IBM WebSphere DataPower XML Integration Appliance XI50 firmware release 3.8.1 is available. Compatibility, installation, and other getting-started issues are addressed.
The WebSphere DataPower SOA Appliances firmware V3.8.1 announcement letter is announcement 210-108.
The WebSphere DataPower Integration Blade XI50B product announcement is available as
See the announcements for the following information:
- Detailed product description
- Product-positioning statement
- Ordering details
Note: For details on WebSphere DataPower Integration Blade XI50B, see the XI50B release notes.
New features and enhancements description
WebSphere DataPower XML Integration Appliance XI50 release 3.8.1 offers the following new features and enhancements and resolved APARs.
Application Optimization (AO)
The Option for Application Optimization feature has been extended to include Application Intelligence where WebSphere application information is used in routing decisions. Application Intelligence enables application life cycle management in providing support for Application Edition rollout on WebSphere Virtual Enterprise (VE) platforms. This release includes the following:
- Application Routing support: A load balancer group classifies and routes requests based on virtual host names, virtual host ports, and URI information. When a request is received that does not match the stored application information, an error response is returned directly by the DataPower appliance offloading back-end error processing.
- Application Edition support: WebSphere group and atomic edition rollouts are supported. These rollouts allow you to dynamically install a new edition of an application in a seamless fashion without disrupting other applications on that cluster.
- Published Dynamic Load Balancing XML interface: The XML format and schema file (xsd) are published to allow interfacing with non-IBM servers. Any servlet or web server that returns the appropriate XML document can cause the load balancer to dynamically add or update membership information.
- Supports integration with z/OS Communications Server Sysplex Distributor that can balance workload to DataPower appliances. Requires the Option for Application Optimization feature.
- Optimizes database connectivity and processing for common workloads.
- Supports WebSphere Transformation Extender version 8.3 features
- Enhanced support for WebSphere Transformation Extender component rules extends beyond support for constant and ODO-style (OCCURS DEPENDING ON) component rules.
- Enhanced support to handle data that is in error
- Supports deployment of DPA map files directly to the appliance from WebSphere Transformation Extender Design Studio
- Supports the use of XML schema, rather than type trees, within WebSphere Transformation Extender Design Studio
- Two previously restricted functions are relaxed: FAIL and OFFSET
- Two previously restricted adapters are unrestricted now: ECHO and SINK
- Supports WS-Policy Attachment files authored within WSRR Policy Editor
- Supports configuring Web Service Proxy services using WSDL files returned from WSRR saved search queries
- Supports serving of WSDL files from multiple Web Service Proxy services that use the same URI and the same port, but a different appliance interface.
- Improves synchronization performance of WSRR Concept subscriptions
Enhanced security features
- Supports use of a customized XSS patterns file containing Perl Compatible Regular Expressions (PCRE) to define the XSS protections.
- Supports an LDAP authentication and LDAP authorization setting to fetch LDAP attributes for SAML assertions. Results are synchronized with the AAA authentication cache or the AAA authorization cache.
- Supports Raw XML Document including SAML for Enveloped as a message type for signing. This message type supports an XPath expression that identifies the elements on which to sign.
- Post processing activities support generating a SAML assertion or response that can contain one or all of the following assertion types: an authentication statement, an attribute statement, and an authorization decision statement. Skew time and proxy restriction settings are supported. Configuring SAML attributes definition objects for use in post processing is supported.
- Supports WebSphere Application Server version 7 to use the SAML bearer and sender vouches tokens for SSL or WS-Security. The DataPower appliance can generate or consume those tokens for authentication, signing including WS-Security STR-Transform and encryption, as expected by WebSphere Application Server 7.009.
- Supports WebSphere Application Server version 7 to use the Kerberos tokens for SSL or WS Security Policy. The DataPower appliance can generate or consume the Kerberos token for secure conversation or authentication, or both, or further use them to sign or encrypt the message as expected by WebSphere Application Server 7.009.
