Release notes: WebSphere DataPower Integration Appliance XI50 release 3.8.1

Release notes


Abstract

IBM WebSphere DataPower XML Integration Appliance XI50 firmware release 3.8.1 is available. Compatibility, installation, and other getting-started issues are addressed.

Content


Announcement


The WebSphere DataPower SOA Appliances firmware V3.8.1 announcement letter is announcement 210-108.

The WebSphere DataPower Integration Blade XI50B product announcement is available as
announcement 110-089.

See the announcements for the following information:

  • Detailed product description
  • Product-positioning statement
  • Ordering details

Note: For details on WebSphere DataPower Integration Blade XI50B, see the XI50B release notes.

New features and enhancements description

WebSphere DataPower XML Integration Appliance XI50 release 3.8.1 offers the following new features and enhancements and resolved APARs.

Application Optimization (AO)
The Option for Application Optimization feature has been extended to include Application Intelligence where WebSphere application information is used in routing decisions. Application Intelligence enables application life cycle management in providing support for Application Edition rollout on WebSphere Virtual Enterprise (VE) platforms. This release includes the following:

  • Application Routing support: A load balancer group classifies and routes requests based on virtual host names, virtual host ports, and URI information. When a request is received that does not match the stored application information, an error response is returned directly by the DataPower appliance offloading back-end error processing.
  • Application Edition support: WebSphere group and atomic edition rollouts are supported. These rollouts allow you to dynamically install a new edition of an application in a seamless fashion without disrupting other applications on that cluster.
  • Published Dynamic Load Balancing XML interface: The XML format and schema file (xsd) are published to allow interfacing with non-IBM servers. Any servlet or web server that returns the appropriate XML document can cause the load balancer to dynamically add or update membership information.


Enhanced interoperability

  • Enhanced IBM z/OS Communications Server support
    • Supports integration with z/OS Communications Server Sysplex Distributor that can balance workload to DataPower appliances. Requires the Option for Application Optimization feature.
  • Enhanced Open Database Connectivity (ODBC) data source support
    • Optimizes database connectivity and processing for common workloads.
  • WebSphere Transformation Extender enhancements
    • Supports WebSphere Transformation Extender version 8.3 features
    • Enhanced support for WebSphere Transformation Extender component rules extends beyond support for constant and ODO-style (OCCURS DEPENDING ON) component rules.
    • Enhanced support to handle data that is in error
    • Supports deployment of DPA map files directly to the appliance from WebSphere Transformation Extender Design Studio
    • Supports the use of XML schema, rather than type trees, within WebSphere Transformation Extender Design Studio
    • Two previously restricted functions are relaxed: FAIL and OFFSET
    • Two previously restricted adapters are unrestricted now: ECHO and SINK
  • WebSphere Service Registry and Repository (WSRR) enhancements
    • Supports WS-Policy Attachment files authored within WSRR Policy Editor
    • Supports configuring Web Service Proxy services using WSDL files returned from WSRR saved search queries
    • Supports serving of WSDL files from multiple Web Service Proxy services that use the same URI and the same port, but a different appliance interface.
    • Improves synchronization performance of WSRR Concept subscriptions


    Enhanced security features

  • Cross Site Scripting (XSS) protection enhancements
    • Supports use of a customized XSS patterns file containing Perl Compatible Regular Expressions (PCRE) to define the XSS protections.
  • Enhanced SAML Assertion Generator for AAA Policy
    • Supports an LDAP authentication and LDAP authorization setting to fetch LDAP attributes for SAML assertions. Results are synchronized with the AAA authentication cache or the AAA authorization cache.
    • Supports Raw XML Document including SAML for Enveloped as a message type for signing. This message type supports an XPath expression that identifies the elements on which to sign.
    • Post processing activities support generating a SAML assertion or response that can contain one or all of the following assertion types: an authentication statement, an attribute statement, and an authorization decision statement. Skew time and proxy restriction settings are supported. Configuring SAML attributes definition objects for use in post processing is supported.
  • WebSphere Application Server 7 SAML Interoperability
    • Supports WebSphere Application Server version 7 to use the SAML bearer and sender vouches tokens for SSL or WS-Security. The DataPower appliance can generate or consume those tokens for authentication, signing including WS-Security STR-Transform and encryption, as expected by WebSphere Application Server 7.009.
  • WebSphere Application Server 7 Kerberos Interoperability
    • Supports WebSphere Application Server version 7 to use the Kerberos tokens for SSL or WS Security Policy. The DataPower appliance can generate or consume the Kerberos token for secure conversation or authentication, or both, or further use them to sign or encrypt the message as expected by WebSphere Application Server 7.009.
  • MTOM message validation
    • Supports specifying a set of schema or WSDL documents that accept messages in which base64-encoded binary content was optimized according to the MTOM/XOP specifications. XOP binary-optimization replaces base64-encoded binary data with an xop:Include reference element that references the unencoded binary data located in an attachment. When this option is enabled, an xop:Include element can optionally appear in place of content for any XML Schema simple type that validates base64-encoded binary data. When this option is disabled, such optimized messages are rejected by the validation of the unoptimized form.
  • Convert certificate objects and private key objects
    • Supports converting a certificate object or a private key object, or both, to a specific output format and write it to a file. The supported format is openssh-pubkey.
  • Enhanced Tivoli Access Manager (TAM) support
    • Supports Microsoft Active Directory as the user registry for Tivoli Access Manager client.
    • Enhanced error logging for AAA actions using Tivoli Access Manager.
    • Supports the use of local mode TAM objects in a AAA policy. This includes the ability to create local mode TAM configuration files.

