============================================================================== ============================================================================== Licensed materials - Property of IBM 5724-D96 (C) Copyright IBM Corp. 2002, 2014 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. ============================================================================== ============================================================================== README for IBM(R) WebSphere(R) Business Integration for Financial Networks for Multiplatforms V3.1.1 (Base 3.1.1.18) PTF UI18000 for APAR PI14790 Driver level: 4242 Date 2014-06-27 ============================================================================== ============================================================================== Table of contents ----------------- A About this document B Summary of changes C Planning D Installation E APAR details F Other changes G Known issues A. About this document ---------------------- Only the online version of this readme document is current. Before you install the corresponding PTF, download the latest version from: http://www.ibm.com/software/integration/wbifn/support Download the latest version of the WebSphere BI for FN product documentation from: http://www-01.ibm.com/support/docview.wss?uid=swg27041133 The structure of WebSphere BI for FN readme documents is identical for all PTFs. Sections that are not applicable are left blank. If you install more than one PTF at a time, combine the readme documents by merging the contents of each section. During the installation phase of this PTF your system cannot process messages. This readme document uses the following variables: The installation directory of WebSphere BI for FN. The directory /opt/IBM is used in examples. The customization directory. The directory /var/dni_03_01/cus is used in examples. The deployment directory. The directory /var/dni_03_01/cus/depdata is used in examples. The name of the WebSphere BI for FN instance. The name INST1 is used in examples. The name of the organizational unit. Depending on the context, this might be SYSOU, DNFSYSOU, or the name of a business OU. The names of users, groups, files, and directories are the same as those used in WebSphere BI for FN for Multiplatforms: Planning, Installation, and Customization. If you use different names, use those names instead of the names shown here. B. Summary of changes --------------------- APARs addressed by this PTF: PI14790 Base SLOW RESPONSE TIME OF AO SECURITY COMPONENT WITH LARGE NUMBER OF USERS AND ROLES PI14706 Base RMA SHOULD CHANGE TO LOGIN PAGE WHEN APPLY FILTER AFTER SESSION TIMEOUT PI16860 Base DNFCHECKRMAUTH DOES NOT RECOGNIZE "INCLUDE NONE" FOR FIN Additional functional changes: - Support of Microsoft Internet Explorer 11 added in RMA and AO Facility - Reference Data component added to AO Facility Documentation updates: The following manuals have been changed: - Concepts and Components - Messages and Codes - Planning, Installation, and Customization - System Administration - Administration and Operation Facility User's Guide The following modules have been changed: /dniv311/admin/appsrv/dniapplication.py /dniv311/admin/appsrv/res/dnf.rma.web.ear /dniv311/admin/appsrv/res/dni.home.ear /dniv311/admin/appsrv/res/dnp.ado.web.ear /dniv311/admin/bin/dnicdp.jar /dniv311/admin/data/dnfczlcr.ddl /dniv311/admin/data/dnfczl02.ddl /dniv311/admin/data/DNFRMA.xml /dniv311/admin/data/DNFRMR.xml /dniv311/admin/data/dni.properties /dniv311/admin/data/dni.xml /dniv311/admin/data/DNICOMMON.properties /dniv311/admin/data/DNICOMMON.xml /dniv311/admin/data/dnicdcig.ddl /dniv311/admin/data/dnicdcts.ddl /dniv311/admin/data/dnicdcut.ddl /dniv311/admin/data/dnicddts.ddl /dniv311/admin/data/dnicddut.ddl /dniv311/admin/data/dniczcdd.xml /dniv311/admin/data/DNIWEBHOME.xml /dniv311/admin/data/DNPAO.xml /dniv311/admin/data/DnpAo.py /dniv311/admin/data/dnpczcat.cli /dniv311/admin/data/dnpczcoy.cli /dniv311/admin/data/dnpczdat.cli /dniv311/admin/data/dnpczoar.cli /dniv311/admin/data/dnpczocg.ddl /dniv311/admin/data/dnpczocr.cli /dniv311/run/bin/dnfczml2.awk /dniv311/run/bin/dnfczmlc.sh /dniv311/run/bin/dnfczrmo /dniv311/run/bin/dnpczmca /dniv311/run/classes/dnprdu.jar /dniv311/run/data/dnpczcat.cli /dniv311/run/data/dnpczcoy.cli /dniv311/run/data/dnpczocr.cli /dniv311/run/msg/DNPO_Msg.properties /dniv311/run/msg/dnpcomsg.cat /dniv311/run/res/dnpcomsg.xml The following modules are new: /dniv311/admin/data/dnicdm05.ddl /dniv311/admin/data/dnicdm9g.ddl /dniv311/admin/data/dnpczo2g.ddl /dniv311/admin/data/DnpAo1_upd.py C. Planning ----------- C1. Checks to be done >>BEFORE<< installing a new PTF ----------------------------------------------------- 1. Check if you have any efixes (emergency fixes) applied in your WebSphere BI for FN installation. In case you have