V5R2 Opens the Door Wider for Windows

by Jeff Van Heuklon

You may have already heard that the iSeries Client Access family of products has been renamed iSeries Access for Windows in V5R2. iSeries Access for Web and WebSphere Host Publisher have gotten much of the attention for the release because they are new products that give customers a new way of doing things. But the iSeries Access for Windows (formerly Client Access Express) has significant new function in this release also.

Here are some high points that will be most appreciated by users:

• Kerberos support
• 64-bit support
• Enhancements to database access
• Install improvements
• New functions in PC5250
• Operations Console/EZSetup

Kerberos Support

In order to meet industry standards for security and to roll out Enterprise Identity Mapping (EIM), implementation of Kerberos support in OS/400 was a requirement for V5R2. But implementing a new security protocol in a server means you need to do some work on the client too. There are actually three components of a Kerberos network: a server, a client, and a Kerberos Domain Controller (KDC). The client gets a "ticket" from the KDC when it signs into the network. Then when the client wants to make a connection to the server, it sends up the ticket instead of the usual user ID and password. When the server receives the ticket, it then sends it to the authentication server to verify that it's a valid ticket. When the authentication server tells the server that it is valid, the server allows the client's connection to succeed. In V5R2, iSeries Access can act as the client, iSeries can act as the server, and a Windows 2000 server will usually act as the KDC. A V5R2 iSeries cannot yet act as a KDC itself.

If you are familiar with Client Access Express, you know there are three choices for the user to authenticate into the iSeries. All three of those choices result in a user ID and password being sent to the iSeries. In V5R2, a fourth choice has been added, called Use Kerberos Principal Name, no prompting. When connecting to the iSeries for the first time, or when configuring the connection, specify that fourth choice, and a Kerberos ticket will be sent to the iSeries instead of the userid/password combination. This will only work if the iSeries has been configured for Kerberos, and the client PC has logged into a KDC when it first signed into the network. Also, note that the Kerberos option will only be displayed on Windows 2000 and Windows XP PCs. Older Windows operating systems do not support Kerberos. This choice is also valid for use with the Bypass Signon option of PC5250. If Bypass Signon is enabled and Kerberos authentication is selected, the user will never need to use a user ID/password to sign onto the green screen. For additional information about Kerberos configuration, go to the iSeries Information Center Web site and click on Networking/Networking Security section, and view the Scenarios listed under Network Authentication Service.

64-bit Support

During 2001, Intel started shipping processors with a new architecture called Itanium. This was a departure from its standard 32-bit processors and was initially targeted for servers. Although Intel stated that 32-bit applications would run on these 64-bit processors, they would pay a performance penalty for running in 32-bit mode. Therefore, for V5R2, work was done on parts of iSeries Access to port code to 64-bit so that it would run natively on Itanium. Since Client Access Express customers use the ODBC and OLE DB support running on Windows servers as the middle tier of a three-tier network, it was decided to port those two components (and the components they are dependent on) first. Most other parts of Client Access Express were usually used only on Windows clients, not Windows servers. When the upcoming Microsoft Windows .NET Server operating systems become available, iSeries Access for Windows will support running on it with Itanium (as well as the standard 32-bit processors). The intention is that, when the Itanium 2 processors become available, iSeries Access will also support those once they have been tested.

From an iSeries Access installation standpoint, there is nothing special that needs to be done. If it is detected that the PC is running on a 64-bit processor, both 32- and 64-bit versions of the ODBC and OLE DB components will be automatically installed on the PC. Then when configuring the database connections, the user selects which version to use.

For example, in ODBC administration, the user clicks on which one to use when accessing iSeries database information. It is possible to run applications with the 32-bit data access interfaces and 64-bit data access interfaces simultaneously. This may occur if a user has some ODBC-compliant applications that have been ported to 64-bit, and others that have not.

Enhancement to Database Access

In addition to the work of porting some of the database access interfaces to 64-bit, functional enhancements were made. Most of these were to take advantage of new database function in iSeries DB2 UDB (the iSeries database):

• Access to databases on other independent auxiliary storage pools (iASPs). An IASP is a collection of disk units that you can bring online or take offline independent of the rest of the storage on a system. These can contain external libraries that can be accessed just like the primary library of an iSeries. Selection of an IASP can be done through configuration of the specific database function. For example, the IASP can be selected with the Data Transfer application by going to File/Properties and then selecting the Library List tab. The desired iSeries library can then be entered.
• Support for the Lotus 123 Version 9 spreadsheet has been added to the iSeries Access Data Transfer application.
• The Data Transfer application can now upload more than 256 columns of data to a database file.
• ODBC and OLE DB now support ROWID, 64K SQL statements, and additional descriptor information. ROWID allows actions to be targeted at a specific row of a table using a unique ROWID designation. The new 64 KB SQL statement maximum is an increase from 32 KB in the previous release.
• OLE DB has added support for updateable cursors for the SQL dialect.
• OLE DB now is now threadsafe, so that it works better in multiuser environments.

