||||||
DEFAULT_EBCDIC_IBM |
Any ICU converter name or alias | O | z | u | w | b |
Customize the broker's locale string defaults by assigning the
default codepage for EntireX components (client or server). See Broker's Locale String Defaults.
This value is used instead of the broker's locale string defaults if
Example: DEFAULT=CODEPAGE DEFAULT_EBCDIC_IBM=ibm-937 For more examples, see Configuring Broker's Locale String Defaults in the Internationalization documentation and also Additional Notes below. |
||||||
DEFAULT_EBCDIC_SNI |
Any ICU converter name or alias. | O | z | u | w | b |
Customize the broker's locale string defaults by assigning the
default codepage for EntireX components (client or server). See Broker's Locale String Defaults.
This value is used instead of the locale string defaults if
Example: DEFAULT=CODEPAGE DEFAULT_EBCDIC_SNI= bs2000-edf03drv For more examples, see Configuring Broker's Locale String Defaults in the Internationalization documentation and also Additional Notes below. |
||||||
locale-string |
Any ICU converter name or alias. See also Additional Notes below. | O | z | u | w | |
Customize the mapping of locale strings to codepages and bypass the
broker's locale string processing mechanism. See Broker's Locale String Processing. This is useful:
The attribute (locale string) is the locale string sent by your EntireX component (client or server) and the value is the codepage that you want to use in place of that locale string. In the first line of the example below, the client or server application sends ASCII as a locale string; the broker maps this to the codepage ISO 8859_1. In the same way EUC_JP_LINUX is mapped to ibm-33722_P12A-1999. All other locale strings are mapped by the broker's mapping mechanism, see Broker's Built-in Locale String Mapping. Example: DEFAULTS=CODEPAGE * Broker Locale String Codepage Assignments ASCII=ISO8859 EUC_JP_LINUX=ibm-33722_P12A-1999 * Customer-written ICU converters CP1140=myebcdic CP0819=myascii For more examples, see Bypassing Broker's Built-in Locale String Mapping and also Additional Notes below. |
Locale string matching is case insensitive when bypassing the broker's built-in mechanism, that is, when the broker examines the codepages section in the attribute file.
If ICU is used for character conversion and the style in not known by ICU, e.g. <ll>_<cc> etc., the name will be mapped to a suitable ICU alias. For more details on the mapping mechanism, see Broker's Built-in Locale String Mapping. For more details on ICU and ICU converter name standards, see ICU Resources.
If SAGTRPC user exit is used for the character conversion, we recommend assigning the codepage in the form CP<nnnnn>. To determine the number given to SAGTRPC user exit, see Broker's Built-in Locale String Mapping.
See CONVERSION
on this page for the
character conversion in use.
The Adabas SVC/Entire Net-Work-specific attribute section begins with the
keyword DEFAULTS=NET
as shown in the sample attribute file. The
attributes in this section are needed to execute the Adabas SVC/Entire Net-Work
communicator of the EntireX Broker kernel.
Note:
This section applies to mainframe platforms only. It does not apply to UNIX and Windows.
Attribute | Values | Opt/ Req |
Operating System | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
z/OS | UNIX | Windows | BS2000 | ||||||||||||
ADASVC |
nnn |
R | z | ||||||||||||
Sets the Adabas SVC number for EntireX Broker access.
The Adabas SVC is used to perform various internal functions, including communication between the caller program and EntireX Broker. Not supported on BS2000. |
|||||||||||||||
EXTENDED-ACB-SUPPORT |
NO | YES |
O | z | b | |||||||||||
Determines whether extended features of Adabas version 8 (or above) are supported.
|
|||||||||||||||
FORCE |
NO | YES |
O | z | b | |||||||||||
Determines whether DBID table entries can be overwritten.