efixes installed after your previous WebSphere BI for FN PTF installation and migration contact your IBM support before installing and migrating this PTF. 2. Ensure that all previously prepared deployment instructions were carried out. 3. Ensure that all previous CDD changes were implemented using the CDP. To check this, log on to AIX on the customization system as a customizer (ucust1) and enter the following command on your customization system: /dniv311/admin/bin/dnicdpst -i -cdefs where The name of the WebSphere BI for FN instance The name of the customization definitions directory as specified in the CDP ini file, for example: /var/dni_03_01/cus/defs If the response to this command indicates that a customization operation is still pending and it was carried out in: - Customization mode (dnicdp), implement the pending operation before continuing. - Migration mode (dnicdpm): - Ensure that you have not yet shared the files contained in this or any other PTF as described in section D5 step 2. - Implement the pending operation before continuing. 4. Until the migration for this PTF has been completely finished, ensure that no changes are made to the currently implemented CDD. 5. Ensure that all configuration administration changes have been deployed. To check this, enter the following commands: dnicli -s DNI_SYSADM -ou SYSOU > list -ou % -qo amorz > list -cos % -qo amorz > list -ct % -qo amorz Each list command should result in 'No [OU/COS/CT] match search criteria'. 6. Ensure that all security administration changes have been approved. To check this, enter the following commands for each OU: dnicli -s DNI_SECADM -ou > list -ro % -qo mor [only for SYSOU] > list -rg % -qo mor [only for SYSOU] > list -user % -qo mor The list command should result in 'No roles/role groups/users found that match specified criteria'. C2. Prerequisite and supersede information ------------------------------------------ This PTF requires the following PTFs: - UI15322 for APAR PI07294 (Base 3.1.1.17, CHANGE AO FACILITY TO USE RES-AUTH CONTAINER AND SPECIFY ALL REQUIRED RESOURCES IN THE WEB.XML) C3. Roles involved ------------------ The activities in this PTF involve the following roles: - Installer (root) - Customizer (ucust1) - DB2 administrator (udb2adm1) - WebSphere MB administrator (uwmba1) - WebSphere Application Server operator (uwaso1) - WebSphere Application Server administrator (uwasa1) - First WebSphere BI for FN system configuration administrator (sa1) - Second WebSphere BI for FN system configuration administrator (sa2) - First WebSphere BI for FN security administrator (ua1) - Second WebSphere BI for FN security administrator (ua2) D. Installation --------------- D1. Stopping all sessions and services you use ---------------------------------------------- Stop all sessions and services, for example: - Stop all applications that send requests to WebSphere BI for FN. - Log out SIPN FIN LTs. - Close MSIF SnF input and output channels. - Release SWIFTNet SnF queues. - Stop the MSIF Message Transfer service. - Close all dnicli sessions. For further information, see "Administering and operating components, sessions, and services" in WebSphere BI for FN for Multiplatforms: System Administration. D2. Stopping all application servers ------------------------------------ Stop all application servers. D3. Stopping all WebSphere BI for FN message brokers ---------------------------------------------------- Stop all WebSphere BI for FN message brokers. D4. Backing up your system -------------------------- We recommend to backup your AIX LPAR so that in case of migration issues you can revert to your previous system setup and continue to process workload. D5. Installing PTF by InstallAnywhere ------------------------------------- 1. Install this PTF using IAW based on the chapter "Installing WebSphere BI for FN" in WebSphere BI for FN for Multiplatforms: Planning, Installation, and Customization. Please be aware of the following: The directory containing the installation data for this PTF has changed compared to the directory documented in this chapter. Use the path Disk1/InstData/NoVM instead of Disk1/InstData/VM. 2. Ensure that the group ownership of the /dniv311/admin directory and all of its subdirectories and files, is set to group dniadmin. To do this, enter the following command in AIX: chgrp -R dniadmin /dniv311/admin 3. Set the group ownership of the runtime directories and its files to group dnilpp. To do this, enter the following command in AIX: chgrp -R dnilpp /dniv311/run D6. Steps on a customization system ----------------------------------- To update your current definition directory and the customized administrative scripts, and to create deployment instructions and vehicles: 1. Log on to AIX on the customization system as a customizer (ucust1). 