Oracle Announces End of Support For JD Edwards EnterpriseONE Technology Foundation

Long title. What’s this about?
In short, back in 2010, Oracle announced the withdrawal of JDE EnterpriseOne Technology Foundation. The final nail in this coffin comes on September 30, 2016, when technical support officially ends.
What this means is that for many customers (and I’ll get into particulars shortly) there’s a requirement to make a critical decision to either move to Oracle’s Red Stack, or procure new IBM licenses in order to remain on IBM’s Blue Stack.
There’s a variety of customers running the stack, and nearly as wide a variety of options for how companies may have deployed their JDE solution. WebSphere with DB2 is the original and most common. WebSphere with Oracle as the backend is another common combo. And there’s a variety of other blends of supported web/application servers, database servers and related middleware.
Regardless of the configuration, in most cases, these products were part of the bundled solution that customers licensed from Oracle, and now a decision point’s been reached.
This doesn’t mean Oracle’s dropping support for IBM products. This does mean there’s a change in the way they’re licensed.
So what is “Technology Foundation”?
To quote from Oracle’s documents verbatim: Technology Foundation is an Oracle product that provides license for the following components:

  • JD Edwards EnterpriseOne Core Tools and Infrastructure, the native design time and runtime tools required to run JD Edwards EnterpriseOne application modules
  • IBM DB2 for Linux, Unix, and Windows, limited to use with JD Edwards EnterpriseOne programs
  • IBM WebSphere Application Server, limited to use with JD Edwards EnterpriseOne programs
  • IBM WebSphere Portal, as contained in JD Edwards EnterpriseOne Collaborative Portal

Technology Foundation is also referred to by the nickname “Blue Stack.”
If your license for JD Edwards EnterpriseOne applications includes an item called “Technology Foundation” or “Technology Foundation Upgrade,” this affects you.
If there are any other terms like “Oracle Technology Foundation,” then this change does NOT affect you. This is also different then the foundation for JD Edwards World.
So what now? In short, if you have Blue Stack, you should contact TxMQ or IBM immediately to acquire your own licensed products to continue to run your Oracle solution. TxMQ can offer aggressive discounts to Oracle customers subject to certain terms and conditions. Contact us for pricing details. We can help with pricing, as well as with any needed migration planning and implementation support.
Contact chuck@txmq.com for immediate price quotes and migration planning today.
Image from Håkan Dahlström.

POODLE Vulnerability In SSLv3 Affects IBM WebSphere MQ

Secure Socket Layer version 3 (SSLv3) is largely obsolete, but some software does occasionally fall back to this version of SSL protocol. The bad news is that SSLv3 contains a vulnerability that exposes systems to a potential attack. The vulnerability is nicknamed POODLE, which stands for Padding Oracle On Downgraded Legacy Encryption.

The vulnerability does affect IBM WebSphere MQ because SSLv3 is enabled by default in MQ.
IBM describes the vulnerability like this: IBM WebSphere MQ could allow a remote attacker to obtain sensitive information, caused by a design error when using the SSLv3 protocol. A remote user with the ability to conduct a man-in-the-middle attack could exploit this vulnerability via a POODLE (Padding Oracle On Downgraded Legacy Encryption) attack to decrypt SSL sessions and access the plaintext of encrypted connections.”

The vulnerability affects all versions and releases of IBM WebSphere MQ, IBM WebSphere MQ Internet Pass-Thru and IBM Mobile Messaging and M2M Client Pack.

To harden against the vulnerability, users should disable SSLv3 on all WebSphere MQ servers and clients and instead use the TLS protocol. More specifically, WebSphere MQ channels select either SSL or TLS protocol from the channel cipherspec. The following cipherspecs are associated with the SSLv3 protocol and channels that use these should be changed to use a TLS cipherspec:
AES_SHA_US
RC4_SHA_US
RC4_MD5_US
TRIPLE_DES_SHA_US
DES_SHA_EXPORT1024
RC4_56_SHA_EXPORT1024
RC4_MD5_EXPORT
RC2_MD5_EXPORT
DES_SHA_EXPORT
NULL_SHA
NULL_MD5
FIPS_WITH_DES_CBC_SHA
FIPS_WITH_3DES_EDE_CBC_SHA

On UNIX, Linux, Windows and z/OS platforms, FIPS 140-2 compliance mode enforces the use of TLS protocol. A summary of MQ cipherspecs, protocols and FIPS compliance status can be found here.

