Planning, Installing, and Configuring Host On-Demand - IBM

A table of contents and an index help you locate task-oriented help panels and ... Session information is configured in the HTML file or Host On-Demand ... IBMHostOn-DemandVersion12.0 Planning,Installing,andConfiguringHostOn-Demand SC14-7266-01 Note Beforeusingthisinformationandtheproductitsupports,read theinformationinAppendixE.Notices. NinthEdition(February2016) ThiseditionappliestoVersion12ofIBM®Host On-Demand(programnumber5724-I20)andtoallsubsequentreleases andmodificationsuntilotherwiseindicatedinneweditions.CopyrightInternationalBusinessMachinesCorporation1997,2016.USGovernmentUsersRestrictedRights--Use,duplicationordisclosurerestrictedbyGSAADPScheduleContractwithIBMCorp. Contents Aboutthisbook AbouttheotherHostOn-Demanddocumentation Conventionsusedinthisbook Terminology TermsrelatingtoJava PlanningforHostOn-Demand IntroducingIBMHostOn-Demand WhatisHostOn-Demand? HowdoesHostOn-Demandwork? WhyuseHostOn-Demand? Acost-effectiveapproachtoconnectivity Centralizedmanagementofconfigurationdata ConnectdirectlytoanyTelnetserver Browser-baseduserinterface Supportsmanydifferentplatformsandnetworkenvironments SupportforJava SupportforInternetProtocolVersion6 Supportsmanynationallanguages Secureconnections CustomHTMLfiles Toolkitforcreatingnewe-businessapplications ProgrammableHostOn-Demand HostOn-DemandSessionManagerAPIs SupportforWebSpherePortal ConnectionstoDB2databasesonIBMSystemiservers What'snew? GettingthelatestinformationonHostOn-Demand NewfunctionsinHostOn-DemandVersion12 Planningfordeployment UnderstandingtheHTML-basedmodel Understandingtheconfigurationserver-basedmodel Understandingthecombinedmodel Clientdeploymentconsiderations PlanningforJavaontheclient ImprovementstothecachedclientforJava Limitsofsupport EnhancedfeaturesprovidedbyJava DownloadingaclientwithJava MacOSXwithJava MacOSXlimitations SlightlyslowerstartuptimeswithJavaclients LimitationsofspecificJavaplug-ins Limitationswithcustomer-suppliedappletsandJava LimitationswithrestrictedusersandJava BrowsersandJavaplug-ins Java-enabledbrowsers Browsersandplug-inssupportedbyHostOn-Demandclients MicrosoftInternetExplorerwithaJavaplug-in FirefoxwithaJavaplug-in Planningforsecurity TransportLayerSecurity(TLS) HowTLSsecurityworks TLSforHostOn-Demand Webserversecurity Configurationsecurity TheRedirector WhyusetheRedirector? HowtheRedirectorworks Redirectorloadcapacity OperatingsystemssupportedbytheRedirector UsingHostOn-Demandwithafirewall Configuringfirewallports Connectingtoahostsystemthroughaproxyserver UserIDsecurity WebExpressLogon NativeAuthentication WindowsDomainlogon FIPSenvironments Planningfornationallanguagesupport Supportedlanguages Supportedhostcodepages 3270and5250codepages VTcodepages CICSGatewaycodepages JapaneseJIS2004Unicodesupport User-definedcharactermapping UnicodeSupportfori/OSandOS/400 Installing,upgrading,anduninstallingHostOn-Demand InstallingtheHostOn-Demandserverandrelatedsoftware InstallingHostOn-DemandusingInstallationManager Importantlinks BeforetheHODInstallation PreparingtoInstall UpgradingfromearlierversionsofHostOn-Demand InstallingHostOn-Demand TheGUIofInstallationManager DeploymentWizard UpgradingfromearlierversionsofDeploymentWizard InstallingtheDeploymentWizard DownloadingtheDeploymentWizardinstallationimagefromaHostOn-Demandserver HostAccessToolkit UpgradingfromearlierversionsofHostAccessToolkit InstallingtheHostAccessToolkit InstallingintheConsoleMode AboutinstallingintheConsoleMode BeforeinstallingHODonIBMiSeries Installationprocedure InstallingDeploymentwizardinConsolemode InstallingHostAccessToolkitinconsolemode InstallinginSilentMode Installationprocedure Installingtheconfigurationservlet