Caution: |
|||||||||||||||
IDTNAME |
idtname (A8) | ADABAS5B |
O | b | ||||||||||||
If an ID table name is specified
with the appropriate ADARUN parameter for Entire
Net-Work, Adabas or Natural, the same name must be specified here. The ID table
is used to perform various internal functions, including communication between
the caller program and the EntireX Broker. Only supported under BS2000.
|
|||||||||||||||
IUBL |
8000 | n |
O | z | b | |||||||||||
This parameter sets the maximum length (in bytes) of the buffer that
can be passed from the caller to EntireX Broker. The maximum size of IUBL
is the same as the maximum value of the Adabas parameter LU . See the Adabas Operations Manual.
|
|||||||||||||||
LOCAL |
NO | YES |
O | z | b | |||||||||||
For remote nodes accessed via Entire Net-Work, the attribute LOCAL specifies whether the target ID
defined with the NODE attribute can be accessed only locally, or also remotely.
|
|||||||||||||||
MAX-MESSAGE-LENGTH |
2147483647 | n |
O | z | u | w | b | |||||||||
Maximum message size that the broker kernel can process using transport method NET. The default value represents the highest positive number that can be stored in a four-byte integer. | |||||||||||||||
NABS |
10 | n |
O | z | b | |||||||||||
The number of attached buffers to be used (max. 524287).
An attached buffer is an internal buffer used for interprocess communication.
An attached buffer pool equal to the The following formula can be used to calculate the value for |
|||||||||||||||
NCQE |
10 | n |
O | z | b | |||||||||||
NCQE
defines the number of command queue elements which are available for processing
commands arriving at the broker kernel over Adabas SVC / Net-Work transport
mechanism. Sufficient NCQE should be allocated
to allow this transport mechanism to process multiple broker commands
concurrently. Each command queue element requires 192 bytes, and the element is
released when either the user (client or server) has received the results of
the command, or if the command is timed out.
The number of command queue elements required to handle broker calls depends on the number of parallel active broker calls that are using the transport mechanism Adabas SVC / Entire Net-Work. For example, all broker commands issued by client or server components using this transport mechanism: |
|||||||||||||||
NODE |
1-65534 |
R | z | b | |||||||||||
Defines the unique DBID for EntireX Broker.
Used for internode Adabas/Entire Net-Work communication. There is no
default; the value of |
|||||||||||||||
TIME |
30 | n |
O | z | b | |||||||||||
This parameter sets the timeout value for broker calls in seconds. The results of a broker call must be received by the caller within this time limit. | |||||||||||||||
TRACE-LEVEL |
0-4 |
O | z | b | |||||||||||
The level of tracing to be performed while the broker is running with transport method NET. It overrides the global value
of trace level for all NET routines.
Trace levels 2, 3 and 4 should be used only when requested by Software AG Support. If you modify the |
The security-specific attribute section begins with the keyword
DEFAULTS=SECURITY
as shown in the sample attribute file. This
section applies only if broker-specific attribute SECURITY=YES
is specified.
Attribute | Values | Opt/ Req |
Operating System | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
z/OS | UNIX | Windows | BS2000 | ||||||||||||
ACCESS-SECURITY-SERVER |
NO | YES |
O | b | ||||||||||||
Determines where authentication is checked.
|
|||||||||||||||
APPLICATION-NAME |
A8 |
O | z | ||||||||||||
Specifies the name of the application to be checked if FACILITY-CHECK=YES is defined.
In RACF, for example, an application with read permission for user is defined with following commands:
RDEFINE APPL BROKER UACC(NONE) PERMIT BROKER CLASS(APPL) ID(DOE) ACCESS(READ) SETROPTS CLASSACT(APPL) See attribute |
|||||||||||||||
AUTHORIZATION-DEFAULT |
YES | NO |
O | u | w | |||||||||||
Determines whether access is granted to a specified service if the specified service could not be found listed in the repository
of authorization rules or in section DEFAULTS=AUTHORIZATION-RULES of the attribute file.
Applies only when using EntireX Security under UNIX and Windows. Authorization rules can be stored within a repository. When an authorization call occurs, EntireX Security uses the values of this parameter to perform an access check for a particular broker instance against an (authenticated) user ID and list of rules. See also Authorization Rules. |
|||||||||||||||
CHECK-IP-ADDRESS |
|
O | z | ||||||||||||
Determines whether the TCP/IP address of the caller is subject to a resource check. | |||||||||||||||
ERRTXT-MODULE |
NA2MSG0 | NA2MSG1 | NA2MSG2 | ModuleName |
O | z | ||||||||||||
Specifies the name of the security error text module.