    Enhanced connectivity

  • Enhanced DNS resolution
    • Supports setting up a first-alive hierarchy of DNS servers, for example primary and secondary, such that a given server is queried only if the servers higher in the hierarchy fail to respond to a query.
  • WebSphere MQ enhancements
    • The MQCSP support enables the authorization service to authenticate a user ID and password for security exit in MQ Queue Manager object.
    • The MQ Queue Manager Group can work with the multi-instance feature in the WebSphere MQ server Version 7 or later for the fail over in the DataPower appliance.
    • With the shared conversation feature in WebSphere MQ server Version 7 or later, you can compress the number of connections between the DataPower appliance and the MQ Server by specifying the maximum number of conversations to share a single TCP/IP connection in DataPower Queue Manager object configuration.
  • Enhanced support handling for JavaScript Object Notation (JSON)
    • Provides JSON support as a native format for request and response types.
  • Enhanced communications control over the SSH File Transfer Protocol (SFTP) protocols
    • Supports a client feature to send files to and retrieve files from remote servers.
    • Supports strict host key and known host checking.
    • Supports a poller feature to poll and retrieve files.
    • Supports configuring the DataPower SFTP Server in Virtual File System mode.
  • Enhanced IMS support
    • Supports IMS Connect interactions that provide the completion status to enable the appliance to deliver IMS transactions with a high level of integrity.
    • Supports commit mode and sync level processing of Commit Mode = 1 and Sync Level = Confirm.

    Enhanced administration

  • Quiesce
    • Supports a method to gracefully quiesce the appliance or certain configured portions of the appliance. Quiesce is applicable to the device as a whole as well as to domains, services, and front-side handlers.
  • Status providers
    • Enhanced important status providers to provide detailed information, expected values, and recommended actions.
  • Memory enhancements
    • Supports a backlog to which the appliance routes a configurable number of requests if the amount of free memory falls below the configured threshold. Processing of requests in the backlog is delayed until sufficient memory is available or until the configured backlog-timeout elapses. When sufficient memory is free, the appliance processes all requests in the backlog queue.
  • Enhanced logging information to solve connection issues
    • The system log has been improved to provide better information. Locating specific messages, sorting and filtering, and other log manipulation has been enhanced. Log messages have been rewritten for clarity.
  • Disaster Recovery: Secure Backup-Restore
    • Supports a secure backup-restore process for appliances that are initialized or are reinitialized in disaster recovery operational mode for use in recovering the configuration of a lost appliance. A secure backup contains private data from the appliance (cryptographic keys and user data), which the appliance encrypts with a DataPower key. You can also use the backup-restore process for migration of one appliance to another.
      Note: The backup-restore process must be used among appliances that are at the same firmware level and have the same compatible configuration (auxiliary storage, iSCSI, and so forth).
  • One touch must gather function
    • Enhanced error reports can include optional information.
    • Error reports can be automatically uploaded to local or remote file stores.
    • Error reports are compressed to minimize disk-space requirements.
  • Improved First-Failure Data Capture (FFDC) to capture better diagnostic information
    • Enhanced information in backtraces to aid diagnosis.
    • Support for log trigger points. A trigger can be created for any log message or group of messages. The trigger can be configured to launch a command when the specified message occurs.
  • Packet trace IP address filter option
    • Filtering of packet captures to monitor messages from a specific source or to a specific port.
  • Enhancement to the email alert setting
    • In addition to the "To" address in email alert setting, specify the "From" address in Troubleshooting and Failure Notification configuration to indicate the email address of the message sender.
  • Enhance usability to manage configuration objects during migration
      Provides system log messages that indicate the following warnings when the DataPower appliance migrates its data to a newly installed firmware version:
    • An object with an invalid required property is removed from the startup configuration script.
    • A complex property with an invalid required property is removed from the startup configuration script.
    • A referenced property is dropped from the startup configuration script if its referenced object cannot be found.
    • An invalid property is dropped from the startup configuration script with a value of empty if this firmware version does not support the value for this property and there is no default value for the property.
    • An invalid property is dropped from the startup configuration script with a default value if this firmware version does not support the value for this property and changes the value to its default value.
    • Unrecognizable reference or submode property causes the system to quit the object configuration mode and fail to load the remaining properties for the object.
  • Enhanced Web Service Proxy interface
    • Improved WebGUI performance in the Web Service Proxy configuration when populated with a large number of WSDL files.