- Supports specifying a set of schema or WSDL documents that accept messages in which base64-encoded binary content was optimized according to the MTOM/XOP specifications. XOP binary-optimization replaces base64-encoded binary data with an xop:Include reference element that references the unencoded binary data located in an attachment. When this option is enabled, an xop:Include element can optionally appear in place of content for any XML Schema simple type that validates base64-encoded binary data. When this option is disabled, such optimized messages are rejected by the validation of the unoptimized form.
- Supports converting a certificate object or a private key object, or both, to a specific output format and write it to a file. The supported format is openssh-pubkey.
- Supports Microsoft Active Directory as the user registry for Tivoli Access Manager client.
- Enhanced error logging for AAA actions using Tivoli Access Manager.
- Supports the use of local mode TAM objects in a AAA policy. This includes the ability to create local mode TAM configuration files.
- Supports setting up a first-alive hierarchy of DNS servers, for example primary and secondary, such that a given server is queried only if the servers higher in the hierarchy fail to respond to a query.
- The MQCSP support enables the authorization service to authenticate a user ID and password for security exit in MQ Queue Manager object.
- The MQ Queue Manager Group can work with the multi-instance feature in the WebSphere MQ server Version 7 or later for the fail over in the DataPower appliance.
- With the shared conversation feature in WebSphere MQ server Version 7 or later, you can compress the number of connections between the DataPower appliance and the MQ Server by specifying the maximum number of conversations to share a single TCP/IP connection in DataPower Queue Manager object configuration.
- Provides JSON support as a native format for request and response types.
- Supports a client feature to send files to and retrieve files from remote servers.
- Supports strict host key and known host checking.
- Supports a poller feature to poll and retrieve files.
- Supports configuring the DataPower SFTP Server in Virtual File System mode.
- Supports IMS Connect interactions that provide the completion status to enable the appliance to deliver IMS transactions with a high level of integrity.
- Supports commit mode and sync level processing of Commit Mode = 1 and Sync Level = Confirm.
- Supports a method to gracefully quiesce the appliance or certain configured portions of the appliance. Quiesce is applicable to the device as a whole as well as to domains, services, and front-side handlers.
- Enhanced important status providers to provide detailed information, expected values, and recommended actions.
- Supports a backlog to which the appliance routes a configurable number of requests if the amount of free memory falls below the configured threshold. Processing of requests in the backlog is delayed until sufficient memory is available or until the configured backlog-timeout elapses. When sufficient memory is free, the appliance processes all requests in the backlog queue.
- The system log has been improved to provide better information. Locating specific messages, sorting and filtering, and other log manipulation has been enhanced. Log messages have been rewritten for clarity.
- Supports a secure backup-restore process for appliances that are initialized or are reinitialized in disaster recovery operational mode for use in recovering the configuration of a lost appliance. A secure backup contains private data from the appliance (cryptographic keys and user data), which the appliance encrypts with a DataPower key. You can also use the backup-restore process for migration of one appliance to another.
Note: The backup-restore process must be used among appliances that are at the same firmware level and have the same compatible configuration (auxiliary storage, iSCSI, and so forth).
- Enhanced error reports can include optional information.
- Error reports can be automatically uploaded to local or remote file stores.
- Error reports are compressed to minimize disk-space requirements.
- Enhanced information in backtraces to aid diagnosis.
- Support for log trigger points. A trigger can be created for any log message or group of messages. The trigger can be configured to launch a command when the specified message occurs.
- Filtering of packet captures to monitor messages from a specific source or to a specific port.
- In addition to the "To" address in email alert setting, specify the "From" address in Troubleshooting and Failure Notification configuration to indicate the email address of the message sender.
Provides system log messages that indicate the following warnings when the DataPower appliance migrates its data to a newly installed firmware version:
- An object with an invalid required property is removed from the startup configuration script.
- A complex property with an invalid required property is removed from the startup configuration script.
- A referenced property is dropped from the startup configuration script if its referenced object cannot be found.