Default is NA2MSG0 , English messages.
For instructions on how to customize messages, see Build Language-specific Messages (Optional) under Installing EntireX Security under z/OS.
|
|||||||||||||||
FACILITY-CHECK |
NO | YES |
O | z | ||||||||||||
It is possible to check whether a particular user is at all allowed to use an application
before performing a password check. The advantage of this additional check is that when the user
is not allowed to use this application, the broker returns error 00080013 and does not
try to authenticate the user. Failing an authentication check may lead to the user's password being revoked;
this situation is avoided if the facility check is performed first.
See attribute APPLICATION‑NAME for further details.
Note: |
|||||||||||||||
IGNORE-STOKEN |
NO | YES |
O | z | u | w | b | |||||||||
Determines whether the value of the ACI field SECURITY-TOKEN is verified on each call.
|
|||||||||||||||
INCLUDE-CLASS |
YES | NO |
O | z | ||||||||||||
Determines whether the class name is included in the resource check. | |||||||||||||||
INCLUDE-NAME |
YES | NO |
O | z | ||||||||||||
Determines whether the server name is included in the resource check. | |||||||||||||||
INCLUDE-SERVICE |
YES | NO |
O | z | ||||||||||||
Determines whether the service name is included in the resource check. | |||||||||||||||
LDAP-AUTHENTICATION-URL |
ldapUrl |
O | u | w | |||||||||||
Authentication is performed against the LDAP repository specified under ldapUrl.
If no port number is specified, the default is the standard LDAP port number 389 for TCP transport. Examples for TCP and SSL/TLS: LDAP-AUTHENTICATION-URL="ldap://myhost.mydomain.com" LDAP-AUTHENTICATION-URL="ldaps://myhost.mydomain.com:636" |
|||||||||||||||
LDAP-AUTHORIZATION-URL |
ldapUrl |
O | u | w | |||||||||||
Authorization is performed against the LDAP repository specified under ldapUrl.
If no port number is specified, the default is the standard LDAP port number 389 for TCP transport. LDAP-AUTHORIZATION-URL="ldap://myhost.mydomain.com:389" This attribute replaces the parameters |
|||||||||||||||
LDAP-AUTH-DN |
authDN |
O | u | w | |||||||||||
For authenticated access to the LDAP server. Specifies the DN of the user. Default value:
cn=admin,dc=software-ag,dc=de This attribute replaces parameter |
|||||||||||||||
LDAP-AUTH-PASSWD-ENCRYPTED |
authPass |
O | u | w | |||||||||||
For authenticated access to the LDAP server. Specifies the encrypted value of the user password.
Use program etbnattr to get the encrypted password:
etbnattr –x clear_text_password –echo_password_only This writes the encrypted password to standard output. This attribute replaces parameter |
|||||||||||||||
LDAP-AUTHORIZATION-RULE |
A32 |
O | u | w | |||||||||||
List of authorization rules. Multiple sets of rules can be defined,
each set is limited to 32 chars. The maximum number of LDAP-AUTHORIZATION-RULE
entries in the attribute file is 16.
Applies only when using EntireX Security under UNIX or Windows and See also Authorization Rules. |
|||||||||||||||
LDAP-BASE-DN |
baseDN |
O | u | w | |||||||||||
Specifies the base distinguished name of the directory object that is the root of all objects for authorization rules. Default
value:
dc=software-ag,dc=de This attribute replaces parameter |
|||||||||||||||
LDAP-PERSON-BASE-BINDDN |
ldapDn |
O | u | w | |||||||||||
Used with LDAP authentication to specify the distinguished name
where authentication information is stored. This value is prefixed with the user ID field name (see below). Example:
|
|||||||||||||||
LDAP-REPOSITORY-TYPE |
OpenLDAP | ActiveDirectory | SunOneDirectory | Tivoli | Novell | ApacheDS |
O | u | w | |||||||||||
Use predefined known fields for the respective repository type. Specify the repository type that most closely matches your actual repository. In the case of Windows Active Directory, the user ID is typically in the form domainName\userId. | |||||||||||||||
LDAP-SASL-AUTHENTICATION |
NO | YES |
O | w | ||||||||||||
Specifies whether or not Simple Authentication and Security Layer
(SASL) is to perform the authentication check. In practice, this determines
whether or not the password supplied by the user is passed in plain text
between the broker kernel and the LDAP server. If SASL is activated, this
implies that the password is encrypted.
