of 25

IBM Sterling Connect:Enterprise for UNIX

2 views25 pages

Download

All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
IBM Sterling Connect:Enterprise for UNIX Release Notes Version 2.5 This edition applies to the 2.5 Version of IBM Sterling Connect:Enterprise for UNIX and to all subsequent releases and modifications until
IBM Sterling Connect:Enterprise for UNIX Release Notes Version 2.5 This edition applies to the 2.5 Version of IBM Sterling Connect:Enterprise for UNIX and to all subsequent releases and modifications until otherwise indicated in new editions. Before using this information and the product it supports, read the information in Notices, on page 21. Licensed Materials - Property of IBM IBM Sterling Connect:Enterprise for UNIX Copyright IBM Corp. 1999, All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. CEUNXRN1107 Contents Requirements 5 Hardware and Software Additional Requirements What s New in This Release 7 Description of Defects Resolved for This Release 9 Special Considerations 10 Sterling Connect:Enterprise Base VMWare Preventing AS2 Timeouts AS2 Self-Signed Certificates and Direct Trust Batch Encryption of Inbound AS2 Batches Specifying Port Range Parameters with Nonsecure FTP New Terminal Output File for Major Daemons Allowing the ceuadmin and webdav Daemons to Run Separately High-Availability Environment Considerations for FTP Sessions Resource Use for Communications Sessions Sterling Connect:Enterprise Linux Functionality FTP - Replacing System Standard FTP or SSH Known Restrictions 14 Installation Notes 15 Networked Storage Media UNIX File System Support CPIO File Names During Installation IBM Sterling Connect:Enterprise for UNIX Version Release Notes 3 Contents Kernel Parameters on HP-UX and Linux Operating Systems Kernel Parameters on Solaris Operating Systems Exporting Environment Variables Upgrading to Sterling Connect:Enterprise for UNIX Version Installing the Application 17 Configuring Modems 18 Configuring Modems for Async-Specific Information Stopping Child Process Before Turning Off Async Modem Configuring Modems for Cleo Bisync Support Configuring UDS Modems Using Etherlite Port Servers Notices 21 4 IBM Sterling Connect:Enterprise for UNIX Version Release Notes IBM Sterling Connect:Enterprise for UNIX Version Release Notes The IBM Sterling Connect:Enterprise for UNIX Version Release Notes document supplements IBM Sterling Connect:Enterprise for UNIX version 2.5 documentation. Read the document in its entirety before installation. Version 2.5 includes all maintenance from , , and No Release Notes were published for version The Sterling Connect:Enterprise for UNIX package consists of the distribution media and product publications. Sterling Connect:Enterprise for UNIX is distributed as a file downloaded from the IBM Electronic Software Distribution Portal. See Installing the Application on page 17 for instructions. Requirements Your use of Sterling Connect:Enterprise for UNIX version has the following requirements: Hardware and Software Sterling Connect:Enterprise for UNIX requires the following hardware and software: Note: Sterling Connect:Enterprise for UNIX no longer supports ARTIC cards for Bisync connectivity or the Linux zseries operating system. Component or Functionality Hardware Software Sterling Connect:Enterprise for UNIX Base HP 9000 platform (PA-RISC only) HP-UX 11.23, IBM RISC System/6000 platform AIX 6.1, 7.1 SUN SPARC systems Solaris 10 or 11 Intel Pentium system RedHat Enterprise Linux EL 5 SuSE Linux Enterprise Server 10 or 11 IBM Sterling Connect:Enterprise for UNIX Version Release Notes 5 Requirements Component or Functionality Hardware Software External Authentication Service Open LDAP version 2.2 Open LDAP version 2.3 IBM Tivoli 5.2 with Fixpack 3 Microsoft Windows 2003 Domain Functional Level Active Directory Service interface daemon for the Site Administration user interface and WebDAV server AS2 Site Administration user interface IBM JRE version 1.6 (provided) IBM JRE version 1.6 (provided) Browser: Internet Explorer version 7.0 and later Mozilla Firefox 3.6 and later Web servers\servlet engine options: Jetty server (installed with Sterling Connect:Enterprise for UNIX) IBM WebSphere 7.0 and 8.0 on all supported UNIX platforms SunONE Application Server 7.0 (formerly iplanet) on all supported UNIX and Microsoft Windows platforms Apache HTTP Server 1.3 or later with Tomcat 5.0 and 6.0 on all supported UNIX platforms IIS version 5.0 with JRun 4.0 on all supported Microsoft Windows platforms User exits Sterling Connect:Direct for UNIX interoperability Operating system-compatible ANSI C compiler Sterling Connect:Direct for UNIX version 3.8 and later Communications TCP/IP support Supported Modem/LAN device options: Synchronous modem (external) Asynchronous modem (external) Ethernet or Token Ring network card 6 IBM Sterling Connect:Enterprise for UNIX Version Release Notes What s New in This Release Component or Functionality Hardware Software Async Communications Bisync Cleo SYNCcable+ MUX card that supports