DeployingtheservletonWebSphereApplicationServer UninstallingtheHostOn-Demandserver UninstallingHostOn-DemandusingInstallationManagerConsolemode ConfiguringHostOn-Demand ConfiguringHostOn-Demandemulatorclients CreatingHostOn-DemandHTMLfiles ConfiguringHostOn-Demandsessions UsingtheDeploymentWizard DistributingtheDeploymentWizardoutputtoyourHostOn-Demandserver UsingHostOn-Demandadministrationandnewuserclients Loadingadministrationandnewuserclients Administrationclients DirectoryUtility Newuserclients UsingHostOn-Demandemulatorclients Loadingemulatorclients Selectingtheappropriateclient Cachedclients Installingcachedclients Removingthecachedclient CachedclientsupportissueswhenaccessingmultipleHostOn-Demandservers CachedclientsupportforWindows CachedclientsupportforMacOSX(Javaclientsonly) Troubleshootingcachedclients WebStartclient InstallingtheWebStartclient ConfiguringyourWebserverforWebStart UpgradingtheWebStartclient AddingWebStartcomponentsaftertheinitialinstall WebStartandWindowsRestrictedUsers BookmarkingsessionswithWebStart UsingWebStartwithHTTPS RemovingtheWebStartclient Downloadclients Launchingthedownloadclient LaunchingthedownloadclientafterinstallingthecachedclientorWebStartclient Predefinedemulatorclients Reducingclientdownloadsize Deployingcustomer-suppliedJavaarchivesandclasses UsingtheAdditionalArchivesHTMLparameter DeployingfromthePublishdirectory Hintsandtipsforarchivefiles UsingDatabaseOn-Demandclients DatabasefunctionsinDisplayEmulationclientsandinmacros StartingaDatabaseOn-Demandclient DatabaseOn-Demandpredefinedclients ConfiguringDatabaseOn-Demandforusers ObtainingandinstallingaJDBCdriver Fileformatsfordatabaseaccess UsingmultiplecodepageswithDatabaseOn-Demand SupportedDatabaseOn-Demandcodepages Creatinganddeployingservermacrolibraries DeployingaservermacrolibrarytoaWebserver Deployingaservermacrolibrarytoashareddrive Modifyingsessionpropertiesdynamically SettinguptheinitialHTMLfile SettingtheCodebase AddtheConfigBaseParameter OverridingHTMLparameters Specificsessionpropertiesthatcanbeoverridden Example#1:OverridingtheLUnamebasedontheclient'sIPaddress Example#2:AllowingtheusertospecifythehosttoconnecttousinganHTMLform ConfiguringHostOn-DemandonzSeries Settingupseparateread/writeprivateandpublishdirectories SetupaseparateFileSystemfortheHostOn-Demandprivatedirectory Setupaseparateuserpublishdirectory Migrationconsiderationsforz/OS Backinguptheprivatedirectory InstallingtheDevelopmentWizardfromthez/OSserver ConfiguringHostOn-DemandonIBMSystemi Configuring,starting,andstoppingtheHostOn-DemandServiceManageronIBMSystemi Configure Start Stop WorkwithHODServerstatus CertificateManagement StartInformationBundler CreateHODPrinterDefinitionTable UsingtheDeploymentWizardwithIBMSystemi ConfiguringIBMSystemiserversforsecureconnection InstallingandconfiguringHostOn-DemandwithTLSoni/OSandOS/400 ConfiguringaTelnetserverforsecureconnection ConfiguringtheHostOn-DemandCustomizedCAskeyring Clientauthentication ConfiguringtheHostOn-DemandOS/400proxyforsecureconnections SecureWebserving UnicodeSupportfori/OSandOS/400 Generalinformation Hostprogramminginformation DeployingHostOn-DemandwithWebSpherePortal HowHostOn-DemandworkswithPortalServer UsingHostOn-DemandclientswithPortalServer LimitationsonaccessingHostOn-Demandthroughaportlet SpecialconsiderationswhenusingaHostOn-Demandportlet ExtendingtheHostOn-Demandportlets Eclipse-Pluginsupport CreatingHostOn-Demandplug-ins SettingSessionPropertiesDynamically Usingaseparateuserpublishingdirectory ViewIDsusedinHostOn-Demandplugin LimitationsonusingHostOn-DemandinaEclipse-Pluginenvironment ConfiguringHostOn-DemandServertouseLDAP SettingupLDAPsupport Installingtheschemaextensions