On the IBM i platform, use of the SSLv3 protocol can be disabled at a system level by altering the QSSLPCL system value. Use Change System Value (CHGSYSVAL) to modify the QSSLPCL value, changing the default value of *OPSYS to a list that excludes *SSLV3. For example: *TLSV1.2, *TLSV1.1, TLSV1.

TxMQ is an IBM Premier Business Partner and “MQ” is part of our name. For additional information about this vulnerability and all WebSphere-related matters, contact president Chuck Fried: 716-636-0070 x222, chuck@TxMQ.com.

TxMQ recently introduced its MQ Capacity Planner – a new solution developed for performance-metrics analysis of enterprise-wide WebSphere MQ (now IBM MQ) infrastructure. TxMQ’s innovative technology enables MQ administrators to measure usage and capacity of an entire MQ infrastructure with one comprehensive tool.
(Photo from J Jongsma)

Go 'Lite" With Liberty Core Option For IBM WebSphere Application Server

Sometimes less is more. So beware of companies and consultants who want to sell you too much. Application-server software is a perfect example. If you’re a smaller shop, or a shop that runs lightweight apps, you probably don’t need a full-suite server-software deployment. TxMQ often advises clients to lighten up. Within an IBM environment, we commonly recommend WebSphere Application Server (WAS) Liberty Core rather then a full WAS Liberty Profile deployment.
Liberty Core offers an entry-level price point for smaller shops like small businesses and independent software vendors. But it’s also popular for larger enterprises – especially larger IT-development shops – where rapid app dev and deployment are the prime directives. The nice thing about opting for Core is the ease with which you can then upgrade into the entire WAS product sphere. There’s no penalty for starting small.
To lay out the Liberty Core option a bit more,  the software helps you:

  • Leverage the integrated tooling to increase development productivity and complete projects much more quickly – all while adhering to open standards.
  • Save money through the more efficient use of resources – both human and metal. Think lightweight functionality that drives stout production.
  • “Future-Proof” your apps through the easy addition of custom or 3rd-party components.

As of this writing, Liberty Core was in version 8.5.5 with documented support for AIX, HP-UX, Linux, Solaris, Windows, IBM i and Mac OS.
TxMQ is ready to answer any and all of your application-server questions. Initial consultations are free and always confidential. Contact vice president Miles Roty: (716) 636-0070 x228, miles@txmq.com.
 

MQ Capacity Planner: More Info About MQ Monitoring

TxMQ is set to debut its new MQ Capacity Planner (MQCP) utility next week at the MQ Technical Conference in Sandusky, Ohio. We’re offering two live-demo sessions with MQCP author Allan Bartleywood:

  • Monday, Sept. 29 at 11:15 a.m.
  • Wednesday, Oct. 1 at 11:15 a.m.

For those who can’t attend, MQCP is a brand-new, proprietary MQ monitoring and testing utility for MQ message flow. More specifically, MQCP is a multithread testing tool for IBM WebSphere MQ environments that is capable of testing any volume of application-data messages generated by any number of concurrent application instances assigned to any number of queue managers in order to obtain highly detailed performance reports of queue times and package priorities measured against total message capacity, CPU loads and throughput times.
Results provide accurate estimates of optimal message sizes to better diagnose bottlenecks and boost overall MQ, network and application performance.
To dig a bit deeper into functionality, MQCP’s strength is in the detail. Typical MQ test scripts simply can’t offer the insight and absolute detail of MQCP, which essentially allows the user to shine a light into the dark corners of an MQ environment to reveal any cobwebs that slow down performance. And the tool is indispensible for network change control: Anytime you change out a network configuration item, run MQCP again and compare performance to the previous baseline to measure how an implementation truly affects MQ performance. It’s really that simple.
More details on MQCP will emerge over the following weeks. There’s additional information included on our MQCP page (click here to visit).
Interested in trying the MQCP? Contact TxMQ president Chuck Fried and ask about our MQCP Pilot Program: (716) 636-0070 x222, chuck@txmq.com.