    Documentation


    Resolved APARs

    For a list of the APARs that WebSphere DataPower XML Integration Appliance XI50 release 3.8.1 has resolved, see resolved APARs.

    Compatibility with earlier releases


    Compatibility issues with earlier firmware releases are documented as individual technotes in the Support knowledge base. The following link launches a customized query of the live Support knowledge base. The compatibility issues that are known to exist in the current release of the WebSphere DataPower XML Integration Appliance XI50 are provided.

    View known compatibility issues for WebSphere DataPower XML Integration Appliance XI50

    For additional information about problems in current releases, refer to the DataPower support site.

    System requirements


    To determine whether your appliance (machine type) supports this firmware release, refer to technote 1430414.

    For hardware specifications, refer to the IBM WebSphere DataPower SOA Appliances: Type 9235: Hardware Problem Determination and Service Guide available in the DataPower information center.

    Product compatibility

    Release 3.8.1 is compatible with the following products:

    Application Optimization
    Support is provided for the following IBM WebSphere Application Server, Network Deployment (ND) editions for use with Application Optimization: Application Intelligence:

    • ND 6.1.0.27 plus APAR PM11618
    • ND 6.1.0.33 or later
    • ND 7.0.0.7 plus APAR PM11618
    • ND 7.0.0.13 or later
      For more information, see APAR PM11618.
    Support is provided for the following IBM WebSphere Application Server, Virtual Enterprise (VE) editions for use with Application Optimization: Application Intelligence:
    • VE 6.1.1.0 plus APAR PM11623, APAR PM07024, 6.1.1.0-WS-WXD-IFPK94777_XD.pak, and 6.1.1.0-WS-WXDOP-IFPM13014.pak
    • VE 6.1.1.2 or greater
      For more information, see APAR PM11623 and PM07024.
    Notes
    • The Application Optimization feature is an add-on feature and is supported on only Type 9235 appliances.
    • For the AO option, ND 6.0 will continue to work with the ODCInfo_ND60.war application. However, this capability is limited to the Intelligent Load Distribution functions that were shipped in DataPower Firmware release 3.8.0. The extended Application Intelligence functions of Application Routing, Group Rollout, and Atomic Rollout require ND 6.1 or ND7.0.