modem controls and hardware flow control, for example, J2094A, and the cables required for your environment. Note: Contact Hewlett-Packard for information on DTC16 MUX boards that support modem hardware flow control and the specific cables they require to support modems. Sun Microsystems part number X1008A - 8-port serial parallel controller (includes internal S-bus adapter, cable, and external 8-port panel). Verify hardware compatibility with Sun Microsystems. One 3780Plus package or kit for each communications line One Cleo-supported synchronous modem for each communications line Digi Etherlite port server or servers for additional asynchronous ports HP-UX 11.23, (PA-RISC only) SUN SPARC Solaris 10 or 11 operating system Included with 3780Plus package or kit Additional Requirements Sterling Connect:Enterprise for UNIX has the following additional software requirements: Berkeley Software Distribution (BSD) sockets or compatible support SOCKS version 4.x is required if you are using SOCKS for network access control. If you use Sterling Connect:Enterprise HTTP, you must run Sterling Connect:Enterprise HTTP version to view files larger than 2 GB in the directory list. What s New in This Release Sterling Connect:Enterprise for UNIX version 2.5 has the following features and enhancements: Note: If you are upgrading from a previous release of Sterling Connect:Enterprise for UNIX and you use Password Encryption or Stored Batch Encryption, please read the section entitled Upgrading to Sterling Connect:Enterprise for UNIX Version for important fallback information. IBM Sterling Connect:Enterprise for UNIX Version Release Notes 7 What s New in This Release Version Enhancement Supports WebSphere Application Server 7.0 and 8.0 Removes asset protection Ships IBM JRE 1.6 with Sterling Connect:Enterprise for UNIX External authentication is no longer shipped with the product. New Customers can connect only to an external SEAS (by hostname and port). Upgrading Customers using the internal external authentication may continue to use it (started by pathname). Upgrades the Certicom Java toolkit, which provides better AS2 certificate recognition Supports FTP/TLS transport encryption, AES ciphers, and improved diagnostics Supports AES128 ciphers for password encryption and stored batch encryption Supports multiple HTTP daemons in AS2 autoconnect definitions for better failover Provides better error detection and recovery of DMZ protocol daemons Includes support for idle session timeout for SSH remote connect sessions Upgrades Jetty to version to address known security issues Includes support for Intel Linux SuSE 11 Upgrades OpenSSL to version 0.9.8L to address known security issues Upgrades Jetty to version to address known security issues Supports Intel Linux RedHat AS5 Provides support for HPUX (PA-RISC only) Provides support for AIX Provides better tracing of SSL handshake errors Reduces AS2 trace output Allows the filename to be sent in AS2 header Updates OpenSSL libraries to 09.8D level Allows wildcarding in mailbox list Allows you to turn off in-progress (P) flag without taking product down Allows download of multitransmit (M) batch from multiple sessions simultaneously Logs device/ip/ports used during protocol sessions Logs the reset of a locked ID Honors the order of resources in the autoconnect (ACD) definition Updates cmurebuild -x to automatically delete index files before rebuilding Adds new -N passphrase parameter on cmusshkey, ceupassadm, ceupassencrypt 8 IBM Sterling Connect:Enterprise for UNIX Version Release Notes Description of Defects Resolved for This Release Version Enhancement Allows extracts without setting extracted (E) flag via API Adds new utility to dump user rolefile databases Makes AS2 contract configuration screens more intuitive Rerequests passphrase on failed first attempt Remembers passphrase during Admin GUI session Allows you to filter batches by P flag Splits the Add button on the Manage Schedules screen into Add and Add AS2 Allows you to set an AS2 chunking threshold less than 2GB Supports Java JDK 1.5 and 1.6 Supports Intel Linux Red Hat AS4 Supports WebSphere Application Server 6.1 Supports Intel SuSE Linux 9 and Increases data buffer sizes to 16 KB, to and from the mailbox daemon Eliminates unnecessary internal acknowledgement data flows through the extract and transmit operations Allows ceuadmin and webdav daemons to run separately Provides support for large AS2 payload sizes with no forced or implied maximum AS2 file size Provides AS2 batch correlation through a new batch naming convention, which includes the batch number of the original payload batch Provides dynamic tracing capability for the Java daemons Supports Solaris 10 Supports Implicit SSL Description of Defects Resolved for This Release The following table describes the defects resolved for Sterling Connect:Enterprise for UNIX version since the last maintenance release. For the history of issues resolved prior to this release, navigate to the Product Updates/Downloads site for your product and