Features Added in Enterprise Server 5.0

Back to Top

Micro Focus has worked with Amazon Web Services (AWS) to create an AWS Quick Start for Enterprise Server. The Quick Start includes AWS CloudFormation templates and a deployment guide with step-by-step instructions that enable you to deploy Enterprise Server into a new or existing virtual private cloud (VPC) on the AWS Cloud in about 1 hour and 15 minutes.

For full information see Enterprise Server on AWS.

Back to Top

This release offers an enhanced and improved availability, and serviceability of Enterprise Server through the ability to administer and maintain a cross-system group of regions as a single system image with the new Performance and Availability Cluster (PAC).

In order for different Enterprise Server instances to be able to work together, they need to be able to share data. This is achieved through the use of a Scale Out Repository (SOR). All ES instances in a PAC will have a common SOR (PSOR) which is used to store CICS resources (limited to PCTs, PPTs, FCTs, DCTs and TSTs in this release) as well as internal system data to facilitate synchronisation between instances. Temporary Storage Queues and Transient Data Queues can also be shared between Enterprise Server instances by directing them to a SOR. Benefits of using PACs and SORs in this way include:

• Reduced hardware costs - taking advantage of the PAC to scale-out rather than scaling-up for more efficient use of processor resources.
• Easier maintenance - Dynamically adding or removing of regions to the PAC for system maintenance.
• Increased availability - in the event of the failure of an Enterprise Server instance, the PAC can continue to operate with reduced capacity. Enterprise Server instances can reside on different machines, improving availability further.
• Dynamic scaling - Enterprise Server instances can be added to, or removed from, the PAC depending on demand.
• Better performance - throughput is no longer restricted by the resources on a single machine (scale-up).
• Improved serviceability - you can now administer the PAC and any associated regions as a single image from a new contemporary web-based administration interface (ESCWA).

Back to Top

Enterprise Developer now includes a new Enterprise Server Common Web Administration interface (ESCWA). ESCWA is a web user interface and server for modern administration, monitoring and control of Enterprise Server. It offers improved usability that consolidates the different Enterprise Server user interfaces so that native and managed regions, and security stores can be managed in one place. Features include:

• Administering directory servers across multiple hosts.
• Monitoring and control of CICS and JES Enterprise Server instances.
• Configuring and administering a security store, defined in an LDAP-compatible security manager such as Microsoft Active Directory or OpenLDAP.
• Administering the Scale-Out features - enable you to specify logical groups of Enterprise Server instances, and configure and run Performance Availability Clusters (PACs) and their related Scale-Out Repositories (SORs).
• Administering, monitoring and control of Enterprise Server for .NET regions and listeners.
• The use of current web frameworks that have a greater focus on security.
• (Included with 5.0 Patch Update 2 ) - support for Enterprise Server XA, MQ and PL/I configuration and monitoring. This includes support for XA resources, configuring MQ, Listeners and Writers, PL/I, MFCS console, Region Trace options, displaying the current ESMs on logon page and Local/loopback connections warning changes.

Back to Top

This release includes the following enhancements:

• CRCN CICS transaction - this new in-built CICS transaction monitors the state of XA connections for each resource manager (RM) entry defined in the system. If CRCN finds that connections have become unavailable, it will attempt to reconnect at regular intervals. (The frequency of the monitoring is controlled by the ES_XA_RECONNECT environment variable.) CRCN will emit messages to the console to warn of connections lost and regained.

Back to Top

This release provides the following enhancements:

• The Data File Editor now includes a Compare Files tool that enables you to compare the contents of two data files side-by-side.
• Structure files, and the layouts within them, can now be created within the Data File Editor; you no longer need to use the Classic Data File Tools utility to manage your layouts.
• When connecting to a VSAM dataset stored in an enterprise server region, you can store any passwords required for access, for the duration of your current session.
• You can view archived JES spool jobs that have been merged into one spool file using the merging archived spool files process.
• You can now quickly duplicate records in non-indexed files, using the Duplicate Record option.

Back to Top

This release includes the following enhancements:

• Security - security features can now be employed when developers and administrators install new COBOL services (web services and EJBs) into an enterprise server instance over the network. There are a number of authentication and authorization options that can be enabled. See Deployment Listeners and The .mfdeploy File.
• Vault Facility - a new security feature has been added that enables some Enterprise Server components to keep certain sensitive information in a form of storage defined as a vault, accessible via a configurable vault provider. The default vault provider stores data in encrypted format on disk.
• OpenSSL 1.1.1 - the OpenSSL security provider has been updated to OpenSSL version 1.1.1.

  This is the stable Long Term Support version of OpenSSL.