- An invalid property is dropped from the startup configuration script with a value of empty if this firmware version does not support the value for this property and there is no default value for the property.
- An invalid property is dropped from the startup configuration script with a default value if this firmware version does not support the value for this property and changes the value to its default value.
- Unrecognizable reference or submode property causes the system to quit the object configuration mode and fail to load the remaining properties for the object.
- Improved WebGUI performance in the Web Service Proxy configuration when populated with a large number of WSDL files.
- Introduced the IBM WebSphere DataPower SOA Appliances Information Center. In the Information Center, product documentation is available in PDF and HTML format. The Information Center is available from the Product Documentation tab of the IBM WebSphere DataPower SOA Appliances Library at the following web site: http://www.ibm.com/software/integration/datapower/library/documentation/
Note: Documentation for versions 3.8.0, 3.7.3, and 3.7.2 is available in only PDF format at the previous Web site. Documentation for version 3.7.1 and earlier is available at the following Web site: http://www.ibm.com/support/docview.wss?rs=2362&uid=swg21377654
For a list of the APARs that WebSphere DataPower XML Integration Appliance XI50 release 3.8.1 has resolved, see resolved APARs.
Compatibility with earlier releases
Compatibility issues with earlier firmware releases are documented as individual technotes in the Support knowledge base. The following link launches a customized query of the live Support knowledge base. The compatibility issues that are known to exist in the current release of the WebSphere DataPower XML Integration Appliance XI50 are provided.
View known compatibility issues for WebSphere DataPower XML Integration Appliance XI50
For additional information about problems in current releases, refer to the DataPower support site.
To determine whether your appliance (machine type) supports this firmware release, refer to technote 1430414.
For hardware specifications, refer to the IBM WebSphere DataPower SOA Appliances: Type 9235: Hardware Problem Determination and Service Guide available in the DataPower information center.
Release 3.8.1 is compatible with the following products:
Support is provided for the following IBM WebSphere Application Server, Network Deployment (ND) editions for use with Application Optimization: Application Intelligence:
- ND 22.214.171.124 plus APAR PM11618
- ND 126.96.36.199 or later
- ND 188.8.131.52 plus APAR PM11618
- ND 184.108.40.206 or later
For more information, see APAR PM11618.
- VE 220.127.116.11 plus APAR PM11623, APAR PM07024, 18.104.22.168-WS-WXD-IFPK94777_XD.pak, and 22.214.171.124-WS-WXDOP-IFPM13014.pak
- VE 126.96.36.199 or greater
For more information, see APAR PM11623 and PM07024.
- The Application Optimization feature is an add-on feature and is supported on only Type 9235 appliances.
- For the AO option, ND 6.0 will continue to work with the ODCInfo_ND60.war application. However, this capability is limited to the Intelligent Load Distribution functions that were shipped in DataPower Firmware release 3.8.0. The extended Application Intelligence functions of Application Routing, Group Rollout, and Atomic Rollout require ND 6.1 or ND7.0.
Application and Web servers
Any server that conforms to the standards that the DataPower appliance supports.
Support provided for the following database servers:
- DB2: all supported versions up to 9.5
- Microsoft SQL Server: all supported versions up to 2008
- Oracle: all supported versions up to 11g R1 (11.1)
- Sybase: all supported versions up to 15
IBM Information Management System (IMS) versions 9 and 10
Any LDAP server that is compliant with LDAP version 2 or LDAP version 3.
Microsoft .NET Windows Communication Foundation
Microsoft .NET Windows Communication Foundation (WCF) integration has the following requirements:
- WCF 3.5 or newer
- Windows 2003 Server or newer as the KDC if using the Kerberos token feature.