|
|||||||||||||||
LDAP-USERID-FIELD |
cn | uidFieldName |
O | u | w | |||||||||||
Used with LDAP authentication to specify the first field name of a user in the Distinguished Name, for example:
|
|||||||||||||||
MAX-SAF-PROF-LENGTH |
1-256 |
O | z | ||||||||||||
This parameter should be increased if the length of the resource checks -
that is, the length of the profile comprising "<class>.<server>.<service>" - is greater than 80 bytes.
This parameter defaults to 80 if a value is not specified. |
|||||||||||||||
PASSWORD-TO-UPPER-CASE |
NO | YES |
O | z | ||||||||||||
Determines whether the password and new password are converted to uppercase before verification. | |||||||||||||||
PRODUCT |
RACF | ACF2 | TOP-SECRET |
O | z | ||||||||||||
Specifies the name of the installed security product. This attribute is used to analyze security-system-specific errors.
The following systems are currently supported:
The default value is used if an incorrect or no value is specified. |
|||||||||||||||
PROPAGATE-TRUSTED-USERID |
YES | NO |
O | z | ||||||||||||
Determines whether a client user ID obtained by means of the trusted user ID mechanism is propagated to a server using the
ACI field CLIENT-USERID .
|
|||||||||||||||
SAF-CLASS |
NBKSAG | SAFClassName |
O | z | ||||||||||||
Specifies the name of the SAF class/type used to hold the EntireX-related resource profiles. | |||||||||||||||
SAF-CLASS-IP |
NBKSAG | SAFClassName |
O | z | ||||||||||||
Specifies the name of the SAF class/type used when performing IP address authorization checks. | |||||||||||||||
SECURITY-LEVEL |
AUTHORIZATION | AUTHENTICATION |
O | z | u | w | b | |||||||||
Specifies the mode of operation.
Note: |
|||||||||||||||
SECURITY-NODE |
YES | name |
O | z | ||||||||||||
This parameter can be used to specify a prefix that is added to all
authorization checks, enabling different broker kernels, in different
environments, to perform separate authorization checks according to each broker
kernel. For example, it is often important to distinguish between production,
test, and development environments.
Note: |
|||||||||||||||
SECURITY-SYSTEM |
OS | LDAP |
O | z | u | w | b | |||||||||
|
|||||||||||||||
TRACE-LEVEL |
0-4 |
O | z | u | w | b | |||||||||
Trace level for EntireX Security. It overrides the global value of trace level in the attribute file.
Trace levels 2, 3 and 4 should be used only when requested by Software AG Support. If you modify the Note: |
|||||||||||||||
TRUSTED-USERID |
YES | NO |
O | z | ||||||||||||
Activates the trusted user ID mechanism for broker requests arriving over the local Adabas IPC mechanism. | |||||||||||||||
USERID-TO-UPPER-CASE |
NO | YES |
O | z | ||||||||||||
Determines whether user ID is converted to uppercase before verification. | |||||||||||||||
UNIVERSAL |
NO | YES |
O | z | ||||||||||||
Determines whether access to undefined resource profiles is allowed. | |||||||||||||||
WARN-MODE |
NO | YES |
O | z | u | w | b | |||||||||
Determines whether a resource check failure results in just a warning or an error. |
The TCP/IP-specific attribute section begins with the keyword
DEFAULTS=TCP
as shown in the sample attribute file. It contains
attributes that apply to the TCP/IP transport communicator. The transport is
activated by TRANSPORT=TCP
in the
Broker-specific section of the attribute file. A maximum of five TCP/IP
communicators can be activated by specifying up to five HOST
/PORT
pairs.
