Administrating EntireX CICS® ECI RPC Server

The EntireX CICS® ECI RPC Server allows standard RPC clients to communicate with CICS programs running on IBM CICS® version 3.2 and higher. The CICS ECI RPC Server transforms the RPCs from the clients into messages to CICS ECI. The CICS ECI RPC Server acts on one side as an RPC server and on the other side as a client for CICS ECI. The CICS ECI RPC Server is a Java-based component that can run on a different host to the one where CICS is running. This allows it to operate with a zero footprint of EntireX on the CICS host.

This document covers the following topics:


Customizing the CICS ECI RPC Server

For the setup of the CICS ECI RPC Server there are

  • a configuration file and

  • scripts to start the CICS ECI RPC Server.

Location of the CICS ECI RPC Server

The CICS ECI RPC Server is contained in the file entirex.jar.

The Configuration File

The default name of the configuration file is entirex.cicseci.properties. The CICS ECI RPC Server searches for this file in the current working directory.

You can set the name of the configuration file with -Dentirex.server.properties=<your file name> with "/" as file separator.

The configuration file contains the configuration for both parts of the CICS ECI RPC Server.

graphics/cicsEci_config.png

Start of instruction setTo set up the CICS ECI RPC Server

  1. Use the RPC server agent of the System Management Hub.

  2. Add the CICS ECI RPC Server as an RPC server.

    See Administering the EntireX RPC Servers using System Management Hub under UNIX | Windows for details.

    Or:
    Use the scripts to start the CICS ECI RPC Server.

    Both scripts use the configuration file entirex.cicseci.properties in the folder etc.

Configuring more than one CICS ECI RPC Server

If you configure more than one CICS ECI RPC Server that connect to the same broker, the following items must be distinct:

  • the trace output file (property entirex.server.logfile)

  • the monitor port for SMH (property entirex.server.monitorport)

  • the log for the Windows Service (property entirex.server.serverlog)

  • the trace output file of the SMH agent for RPC servers

Configuring the RPC Server Side

The RPC server side of the CICS ECI RPC Server is configured like the Java RPC Server. The CICS ECI RPC Server uses the properties that start with "entirex.server".

The RPC server side can adjust the number of worker threads to the number of parallel requests. Use the properties entirex.server.fixedservers, entirex.server.maxservers and entirex.server.minservers to configure this scalability.

  • If entirex.server.fixedservers=yes, the number of entirex.server.minservers is started and the server can process this number of parallel requests.

  • If entirex.server.fixedservers=no, the number of worker threads balances between entirex.server.minservers and entirex.server.maxservers. This is done by a so-called attach server thread. On startup, the number of worker threads is entirex.server.minservers.

If more than entirex.server.minservers are waiting for requests, a worker thread stops if its receive call times out. The timeout period is configured with entirex.server.waitserver.

Alternatively to the properties, you can use the command-line option. The command-line options have a higher priority than the properties set as Java system properties and these have higher priority than the properties in the configuration file.

Name Command-line Option Default Value Explanation
entirex.bridge.verbose   no Verbose/trace mode of CICS ECI RPC Server. Set this to "yes" to trace sent to CICS ECI.
entirex.server.brokerid -broker localhost Broker ID. See URL-style Broker ID.
entirex.server.serveraddress -server RPC/SRV1/CALLNAT Server address.
entirex.server.userid -user CICSECIRPCServer The user ID for the Broker for RPC. See entirex.server.password.
entirex.server.fixedservers   no
no Use attach server to manage worker threads.
yes Run minimum number of server threads.
entirex.server.minservers   1 Minimum number of server threads.
entirex.server.maxservers   32 Maximum number of server threads.
entirex.server.restartcycles -restartcycles 15 Number of restart attempts if the Broker is not available. This can be used to keep the CICS ECI RPC Server running while the Broker is down for a short time.
entirex.server.password -password   The password for secured access to the Broker.
The password is encrypted and written to the property entirex.server.password.e.
To change the password, set the new password in the properties file (default is entirex.cicseci.properties).
To disable password encryption set entirex.server.passwordencrypt=no. Default for this property is "yes".
entirex.server.security -security no no|yes|auto|name of BrokerSecurity object
entirex.server.encryptionlevel   0 Deprecated. For encrypted transport we strongly recommend using the Secure Sockets Layer/Transport Layer Security protocol. See SSL/TLS and Certificates with EntireX.
entirex.server.compresslevel -compresslevel 0 Permitted values (you can enter the text or the numeric value)
BEST_COMPRESSION 9
BEST_SPEED 1
DEFAULT_COMPRESSION -1, mapped to 6
DEFLATED 8
NO_COMPRESSION 0
N 0
Y 8
entirex.server.waitattach   600S Wait timeout for the attach server thread.
entirex.server.waitserver   300S Wait timeout for the worker threads.
entirex.timeout   20 TCP/IP transport timeout. See Setting the Transport Timeout under Writing Advanced Applications - EntireX Java ACI.
entirex.server.verbose -verbose no Enable verbose output to the log file.
entirex.server.logfile -logfile   Name of the log file, default is standard output.
entirex.trace -trace 0 Trace level (1,2,3).
entirex.server.monitorport -smhport 0 The port where the server listens for commands from the System Management Hub (SMH). If this port is 0, no port is used and management by the SMH is disabled.