ConfiguringtheHostOn-DemandservertouseLDAPasadatastore Appendixes AppendixA.Usinglocallyinstalledclients Operatingsystemsthatsupportthelocallyinstalledclient Installingthelocalclient Startingthelocalclient Removingthelocalclient AppendixB.UsingtheIKEYCMDcommand-lineinterface Environmentset-upforIKEYCMDcommand-lineinterface IKEYCMDcommand-linesyntax IKEYCMDlistoftasksforHostOn-Demand Creatinganewkeydatabase Settingthedatabasepassword Changingthedatabasepassword ListingCAs Creatinganewkeypairandcertificaterequest Storingtheservercertificate ReceivingaCA-signedcertificate StoringaCAcertificate Creatingaself-signedcertificate Makingservercertificatesavailabletoclients AddingtherootofanunknownCAtoCustomizedCAs.p12 Exportingkeys Importingkeys Showingthedefaultkeyinakeydatabase Storingtheencrypteddatabaseinastashfile IKEYCMDcommand-lineparameteroverview IKEYCMDcommand-lineoptionsoverview Command-lineinvocation Userpropertiesfile AppendixC.P12Keyringutility Usage Options Examples AppendixD.Nativeplatformlaunchercommandlineoptions AppendixE.Notices AppendixF.Trademarks Aboutthisbook ThePlanning,Installing,andConfiguringHost On-Demandguidehelpsyoutoplanfor,install,andconfigure theHostOn-Demandprogram.Thisbookiswrittenforadministrators. Itcontainsthreemajorparts. PlanningforHostOn-DemandgivesyouinformationaboutHostOn-Demand foryoutoconsiderbeforeinstallationanddeployment.Forexample, whichserverplatformwillyouuse?Whichdeploymentmodelwillyou use?Howwillyouhandlesecurity? Installing,upgrading,anduninstallingHostOn-Demandoffersstep-by-stepproceduresbased oneachoperatingsystem. ConfiguringHostOn-Demanddescribesdifferentconfigurationmodels tospecifyhowsessionconfigurationinformationisdefinedandmanaged, howtodynamicallymodifysessionconfigurationinformation,howto customizenewclients,andhowtodeployHostOn-Demandtoyourusers. AfteryouinstallandconfigureHostOn-Demand,usetheonline helptolearnhowtodefinesessionsandperformotheradministrative tasks. Planning,Installing,andConfiguring HostOn-DemandisalsoavailableontheDVD-ROMandattheHostOn-DemandKnowledgeCenter. AbouttheotherHostOn-Demanddocumentation InadditiontothePlanning,Installing,and ConfiguringHostOn-Demandguide,HostOn-Demandalsoprovides othersourcesofinformationtohelpyouusetheproduct.Toaccess thedocumentationdescribedhere,gototheHostOn-DemandKnowledgeCenter.Mostofthedocumentation isalsoincludedontheHostOn-DemandproductorToolkitDVD-ROMs. TheMySupportfeatureenablesyoutopersonalize yoursupportviewandregistertoreceiveweeklye-mailnotifications alertingyouofnewfixpacks,downloads,andhottechnicalsupport informationforIBMproducts.ToregisterforMySupport,complete theinstructionsinthisTechnote. Onlinehelp.Theonlinehelpistheprimary sourceofinformationforadministratorsandusersafterHostOn-Demand installationiscomplete.Itprovidesdetailedstepsonhowtoperform HostOn-Demandtasks.Atableofcontentsandanindexhelpyoulocate task-orientedhelppanelsandconceptualhelppanels.Whileyouuse theHostOn-Demandgraphicaluserinterface(GUI),helpbuttonsbring uppanel-levelhelppanelsfortheGUI. ProgramDirectory.Theprogramdirectory instructsyouonhowtoinstallHostOn-Demandonthez/OSplatforms. Readmefile.Thisfile,readme.html,contains productinformationthatwasdiscoveredtoolatetoincludeinthe productdocumentation. WebExpressLogonReference.Thisbook providesastep-by-stepapproachforunderstanding,implementing, andtroubleshootingWebExpressLogon.ItoffersanoverviewofWeb ExpressLogon,severalstep-by-stepexamplestohelpyouplanfor anddeployWebExpressLogoninyourownenvironment,aswellasseveral APIsforwritingcustomizedmacrosandplug-ins. MacroProgrammingGuide.Thisbookdescribes howtocreateHostOn-Demandmacrosforautomatinguserinteractions withhostapplicationsorforpassingdatabetweenahostapplication