WebSphere DataPower B2B Appliance XB60 firmware release 3.8.1 is available. Compatibility, installation, and other getting-started issues are addressed.
The WebSphere DataPower SOA Appliances firmware V3.8.1 announcement letter is announcement 210-108.
See the announcements for the following information:
- Detailed product description
- Product-positioning statement
- Ordering details
New features and enhancements description
WebSphere DataPower B2B Appliance XB60 release 3.8.1 offers the following new features and enhancements and resolved APARs.
Enhanced B2B capabilities
- ebXML Messaging Service support
- Integrate inbound and outbound processing policies with ebMS handler, and the processing result is reported by B2B Gateway through asynchronous or synchronous acknowledgment messages.
- Use the Show ebMS only view in the B2B viewer to display and perform the following actions against ebMS messages: Manually resend inbound and outbound transactions, and send a status request message to the external partner to retrieve the transaction status.
- External partners can send status query ebMS message to B2B Gateway and retrieve the transaction status based on the specified message identifier.
- External partners can send ping messages to B2B Gateway to check for service availability.
- Use the enhanced archive function to archive all ebMS transactions or only ebMS transactions that are expired.
- Use the reliable message delivery support of an ebMS protocol to ensure duplicate-elimination and the successful delivery of ebMS messages.
- Processing Policy support in B2B Gateway Services
- Associate a processing policy with a partner profile to customize the processing flow and the headers sent to the receiving partner.
- Customize ebMS message headers by setting the supported ebMS service variables in the processing policy.
- Use the response rule to customize the response processing flow. Use the error rule to customize the processing flow when error occurs.
- Configure the processing policy to access each part of received messages.
- Use B2B Gateway service variables to dynamically select a configured destination of a partner profile to perform dynamic message routing.
- Use the multistep probe to debug processing policies.
- Enhancement to the B2B Gateway Service
- B2B High Availability support
- If the primary appliance fails, the high availability configuration ensures that the secondary appliance becomes the primary one and continues to process the transactions among trading partners.
- If both appliances fail, restart them and both appliances become available in secondary mode by default. Use the B2B viewer to determine which appliance has the most recent data, and assign the appliance with the most recent data as primary and the other one as secondary.
- Enhanced Open Database Connectivity (ODBC) data source support
- Optimizes database connectivity and processing for common workloads.
- WebSphere Transformation Extender enhancements
- Supports WebSphere Transformation Extender version 8.3 features
- Enhanced support for WebSphere Transformation Extender component rules extends beyond support for constant and ODO-style (OCCURS DEPENDING ON) component rules.
- Enhanced support to handle data that is in error
- Supports deployment of DPA map files directly to the appliance from WebSphere Transformation Extender Design Studio
- Supports the use of XML schema, rather than type trees, within WebSphere Transformation Extender Design Studio
- Two previously restricted functions are relaxed: FAIL and OFFSET
- Two previously restricted adapters are unrestricted now: ECHO and SINK
- WebSphere Service Registry and Repository (WSRR) enhancements
- Supports WS-Policy Attachment files authored within WSRR Policy Editor
- Supports configuring Web Service Proxy services using WSDL files returned from WSRR saved search queries
- Supports serving of WSDL files from multiple Web Service Proxy services that use the same URI and the same port, but a different appliance interface.
- Improves synchronization performance of WSRR Concept subscriptions
Enhanced security features
- Enhanced SAML Assertion Generator for AAA Policy
- Supports an LDAP authentication and LDAP authorization setting to fetch LDAP attributes for SAML assertions. Results are synchronized with the AAA authentication cache or the AAA authorization cache.
- Supports Raw XML Document including SAML for Enveloped as a message type for signing. This message type supports an XPath expression that identifies the elements on which to sign.
- Post processing activities support generating a SAML assertion or response that can contain one or all of the following assertion types: an authentication statement, an attribute statement, and an authorization decision statement. Skew time and proxy restriction settings are supported. Configuring SAML attributes definition objects for use in post processing is supported.
