Lotus Domino Go Webserver 5.0 for OS/390 Enhancements

Software Announcement
May 5, 1998
Announcement Letter Number: 298-151


Table of Contents:

(Corrected on May 19, 1998)

In the Description section, corrected the 128-bit Encryption bullet under New Features; in Supplemental Information, corrected the Education Allownce section.

At a Glance

The new enhancements offer improvements to your e-business customers in the following areas:

  • Security

  • Performance

  • Workload Manager (WLM) Exploitation

  • Systems Management

  • Configuration
-----------------------------------------
For ordering, contact:
  Your IBM representative, an IBM
  Business Partner, or IBM North America
  Sales Centers at
    800-IBM-CALL  Reference: LE010

EXTRA! EXTRA! . . .

Subscribe to IBM iSource, your electronic source for customized IBM information! Go to our web site at http://www.ibm.com/isource or send an e-mail to info@isource.ibm.com with the word SUBSCRIBE in the body.



Overview

The enhancements for Domino (TM) Go Webserver (DGW) 5.0 for OS/390 (TM) continue to build on its industry leadership position in support of critical e-business applications. They provide additional performance, security, and Workload Manager (WLM) capability in concert with expanded user install options and configuration enhancements.

  • Security Enhancements
    • Public Key Infrastructure (PKI) Enablement allows the server to exploit Public Key architecture

    • Crypto Keysize Selection enables the server administrator to specify the level of encryption to be used

    • Less Complex and More Secure Key and Certificate Management

    • 128-bit Encryption Support for Export (outside North America) Browsers
  • Performance Improvements have been achieved by incorporating IBM Web Traffic Express enhanced caching algorithms and running an enhanced Java (TM) engine inside the DGW 5.0 address space. This enhanced Java engine, code named ServletExpress, is shipped to OS/390 customers as part of DGW 5.0.

  • Improved Workload Manager Exploitation
    • Enabling Secure Sockets Layer (SSL) Requests to participate in WLM Application Environment queueing

    • Encouraging Efficient Utilization of System Resources
  • Systems Management
    • User-Defined Install Path allows multiple copies of Webserver on the same MVS (TM) image.

    • Configuration Enhancements:
      • Frames-based Interface

      • Continued Reliability, Availability, and Serviceability (RAS) Improvements



Intended Customers

For customers who want to:

  • Start conducting electronic commerce on the Internet

  • Integrate existing S/390 (R) transactions and data into Web applications

  • Create a secure intranet within their organization

  • Establish a secure World Wide Web (WWW) presence on the Internet



Key Prerequisites

Hardware: Operates on all ESA-capable machines supporting OS/390 Version 2 Release 5, or later

Software

  • OS/390 Version 2 Release 5
  • An INET transport provider



Planned Availability Date

  • June 12, 1998, English
  • July 10, 1998, Japanese

------------------------------

This announcement is provided for your information only. For additional information, contact your IBM representative, call 800-IBM-4YOU, or visit the IBM home page at: http://www.ibm.com



DESCRIPTION

IBM provides a comprehensive set of Internet products and solutions that can Web-enable your business. With the new Domino Go Webserver product, a business can effectively promote its corporate messages, provide marketing information, give sales support to customers, gain a competitive edge by having its own home pages accessible, and conduct electronic commerce on the Web. Access to the Web pages can be kept within a company or made available outside of the company.

The predecessor product, Domino Go Webserver 4.6.1 for OS/390, provides the capability to establish a WWW secure presence on the Internet and conduct secure business-critical electronic commerce. Some of the features and functions that provide this capability are:

  • Home Page repository
  • Full HTTP 1.1 compliance
  • Repository for imbedded binary resources
  • Use of the OS/390 System Authorization Facility (SAF)
  • Proxy support
  • Proxy caching
  • CGI support
  • Easy-to-use configuration tool
  • NLS enablement
  • Security
  • Go Webserver API (GWAPI) -- Formerly called Internet connection API (ICAPI)
  • Server-Side Includes
  • Error message customization
  • Enhanced logging and reporting
  • Multiple IP address support
  • Proxy authentication
  • Local file caching
  • Default code page support
  • S/390 Cryptographic Hardware support
  • Workload Manager (WLM) enablement
  • Web Usage Mining
  • OS/390 Console Support
  • SSL V3 support
  • Automatic browser detection
  • CGI support for C, REXX, Perl, and Java
  • PICS support
  • Client authentication
  • SNMP subagent
  • SOCKS support
  • SSL tunneling
  • OS/390 Dataset Support
  • Inputs to OS/390 System Management Facility logs
  • Authentication Using a Certificate
  • Java 1.1 Support
  • Fast CGI Support



New Features

Domino Go Webserver 5.0 for OS/390 (DGW 5.0 for OS/390) has incorporated improvements in the areas of security, performance, Workload Manager (WLM) exploitation, and systems management that extend its leadership position.