andanativeapplication.Thisbookprovidesdetailedinformation onallaspectsofdevelopingmacrosandincludesrevisedinformation aboutthemacrolanguagepreviouslypublishedintheHostAccessBeans forJavaReference. HostPrintingReference.Afteryouconfigure hostsessions,usetheHostPrintingReferencetoenableyourusers toprinttheirhostsessioninformationtoalocalorLAN-attached printerorfile. SessionManagerAPIReference.Thisbook providesJavaScriptAPIsformanaginghostsessionsandtext-based interactionswithhostsessions. ProgrammableHostOn-Demand.Thisbook providesasetofJavaAPIsthatallowsdeveloperstointegratevarious piecesoftheHostOn-Demandclientcode,suchasterminals,menus, andtoolbars,intotheirowncustomJavaapplicationsandapplets. ToolkitGettingStarted.Thisbookexplains howtoinstallandconfiguretheHostOn-DemandToolkit,whichis shippedwiththeHostAccessClientPackage,butisinstalledfrom adifferentDVD-ROMthantheHostOn-Demandbaseproduct.TheHost On-DemandToolkitcomplementstheHostOn-Demandbaseproductbyoffering JavabeansandothercomponentstohelpyoumaximizetheuseofHost On-Demandinyourenvironment. HostAccessBeansforJavaReference. ThisbookispartoftheHostOn-DemandToolkit.Itservesasareference forprogrammerswhowanttocustomizetheHostOn-Demandenvironment usingJavabeansandcreatemacrostoautomatestepsinemulatorsessions. Programmer'sGuidefortheAS/400Toolboxfor Java.TheProgrammer'sGuidefortheAS/400ToolboxforJava islocatedontheToolkitDVDintheas400directory.Theguideis availableinzipfilesforthefollowinglanguages:English,Japanese, Korean,Spanish,andRussian. HostAccessClassLibraryReference.This bookispartoftheHostOn-DemandToolkit.Itservesasareference forprogrammerswhowanttowriteJavaappletsandapplicationsthat canaccesshostinformationatthedatastreamlevel. J2EEConnectorReference.Thisbookis partoftheHostOn-DemandToolkit.Itservesasareferencefor programmerswhowanttowriteappletsandservletsthataccessJava EnterpriseEdition(J2EE)compatibleapplications. Conventionsusedinthisbook ThefollowingtypographicconventionsareusedinPlanning, InstallingandConfiguringHostOn-Demand: Table1.Conventionsusedinthisbook Convention Meaning Monospace Indicatestextyouneedtoenter atacommandpromptandvaluesyouneedtouseliterally,suchas commands,functions,andresourcedefinitionattributesandtheir values.Monospacealsoindicatesscreentextandcodeexamples. Italics Indicatesvariablevaluesyouneed toprovide(forexample,yousupplythenameofafileforfile_name).Italicsalsoindicatesemphasisand thetitlesofbooks. Return Referstothekeylabeledwiththe wordReturn,thewordEnter,ortheleftarrow. > Whenusedtodescribeamenu,shows aseriesofmenuselections.Forexample,"ClickFile>New" means"FromtheFilemenu,clicktheNewcommand." Whenusedtodescribeatreeview, showsaseriesoffolderorobjectexpansions.Forexample,"Expand HODConfigServlet>Sysplexes>Plex1>J2EEServers>BBOARS2" means: ExpandtheHODConfigServletfolder ExpandtheSysplexesfolder ExpandthePlex1folder ExpandtheJ2EEServersfolder ExpandtheBBOARS2folder Thisgraphicisusedtohighlightnotesto thereader. Thisgraphicisusedtohighlighttipsfor thereader. Terminology Thissectiondescribestheterminologyusedthroughoutthisbook. applet AprogramwritteninJavathatisreferencedinanHTMLfile. AnappletislaunchedbyaJavaVirtualMachine(JVM)runningina Webbrowser. application Aprogramorsuiteofprogramsthatperformataskorspecific function. cachedclient AHostOn-DemandcachedclientisanyHostOn-Demandclient whosecomponentshavebeencached(storedlocallyforquickaccess) ontheharddiskofauser'sworkstation. defaultpublishdirectory Thedefaultpublishdirectoryisthesubdirectory HODinyourHostOn-Demandserver'sinstalldirectory,forexample,c:\Program Files\IBM\HostOnDemand\HOD\onWindowsplatformsand/opt/IBM/HostOnDemand/HODon AIX,Linux,Solaris,/QIBM/Programs/IBM/HostOnDemand/HODon