What was New in Visual COBOL 5.0

Enterprise Server Common Web Administration

Back to Top

Note: This feature is in Early Adopter Program (EAP) release status.

Visual COBOL now includes a new Enterprise Server Common Web Administration interface (ESCWA). ESCWA is a web user interface and server for modern administration, monitoring and control of Enterprise Server. It offers improved usability that consolidates the different Enterprise Server user interfaces so that native and managed regions, and security stores can be managed in one place. Features include:

  • Administering directory servers across multiple hosts.
  • Monitoring and control of Enterprise Server instances.
  • Configuring and administering a security store, defined in an LDAP-compatible security manager such as Microsoft Active Directory or OpenLDAP.
  • Administering the Scale-Out features - enable you to specify logical groups of Enterprise Server instances, and configure and run Performance Availability Clusters (PACs) and their related Scale-Out Repositories (SORs).
  • Administering, monitoring and control of Enterprise Server for .NET regions and listeners.
  • The use of current web frameworks that have a greater focus on security.
  • (Included with 5.0 Patch Update 2 ) - support for Enterprise Server XA, MQ and PL/I configuration and monitoring. This includes support for XA resources, configuring MQ, Listeners and Writers, PL/I, MFCS console, Region Trace options, displaying the current ESMs on logon page and Local/loopback connections warning changes.

Data File Tools

Back to Top

This release provides the following enhancements:

  • The Data File Editor now includes a Compare Files tool that enables you to compare the contents of two data files side-by-side.
  • Structure files, and the layouts within them, can now be created within the Data File Editor; you no longer need to use the Classic Data File Tools utility to manage your layouts.
  • When connecting to a VSAM dataset stored in an enterprise server region, you can store any passwords required for access, for the duration of your current session.
  • You can view archived JES spool jobs that have been merged into one spool file using the merging archived spool files process.
  • You can now quickly duplicate records in non-indexed files, using the Duplicate Record option.

Database Connectors

Back to Top

You can now create an identity column in your database by using a new XFD directive - IDENTITY_COLUMN. This must be specified on a numeric field.

Enterprise Server Security

Back to Top

This release includes the following enhancements:

  • Security - security features can now be employed when developers and administrators install new COBOL services (web services and EJBs) into an enterprise server instance over the network. There are a number of authentication and authorization options that can be enabled. See Deployment Listeners and The .mfdeploy File.
  • Vault Facility - a new security feature has been added that enables some Enterprise Server components to keep certain sensitive information in a form of storage defined as a vault, accessible via a configurable vault provider. The default vault provider stores data in encrypted format on disk.
  • OpenSSL 1.1.1 - the OpenSSL security provider has been updated to OpenSSL version 1.1.1.

    This is the stable Long Term Support version of OpenSSL.

    • Added support for the ratified TLS protocol version 1.3. TLS 1.3 benefits include:
      • Much shorter initial connection negotiation sequence. This reduces the time taken to establish a link before starting to transmit data.
      • Using only the most secure ciphers and hash methods.
      • TLS 1.3 will be negotiated in preference to the older TLS protocols.
    • Added support for new Ciphers and Key Exchange groups in line with TLS 1.3 requirements.
    • The default security level for previously configured endpoints has been moved from Security Level 0 to Security Level 1. This removes the ability to accidentally make use of known-weak elements such as SSL3 and MD5. Similar changes to the default Security Level have recently happened to Java, Chrome, Firefox, and other systems providing secure connections.
  • Fileshare Security - the Fileshare Secure TCP/IP transport provider now supports the trusted use of X509 certificates bearing the name of the Fileshare service as the Common Name element of the certificate.

    In previous releases, a secure connection to a Fileshare server was made using a certificate that represented the network location upon which the Fileshare service was located. This method is still supported, but does not distinguish between the exact Fileshare server that is being connected to when more than one service can exist on a single host system. With this change, individual Fileshare services can identify themselves by using a unique certificate. While running on the same host and registered with the same network endpoint.

  • Support for Active Directory user groups and group name mapping - the Enterprise Server External Security Facility's MLDAP ESM Module can now use Active Directory user group objects for Enterprise Server user groups. Also, the module can now map long group names to the 8-character-maximum names required for mainframe emulation.
  • Selective auditing - administrators can audit only security activity of particular interest, reducing audit overhead and the volume of events. The Enterprise Server External Security Facility's MLDAP ESM Module can now enable ESF Audit events only for particular users, groups, and resources.
  • Improved interaction with LDAP client libraries resulting in fewer LDAP-related issues and easier diagnostics - the Enterprise Server External Security Facility's MLDAP ESM Module has improved interoperation with LDAP client libraries:
    • The client library vendor and version information is logged after the library is loaded
    • The module has better heuristics for loading the correct library supplied by the OS vendor, so the "provider" configuration option can generally be omitted
    • For OpenLDAP, the module sets its proprietary "connect timeout" option
  • SNI support (requires 5.0 Patch Update 1 or later) - support has been added in Patch Update 1 for the Server Name Identification (SNI) extension to TLS. This helps to avoid connectivity issues related to a growing number of Web services being hosted on SNI servers.

Platform Support

Back to Top

Support is now available for the following additional or updated operating systems:

  • SUSE (Power) 11 SP3, 12
  • Red Hat (Power) 7.2, 7.3
  • Windows Server 2019

For a full list of supported platforms, check HTTPS://SUPPORTLINE.MICROFOCUS.COM/PRODAVAIL.ASPX.