platform and review the Fix List. Defect QC QC Description Intermittent mailbox add failures occur when doing an mput from FTPDMZ. SSH password authentication fails when attempting to authenticate to server with Kerberos (GSS) authentication allowed. IBM Sterling Connect:Enterprise for UNIX Version Release Notes 9 Special Considerations Defect QC QC QC QC QC Description When SIPS encryption is turned on, extract fails for large files. The ceupassencrypt utility fails when the RSD path+filename is greater than 80 bytes. After a successful send, FTP/SSL autoconnect fails due to close_notify hang. cmufixup utility is removing files for batches that are currently being added. For an implicit FTP/SSL autoconnect, Sterling Connect:Enterprise for UNIX is not sending the PROT P command that is required by some servers. Special Considerations This section contains considerations in addition to the procedures contained in this document and the other Sterling Connect:Enterprise for UNIX documents. Refer to the following notes before installing the product. Sterling Connect:Enterprise Base VMWare Consider the following information when you configure Sterling Connect:Enterprise for UNIX. Sterling Connect:Enterprise for UNIX may be run on a supported OS under VMWare. If Technical Support cannot replicate an issue in a certified environment, they will require you to replicate the issue in a certified environment before troubleshooting further. Preventing AS2 Timeouts To avoid timeout problems when sending large AS2 batches, use Async MDNs. AS2 Self-Signed Certificates and Direct Trust When you are configuring AS2 contracts for SSL (HTTPS), two trust models are offered: Trusted Certificates and Direct Trust. If your trading partner is using self-signed certificates for SSL (as opposed to certificates signed by a Certificate Authority), you must configure the contract to use Direct Trust. Otherwise, the connection will fail. This behavior changed from version , so take particular care when upgrading to version Batch Encryption of Inbound AS2 Batches Sterling Connect:Enterprise for UNIX saves a transcript (copy) of every inbound AS2 message in the dead-letter mailbox (if one is configured in the port s definition; otherwise, the target mailbox specified in the request will be used). If request processing is successful and the trading partner s contract specifies to Retain original messages in recipient mailbox, then the transcript will be 10 IBM Sterling Connect:Enterprise for UNIX Version Release Notes Special Considerations moved to the target mailbox and given the.as2 suffix. If processing is unsuccessful, the transcript is simply given the.bq suffix, indicating the inbound request was not processed. If batch encryption has been configured for the dead-letter mailbox only, then the transcript will remain encrypted even though it has been moved to the target (unencrypted) mailbox. Likewise, if only the target mailbox has been configured for batch encryption, then the transcript will remain unencrypted even though it has been moved to the target (encrypted) mailbox. Specifying Port Range Parameters with Nonsecure FTP When nonsecure FTP is used, the following parameters must be specified in the FTP communications protocol definition (CPD file) because they are not supported in the schedule definition (ACD file) or the remote account definition (RSD file): PASSIVE PORT_RANGE PORT_RETRIES PORT_RETRY_WAIT_TIME New Terminal Output File for Major Daemons All major daemons start normally and then redirect output to /dev/null and stdin from /dev/null. This enhancement was introduced in version to keep the product from hanging when the id that started it logged off and could not accept console messages. In some cases, however, you may miss valuable diagnostic information from the daemons. You can redirect the stdout and stderr streams to a file by adding the -o filename option to each of the major daemons in the ceustartup script. Allowing the ceuadmin and webdav Daemons to Run Separately The ceuadmin and webdav daemons may be run separately to allow for using different placement and/or access options. For example, you may want to run the WebDAV daemon in the DMZ and disable the Admin functionality there. The cmuadmind script now allows the -D ceudav and -D admin options to disable one or the other functionality: Admin Option Description -D ceudav Disables the WebDAV service, and prevents deployment of ceudav.war, if it is present. -D admin Disables the admin UI service, and prevents deployment of ceuadmin.war, if it is present. The -w portnum , -W portnum , and -f cpdfile options are no longer supported as command line options to cmuadmind. IBM Sterling Connect:Enterprise for UNIX Version Release Notes 11 Special Considerations The -C configfile option has been added to cmuadmind, where configfile can be either of the following: A simple file name, for which the default path is $CMUHOME/cpd/admin A fully-qualified path to a file (starting from /). The default is $CMUHOME/cpd/admin/Admind.xml. Note: The