  • Security Enhancements
    • Public Key Infrastructure (PKI) enablement: Allows the server to exploit Public Key architecture. It lets customers take advantage of Certificate Authorities that issue and revoke client and server certificates. A Certificate Revocation List (CRL) is used to notify servers of a certificate revocation. Lightweight Directory Access Protocol (LDAP) is used to retrieve the CRL from the directory server. The Public Key architecture is based on X.500 and X.509 standards.

    • Crypto Keysize Selection: Enables the server administrator to specify the level of encryption to be used, versus the default, which is the highest (strongest) level common to both requester and server. The administrator may use a lower level of encryption when appropriate, with an accompanying improvement in performance, or refuse connection to a requester at levels lower than those he/she has specified.

    • Less Complex and More Secure key and certificate management function: The security is improved by running the key management function outside the server but in the same physical machine. This eliminates connecting to the key management function over the network. The complexity of setting up a secure server has been reduced by requiring less interaction from the administrator.

    • 128-bit Encryption support for export (outside North America) browsers: This enables export browsers, with 128-bit encryption capability, to use 128-bit encryption when communicating with financial institution servers authorized to use 128-bit encryption. This requires a special financial institution server certificate from an authorized certificate authority.
  • Performance improvements have been achieved through:
    • Running an enhanced Java servlet engine inside the DGW 5.0 for OS/390 address space. This enhanced Java engine, code named ServletExpress, is shipped to OS/390 customers as part of DGW 5.0 for OS/390 and is its Java engine. Running it inside the address space results in less data transfer for servlet execution. Some of the features and functions of ServletExpress are:
      • Full support for the latest session-tracking APIs
      • A graphical interface for servlet management
      • Web-based remote administration
      • Security features, including "servlet sandbox" and access control lists
      • Servlet chaining
      • Loading from Jar files
    • Integration of Web Traffic Express into DGW 5.0 for OS/390:
      • Enhanced Caching Algorithms: Caching algorithms, specifically aimed at increasing the likelihood of finding a Web object in the local cache, have been incorporated into the server. In the past, typical Web object caching algorithms have been derived from traditional computer caching schema where the objects to be cached are of known and consistent sizes. Web objects are variable in size and have different arrival characteristics which were not considered by traditional caching algorithms.

      • Automatic Cache Refresh: The server has the flexibility of having the automatic cache controlled by the administrator or controlled by algorithms in the server. For example, the administrator might decide to always cache and refresh on a specified time schedule the company home page. Or, the server can be configured to determine the top "n" (set by administrator) most frequently accessed pages, cache them, and refresh on a nightly basis. This method could be used to provide fresh high usage pages at the beginning of the work day or shift.

      • Over-Ride of Page Caching Information: Some Web pages have header information that specifies they be fetched from the source each time they are requested. This might be done, as an example, to maximize the earnings from advertising contained in these pages. This practice tends to use additional network bandwidth resources and extends the time spent waiting for it by the user versus having the page cached. The administrator is provided the capability to override the header instructions, by URL, to not cache. In addition to caching the page, the time interval before refresh can be set.
  • Improved Workload Manager Exploitation
    • Enabling Secure Sockets Layer (SSL) requests to participate in Workload Manager (WLM) Application Environment queuing which extends the WLM advantages first provided in Internet Connection Secure Server (ICSS) 2.2 for OS/390 to key business-critical applications

    • Encouraging efficient utilization of system resources such as CICS (R) EXCI connections and DB2 (R) Database by controlling which application environments specific plug-ins are loaded
  • Systems Management
    • User-Defined Install Path allows multiple copies of a Webserver on the same MVS image. This provides users with an orderly migration path.
    • Configuration Enhancements:
      • The user interface for the Go Server will be a frames-based interface