    Application and Web servers
    Any server that conforms to the standards that the DataPower appliance supports.
    Database server
    Support provided for the following database servers:
    • DB2: all supported versions up to 9.5
    • Microsoft SQL Server: all supported versions up to 2008
    • Oracle: all supported versions up to 11g R1 (11.1)
    • Sybase: all supported versions up to 15
    Information Management System
    IBM Information Management System (IMS) versions 9 and 10
    LDAP servers
    Any LDAP server that is compliant with LDAP version 2 or LDAP version 3.
    Microsoft .NET Windows Communication Foundation
    Microsoft .NET Windows Communication Foundation (WCF) integration has the following requirements:
    • WCF 3.5 or newer
    • Windows 2003 Server or newer as the KDC if using the Kerberos token feature.
    SFTP clients
    The following SFTP clients are supported:
    • CuteFTP Professional 8.3
    • OpenSSH 3.1p1 (Red Hat Linux® 7.3)
    • OpenSSH 4.6p1 (Ubuntu Linux)
    • OpenSSH 5.1p1
    • PuTTY PSFTP, version 0.60
    • SmartFTP, version 3.0
    • Sun Microsystems, Sun_SSH_1.1
    • WinSCP, version 4.1.6
    SSH File Transfer Protocol (SFTP) Support
    The supported protocols are as follows:
    • SSH-2 protocol defined by IETF RFC 4251
    • SFTP version 3 defined by the draft-ietf-secsh-filexfer-02.txt Internet-Draft
    TIBCO Enterprise Message Service
    TIBCO Enterprise Message Service (EMS), versions 4.3, 4.4, and 5.0
    Tivoli Access Manager
    IBM Tivoli Access Manager, versions 6.0 and 6.1
    Tivoli Federated Identity Manager
    IBM Tivoli Federated Identity Manager, versions 6.0.1, 6.1 and 6.2
    Tivoli Security Policy Manager
    IBM Tivoli Security Policy Manager, version 7.0 Fixpack 2
    Web browsers
    Microsoft Internet Explorer, versions 6 and 7, and Firefox, version 3.5
    WebSphere Java Message Service
    IBM WebSphere Java Message Service (JMS), versions 6.0.2 and 6.1
    WebSphere MQ
    IBM WebSphere MQ, versions 6.0 and 7.0, as a remote server.
    WebSphere Service Registry and Repository (WSRR)
    Support is provided for the following IBM WebSphere Service Registry and Repository releases (minimum versions):
    • WSRR 7.0.0.2 (which include APAR IZ71003)
    • WSRR 6.3.0.2 plus APAR IZ71003
    • WSRR 6.2.0.3 plus APAR IZ71003
    • WSRR 6.1.0.5 (limited support for WSRR Subscriptions features)
    • WSRR 6.0.2.2 (limited support for WSRR Subscriptions features)
    Contact IBM WSRR Support for access to APAR IZ71003 and the latest FixPacks (http://www.ibm.com/support/docview.wss?rs=3163&uid=swg27010465)
    • Support is provided for WS-Policy Attachment files authored with WSRR Policy Editor 6.2.0.3 plus APAR IZ71003 or later.
    • Supports implementing Web Service Proxy configurations with WSDL files returned from a WSRR Saved Search when the WSRR server is WSRR 6.2.0.3 plus APAR IZ71003 or later.
    WebSphere Transformation Extender
    • To create maps or recompile existing maps to run in the recommended DPA (DataPower Appliance) mode with extended support for component rules, use WebSphere Transformation Extender Design Studio version 8.3.0.2 or later. With version 8.3.0.2 and later, support for component rules is extended beyond support for constant and ODO-style (OCCURS DEPENDING ON) component rules. Support for component rules has the same restrictions as map rules.
    • To create maps or recompile existing maps to run in the recommended DPA mode with the more limited support for constant and ODO-style component rules, use one of the following versions of WebSphere Transformation Extender Design Studio:
      • Version 8.3.0.2
      • Version 8.2.0.4 with IF3
    XML Tools
    Any XML tool that generates XSLT 1.0 for XML-to-XML. For non-XML, supported versions of WebSphere Transformation Extender.
    z/OS Communications Server Network Security Server
    z/OS Communications Server, V1R11
      Note: Support for the sysplex distributor feature requires z/OS Communications Server V1R11 plus APAR PM14365 applied using SMP/E. If a PTF is not available, request a ++APAR from IBM z/OS Communications Server Level 2 support.

    Installation


    For installation instructions, refer to the IBM WebSphere DataPower SOA Appliances: Upgrade and Rollback Guide available in the DataPower information center.

    Known problems and limitations


    Known problems and limitations are documented as individual technotes in the Support knowledge base. As problems are discovered and resolved, the IBM Support team updates the knowledge base. By searching the knowledge base, you can quickly find workarounds or solutions to problems.
    The following link launches a customized query of the live Support knowledge base. The limitations and problems that are known to exist in the current release of the WebSphere DataPower XML Integration Appliance XI50 are provided with a workaround, if available.

    View known problems and limitations for WebSphere DataPower XML Integration Appliance XI50

    For additional information about problems in current releases, refer to the DataPower support site.

    Deprecated features


    This section summarizes deprecated features in the product offerings comprising WebSphere DataPower SOA Appliances release 3.8.1. The following information summarizes what is deprecated. Where possible, a recommended migration action is provided.

    View deprecated features for WebSphere DataPower SOA Appliances

    Contacting IBM Support


    To report a problem to IBM Support, refer to Contacting IBM WebSphere DataPower Appliances Support.

  • Rate this page:

    (0 users)Average rating

    Document information


    More support for:

    WebSphere DataPower Integration Appliance XI50

    Software version:

    3.8.1

    Operating system(s):

    Firmware

    Reference #:

    7018504

    Modified date:

    2010-07-08

    Translate my page

    Machine Translation

    Content navigation