- WebSphere Application Server 7 SAML Interoperability
- Supports WebSphere Application Server version 7 to use the SAML bearer and sender vouches tokens for SSL or WS-Security. The DataPower appliance can generate or consume those tokens for authentication, signing including WS-Security STR-Transform and encryption, as expected by WebSphere Application Server 7.009.
- WebSphere Application Server 7 Kerberos Interoperability
- Supports WebSphere Application Server version 7 to use the Kerberos tokens for SSL or WS Security Policy. The DataPower appliance can generate or consume the Kerberos token for secure conversation or authentication, or both, or further use them to sign or encrypt the message as expected by WebSphere Application Server 7.009.
- MTOM message validation
- Supports specifying a set of schema or WSDL documents that accept messages in which base64-encoded binary content was optimized according to the MTOM/XOP specifications. XOP binary-optimization replaces base64-encoded binary data with an xop:Include reference element that references the unencoded binary data located in an attachment. When this option is enabled, an xop:Include element can optionally appear in place of content for any XML Schema simple type that validates base64-encoded binary data. When this option is disabled, such optimized messages are rejected by the validation of the unoptimized form.
- Convert certificate objects and private key objects
- Supports converting a certificate object or a private key object, or both, to a specific output format and write it to a file. The supported format is openssh-pubkey.
- Enhanced Tivoli Access Manager (TAM) support
- Supports Microsoft Active Directory as the user registry for Tivoli Access Manager client.
- Enhanced error logging for AAA actions using Tivoli Access Manager.
- Supports the use of local mode TAM objects in a AAA policy. This includes the ability to create local mode TAM configuration files.
- Enhanced DNS resolution
- Supports setting up a first-alive hierarchy of DNS servers, for example primary and secondary, such that a given server is queried only if the servers higher in the hierarchy fail to respond to a query.
- WebSphere MQ enhancements
- The MQCSP support enables the authorization service to authenticate a user ID and password for security exit in MQ Queue Manager object.
- The MQ Queue Manager Group can work with the multi-instance feature in the WebSphere MQ server Version 7 or later for the fail over in the DataPower appliance.
- With the shared conversation feature in WebSphere MQ server Version 7 or later, you can compress the number of connections between the DataPower appliance and the MQ Server by specifying the maximum number of conversations to share a single TCP/IP connection in DataPower Queue Manager object configuration.
- Provides JSON support as a native format for request and response types.
- Enhanced communications control over the SSH File Transfer Protocol (SFTP) protocols
- Supports a client feature to send files to and retrieve files from remote servers.
- Supports strict host key and known host checking.
- Supports a poller feature to poll and retrieve files.
- Supports configuring the DataPower SFTP Server in Virtual File System mode.
- Enhanced IMS support
- Supports IMS Connect interactions that provide the completion status to enable the appliance to deliver IMS transactions with a high level of integrity.
- Supports commit mode and sync level processing of Commit Mode = 1 and Sync Level = Confirm.
- Supports a method to gracefully quiesce the appliance or certain configured portions of the appliance. Quiesce is applicable to the device as a whole as well as to domains, services, and front-side handlers.
- Status providers
- Enhanced important status providers to provide detailed information, expected values, and recommended actions.
- Memory enhancements
- Supports a backlog to which the appliance routes a configurable number of requests if the amount of free memory falls below the configured threshold. Processing of requests in the backlog is delayed until sufficient memory is available or until the configured backlog-timeout elapses. When sufficient memory is free, the appliance processes all requests in the backlog queue.
- Enhanced logging information to solve connection issues
- The system log has been improved to provide better information. Locating specific messages, sorting and filtering, and other log manipulation has been enhanced. Log messages have been rewritten for clarity.
- Disaster Recovery: Secure Backup-Restore
- Supports a secure backup-restore process for appliances that are initialized or are reinitialized in disaster recovery operational mode for use in recovering the configuration of a lost appliance. A secure backup contains private data from the appliance (cryptographic keys and user data), which the appliance encrypts with a DataPower key. You can also use the backup-restore process for migration of one appliance to another.