2. Change to the customization directory: cd 3. Run your customization profile: 3.1. Verify your customization profile: Ensure that the setting of the DNI_JAVA environment variable is set to the Java 6 64-bit home directory, for example: DNI_JAVA=/usr/java6_64 3.2. Run your customization profile: . ./dnicus_ 4. Start the CDP in migration mode and use the following commands to migrate customization data: dnicdpm -i > export cdd/_UI18000.cdd > import cdd/_UI18000.cdd > prepare This step updates the customized administrative scripts in the directory '//admin' and generates deployment data for migration of the run-time system for the following resource classes: - DB * Added: Tablespace DNIRDMBI * Added: Tablespace DNIRDMCT * Added: Tablespace DNIRDMCU * Added: Table DNI_RDM_BANKDATA * Added: Table DNI_RDM_CTRDATA * Added: Table DNI_RDM_CURDATA * Migrated (Drop - Create - Grant): PROCEDURE DNIvSN.DNFCHECKRMAUTH - DBGNT * Added: GRANT INSERT,SELECT,UPDATE,DELETE ON DNIvSN.DNI_RDM_BANKDATA TO DNIvRGRP GRANT INSERT,SELECT,UPDATE,DELETE ON DNIvSN.DNI_RDM_CTRDATA TO DNIvRGRP GRANT INSERT,SELECT,UPDATE,DELETE ON DNIvSN.DNI_RDM_CURDATA TO DNIvRGRP GRANT INSERT,UPDATE ON DNIvSN.DNP_AOLS TO GROUP DNIvUGRP - CFGPF (if SVB DNPAO or DNFRMA is assigned) * create instructions and files required to update the WebSphere BI for FN enterprise applications running in the application server Deployment instructions are generated in the file '///instructions.txt'. You will need this later in D7. 5. Implement the customization definition data and quit the CDP session: > implement When the message "DNIZ9013I: If you continue, the current CDD will be overwritten by a new CDD." is displayed enter 'y' to continue. > quit D7. Following the deployment instructions created in step D6 ------------------------------------------------------------ Follow the deployment instructions that were created in step D6 with the following exception: - do not execute the instructions provided for resource class CFGPF now; you will use them in step D13.4. D8. Additional activities ------------------------- D8.1. DB2 related activities - - - - - - - - - - - - - - NOT APPLICABLE. D8.2. WebSphere MB related activities - - - - - - - - - - - - - - - - - - - NOT APPLICABLE. D8.3. WebSphere MQ related activities - - - - - - - - - - - - - - - - - - - NOT APPLICABLE. D9. Restarting all WebSphere BI for FN message brokers ------------------------------------------------------ Restart all WebSphere BI for FN message brokers. D10. Prepare BAR file deployment -------------------------------- NOT APPLICABLE. D11. Redeploy updated BAR files ------------------------------- NOT APPLICABLE. D12. Migrating configuration data --------------------------------- D12.1 Generating configuration data migration scripts - - - - - - - - - - - - - - - - - - - - - - - - - - - To prepare the migration of configuration entities: 1. On the runtime system on which the message broker runs, log on to AIX as the system configuration administrator, for example, sa1, and run the profile for your runtime environment by entering: . /var/dni_03_01/run/dniprofile 2. Create a temporary directory where dnfczmlc stores the CLI command files which will contain the configuration migration statements. 3. Switch to this directory and enter the following command: dnfczmlc.sh -i [-dual YES|NO] [-to timeout] where: -i The name of the instance. -dual YES|NO Specifies whether files are to be created for a system that uses dual authorization for SYSOU. The default is -dual YES. Specify -dual NO only if dual authorization is to be turned off for both DNI_SYSADM and DNI_SECADM in SYSOU at the time when the created files are executed. Whether dual authorization is switched on or off for other OUs is irrelevant. -to timeout The number of milliseconds that the CLI waits for a response to this command before it issues an error message. The default is 100000 (100 seconds). It must be a whole number between 20000 and 9999999. Note: This command starts a long-running task that might take several minutes to complete. Check the file dnfczmlc.log to ensure that it completed successfully. The program dnfczmlc creates the following CLI command files: If dual authorization is not used (-dual NO): 1. dnfczmlc_2_sa_ent_all.cli 2. dnfczmlc_3_ua_cre_ro_all.cli If dual authorization is used (-dual YES): 1. dnfczmlc_5_sa_cre_ct_com.cli 2. dnfczmlc_5_sa_cre_ct_dep.cli 3. dnfczmlc_6_sa_cre_co_com.cli 4. dnfczmlc_6_sa_cre_co_dep.cli 5. dnfczmlc_8_ua_cre_ro_com.cli 6. dnfczmlc_8_ua_cre_ro_app.cli This PTF changes the following configuration entities: This PTF adds the following CTs: - DnpAoRdmParameters cre -ct DnpAoRdmParameters -desc 'Parameters for AO Facility reference data management' add -ct DnpAoRdmParameters -attr ApprovalRequired -type R - DnpAoRdmRights cre -ct DnpAoRdmRights -desc 'Pseudo attributes