      • Continued Reliability, Availability, and Serviceability (RAS) improvements
The availability of DGW 5.0 for OS/390 can offer important benefits for business and government customers such as:
  • Starting an electronic commerce system on the Internet

  • Establishing a secure intranet or Internet site that integrates existing transactions and data

  • Use of centralized skills in maintenance of HTML pages

  • Consolidation of support in the data center to provide economies in meeting the needs of many departments requiring a presence on the Web

  • Support of large repositories utilizing the large storage capacities of System/390 (R)

  • Access to frequently changed pages that can be maintained centrally in distributed server environments

  • Access to selected up-to-the minute data maintained in centralized database applications on System/390
Support for the Secure Sockets Layer (SSL), and the S/390 Cryptographic Hardware feature are part of IBM's SecureWay (TM) portfolio of security offerings. For additional information about SecureWay, visit the IBM Security Home Page at URL: For more information about products that may be used with DGW 5.0 for OS/390 to provide additional capabilities and functions, refer to Software Announcement 297-355 dated September 9, 1997.

Three implementations of the security function exist, one for the U.S. and Canada, one for France, and one for all other countries. The U.S. and Canadian version cannot be made available outside the U.S. or Canada since it contains DES, triple DES, 128-bit RC2, and 128-bit RC4 cryptographic algorithms for bulk data encryption as well as up to 1024-bit RSA key exchange. This version cannot be exported outside the U.S. and Canada to any entities. The version of the product announced outside of U.S., Canada, and France uses DES, 40-bit RC2, and 40-bit RC4 cryptographic algorithms for bulk data encryption as well as up to 512-bit RSA key exchange. The version of the product for France uses 40-bit RC2, and 40-bit RC4 cryptographic algorithms for bulk data encryption as well as up to 512-bit RSA key exchange. Because the cryptographic export regulations are subject to change, refer to the ICS Web pages at:

DGW 5.0 for OS/390 may be ordered as a stand-alone product immediately. It will be integrated into OS/390 Version 2 Release 6 September 1998. It may be ordered without the security feature for those installations not requiring it. Refer to the Ordering Information section for selection of the appropriate feature number.



Year 2000

This product is Year 2000 ready. When used in accordance with its associated documentation, it is capable of correctly processing, providing, and/or receiving date data within and between the twentieth and twenty-first centuries, provided all other products (for example, software, hardware, and firmware) used with the product properly exchange accurate date data with it.

The maintenance end date for this Year-2000-ready product is January 31, 2001.



HARDWARE AND SOFTWARE SUPPORT SERVICES



SmoothStart (TM)/Installation Services

SmoothStart Services, an on-site implementation and training startup services designed to accelerate your productive use of your IBM solution, is provided by IBM Global Services or your IBM Business Partner at an additional cost. For additional information on IBM SmoothStart Services, refer to Services Announcement 697-004 dated March 25, 1997, or contact your IBM representative and ask for SmoothStart Services for Domino Go Webserver for S/390.

Trademarks

      OS/390, MVS, SecureWay, and SmoothStart are trademarks of
      International Business Machines Corporation in the United
      States or other countries or both.
      S/390, CICS, DB2, and System/390 are registered trademarks of
      International Business Machines Corporation in the United
      States or other countries or both.
      Java is a trademark of Sun Microsystems, Inc.
      Domino is a trademark of Lotus Development Corporation.
      Other company, product, and service names may be trademarks or
      service marks of others.



SUPPLEMENTAL INFORMATION

Open Enterprise: The following key networking industry standards are supported by Domino (TM) Go Webserver 5.0 for OS/390 (TM):

  • TCP/IP
  • HTML V2.0 plus extensions
  • HTTP V1.1
  • Common Gateway Interface (CGI) V1.1
  • Secure Sockets Layer (SSL) V3.0



TECHNICAL INFORMATION



Specified Operating Environment

Hardware Requirements: DGW 5.0 for OS/390 operates on all ESA-capable machines supporting OS/390 Version 2 Release 5 and later. Additional requirements include:

  • One tape or cartridge drive for installation
  • Communication hardware for network attachment supported by the transport provider
  • One or more workstations capable of running a Web browser for configuration and administration
Software Requirements:
  • OS/390 Version 2 Release 5

    DGW 5.0 for OS/390 exploits and depends upon OS/390 Version 2 Release 5 UNIX (R) System Services.