  • Added support for the ratified TLS protocol version 1.3. TLS 1.3 benefits include:
    • Much shorter initial connection negotiation sequence. This reduces the time taken to establish a link before starting to transmit data.
    • Using only the most secure ciphers and hash methods.
    • TLS 1.3 will be negotiated in preference to the older TLS protocols.
  • Added support for new Ciphers and Key Exchange groups in line with TLS 1.3 requirements.
  • The default security level for previously configured endpoints has been moved from Security Level 0 to Security Level 1. This removes the ability to accidentally make use of known-weak elements such as SSL3 and MD5. Similar changes to the default Security Level have recently happened to Java, Chrome, Firefox, and other systems providing secure connections.
• Fileshare Security - the Fileshare Secure TCP/IP transport provider now supports the trusted use of X509 certificates bearing the name of the Fileshare service as the Common Name element of the certificate.

  In previous releases, a secure connection to a Fileshare server was made using a certificate that represented the network location upon which the Fileshare service was located. This method is still supported, but does not distinguish between the exact Fileshare server that is being connected to when more than one service can exist on a single host system. With this change, individual Fileshare services can identify themselves by using a unique certificate. While running on the same host and registered with the same network endpoint.

• Support for Active Directory user groups and group name mapping - the Enterprise Server External Security Facility's MLDAP ESM Module can now use Active Directory user group objects for Enterprise Server user groups. Also, the module can now map long group names to the 8-character-maximum names required for mainframe emulation.
• Selective auditing - administrators can audit only security activity of particular interest, reducing audit overhead and the volume of events. The Enterprise Server External Security Facility's MLDAP ESM Module can now enable ESF Audit events only for particular users, groups, and resources.
• Improved interaction with LDAP client libraries resulting in fewer LDAP-related issues and easier diagnostics - the Enterprise Server External Security Facility's MLDAP ESM Module has improved interoperation with LDAP client libraries:
  • The client library vendor and version information is logged after the library is loaded
  • The module has better heuristics for loading the correct library supplied by the OS vendor, so the "provider" configuration option can generally be omitted
  • For OpenLDAP, the module sets its proprietary "connect timeout" option
• SNI support (requires 5.0 Patch Update 1 or later) - support has been added in Patch Update 1 for the Server Name Identification (SNI) extension to TLS. This helps to avoid connectivity issues related to a growing number of Web services being hosted on SNI servers.

Back to Top

This release includes the following enhancements:

• Spool file housekeeping - you can now merge your archived spool files to a central location where they can be viewed using the Micro Focus Data File Editor. This copies the archived spool files and merges them into a new, combined archive. It does not change the original archive, so the audit trail remains untouched, but the combined archive allows viewing of all the jobs that have been merged. The merge process is carried out using a JCL job or by using a command line utility.
• A new user exit MFJFAXIT - this user exit allows you to receive notifications when 'file open' events are processed by the JCL engine. A sample exit can be found in the src\enterpriseserver\exits sub-directory of your product install directory. You can enable this exit by using the MFJFAXIT environment variable, to point to the exit program.

Back to Top

This release provides enhancements in the following areas:

• Browse dataset using IDCAMS dump - when using the MFDAS BROWSE command, it is now possible to view the output of the IDCAMS DUMP command on the specified dataset in hex and printable characters side-by-side.
• Improved JES support for executing jobs and input datasets - it is now possible for MFA Server to interact with JES jobs that are in executing phase, and to list and download input datasets.
• Retrieve binder information for load modules - when executing the MFDAS BINDER command, it is now possible to view the binder information from a load module.
• TSO command server - MFA Server includes a new type of application server to support executing TSO commands as the current user. The address space is spawned as your user id and any valid TSO command can be executed.
• UNIX sub-system (USS) support - MFA Server can now operate on files stored on a USS file system. The available functions are - edit, browse, rename, delete, and copy USS files and directories.

Enhancements are available in the following features:

• PL/I Run-Time System - support is now available for:
  • Optionally generating Windows "Mini-Dumps" or a Linux coredump off the back of a call to PLIDUMP.
  • Dynamic allocation of datasets using the TITLE option(s).
  • Raising an ERROR condition when a called subroutine raises a COBOL RTS error.
  • FILE variables can have differing DCB when used in differing contexts.
  • STATIC FIXED BIN(31) variable accessed at open within the RECSIZE() attribute of the ENVIRONMENT.

Back to Top

Support is now available for the following additional or updated operating systems:

• SUSE (Power) 11 SP3, 12
• Red Hat (Power) 7.2, 7.3
• Windows Server 2019

For a full list of supported platforms, check HTTPS://SUPPORTLINE.MICROFOCUS.COM/PRODAVAIL.ASPX.