cmuadmind changes may cause upgrade issues if you are running a release earlier than Sterling Connect:Enterprise for UNIX version Reconfiguration of the cmuadmind services is required if you are running a release prior to version High-Availability Environment If you require a high-availability environment, obtain third-party high-availability software from the IBM (HACMP), Sun (Sun Cluster), or Hewlett-Packard (MC/Service Guard) corporations. Sterling Connect:Enterprise for UNIX supports the failover capabilities of IBM high-availability cluster multi-processing (HACMP), Sun Cluster, and Hewlett-Packard MC/Service Guard high-availability software using bisynchronous and FTP protocols. The following list identifies considerations for inbound and outbound transmissions on all platforms: When a failover occurs, the sender must restart inbound file transfers that are in progress. Depending upon the timing and nature of a failure that results in a failover, specific outbound transfers may also require a manual restart. The high-availability feature in IBM Sterling Connect:Direct for UNIX can be integrated with the Sterling Connect:Enterprise for UNIX high-availability feature. Considerations for FTP Sessions Use the following information for establishing and maintaining FTP sessions: An FTP session attempted with the Remote communication sequence (mode) parameter set to Send, then receive fails when the AC send directory and AC receive directory parameters are not set. To avoid this problem, ensure that the AC send directory and AC receive directory parameters are set and that the send directory is different from the receive directory. The Sterling Connect:Enterprise server closes the control channel when it is out of disk space for FTP connections. If this occurs, the FTP transfer must be restarted. Resource Use for Communications Sessions Sterling Connect:Enterprise for UNIX requires one semaphore, one shared memory segment, and at least one socket descriptor for each communications session (FTP, Async, or Bisync). In addition, each bisync port configured with the SYNCcable+ hardware uses one shared memory segment between 20 K and 40 K. When the session finishes, those resources are released. As a result, the total number of concurrent communications sessions possible on a particular platform depends on the settings of these kernel parameters. In addition, be aware of what other users are doing on the same system, because other activities can require the same resources needed by Sterling Connect:Enterprise for UNIX. 12 IBM Sterling Connect:Enterprise for UNIX Version Release Notes Special Considerations Sterling Connect:Enterprise Linux Functionality Consider the following information for the Linux operating system: Approximately 20 Java processes start when the http daemon and the ediint daemon are started on the Linux OS. This is normal behavior that is due to the Linux thread support architecture. FTP - Replacing System Standard FTP or SSH The Sterling Connect:Enterprise for UNIX FTP and SSHFTP servers can run in place of the system standard servers to provide a more secure point of entry to your Sterling Connect:Enterprise for UNIX system. To replace your system servers: 1. In your Sterling Connect:Enterprise for UNIX binary directory ($CMUHOME/ os /bin), change the owner of the FTP and SSHFTP binaries and setuid to root, this allows Sterling Connect:Enterprise for UNIX to listen on the standard FTP and SSH ports (21 and 22). For FTP, use the following commands: $ chown root cmuftpd ftpd ftp $ chmod 4755 cmuftpd ftpd ftp For SSH, use the following commands: $ chown root cmusshftpd sftp-server $ chmod 4755 cmusshftpd sftp-server 2. Edit the communication port definition file for FTP and SSHFTP to change the value for PORTLISTENER to 21 and 22, respectively. Port Definition File Value $CMUHOME/cpd/ftp.cpd PORTLISTENER = 21 $CMUHOME/cpd/sshftp.cpd PORTLISTENER = Copy the Sterling Connect:Enterprise for UNIX inter-process communication shared object library to /usr/lib and mark it as owned by root. Use the following commands: $ cp $CMUHOME/ os /lib/libcmusips.so /usr/lib Note: For HP-UX, copy libcmusips.sl and not libcmusips.so. $ chown root /usr/lib/libcmusips.so Note: For HP-UX, mark libcmusips.sl and not libcmusips.so IBM Sterling Connect:Enterprise for UNIX Version Release Notes 13 Known Restrictions 4. Delete or comment out the line in /etc/inetd.conf that refers to ftp and sshftpd, for example: #ftp stream tcp nowait root /etc/ftpd ftpd #sftp stream tcp nowait root /etc/sftpd sftpd 5. Signal inetd so that the change will take effect: $ kill -1 nnnn The nnnn is inetd PID number. 6. Restart Sterling Connect:Enterprise for UNIX so that its configuration changes will take effect: $ ceushutdown -i $ ceustartup 7. When installing a new release or adding maintenance to any of the above modules, you will need to take off the root permissions, do the install, and add the root permissions again. Known Restrictions Sterling Conn
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks