IBM Support

Late breaking updates to DataPower 7.1 documentation

News


Abstract

The version 7.1 documentation for IBM DataPower Gateway is not the latest available information. This document covers late breaking updates that are not in IBM Knowledge Center.

Last updated, October 2017.

Content

The late breaking updates in this document apply to DataPower version 7.1 documentation.



To access specific updates, click the appropriate link:
To view the change history of this document, see Change history


The corrections in the following sections apply to DataPower version 7.1 in IBM Knowledge Center.




Installation
    The Type 7198 and 7199 documentation has the following statement for connection power supplies to power sources.
      Both power supplies must be connected to the same power source to prevent a difference in ground voltage between the two power supplies.

      The clarified statement is as follows.
        Each power supply can come from different power sources or from different circuits. The two sources must be properly grounded.


    The command to troubleshoot power supplies states to use show other-sensors. The correct command is show sensors-other. This problem exists also exists in the available PDF versions of the installation documentation.


    The Type 8436 documentation and the Type 7198 and 7199 documentation has the following statement for the replacement of Tier 2 CRU parts.

      If installed by an IBM representative after your warranty has expired, you will be charged for the installation.

      The clarified statement is as follows.
        If installed by an IBM representative after your warranty expires and your hardware support agreement does not cover installation by an IBM representative, you will be charged for the installation.


    The documentation has incorrect information about the LEDs for the 10 Gb SFP+ modules.

      The documentation for the LEDs was reversed, and the color indicators for the speed LED were also reversed. The correct information is as follows.
      • The upper LED (denoted by I) is the activity LED.
      • The lower LED (denoted by H) is the speed LED. If green, 1 Gbps. If amber, 10 Gbps.


    The documentation has the following extraneous information about cables for 10 Gb SFP+ modules. Cables length depend on whether the SFP+ is a Copper Direct Attach twinaxial cable, short-reach transceiver, or long-reach transceiver. The appliance ships with 2 short-reach transceivers.

      Do not use a fiber optic cable that is longer than 100 meters. The cables for small-form factor pluggable (SFP+) modules can be longer than 100 meters. See the product documentation for detailed information on SFP+ modules.






Administration
    The documentation for first alive and round robin are reversed. The correct documentation is as follows.
      First alive
        This algorithm uses the concept of a primary server and one or more backup servers. When the primary server is up, all connections are forwarded to this server. When the primary server is not up, connections are forwarded to backup servers. The primary server is the first server in the list.
      Round Robin
        This algorithm maintains a list of servers and forwards a new connection to the next server on the list.


    The steps in the "Exporting a configuration" topic, starting with step 13, are incorrect. The corrected procedure, starting with step 13, is as follows.

      1. Click Next. When the backup completes, the file is in the export: directory.
      2. Optional: Click Download. The Import Configuration utility requires that the export file is on your workstation.
      3. Click Done.


    Changed the value for the user who can connect to the XC10 collective in APAR IT05684:

      The value can be up to 64 characters in length and cannot be blank. You can use all alphanumeric characters and most special characters. You cannot use spaces or the following special characters:  # <.

      Attention: If the account name includes  \ or ; characters, you must escape these characters with a \ character. For example, when the account name is a\b;c, you must enter  a\\b\;c as the value.


    When you shutdown the appliance and the mode is halt, the documentation incorrectly states that the appliance, by default, restarts after 20 minutes. When you run this action or use the shutdown halt command, the appliance shuts down but the power to the appliance remains on.


    The use of an LDAP connection pool does not apply to RBM or the CRL update policy.







Virtual Edition
    When you define the address from the ILMT server, you must specify the IP address, not the DNS host name, of this server.






Secure communication
    The documentation for the ciphers property for cryptographic profiles is incomplete.
      Cryptographic profiles can control TLS version 1.2 cipher suites. Note that here are no cipher suites specific to TLS version 1.1.






Document processing
    The return expired documents property for the document cache indicates whether to return expired, or stale, content. To return expired content, the client request must indicate that it is acceptable to receive a stale resource by using the Cache-Control max-stale directive as defined in RFC 7234 section 5.2.1.2.