Configuring the CICS ECI Side

These properties are used to configure the connection to CICS ECI.

Alternatively, you can use the command-line options. These have a higher priority than the properties set as Java system properties, and these have higher priority than the properties in the configuration file.

Name Default Value Explanation
cics.host   Host name of CICS ECI. Mandatory.
cics.port   Port number of CICS ECI. Mandatory.
cics.transaction   Name of the CICS mirror transaction that will receive transactions. Mandatory.
entirex.bridge.targetencoding cp037 Specify the appropriate EBCDIC encoding used by your CICS ECI. This codepage is also used when communicating with the EntireX Broker.

Note:
Enable conversion in the Broker attribute file so the data can be converted correctly, typically by setting service-specific attribute CONVERSION to "SAGTCHA".

Default "cp037" is EBCDIC codepage with full Latin-1 character set.

cics.sockettimeout 10000 Socket timeout for connection to CICS ECI (in milliseconds).
cics.userid   RACF user ID. Maximum 8 bytes (optional).
cics.password   RACF password/PassTicket. Maximum 8 bytes (optional).
cics.sslparams   SSL parameters (optional). Same syntax as Broker ID.
cics.mapping.folder   The folder where the RPC server expects server-side mapping files (EntireX Workbench files with extension .svm). See Deploying Server-side Mapping Files to the RPC Server and Undeploying Server-side Mapping Files from the RPC Server.

There are also client-side mapping files that do not require configuration here. See Server Mapping Files for COBOL.

If no server requires server-side mapping, you can omit this property.

If one server requires server-side mapping, this property must be specified.

Using SSL/TLS with the RPC Server

To use SSL with the CICS ECI RPC Server, you need to configure two sides:

  • CICS ECI Side
    See parameter cics.sslparams under Configuring the CICS ECI Side.

  • RPC Server Side
    RPC servers can use Secure Sockets Layer/Transport Layer Security (SSL/TLS) as the transport medium. The term "SSL" in this section refers to both SSL and TLS. RPC-based servers are always SSL clients. The SSL server can be either the EntireX Broker or Broker SSL Agent. For an introduction see SSL/TLS and Certificates in the Security documentation.

    Start of instruction setTo use SSL

    1. To operate with SSL, certificates need to be provided and maintained. Depending on the platform, Software AG provides default certificates, but we strongly recommend that you create your own. See Default Certificates Delivered with EntireX under SSL/TLS and Certificates with EntireX in the Security documentation.

    2. Set up the CICS ECI RPC Server for an SSL connection.

      Use the URL-style Broker ID with protocol ssl:// for the Broker ID. If no port number is specified, port 1958 is used as default. Example:

      ssl://localhost:22101?trust_store=C:\SoftwareAG\EntireX\etc\ExxCACert.jks&verify_server=no

      If the SSL client checks the validity of the SSL server only, this is known as one-way SSL. The mandatory trust_store parameter specifies the file name of a keystore that must contain the list of trusted certificate authorities for the certificate of the SSL server. By default a check is made that the certificate of the SSL server is issued for the hostname specified in the Broker ID. The common name of the subject entry in the server's certificate is checked against the hostname. If they do not match, the connection will be refused. You can disable this check with SSL parameter verify_server=no.

      If the SSL server additionally checks the identity of the SSL client, this is known as two-way SSL. In this case the SSL server requests a client certificate (the parameter verify_client=yes is defined in the configuration of the SSL server). Two additional SSL parameters must be specified on the SSL client side: key_store and key_passwd. This keystore must contain the private key of the SSL client. The password that protects the private key is specified with key_passwd.

      The ampersand (&) character cannot appear in the password.

      SSL parameters are separated by ampersand (&). See also SSL/TLS Parameters for EntireX Clients and Servers.

    3. Make sure the SSL server to which the RPC side connects is prepared for SSL connections as well. The SSL server can be EntireX Broker or Broker SSL Agent. See:

      • Running Broker with SSL/TLS Transport under z/OS | UNIX | Windows | z/VSE

      • Settting up and Administering the EntireX Broker SSL Agent under UNIX | Windows

Starting the CICS ECI RPC Server

Start of instruction setTo start the CICS ECI RPC Server

  • Use the script cicseciserver in the folder bin to start the CICS ECI RPC Server. You may customize this file.

    Or:
    Use the RPC server agent in the System Management Hub to configure and start the CICS ECI RPC Server.

    See Administering the EntireX RPC Servers using System Management Hub under UNIX | Windows for details.

Stopping the CICS ECI RPC Server

Start of instruction setTo stop the CICS ECI RPC Server

  • Use the RPC server agent in the SMH to stop the CICS ECI RPC Server.

    Or:
    Use the agent for the Broker. Use Deregister on the service, specified with the property entirex.server.serveraddress.

Application Identification

The application identification is sent from the CICS ECI RPC Server to the Broker. It is visible with Broker Command and Information Services.

The identification consists of four parts: name, node, type, and version. These four parts are sent with each Broker call and are visible in the trace information.

For the CICS ECI RPC Server, these values are:

Identification Part Value
Application name ANAME=CICS ECI RPC Server
Node name ANODE=<host name>
Application type ATYPE=Java
Version AVERS=9.9.0.0