  • A supported OpenEdition (R) INET transport provider such as:
    • TCP/IP Version 3 (5655-HAL) or

    • ACF/VTAM (R) Version 4 Release 3 (5695-117) with AnyNet (R)/MVS (TM) feature
Compatibility: DGW 5.0 for OS/390 uses industry-standard protocols and is compatible with other Web clients and servers that are compliant with these protocols.



Security, Auditability, and Control

DGW 5.0 for OS/390 uses the security and auditability features of the OS/390 Operating System and interfaces with an external security system using SAF interfaces.

The customer is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.



ORDERING INFORMATION



New Licensees

Orders for new licenses will be accepted now.

Shipment will begin on the planned availability date.

New users of DGW 5.0 for OS/390 should specify:

                    Type                          Model

5697 D43

Basic License: To order a basic license, specify the program number and feature number 9001 for asset registration. Specify no-charge feature number 4007. Specify the feature number of the desired distribution medium shown below.

Basic Machine-Readable Material: To order, select the feature number of the desired distribution medium:

                         Feature        Distribution
Environment              Number         Medium         Language

Domino Go Webserver 5821 9/6250 English 5.0 for OS/390 Magnetic with U.S./Canada Tape Security

Domino Go Webserver 5822 3480 Tape English 5.0 for OS/390 Cartridge with U.S./Canada Security

Domino Go Webserver 6003 4-mm Tape English 5.0 for OS/390 with U.S./Canada Security

Domino Go Webserver 6020 9/6250 Japanese 5.0 for OS/390 Magnetic with U.S./Canada Tape Security

Domino Go Webserver 6021 3480 Tape Japanese 5.0 for OS/390 Cartridge with U.S./Canada Security

Domino Go Webserver 6022 4-mm Tape Japanese 5.0 for OS/390 with U.S./Canada Security

Domino Go Webserver 5801 9/6250 English 5.0 for OS/390 Magnetic with WT Security Tape Feature Distribution Environment Number Medium Language

Domino Go Webserver 5802 3480 Tape English 5.0 for OS/390 Cartridge with WT Security

Domino Go Webserver 6001 4-mm Tape English 5.0 for OS/390 with WT Security

Domino Go Webserver 5811 9/6250 English 5.0 for OS/390 Magnetic without Security Tape

Domino Go Webserver 5812 3480 Tape English 5.0 for OS/390 Cartridge without Security

Domino Go Webserver 6002 4-mm Tape English 5.0 for OS/390 without Security

Domino Go Webserver 6030 9/6250 Japanese 5.0 for OS/390 Magnetic with WT Security Tape

Domino Go Webserver 6031 3480 Tape Japanese 5.0 for OS/390 Cartridge with WT Security

Domino Go Webserver 6032 4-mm Tape Japanese 5.0 for OS/390 with WT Security

Domino Go Webserver 6080 9/6250 Japanese 5.0 for OS/390 Magnetic without Security Tape

Domino Go Webserver 6081 3480 Tape Japanese 5.0 for OS/390 Cartridge without Security

Domino Go Webserver 6082 4-mm Tape Japanese 5.0 for OS/390 without Security

Domino Go Webserver 5831 9/6250 English 5.0 for OS/390 Magnetic with Security that Tape meets French government requirements

Domino Go Webserver 5832 3480 Tape English 5.0 for OS/390 Cartridge with Security that meets French government requirements

Domino Go Webserver 6004 4-mm Tape English 5.0 for OS/390 with Security that meets French government requirements

Customization Options: Select the appropriate feature numbers to customize your order to specify the delivery options desired. These features can be specified on the initial or MES orders.

Example: If publications are not desired for the initial order, specify feature number 3470 to ship media only. For future updates, specify feature number 3480 to ship media updates only. If, in the future, publication updates are required, order an MES to remove feature number 3480; then, the publications will ship with the next release of the program.

                                                    Feature
Description                                         Number

Initial Shipments

Serial Number Only (suppresses shipment 3444 of media and documentation)

Ship Media Only (suppresses initial 3470 shipment of documentation)

Ship Documentation Only (suppresses 3471 initial shipment of media)

Update Shipments

Ship Media Updates Only (suppresses 3480 update shipment of documentation)

Ship Documentation Only (suppresses 3481 update shipment of media)

Suppress Updates (suppresses update 3482 shipment of media and documentation)

Expedite Shipments

Local IBM Office Expedite 3445 (for IBM use only)

Customer Expedite Process Charge 3446 ($30 charge for each product)

Expedite shipments will be processed to receive 72-hour delivery from the time IBM Software Manufacturing Solutions (SMS) receives the order. SMS will then ship the order via overnight air transportation.