The following SFTP clients are supported:
- CuteFTP Professional 8.3
- OpenSSH 3.1p1 (Red Hat Linux® 7.3)
- OpenSSH 4.6p1 (Ubuntu Linux)
- OpenSSH 5.1p1
- PuTTY PSFTP, version 0.60
- SmartFTP, version 3.0
- Sun Microsystems, Sun_SSH_1.1
- WinSCP, version 4.1.6
The supported protocols are as follows:
- SSH-2 protocol defined by IETF RFC 4251
- SFTP version 3 defined by the draft-ietf-secsh-filexfer-02.txt Internet-Draft
TIBCO Enterprise Message Service (EMS), versions 4.3, 4.4, and 5.0
Tivoli Access Manager
IBM Tivoli Access Manager, versions 6.0 and 6.1
Tivoli Federated Identity Manager
IBM Tivoli Federated Identity Manager, versions 6.0.1, 6.1 and 6.2
Tivoli Security Policy Manager
IBM Tivoli Security Policy Manager, version 7.0 Fixpack 2
Microsoft Internet Explorer, versions 6 and 7, and Firefox, version 3.5
WebSphere Java Message Service
IBM WebSphere Java Message Service (JMS), versions 6.0.2 and 6.1
IBM WebSphere MQ, versions 6.0 and 7.0, as a remote server.
WebSphere Service Registry and Repository (WSRR)
Support is provided for the following IBM WebSphere Service Registry and Repository releases (minimum versions):
- WSRR 188.8.131.52 (which include APAR IZ71003)
- WSRR 184.108.40.206 plus APAR IZ71003
- WSRR 220.127.116.11 plus APAR IZ71003
- WSRR 18.104.22.168 (limited support for WSRR Subscriptions features)
- WSRR 22.214.171.124 (limited support for WSRR Subscriptions features)
- Support is provided for WS-Policy Attachment files authored with WSRR Policy Editor 126.96.36.199 plus APAR IZ71003 or later.
- Supports implementing Web Service Proxy configurations with WSDL files returned from a WSRR Saved Search when the WSRR server is WSRR 188.8.131.52 plus APAR IZ71003 or later.
- To create maps or recompile existing maps to run in the recommended DPA (DataPower Appliance) mode with extended support for component rules, use WebSphere Transformation Extender Design Studio version 184.108.40.206 or later. With version 220.127.116.11 and later, support for component rules is extended beyond support for constant and ODO-style (OCCURS DEPENDING ON) component rules. Support for component rules has the same restrictions as map rules.
- To create maps or recompile existing maps to run in the recommended DPA mode with the more limited support for constant and ODO-style component rules, use one of the following versions of WebSphere Transformation Extender Design Studio:
- Version 18.104.22.168
- Version 22.214.171.124 with IF3
Any XML tool that generates XSLT 1.0 for XML-to-XML. For non-XML, supported versions of WebSphere Transformation Extender.
z/OS Communications Server Network Security Server
z/OS Communications Server, V1R11
Note: Support for the sysplex distributor feature requires z/OS Communications Server V1R11 plus APAR PM14365 applied using SMP/E. If a PTF is not available, request a ++APAR from IBM z/OS Communications Server Level 2 support.
For installation instructions, refer to the IBM WebSphere DataPower SOA Appliances: Upgrade and Rollback Guide available in the DataPower information center.
Known problems and limitations
Known problems and limitations are documented as individual technotes in the Support knowledge base. As problems are discovered and resolved, the IBM Support team updates the knowledge base. By searching the knowledge base, you can quickly find workarounds or solutions to problems.
The following link launches a customized query of the live Support knowledge base. The limitations and problems that are known to exist in the current release of the WebSphere DataPower XML Integration Appliance XI50 are provided with a workaround, if available.
View known problems and limitations for WebSphere DataPower XML Integration Appliance XI50
For additional information about problems in current releases, refer to the DataPower support site.
This section summarizes deprecated features in the product offerings comprising WebSphere DataPower SOA Appliances release 3.8.1. The following information summarizes what is deprecated. Where possible, a recommended migration action is provided.
View deprecated features for WebSphere DataPower SOA Appliances
Contacting IBM Support
To report a problem to IBM Support, refer to Contacting IBM WebSphere DataPower Appliances Support.