Details: Fix Pack 8.0.0.1 for WebSphere MQ 8.0

IBM recently released its first fix pack for WebSphere MQ 8.0. The 8.0.0.1. fix pack is now available on the following:

  • AIX
  • Linux on x86
  • Linux on x86_64
  • Linux on zSeries 64-bit
  • Linux on POWER
  • HP-UX for Itanium
  • Solaris SPARC
  • Solaris on x86_64
  • Windows
  • IBM i

The 8.0.0.1 fix pack addresses the following APARS:

IT00493         Mqxr server receives probe ID XR071002 unsubscribe failed with mqcc_failed RC=2429 mqrc_subscription_in_use AMQXR0004E
IT00497         WebSphere MQ 7.0.1: queue manager can not start after upgrade TOV7.0.1.10 or V7.0.1.11
IT00960         WebSphere MQ V7 client .NET applications using get with waitinterval greater than 300 seconds fail with MQRC=2009.
IT01241         WebSphere MQ V7 client application reports sigsegv on while connecting to the queue manager using ccdt file.
IT01374         WMQ V7 java: a message may not be converted to unicode when SHARECNV=0 is set on a client channel.
IT01511         WMQ mft: new transfer request panel from the WMQ explorer does not function properly when a sfg agent is selected.
IT01607         WMQ ams: AMQ9044 log message says message was sent to system.protection.error.queue but was rolled back
IT01798         WMQ 7.5: WebSphere MQ default configuration wizard on Windows terminates with no error message.
IT01799         Dspmqrte returns 2046 ‘mqrc_options_error’ when connecting in client mode to a V7.1 queue manager running on z/OS.
IT01966         Creation of a 64-BIT Oracle switch load file for WebSphere MQ Java client fails on Linux 64.
IT01972         Queue manager trace is turned off for an application thread withmultiple shared connections after an mqdisc call is issued
IT02055         FDC probe XC130004 within function rfichooseone reporting sigfpeexception, and termination of queue manager processes
IT02122         Unable to connect to WMQ mft configuration via remote queue manager using ccdt under WMQ explorer
IT02194         WebSphere mq: clwlrank and clwlprty ignored when using like parameter
IT02389         Amqsbcg retreives incorrect message on the destination queue when API exit removed message properties
IT02422         WMQ V7.5 Java application fails with reason code 2025 (mqrc_max_conns_limit_reached) after network outages
IT02480         WebSphere MQ output from ‘dmpmqcfg’ is incorrect for runmqsc input for defining selector strings
IT02684         Data missing from WMQ V7.5 .NET application trace when tracing is repeatedly stopped and started while application is running
IT02701         MQ 7.5 setmqm fails without error when mqs.ini contains a blank line(s) at the end of the file.
IT02920         FDC with probe ID CO052000 and errorcode rrce_bad_data_received is generated by the WebSphere MQ V8 queue manager.
IT02981         WebSphere MQ V7.5: addmqinf command fails if queue manager file system is not available.
IT03124         WMQ 7.5: a svrconn channel terminates when browsing the system.admin.trace.activity.queue
IT03154         Ibm MQ 8.0: AMQ5657 message is written in error log without the text AMQ5657
IT03205         Defxmitq can be set to system.cluster.transmit.queue using the crtmqm -d switch, but this should not be allowed
IT03551         WMQ V7.5: .NET application fails to connect to queue manager with RC=2232 (mqrc_unit_of_work_not_started).
IT03711         WebSphere MQ 7.5 probe ID XC333030 component xlspostevent reports major error code 16 (einval)
IT03825         WMQ V8.0: rc 2195 FDC probe ID XC130031 when using authinfo withauthtype(idpwldap)
IV40268         AMQ9636: ‘ssl distinguished name does not match peer name’ errorwhen using ssl/tls channels with multi-instance queue managers.
IV56612         Channel moves to running state and ping completes on a sender channel with trptype(tcp) and receiver channel TRPTYPE(LU62)
IV58306         Memory leak in amqrmppa observed while queue manager is running
IV59264         ABN=0C4-00000004 in csqmcprh when using the WebSphere MQ classesfor Java
IV59891         Ibm MQ 7.1 or 7.5 dspmqtrc writes out incorrect time stamps whenformatting 7.0.1 trace files
IV62648         Mqcmd_reset_q_stats processing ends for all queues if one queue is damaged
IV63397         WebSphere MQ 7.0.1.7 queue manager is unresponsive and generatedfdc’s with probe id’s XC034070 and XC302005
IV64351         MQ runmqras command fails to ftp data with error message “address unresolved for server address ftp.emea.ibm.com”
PI19991         Various problems encountered in the qmgr and chin late in the final test cycle. fix needed for stability and migration
SE59149        WebSphere MQ V710: language MQ ptf is incorrectly replacing the qsys prx cmds with the real cmds instead
SE59368        After executing the wrkmqmcl command the wrkmqm command falsely shows active queue managers as inactive.
XX00217        MQ V8 explorer password field in the userid pane of the queue manager properties appears populated when no password defined
XX00222        MQ explorer 8.0 on windows: when trying to export/import, using french version, unable to select a destination file or folder
XX00223        MQ managed file transfer plugin for MQ explorer cannot connect to a coordination queue manager configured to use SSL
“It’s In Our Name!” – TxMQ is an IBM Premier Business Partner and we specialize in WebSphere MQ consulting. Initial consultations are free and communications are always confidential. Contact vice president Miles Roty for more information: (716) 636-0070 x228, miles@txmq.com.
(Photo by Kate Ter Haar, Creative Commons license.)