Note: The backup-restore process must be used among appliances that are at the same firmware level and have the same compatible configuration (auxiliary storage, iSCSI, and so forth).
- One touch must gather function
- Enhanced error reports can include optional information.
- Error reports can be automatically uploaded to local or remote file stores.
- Error reports are compressed to minimize disk-space requirements.
- Improved First-Failure Data Capture (FFDC) to capture better diagnostic information
- Enhanced information in backtraces to aid diagnosis.
- Support for log trigger points. A trigger can be created for any log message or group of messages. The trigger can be configured to launch a command when the specified message occurs.
- Packet trace IP address filter option
- Filtering of packet captures to monitor messages from a specific source or to a specific port.
- Enhancement to the email alert setting
- In addition to the "To" address in email alert setting, specify the "From" address in Troubleshooting and Failure Notification configuration to indicate the email address of the message sender.
- Enhance usability to manage configuration objects during migration
Provides system log messages that indicate the following warnings when the DataPower appliance migrates its data to a newly installed firmware version:
- An object with an invalid required property is removed from the startup configuration script.
- A complex property with an invalid required property is removed from the startup configuration script.
- A referenced property is dropped from the startup configuration script if its referenced object cannot be found.
- An invalid property is dropped from the startup configuration script with a value of empty if this firmware version does not support the value for this property and there is no default value for the property.
- An invalid property is dropped from the startup configuration script with a default value if this firmware version does not support the value for this property and changes the value to its default value.
- Unrecognizable reference or submode property causes the system to quit the object configuration mode and fail to load the remaining properties for the object.
- Enhanced Web Service Proxy interface
- Improved WebGUI performance in the Web Service Proxy configuration when populated with a large number of WSDL files.
- Introduced the IBM WebSphere DataPower SOA Appliances Information Center. In the Information Center, product documentation is available in PDF and HTML format. The Information Center is available from the Product Documentation tab of the IBM WebSphere DataPower SOA Appliances Library at the following web site: http://www.ibm.com/software/integration/datapower/library/documentation/
Note: Documentation for versions 3.8.0, 3.7.3, and 3.7.2 is available in only PDF format at the previous web site. Documentation for version 3.7.1 and earlier is available at the following web site: http://www.ibm.com/support/docview.wss?rs=2362&uid=swg21377654
For a list of the APARs that WebSphere DataPower B2B Appliance XB60 release 3.8.1 has resolved, see resolved APARs.
Compatibility with earlier releases
Compatibility issues with earlier firmware releases are documented as individual technotes in the Support knowledge base. The following link launches a customized query of the live Support knowledge base. The compatibility issues that are known to exist in the current release of the WebSphere DataPower B2B Appliance XB60 are provided.
View known compatibility issues for WebSphere DataPower B2B Appliance XB60
For additional information about problems in current releases, refer to the DataPower support site.
To determine whether your appliance (machine type) supports this firmware release, refer to technote 1430414.
For hardware specifications, refer to the IBM WebSphere DataPower SOA Appliances: Type 9235: Hardware Problem Determination and Service Guide available from the DataPower information center.
Release 3.8.1 is compatible with the following products:
Application and Web servers
Any server that conforms to the standards that the DataPower appliance supports.
Support provided for the following database servers:
- DB2: all supported versions up to 9.5
- Microsoft SQL Server: all supported versions up to 2008
- Oracle: all supported versions up to 11g R1 (11.1)
- Sybase: all supported versions up to 15
IBM Information Management System (IMS) versions 9 and 10
Any LDAP server that is compliant with LDAP version 2 or with LDAP version 3.
Microsoft .NET Windows Communication Foundation
Microsoft .NET Windows Communication Foundation (WCF) integration has the following requirements:
- WCF 3.5 or newer
- Windows 2003 Server or newer as the KDC if using the Kerberos token feature.