Threat protection
    Changed the meaning of the value 0 for the following properties in APAR IT08472 for single message XML denial-of-service attacks.
      When you specify a value of 0, this value indicates the use of the default value.
      • XML Maximum Distinct Prefixes, which is the max-prefixes command.
      • XML Maximum Distinct Namespaces, which is the max-namespaces command.
      • XML Maximum Distinct Local Names, which is the max-local-names command.
    The documentation for the ignore option of the forbid-external-references command is incorrect.
      The documentation incorrectly states that this option "ignores external DTD references, and replaces external entities with the empty string". However, the correct information for this option is "accesses and resolves external references, but replaces each for further processing with an empty string."

      The forbid-external-references command and its peer XML External Reference Handling property are part of the configuration of parser limits for an XML manager and as an override to this setting in the configuration for a Multi-Protocol Gateway, Web Service Proxy, or XML Firewall service.






GatewayScript





Commands


    The documentation for the pwd-history command values in RBM Settings is reversed. The correct information is as follows.

      • on - Prevents the reuse of recent passwords.
      • off - Allows the reuse of recent passwords. This setting is the default value.






Extension elements and functions
    The url-open element for WebSphere MQ is missing the following documentation for the Model query parameter.
      Model={true|false}
        When true, this value instructs the DataPower service to connect to the request queue and use the dynamic, temporary Model queue that is defined by the ReplyQueue value to get the response. When the response is received, the connection to the temporary queue is closed.


    The url-open element for IMS Connect has incorrect values for the ExitID parameter. The correct values use asterisks. The supported values are *SAMPLE* or *SAMPL1*.







Variables
    The configuration parameters variable incorrectly documents the use of dot notation. Follow this link to see the correct documentation.






WebSphere Service Registry and Repository
    Added in APAR IC99343: By default, the configuration uses the domain-specific default-wsrr XML Manager to manage the parser limits for WSRR responses. When responses are larger than the parser limits in this XML Manager, the following behaviors occur.
    • The operation fails without indication.
    • The "Request failed to compile" message or similar message is logged for the Web Service Proxy that subscribes to a WSDL file.

    If you notice this problem, increase the size for the XML bytes scanned in the default-wsrr XML Manager.






Status providers
    The RAID Physical Drive Status added Failure and Temperature data. The information is in the GUI on-line help, but not part of the show raid-physical-drive command.
      Failure - Indicates whether there is a hard disk failure. If Yes, replace this drive as soon as possible to avoid possible data loss.
      Temperature - The temperature of the hard disk drive.






Monitors
    The documentation for the Message Filter Action type command incorrect states the block keyword instead of the shape keyword. For correct information see type command.





Change history
Last modified: 30 October 2016.
  • 30 October 2017: Added information about nonexisting block keyword for Message Filter Action type command.
  • 19 July 2016: Added data about the wrong command troubleshooting command in the installation documentation.
  • 16 March 2016: Added correction for XML external reference handling.
  • 19 January 2015: Clarified when the document cache can return an expired or state document.
  • 25 August 2015: Added correction to ILMT server specification and use of LDAP connection pool.
  • 30 June 2015: Added correction for configuration parameters variables, change in behavior for threat protection parser properties, and correction to shutting down the appliance with the halt selection.
  • 27 February 2015: Added corrections to the SFP+ cables, pwd-history command, XC10 username, TLS cipher suites, GatewayScript header methods, and WSRR specific XML manager.
  • 23 January 2015: Added corrections to the SFP+ LEDs for the 7198, 7199, 2426 appliances, added the Administration section for DNS algorithms and for exporting a configuration, and added the Extension elements and functions section for MQ url-open().
  • 21 November 2014: Created for 7.1.

Document information

More support for: IBM DataPower Gateways
General

Software version: 7.1

Operating system(s): Firmware

Software edition: Edition Independent

Reference #: 1686961

Modified date: 30 October 2017