Install Improvements

There were a number of improvements/changes made to the install of iSeries Access in V5R2:

• Silent Install: Previously, users did not know that a silent install was taking place and did not know when it was safe to shut down the PC. In V5R2, a Task Tray icon will alert users that a silent install is in progress and will show percentage complete if the mouse is held over the icon. A message will be displayed if the install fails.
• Capability to create a customized install image on a CD-ROM: This is good for remote, slower connections and is also a way to control what functions of Access for Windows can be installed by users. Administrators can ship out the customized CD-ROM to their users so that they cannot install components that the administrators don't want them to have. Also, it is now possible to have the Secure Sockets Layer (SSL) component selected to be included in a customized image.
• Removal of the 5722-CE2 (56-bit SSL) product: Because of changes to import and export laws, it is now acceptable to ship 128-bit encryption to all countries to which iSeries servers can be sold. Therefore, the 56-bit version of the SSL component has now been withdrawn. Any user upgrading from Client Access Express who has CE2 installed will automatically get 128-bit SSL installed (if the V5R2 5722-CE3 product is installed on the iSeries).
• No support for Windows 95: Although install on Windows 95 will be allowed, this platform is not supported. This is due to the fact that Microsoft no longer supports this operating system, and that iSeries Access now has a dependence on Winsock 2 for TCP/IP communications. (Windows 95 shipped with Winsock 1.1.) Users can download Winsock 2 from Microsoft and install it on the PC, and this may allow most iSeries functions to work. But this is not a supported environment.
• Support for installing and running on Windows XP: This was also available via a service pack to V5R1.

New Functions in PC5250

In V5R2, the 5250 emulator that ships with Personal Communications Version 5.5 is included with iSeries Access. The following features are new with this version:

• Improved national language support, including updated support for Japanese and Hindi
• A new session management utility that makes it easier to manage configured sessions and create new ones
• An ease-of-use option called "edit wrap pasted text" to ensure words are not divided when pasting across lines
• An ease-of-use improvement to move the plus (+) or minus (-) sign before the number (versus after) when copy/pasting to make it more consistent with other Windows applications
• Better error messages. A new telnet protocol for identifying connection problems has been implemented. What this means to you is improved information on why a connection may have failed, and what needs to be done to correct a problem.

Operations Console/EZSetup

Due to problems in previous releases, an extensive usability study was done to make it easier to get a console configured and connected to the iSeries. The results of that study have been implemented for V5R2 to make it simpler to bring up your iSeries server right out of the box. There is now better integration of wizards between Operations Console, EZSetup, and iSeries Navigator to allow for a better flow. Also, the LAN connectivity support that was added to Operations Console in V5R1 can now be utilized by EZSetup to provide a better first-time experience with this LAN feature. In addition, stability enhancements have been made to Operations Console.

Open to Windows

Enhancements have been added to V5R2 iSeries Access for Windows to make it more usable for iSeries customers. New functions in V5R2 OS/400 can be taken advantage of using this client, which no other product can currently claim. These include better security and better access of the OS/400 database. Also, the client platforms that you need supported, such as Windows XP and 64-bit, are there when you need them. Don't overlook these when learning about all the capabilities of V5R2.

Jeff Van Heuklon is currently the Technical Chief Engineering Manager for the iSeries Access family. In this role, he is responsible for iSeries Access strategy, plans, and design control. He can be reached at jjvan@us.ibm.com.

Sponsored By SOFTLANDING SYSTEMS

DOWNLOAD FREE WEBSPHERE TOOLKIT! Automate WebSphere management tasks on the iSeries with commands that stop/start a WAS instance, install Enterprise applications, pre-compile JSPs in production before users access them, copy configs for editing, backup, or applying to another server, and more. If your WebSphere environment includes the iSeries, these tools and other solutions from SoftLanding Systems will give you a head start on managing your WebSphere applications. TurnOver Change Management oversees the entire development process from request thru deployment to any server -- iSeries, Windows, Unix, or Linux. Automate WebSphere Application Server tasks within TurnOver with the FREE WebSphere toolkit. PVCS Version Manager plugs into both the WebSphere IDE and TurnOver to deliver the most streamlined, integrated management of WebSphere and iSeries objects available today. TurnOver PDQ almost entirely eliminates downtime during database changes or reorgs. SoftLanding brings you a powerful combination of WebSphere-integrated software to streamline and automate your entire WebSphere development process. Get your free WebSphere tools and more CM info online, or call SoftLanding at 603-924-8818 x1.