Attribute | Values | Opt/ Req |
Operating System | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
z/OS | UNIX | Windows | BS2000 | ||||||||||||
CERT-AUTHENTICATION |
NO | YES |
O | z | ||||||||||||
See Using SSL Certificates for Authentication in the EntireX Security documentation for z/OS. |
|||||||||||||||
CONNECTION-NONACT |
n | nS | nM | nH |
O | z | u | w | b | |||||||||
Non-activity of the TCP/IP connection, after which a close is
performed and the connection resources are freed. If this parameter is not specified here,
broker will close the connection only when the application (or the network itself) terminates the connection.
If not specified, the connection non-activity test is disabled. On the stub side, non-activity can be set
with the environment variable |
|||||||||||||||
HOST |
0.0.0.0 | hostname | IP address |
O | z | u | w | b | |||||||||
The address of the network interface on which broker will listen for connection requests.
If A maximum of five |
|||||||||||||||
MAX-MESSAGE-LENGTH |
2147483647 | n |
O | z | u | w | b | |||||||||
Maximum message size that the broker kernel can process using transport method TCP/IP. The default value represents the highest positive number that can be stored in a four-byte integer. | |||||||||||||||
PORT |
1025-65535 |
O | z | u | w | b | |||||||||
The TCP/IP port number on which the broker will listen for connection requests.
If not specified, the broker will attempt to find its TCP/IP port number from the TCP/IP services file, using A maximum of five Example for multiple ports on z/OS: HOST=localhost,PORT=3930 HOST=0.0.0.0,PORT=3931
With this configuration you can reach the broker from outside the z/OS host via the secure TLS connection only (port 3931). The TCP connection (port 3930) can only be used from inside the z/OS host. |
|||||||||||||||
RESTART |
YES | NO |
O | z | u | w | b | |||||||||
This setting applies to all TCP/IP communicators. |
|||||||||||||||
RETRY-LIMIT |
20 | n | UNLIM |
O | z | u | w | b | |||||||||
Maximum number of attempts to restart the TCP/IP communicator. This setting applies to all TCP/IP communicators. | |||||||||||||||
RETRY-TIME |
3M | n | nS | nM | nH |
O | z | u | w | b | |||||||||
Wait time between stopping the TCP/IP communicator due to an unrecoverable error and the next attempt to restart it.
Minimum wait time is This setting applies to all TCP/IP communicators. |
|||||||||||||||
REUSE-ADDRESS |
YES | NO |
O | z | u | b | ||||||||||
|
O | w | |||||||||||||
|
|||||||||||||||
STACK-NAME |
StackName |
O | z | ||||||||||||
Name of the TCP/IP stack that the broker is using.
If not specified, broker will connect to the default TCP/IP stack running on the machine. |
|||||||||||||||
TRACE-LEVEL |
0-4 |
O | z | u | w | b | |||||||||
The level of tracing to be performed while the broker is running with transport method TCP/IP. It overrides the global value
of trace level for all TCP/IP routines.
Trace levels 2, 3 and 4 should be used only when requested by Software AG Support. If you modify the |
The c-tree-specific attribute section begins with the keyword
DEFAULTS = CTREE
. The attributes in this section are optional.
This section applies only if PSTORE-TYPE = CTREE
is specified.
Not available under z/OS or BS2000.
Attribute | Values | Opt/ Req |
Operating System | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
z/OS | UNIX | Windows | BS2000 | ||||||||||||
COMPATIBILITY |
NO | YES |
O | u | w | |||||||||||
Determines whether the following c-tree parameters are set:
See your FairCom documentation for a description of these parameters.
|
|||||||||||||||
FLUSH-DIR |
YES | NO |
O | u | w | |||||||||||
Controls whether metadata is flushed to disk immediately after creates, renames, and deletes of transaction log files and
transaction-dependent files.
|
|||||||||||||||
MAXSIZE |
n | nM | nG |
O | u | w | |||||||||||
Defines the maximum size of c-tree data files.
Broker allocates one data file for control data and another data file for message data:
|
|||||||||||||||
PAGESIZE |
n | nK |
O | u | w | |||||||||||
Determines how many bytes are available in each c-tree node.