Four Different Options For WebSphere Cast Iron Deployment

IBM’s WebSphere Cast Iron cloud-integration product is the industry’s best-in-class solution for two reasons: 1. Its cross-service flexibility, and 2. Its ultra-easy graphical interface.  Deploy Cast Iron then drag and point your different integration preferences.
Cast Iron is perhaps best known for easy and complete Salesforce integration – use Cast Iron to integrate Salesforce data with the rest of your enterprise data – but Cast Iron recently reached a new critical mass centered on the integration and synchronization of mobile-application data and social-media data across the enterprise. Cast Iron is especially effective for integrating contemporary data, like that from mobile and social, with legacy data driven by homegrown applications.
Cast Iron is easy to adopt and deploy and there are four different deployment options. They are:

  • Cast Iron Hypervisor Edition: This is a virtual appliance that sits on existing servers by way of virtualization technology. It’s a great way to speed the path through demo and staging to production, and as of June 2014 it includes Xen server support.
  • Cast Iron Express: A cloud-based version that assists in the integration of Software as a Service (SaaS) data with other data sources. This is the most popular Salesforce solution.
  • Cast Iron Live: This is a cloud-based multi-seat version that’s best for cloud/on-premise hybrid environments.
  • DataPower Cast Iron Appliance XH40: This is real metal – a self-contained, physical appliance that connects cloud and on-premise applications.

TxMQ specializes in Cast Iron integration solutions for businesses of all sizes. For more information, contact vice president Miles Roty – (716) 636-0070 x228, miles@txmq.com – for a confidential and free initial consultation.

Even More Integration Options For the DataPower XB62

I wanted to continue yesterday’s blog with a few more details about the WebSphere DataPower XB62 appliance – in particular, its flexibility. Along with application and B2B integration, the XB62 can also very rapidly transform data between a number of different formats such as XML, industry standards and even custom data formats.
Furthermore, the XB62 is capable of broader integration functions including routing, bridging, transformation and event handling. And because it’s also a security appliance, DataPower integration solutions by their nature are stable, secure, reliable and performance-oriented.
The DataPower solution is especially elegant for companies that handle more than XML and find themselves needing to connect their B2B and SOA deployments at the same time they manage a stew of proprietary, legacy and trading-partner-specific data formats.
Essentially, the XB62 is a true drop-in B2B and SOA integration point that can stretch vital applications across the enterprise. The immediate benefit is that a company can bring services to market more quickly, and better accommodate clients and partners via painless and secure data and application integration.
For more information on TxMQ’s many DataPower solutions for all industries, contact vice president Miles Roty – (716) 636-0070 x228, miles@txmq.com – for a confidential and free initial consultation.
Illustration by Sean MacEntee (Creative Commons license).