The following SFTP clients are supported:
- CuteFTP Professional 8.3
- OpenSSH 3.1p1 (Red Hat Linux® 7.3)
- OpenSSH 4.6p1 (Ubuntu Linux)
- OpenSSH 5.1p1
- PuTTY PSFTP, version 0.60
- SmartFTP, version 3.0
- Sun Microsystems, Sun_SSH_1.1
- WinSCP, version 4.1.6
The supported protocols are as follows:
- SSH-2 protocol defined by IETF RFC 4251
- SFTP version 3 defined by the draft-ietf-secsh-filexfer-02.txt Internet-Draft
TIBCO Enterprise Message Service (EMS), versions 4.3, 4.4, and 5.0
Tivoli Access Manager
IBM Tivoli Access Manager, versions 6.0 and 6.1
Tivoli Federated Identity Manager
IBM Tivoli Federated Identity Manager, versions 6.0.1, 6.1 and 6.2
Tivoli Security Policy Manager
IBM Tivoli Security Policy Manager, version 7.0 Fixpack 2
Microsoft Internet Explorer, versions 6 and 7, and Firefox, version 3.5
WebSphere Java Message Service
IBM WebSphere Java Message Service (JMS), versions 6.0.2 and 6.1
IBM WebSphere MQ, versions 6.0 and 7.0, as a remote server.
WebSphere Service Registry and Repository (WSRR)
Support is provided for the following IBM WebSphere Service Registry and Repository releases (minimum versions):
- WSRR 22.214.171.124 (which include APAR IZ71003)
- WSRR 126.96.36.199 plus APAR IZ71003
- WSRR 188.8.131.52 plus APAR IZ71003
- WSRR 184.108.40.206 (limited support for WSRR Subscriptions features)
- WSRR 220.127.116.11 (limited support for WSRR Subscriptions features)
- Support is provided for WS-Policy Attachment files authored with WSRR Policy Editor 18.104.22.168 plus APAR IZ71003 or later.
- Supports implementing Web Service Proxy configurations with WSDL files returned from a WSRR Saved Search when the WSRR server is WSRR 22.214.171.124 plus APAR IZ71003 or later.
- To create maps or recompile existing maps to run in the recommended DPA (DataPower Appliance) mode with extended support for component rules, use WebSphere Transformation Extender Design Studio version 126.96.36.199 or later. With version 188.8.131.52 and later, support for component rules is extended beyond support for constant and ODO-style (OCCURS DEPENDING ON) component rules. Support for component rules has the same restrictions as map rules.
- To create maps or recompile existing maps to run in the recommended DPA mode with the more limited support for constant and ODO-style component rules, use one of the following versions of WebSphere Transformation Extender Design Studio:
- Version 184.108.40.206
- Version 220.127.116.11 with IF3
Any XML tool that generates XSLT 1.0 for XML-to-XML. For non-XML, supported versions of WebSphere Transformation Extender (WTX).
For installation instructions, refer to the IBM WebSphere DataPower SOA Appliances: Upgrade and Rollback Guide available from the DataPower information center.
Known problems and limitations
Known problems and limitations are documented as individual technotes in the Support knowledge base. As problems are discovered and resolved, the IBM Support team updates the knowledge base. By searching the knowledge base, you can quickly find workarounds or solutions to problems.
The following link launches a customized query of the live Support knowledge base. The limitations and problems that are known to exist in the current release of the WebSphere DataPower B2B Appliance XB60 are provided with a workaround, if available.
View known problems and limitations for WebSphere DataPower B2B Appliance XB60
For additional information about problems in current releases, refer to the DataPower support site.
This section summarizes deprecated features in the product offerings comprising WebSphere DataPower SOA Appliances release 3.8.1. The following information summarizes what is deprecated. Where possible, a recommended migration action is provided.
View deprecated features for WebSphere DataPower SOA Appliances
Contacting IBM Support
To report a problem to IBM Support, refer to Contacting IBM WebSphere DataPower Appliances Support.