PSTORE COLD start is required after changing this value.
The default and minimum value is 8 KB. If |
|||||||||||||||
PATH
|
A255 |
O | u | w | |||||||||||
Path name of the target directory for c-tree index and data files. | |||||||||||||||
SYNCIO |
NO | YES |
O | u | w | |||||||||||
Controls the open mode of the c-tree transaction log.
|
|||||||||||||||
TRACE-LEVEL |
0-4 |
O | u | w | |||||||||||
Trace level for c-tree persistent store. It overrides the global value of trace level in the attribute file.
Trace levels 2, 3 and 4 should be used only when requested by Software AG Support. If you modify the |
The Broker can use Secure Sockets Layer/Transport Layer Security (SSL/TLS) as the transport medium. The term "SSL" in this section refers to both SSL and TLS. RPC-based clients and servers, as well as ACI clients and servers, are always SSL clients. The broker is always the SSL server. For an introduction see SSL/TLS, HTTP(S), and Certificates with EntireX. Your operating system determines whether this section of the attribute file is required:
z/OS
The SSL-specific attribute section is not used. You can use IBM's Application Transparent Transport Layer Security (AT-TLS).
See Running Broker with SSL/TLS Transport in the z/OS Administration documentation.
UNIX and Windows
The SSL-specific attribute section is required, and begins with the keyword DEFAULTS=SSL
as shown in the sample attribute file.
The attributes in this section are needed to execute the SSL communicator of the EntireX Broker kernel.
See also Running Broker with SSL/TLS Transport under UNIX | Windows.
Attribute | Values | Opt/ Req |
Operating System | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
z/OS | UNIX | Windows | BS2000 | ||||||||||||
CIPHER-SUITE |
string |
O | u | w | b | ||||||||||
String that is passed to the underlying SSL/TLS implementation.
SSL/TLS is a standardized protocol that uses different cryptographic functions (hash functions, symmetric and asymmetric
encryption etc.).
Some of these must be implemented in the SSL/TLS stack; others are optional.
When an SSL/TLS connection is created, both parties agree by "handshake" on the cipher suite, that is, the algorithms
and key lengths used.
In a default scenario, this information depends on what both sides are capable of.
It can be influenced by setting the attribute CIPHER-SUITE for the SSL/TLS server side (the broker always implements the server side).
Thus stubs connect to the broker and thereby become the SSL/TLS clients.
Under UNIX, Windows and BS2000, the OpenSSL implementation is used. The SSL protocol is obsolete. It is no longer available. The TLS protocol is the successor of SSL and is readily available in OpenSSL. The default OpenSSL configuration uses FIPS 140-2 approved cipher suites, eligible for TLS v1.2, but without anonymous Diffie-Hellman (ADH) and pre-shared key (PSK) algorithms. The resulting set of cipher suites provides for authentication and strong encryption: CIPHER-SUITE=FIPS+TLSv1.2:!ADH:!PSK:@STRENGTH |
|||||||||||||||
CONNECTION-NONACT |
n | nS | nM | nH |
O | u | w | b | ||||||||||
Non-activity of the SSL connection, after which a close is performed and the connection resources are freed.
If this parameter is not specified here, broker will close the connection only when the application (or the network
itself) terminates the connection.
If not specified, the connection non-activity test is disabled. |
|||||||||||||||
HOST |
hostname |
O | u | w | b | ||||||||||
The address of the network interface on which broker will listen for connection requests.
If A maximum of five |
|||||||||||||||
KEY-FILE |
filename |
R | u | w | b | ||||||||||
File that contains the broker's private key (if not contained in KEY-STORE ).
For test purposes, EntireX delivers certificates for use on various platforms. See SSL/TLS Sample Certificates Delivered with EntireX.
Example for UNIX and Windows: Note: |
|||||||||||||||
KEY-PASSWD |
password (A32)
|
R | u | w | b | ||||||||||
Password used to protect the private key. Unlocks the KEY-FILE , for example
MyAppKey.pem . Deprecated. See KEY-PASSWD-ENCRYTPED below.
|
|||||||||||||||
KEY-PASSWD-ENCRYPTED |
encrypted value (A64) |
R | u | w | b | ||||||||||
Password used to protect the private key. Unlocks the KEY-FILE , for example
MyAppKey.pem . This attribute replaces KEY-PASSWD to avoid a clear-text password as attribute value.