to allow access to AO Facility reference data management actions' add -ct DnpAoRdmRights -attr DISPLAY -type P add -ct DnpAoRdmRights -attr MODIFY -type P add -ct DnpAoRdmRights -attr APPROVE -type P This PTF adds the following COs: - DnpAoRdmParameters add -ou SYSOU -ct DnpAoRdmParameters -co DnpAoRdmParameters -attr ApprovalRequired -val YES - DnpAoRdmRights add -ou SYSOU -ct DnpAoRdmRights -co DnpAoRdmRights -attr DISPLAY add -ou SYSOU -ct DnpAoRdmRights -co DnpAoRdmRights -attr MODIFY add -ou SYSOU -ct DnpAoRdmRights -co DnpAoRdmRights -attr APPROVE This PTF adds the following roles: - DnpAoRdmDisplay cre -ro DnpAoRdmDisplay -desc 'Use the AO Facility to display reference data.' add -ro DnpAoRdmDisplay -ct DnpAoRdmRights -co DnpAoRdmRights -attr DISPLAY - DnpAoRdmModify cre -ro DnpAoRdmModify -desc 'Use the AO Facility to modify reference data.' add -ro DnpAoRdmModify -ct DnpAoRdmRights -co DnpAoRdmRights -attr MODIFY - DnpAoRdmApprove cre -ro DnpAoRdmApprove -desc 'Use the AO Facility to approve reference data.' add -ro DnpAoRdmApprove -ct DnpAoRdmRights -co DnpAoRdmRights -attr APPROVE D12.2 Executing the migration scripts - - - - - - - - - - - - - - - - - - - Execute the CLI command files generated in step D12.1 in the following sequence and using the following user authorization: If dual authorization was not used (-dual NO): - dnfczmlc_2_sa_ent_all.cli by any SA - dnfczmlc_3_ua_cre_ro_all.cli by any UA If dual authorization was on (-dual YES): - dnfczmlc_5_sa_cre_ct_com.cli by the first SA (sa1) - dnfczmlc_5_sa_cre_ct_dep.cli by the second SA (sa2) - dnfczmlc_6_sa_cre_co_com.cli by the first SA (sa1) - dnfczmlc_6_sa_cre_co_dep.cli by the second SA (sa2) - dnfczmlc_8_ua_cre_ro_com.cli by the first UA (ua1) - dnfczmlc_8_ua_cre_ro_app.cli by the second UA (ua2) 1. On the runtime system, log on to AIX as the indicated user and run the profile for your runtime environment by entering: . /var/dni_03_01/run/dniprofile 2. Switch to the temporary directory you created in step D12.1 and execute the generated CLI command files by entering the following command: dnicli -s -ou SYSOU -cft | tee -a UI18000cli.log where: DNI_SYSADM for files executed by the system configuration administrators, abbreviated as SA DNI_SECADM for files executed by the security administrators, abbreviated as UA The CLI command file name, for example dnfczmlc_5_sa_cre_ct_com.cli. D13. Updating the WebSphere BI for FN enterprise application ------------------------------------------------------------ D13.1. Backing up the WebSphere Application Server configuration - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Which resources you need to back up depends on whether you use a clustered application server environment or a single server: - If you have a clustered application server environment, back up your deployment manager profile and all other profiles on all nodes that belong to the cluster. - If you have a single application server environment, back up the application server profile. As the WebSphere Application Server operator (uwaso1), issue the following command for each profile that is to be backed up: On Windows: \bin\manageprofiles.bat -backupProfile -profileName -backupFile On other platforms: /bin/manageprofiles.sh -backupProfile -profileName -backupFile where represents the installation directory of the application server and represents the file name under which the backup should be stored. D13.2. Update the WebSphere Application Server environment - - - - - - - - - - - - - - - - - - - - - - - - - - - - - NOT APPLICABLE. D13.3. Restarting all application servers - - - - - - - - - - - - - - - - - - - - - Before starting to update the enterprise applications, start the application server on which the enterprise application runs. If you use a clustered application server environment, start the deployment manager, node agent, and all members of the application server cluster. D13.4. Migrating the enterprise application - - - - - - - - - - - - - - - - - - - - - - If the instructions created in step D6 contain the resource class CFGPF, follow this section now to update the enterprise applications. Note: A new web application may contain changed JavaScript and HTML files. To assure that the user works with the most current web application content it is recommended to clear the browser cache on each client workstation before the user logs in the next time. It is not sufficient to just reload the page. Please find the following sample description for the different browser types as reference for the user communication: Firefox 10.0.6 ESR and later From the menu bar select Tools -> Options. In the options dialog select the Advanced section. In the Advanced section select the Network notebook tab. Click on the "Clear Now" button to clear the browser cache. Internet Explorer 8 