Unlicensed Documentation: A memo, a program directory, and one copy of the following publications is supplied automatically with the basic machine-readable material:

                                                  Order
Title                                             Number

Domino Go Webserver 5.0 for OS/390 SC31-8690 Planning for Installation

Web Traffic Express User's Guide GC31-8645

Domino Go Webserver 5.0 Messages SC31-8692

Domino Go Webserver 5.0 for OS/390 SC31-8691 Webmaster's Guide

They are also shipped in HTML with DGW 5.0 for OS/390 and may be accessed via a Web browser from the front page of the server.

All of the above publications are available in portable document format (PDF) through the Domino Go Webserver site. The PDF files can be downloaded and viewed or printed using the Adobe Acrobat Reader. You can obtain a copy of the Acrobat Reader through the Lotus (R) Go Webserver site.

Additional copies of the above unlicensed publications will be available for a fee after product availability, June 12, 1998. These copies may be ordered from your IBM representative.

The publication, Domino Go Webserver 5.0 Web Programming Guide, is available through the Domino Go Webserver site:

It is available in HTML and portable document format (PDF). The PDF files can be downloaded and viewed or printed using the Adobe Acrobat Reader. You can obtain a copy of the Acrobat Reader through the Lotus Go Webserver (TM) site.

Displayable Softcopy Publications: The Domino Go Webserver 5.0 for OS/390 comes with its own default home page. From this, home page users can link to:

  • Configuration and administration forms -- a set of forms that can be used to configure the server to meet particular customer needs.
  • Product documentation
  • Domino Go Webserver 5.0 for OS/390 Web site
  • Domino Go Webserver support
Subsequent updates (technical newsletters or revisions between releases) to the publications shipped with the product will be distributed to the user of record for as long as a license for this software remains in effect. A separate publication order or subscription is not needed.



TERMS AND CONDITIONS

Licensing: IBM Customer Agreement (ICA)

Variable Charges Apply: No

Parallel Sysplex (R) License Charge (PSLC) Applies: No

Indexed Monthly License Charge (IMLC) Applies: No

Installation License or Location License Applies: No

Usage Restriction Applies: No

Entry End User/390 Attachment (ESL) Applies: No

Educational Allowance: No

Volume Discount: Not applicable

Version-To-Version Upgrade Credits Apply: No

Warranted: Yes

Licensed Program Materials Availability

  • Restricted Materials of IBM: None
  • Non-Restricted Source Materials: None
  • Object Code Only (OCO): All
Testing Period: None

Program Services

  • Support Center applies: Yes. IBM Large System Support

  • Available until January 31, 2001

  • APAR Mailing Address:
      ICSS Service Dept. U7MA/Bldg 501 4205 S. Miami Blvd. Research Triangle Park, NC 27709
Support Line: S/390 (R)



CALL NOW TO ORDER

To order, contact the IBM North America Sales Centers, your local IBM representative, or your IBM Business Partner.

IBM North America Sales Centers, our national direct marketing organization, can add your name to the mailing list for catalogs of IBM products.

 Phone:     800-IBM-CALL (TM)
 Fax:       800-2IBM-FAX
 Internet:  ibm_direct@vnet.ibm.com
 Mail:      IBM North America Sales Centers
            Dept. LE010
            P.O. Box 16848
            Atlanta, GA  30321-0848
 Reference: LE010

To identify your local IBM Business Partner or IBM representative, call 800-IBM-4YOU.

Note: Shipments will begin after the planned availability date.

Trademarks

      OS/390, MVS, and 800-IBM-CALL are trademarks of International
      Business Machines Corporation in the United States or other
      countries or both.
      OpenEdition, ACF/VTAM, AnyNet, Parallel Sysplex, and S/390 are
      registered trademarks of International Business Machines
      Corporation in the United States or other countries or both.
      UNIX is a registered trademark in the United States and other
      countries exclusively through X/Open Company Limited.
      Domino and Lotus Go Webserver are trademarks of Lotus
      Development Corporation.
      Lotus is a registered trademark of Lotus Development
      Corporation.
      Other company, product, and service names may be trademarks or
      service marks of others.