If KEY-PASSWD and KEY-PASSWD-ENCRYTPED are both supplied, KEY-PASSWD-ENCRYTPED takes precedence.
Use program etbnattr -w ssl_key_password --echo_password_only This writes the encrypted password to standard output. |
|||||||||||||||
KEY-STORE |
filename |
R | u | w | b | ||||||||||
SSL certificate; may contain the private key. For test purposes, EntireX delivers certificates for use on various platforms.
See SSL/TLS Sample Certificates Delivered with EntireX.
Example for UNIX and Windows: ExxAppCert.pem. Note: |
|||||||||||||||
MAX-MESSAGE-LENGTH |
2147483647 | n |
O | u | w | b | ||||||||||
Maximum message size that the broker kernel can process using transport method SSL. The default value represents the highest positive number that can be stored in a four-byte integer. | |||||||||||||||
PORT |
1025-65535 |
O | u | w | b | ||||||||||
The SSL port number on which the broker will listen for connection
requests. If not changed, this parameter takes the standard value as specified in the sample attribute file.
If the port number is not specified, the broker will use the default value of 1958. |
|||||||||||||||
RESTART |
YES | NO |
O | u | w | b | ||||||||||
|
|||||||||||||||
RETRY-LIMIT |
20 | n | UNLIM |
O | u | w | b | ||||||||||
Maximum number of attempts to restart the SSL communicator. | |||||||||||||||
RETRY-TIME |
3M | n | nS | nM | nH |
O | u | w | b | ||||||||||
Wait time between suspending SSL communication due to unrecoverable error and the next attempt to restart it.
Minimum: 1S |
|||||||||||||||
REUSE-ADDRESS |
YES | NO |
O | u | w | b | ||||||||||
|
|||||||||||||||
STACK-NAME |
name |
O | u | w | |||||||||||
Name of the TCP/IP stack that the broker is using.
If not specified, broker will connect to the default TCP/IP stack running on the machine. |
|||||||||||||||
TRACE-LEVEL |
0-4 |
O | u | w | b | ||||||||||
The level of tracing to be performed while the broker is running with transport method SSL/TLS.
It overrides the global value of trace level for all SSL/TLS routines.
Trace levels 2, 3 and 4 should be used only when requested by Software AG Support. If you modify the |
|||||||||||||||
TRUST-STORE |
filename | keyring |
R | u | w | b | ||||||||||
Location of the store containing certificates of trust Certificate Authorities (or CAs).
Specify the file name of the CA certificate store. Examples: |
|||||||||||||||
VERIFY-CLIENT |
NO | YES |
O | u | w | b | ||||||||||
For more information see SSL/TLS, HTTP(S), and Certificates with EntireX. |
These attributes define a persistent store that is implemented as a VSAM linear data set (LDS) accessed using Data In Virtual
(DIV).
This DIV persistent store is a container for units of work. The DIV-specific attribute section begins with the keyword DEFAULTS = DIV
.
The attributes in this section are required if PSTORE-TYPE = DIV
is specified.
Note:
All attributes except the deprecated DIV
were introduced with EntireX version 9.12. They replace the Format Parameters of earlier versions, which are deprecated but still supported for compatibility reasons.
Attribute | Values | Opt/ Req |
Operating System | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
z/OS | UNIX | Windows | BS2000 | ||||||||||||
DIV |
A511 |
O | z | ||||||||||||
The VSAM persistent store parameters, enclosed in double quotes (""). The value can span more than one line.
Note: |
|||||||||||||||
DATASPACE-NAME |
A8 |
O | z | ||||||||||||
Defines the name of the dataspace that will be used to map the persistent store.
Default value is |
|||||||||||||||
DATASPACE-PAGES |
126-524284 |
O | z | ||||||||||||
Defines the size of the dataspace used to map the persistent store (size=DATASPACE-PAGES * 4 KB).