or later From the menu bar select Tools -> "Internet Options". On the General notebook page click the "Delete..." button in section "Browsing History". In the "Delete Browsing History" dialog check at least "Temporary Internet files" and click the Delete button to clear the browser cache. D14. Restarting all sessions and services ----------------------------------------- Restart all of the sessions and services that you use. How to do this depends on which WebSphere BI for FN features you use. For example: - Log in SIPN FIN LTs. - Subscribe MSIF to SAGs to enable file transfer and session monitoring. - Start the MSIF Message Transfer service. - Acquire SWIFTNet SnF queues. - Open MSIF SnF input and output channels. - Start the applications that send requests to WebSphere BI for FN. For further information, see "Administering and operating components, sessions, and services" in WebSphere BI for FN for Multiplatforms: System Administration. D15. Updating the Toolkit development environment ------------------------------------------------- NOT APPLICABLE. D16. Verifying your Installation --------------------------------- This PTF contains updated version of the RMA and AO Facility enterprise application. To verify that an enterprise application is the most current version: 1. Log-on to the enterprise application. 2. Click the 'About' link in the upper right corner. A dialog box opens. 3. In the dialog box, locate the build number. Compare it to the driver level specified in the header of this readme file. Both numbers should be identical. *------------------------------------------------------------------------------* * End of Activating * *------------------------------------------------------------------------------* I. APAR details --------------- Fixes for the following APARs are contained in this PTF: PI14790 SLOW RESPONSE TIME OF AO SECURITY COMPONENT WITH LARGE NUMBER OF OF USERS AND ROLES Formerly, a large number of users or roles/rolegroups in certain situations caused long response times when using the AO security component. Now, the performance for the AO security component has been improved. PI14706 RMA SHOULD CHANGE TO LOGIN PAGE WHEN APPLY FILTER AFTER SESSION TIMEOUT Formerly, when filter was applied to the relationship list after a session timeout, the user wasn't redirected to the login page. Instead, the filter summary was updated, but the content of the relationship list was not changed. This led to inconsistent information being displayed in RMA. Now, a user is automatically redirected to the login page when he tries to apply a filter after a session timeout. PI16860 DNFCHECKRMAUTH DOES NOT RECOGNIZE "INCLUDE NONE" FOR FIN According to the SWIFT FIN specification, the Excl element can only contain three digits FIN message type and not "All". This conflicts with the SWIFT RMA specifications and schema, where the "All" keyword is allowed. Formerly, according to the SWIFT FIN specification WebSphere BI for FN RM filtering stored procedure DNFCHECKRMAUTH did not recognize "Excl" "All" for FIN categories. If an RM authorization for service swift.fin (respectively swift.fin!p) was created with permissions for a category set to "Excl" "All" without adding message types in the exceptions field, the restriction did not work. Messages of the designated category were sent via SIPN FIN service. Now, the discrepancy between the SWIFT FIN specification and the SWIFT RMA specification is clarified: The FIN interface specification has to be amended to allow the "All" keyword to be present in the "Excl" element. When the "Excl" element contains the "All" keyword, all messages from that category have to be excluded from the authorisation. It must be understood the same way as the "Incl" with the "All" keyword, where all messages from that category are included in the authorisation. An "Excl" with "All" is equivalent in its meaning to the absence of that category. WebSphere BI for FN RM filtering stored procedure DNFCHECKRMAUTH has been changed to implement this SWIFT specification update. J. Other changes ---------------- - Message updates: * New response messages: DNPO0009E, DNPO1900I - DNPO1953E - Support of Microsoft Internet Explorer 11 added in RMA and AO Facility - Reference Data component added to AO Facility. For more information read Administration and Operation Facility User's Guide. - Formerly, when an AO user executed the 'recover' command from the AO LT list, a DB2 SQL error was raised because of missing access rights. Now group DNIvUGRP is granted to INSERT and UPDATE data in table DNP_AOLS. - Formerly, RDU stored the timestamp of the IMPORT command in local time in the history table. Now it is stored as a GMT timestamp. K. Known issues --------------- NOT APPLICABLE. ++++ End +++ End +++ End +++ End +++ End +++ End +++ End +++ End +++ End ++++