WebSphere Cast Iron Hypervisor Delivers Xen Support

WebSphere Cast Iron Hypervisor fix pack version 7.0.0.1 became available on June 30, 2014, and with it came support for the Xen server as hosting environment.
Cast Iron Hypervisor delivers rapid cloud integration for companies that want to harmonize business processes across a hybrid landscape. Cast Iron delivers elegant integration solutions like the ability to:

  • Quickly connect cloud and on-premise applications
  • Chaperone legacy integrations into the cloud
  • Collaborate with IBM Worklight to externalize mobile-app enterprise data and processes

With the 7.0.0.1 fix pack, Hypervisor can now run on one of these following hosting environments:

  • VMware ESX/ESXi 4.1, 5.0 or 5.1
  • IBM PureApplication System W1500 1.0.0.4
  • Xen server 4.1.2 running on Red Hat Enterprise Linux (RHEL) Server release 5.6 and later 6.0

TxMQ offers full Cast Iron service and support. Contact VP Miles Roty for more information: miles@txmq.com, 716-636-0070 x228.
 

Lifecycle Dates For The Hardware Generation Machine Types – Includes DataPower, Cast Iron & More

The table lists the planned dates that Remote Technical Support will be withdrawn for each Hardware Generation of the IBM WebSphere Appliances – DataPower, Cast Iron, along with IBM Workload Deployer and IBM Cloudburst appliances:
All statements regarding IBM future direction or intent, including current product plans, are subject to change or withdrawal without notice and represent goals and objectives only. All information is provided for informational purposes only, on an “as is” basis, without warranty of any kind.
Notes
• May make support extensions available, for an additional fee, after the standard service end date has been met and as inventory and capability is sustainable
• Extended service maintenance agreements contain limited terms and conditions. Refer to the Service Extension agreement for more details. Contact your IBM Sales rep for additional information regarding extended service maintenance agreements.

Managed Vs. Unmanaged Web Servers for IBM WAS

What’s the difference between “managed” web servers and “unmanaged” web servers?
I’m glad you asked! There are several types of web servers that can be used with IBM WebSphere Application Server (WAS), including the Apache HTTP Server, Microsoft IIS web server and Sun Java System web server, among others. However, these non-IBM web servers CANNOT be controlled by IBM’s WebSphere Application Server (WAS).
Only the IBM HTTP Server (IHS) can be controlled by IBM WAS. And it’s the IBM HTTP Server (IHS) web server, specifically, that drives the concept of “managed” versus “unmanaged.”
A managed IHS web server is one that is installed on the same system as a WAS node agent and controlled by that WAS node agent.
WAS Admin —commands–> WAS node agent —controls–> IHS web server
An unmanaged IHS web server is one that is installed on a system that does not have any WAS node agent; therefore, it must use the IBM HTTP Server Administration Server to be controlled from WAS.
WAS Admin —commands–> IHS Admin server —controls–> IHS web server
It’s possible to use WAS Admin console to control the IHS web server in both cases. Managed simply means that the commands go from WAS Admin to a WAS node agent that controls the IHS web server on that system. Unmanaged means that the commands go from WAS Admin to an IHS Admin server which controls the IHS web server on that system.
Maybe an example will help shed some light on this concept: IHS installed on a stand-alone WAS server (no node agent) can be controlled by WAS only if the IHS Admin Server is configured and running. This is an unmanaged scenario. In version 8.0 and later, the Plug-in Configuration Tool (PCT) refers to this as “local_standalone” config type.
Here’s another example to explain further: IHS installed on a WAS node that’s federated to a WAS cell, and under the control of a WAS deployment manager, can be controlled by the WAS deployment manager – sending commands through the WAS node agent on the IHS system. This is the managed scenario. In version 8.0 and later, the Plug-in Configuration Tool (PCT) refers to this as “local_distributed” config type. Note the difference between the config types in our two examples.
What about IHS installed on the WAS deployment manager system itself?
If there’s also a federated WAS node on that same system, you can use that WAS node agent to control the IHS web server in a managed scenario (local_distributed).
If there is not any federated WAS node on that same system, you will need to use IHS Admin Server to control the IHS web server in an unmanged scenario (local_standalone).
If the IHS web server is installed on a separate system that does not have any WAS, and you want to control it remotely from the WAS Admin Console on another system, that would be considered an unmanaged scenario, so you will need to use the IHS Admin Server on the IHS system. In version 8.0 and later, the plugin Configuration Tool (PCT) refers to this as “remote” config type.
WAS Admin —commands across network—> IHS Admin server —controls–> IHS web server
For detailed instructions on how to configure IHS, plugin, or IHS Admin server, please contact consulting@txmq.com. To speak with a TxMQ WebSphere sales representative, call (716) 636-0070 (228) for company Vice President Miles Roty.