We recommend using the maximum value.
Default value is 2048. |
|||||||||||||||
DDNAME |
A8 |
R | z | ||||||||||||
Defines the JCL DDNAME that will be used to access the persistent store.
|
|||||||||||||||
STORE |
A8 |
R | z | ||||||||||||
Defines an internal name that is used to identify the persistent store. | |||||||||||||||
TRACE-LEVEL |
0-4 |
O | z | ||||||||||||
Trace level for DIV. It overrides the global value of trace level in the attribute file.
Trace levels 2, 3 and 4 should be used only when requested by Software AG Support. If you modify the |
The Adabas-specific attribute section begins with the keyword
DEFAULTS = ADABAS
. The attributes in this section are required if
PSTORE-TYPE = ADABAS
is specified. In previous
versions of EntireX, these Adabas-specific attributes and values were
specified in the broker-specific PSTORE‑TYPE
attribute.
The application monitoring-specific attribute section begins with the
keyword DEFAULTS=APPLICATION-MONITORING
. It contains attributes
that apply to the application monitoring functionality. At startup time, the
attributes are read if the Broker-specific attribute
APPLICATION-MONITORING=YES
is specified. Duplicate or missing
values are treated as errors. When an error occurs, application monitoring is
turned off and EntireX Broker continues execution. See Application Monitoring.
Attribute | Values | Opt/ Req |
Operating System | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
z/OS | UNIX | Windows | BS2000 | ||||||||||||
APPLICATION-MONITORING-NAME orAPPMON-NAME |
A100 |
O | z | u | w | b | |||||||||
Specifies a default application monitoring name. Used to set the value of the ApplicationName KPI. | |||||||||||||||
COLLECTOR-BROKER-ID |
A64 |
R | z | u | w | b | |||||||||
Identifies the Application Monitoring Data Collector. Has the format
host_name :port_number , where
The default port is 57900. |
|||||||||||||||
TRACE-LEVEL |
0-4 |
O | z | u | w | b | |||||||||
The level of tracing to be performed while the broker is running with application monitoring.
Trace levels 2, 3 and 4 should be used only when requested by Software AG Support. If you modify the |
The authorization rule-specific attribute section begins with the
keyword DEFAULTS=AUTHORIZATION-RULES
. It contains attributes
that enhance security-related definitions. At startup time, the
attributes are read if the following conditions are met:
Broker-specific attribute SECURITY=YES
Security-specific attributes SECURITY-SYSTEM=OS
and SECURITY-LEVEL=AUTHORIZATION
When an error occurs, the EntireX Broker stops. See Authorization Rules.
Attribute | Values | Opt/ Req |
Operating System | |||
---|---|---|---|---|---|---|
z/OS | UNIX | Windows | BS2000 | |||
RULE-NAME |
A32 |
R | u | w | ||
Specifies a rule name. A rule is a container for a list of services and a list of client and server user IDs. All users defined in a rule are authorized to use all services defined in this rule. See example under Rules Stored in Broker Attribute File. | ||||||
CLASS SERVER SERVICE |
A32 |
R | u | w | ||
These three attributes together identify the service. CLASS must be specified first, followed immediately by SERVER and SERVICE . Wildcard Service Definitions are allowed.
|
||||||
CLIENT-USER-ID |
A32 |
R | u | w | ||
Defines an authorized client user ID. | ||||||
SERVER-USER-ID |
A32 |
R | u | w | ||
Defines an authorized server user ID. |
The broker attribute file contains the configuration of one EntireX Broker instance. In order to share attribute files between different brokers, you identify the attributes that are unique and move them to a variable definition file. This file enables you to share one attribute file among different brokers. Each broker in such a scenario requires its own variable definition file.
The following attributes are considered unique for each machine:
BROKER-ID
(in Broker-specific Attributes)
PORT
(in
SSL/TLS-specific Attributes and
TCP/IP-specific Attributes)
How you use the variable definition file will depend upon your particular
needs. For instance, some optional attributes may require uniqueness - for
example, DBID
and
FNR
in
DEFAULTS=ADABAS
- so that you may specify the persistent store.