V5R2 Opens the Door Wider for Windows
by Jeff Van Heuklon
You may have already heard that the iSeries Client Access family of products has been renamed iSeries Access for Windows in V5R2. iSeries Access for Web and WebSphere Host Publisher have gotten much of the attention for the release because they are new products that give customers a new way of doing things. But the iSeries Access for Windows (formerly Client Access Express) has significant new function in this release also.
Here are some high points that will be most appreciated by users:
In order to meet industry standards for security and to roll out Enterprise Identity Mapping (EIM), implementation of Kerberos support in OS/400 was a requirement for V5R2. But implementing a new security protocol in a server means you need to do some work on the client too. There are actually three components of a Kerberos network: a server, a client, and a Kerberos Domain Controller (KDC). The client gets a "ticket" from the KDC when it signs into the network. Then when the client wants to make a connection to the server, it sends up the ticket instead of the usual user ID and password. When the server receives the ticket, it then sends it to the authentication server to verify that it's a valid ticket. When the authentication server tells the server that it is valid, the server allows the client's connection to succeed. In V5R2, iSeries Access can act as the client, iSeries can act as the server, and a Windows 2000 server will usually act as the KDC. A V5R2 iSeries cannot yet act as a KDC itself.
If you are familiar with Client Access Express, you know there are three choices for the user to authenticate into the iSeries. All three of those choices result in a user ID and password being sent to the iSeries. In V5R2, a fourth choice has been added, called Use Kerberos Principal Name, no prompting. When connecting to the iSeries for the first time, or when configuring the connection, specify that fourth choice, and a Kerberos ticket will be sent to the iSeries instead of the userid/password combination. This will only work if the iSeries has been configured for Kerberos, and the client PC has logged into a KDC when it first signed into the network. Also, note that the Kerberos option will only be displayed on Windows 2000 and Windows XP PCs. Older Windows operating systems do not support Kerberos. This choice is also valid for use with the Bypass Signon option of PC5250. If Bypass Signon is enabled and Kerberos authentication is selected, the user will never need to use a user ID/password to sign onto the green screen. For additional information about Kerberos configuration, go to the iSeries Information Center Web site and click on Networking/Networking Security section, and view the Scenarios listed under Network Authentication Service.
During 2001, Intel started shipping processors with a new architecture called Itanium. This was a departure from its standard 32-bit processors and was initially targeted for servers. Although Intel stated that 32-bit applications would run on these 64-bit processors, they would pay a performance penalty for running in 32-bit mode. Therefore, for V5R2, work was done on parts of iSeries Access to port code to 64-bit so that it would run natively on Itanium. Since Client Access Express customers use the ODBC and OLE DB support running on Windows servers as the middle tier of a three-tier network, it was decided to port those two components (and the components they are dependent on) first. Most other parts of Client Access Express were usually used only on Windows clients, not Windows servers. When the upcoming Microsoft Windows .NET Server operating systems become available, iSeries Access for Windows will support running on it with Itanium (as well as the standard 32-bit processors). The intention is that, when the Itanium 2 processors become available, iSeries Access will also support those once they have been tested.
From an iSeries Access installation standpoint, there is nothing special that needs to be done. If it is detected that the PC is running on a 64-bit processor, both 32- and 64-bit versions of the ODBC and OLE DB components will be automatically installed on the PC. Then when configuring the database connections, the user selects which version to use.
For example, in ODBC administration, the user clicks on which one to use when accessing iSeries database information. It is possible to run applications with the 32-bit data access interfaces and 64-bit data access interfaces simultaneously. This may occur if a user has some ODBC-compliant applications that have been ported to 64-bit, and others that have not.
Enhancement to Database Access
In addition to the work of porting some of the database access interfaces to 64-bit, functional enhancements were made. Most of these were to take advantage of new database function in iSeries DB2 UDB (the iSeries database):
There were a number of improvements/changes made to the install of iSeries Access in V5R2:
New Functions in PC5250
In V5R2, the 5250 emulator that ships with Personal Communications Version 5.5 is included with iSeries Access. The following features are new with this version:
Due to problems in previous releases, an extensive usability study was done to make it easier to get a console configured and connected to the iSeries. The results of that study have been implemented for V5R2 to make it simpler to bring up your iSeries server right out of the box. There is now better integration of wizards between Operations Console, EZSetup, and iSeries Navigator to allow for a better flow. Also, the LAN connectivity support that was added to Operations Console in V5R1 can now be utilized by EZSetup to provide a better first-time experience with this LAN feature. In addition, stability enhancements have been made to Operations Console.
Open to Windows
Enhancements have been added to V5R2 iSeries Access for Windows to make it more usable for iSeries customers. New functions in V5R2 OS/400 can be taken advantage of using this client, which no other product can currently claim. These include better security and better access of the OS/400 database. Also, the client platforms that you need supported, such as Windows XP and 64-bit, are there when you need them. Don't overlook these when learning about all the capabilities of V5R2.
Jeff Van Heuklon is currently the Technical Chief Engineering Manager for the iSeries Access family. In this role, he is responsible for iSeries Access strategy, plans, and design control. He can be reached at firstname.lastname@example.org.
Contact the Editors
Last Updated: 8/28/02
Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.