i(as/400),and/usr/lpp/HOD/hostondemand/HODz/OSplatforms. downloadclient Downloadclientsdownloadthenecessaryappletfileseachtime usersaccesstheHTMLfiles.Downloadclientsaregenerallyusedin LAN-connectedenvironmentsbecausehigh-speednetworkconnections reducethetimeittakestodownloadthemfromtheWebserver. emulatorclient AnemulatorclientisaHostOn-Demandclientthatlaunches aterminalemulatorsession.HostOn-Demandincludesthefollowing emulatorclients:cachedclient,WebStartclient,anddownloadclient. separateuserpublishdirectory Providesaseparatewriteablelocationfordeployingcustom HTMLfiles,isolatingthemfromthefilesprovidedbyHostOn-Demand. ThiskeepstheHostOn-Demandpublishdirectoryread-onlyandmakes iteasiertoapplyfutureHostOn-Demandupgrades.Notethatother user-modifiedfiles(suchascustomerappletsandHACLprograms)still needtorunfromtheHostOn-Demandpublishdirectory. WebApplicationServer TheruntimefordynamicWebapplications.Webapplicationserver includessupportforJavaservlets,JavaServerPages(JSP),andother enterpriseJavaapplicationprogramminginterfaces(APIs).AWebapplication serverprovidescommunications,resourcemanagement,security,transaction management,andpersistencecapabilitiesforWebapplications.It alsotypicallyincludesanadministrationinterfaceformanagingthe serveranddeployedapplications. Webserver AserverontheWebthatservesrequestsforHTTPdocuments. AWebservercontrolstheflowoftransactionstoandfromthebrowser. Itprotectstheconfidentialityofcustomertransactionsandensures thattheuser'sidentityissecurelytransmittedtotheserver. WebStartclient TheWebStartclientallowsuserstorunHostOn-Demandsessions withoutabrowser.UsersstartHostOn-DemandsessionsfromtheJava WebStartApplicationManager. TermsrelatingtoJava Notethefollowingtermsandtheiruseinthisdocument. Java ReferstoJavaRuntimeEnvironment(JRE)oneither theHODserverortheHODclient. Java-enabledbrowser AWebbrowserthatrunsJavaappletsontheJavaJVMofaninstalled Javaplug-in,forexample,FirefoxandInternetExplorerwithaJava plug-in.Formoreinformation,refertoBrowsersandJavaplug-ins. Javaemulatorclient,Javacachedclient, Javadownloadclient AversionoftheHostOn-Demandclient.TheJavaversionconsists ofacompletesetofHostOn-Demandclientcomponentscompiledwith aJavacompiler. PlanningforHostOn-Demand IntroducingIBMHostOn-Demand WhatisHostOn-Demand? IBMHostOn-Demandprovidescosteffectiveandsecure browser-basedandnon-browser-basedhostaccesstousersinintranet-based andextranet-basedenvironments.HostOn-Demandisinstalledona Webserver,simplifyingadministrativemanagementanddeployment, andtheHostOn-Demandappletorapplicationisdownloadedtothe clientbrowserorworkstation,providinguserconnectivitytocritical hostapplicationsanddata. HostOn-Demandsupportsemulationforcommonterminaltypes,communications protocols,communicationsgateways,andprinters,includingthefollowing: TN3270andTN3270Eterminals TN5250terminals VT52,VT100,VT220,VT320,andVT420terminals TheSecureShell(SSH) TransportLayerSecurity(TLS) FileTransferProtocol(FTP) CustomerInformationandControlSystem(CICS)TransactionGateway TN3270EandTN5250printers YoucanusetheJavacomponent-basedHostAccessToolkittocreate customizede-businessapplications.ThisToolkitcontainsarichset ofJavalibrariesandapplicationprogramminginterfaces:HostAccess ClassLibrary(HACL),HostAccessBeansforJava,andJavaEnterprise Edition(J2EE)connectors.HostOn-DemandalsoincludesDatabaseOn-Demand, whichprovidesaninterfaceforsendingStructuredQueryLanguage (SQL)queriestoIBMDB2databaseshostedonIBMSystemi7systems. HowdoesHostOn-Demandwork? ThefollowingfigureandexplanationshowhowaHostOn-Demand systemworks.HostOn-Demandisaclient/serversystem.HostOn-Demand clientsareJavaappletsthataredownloadedfromtheWebserverto aWebbrowseronaremotecomputer. Figure1.HowHostOn-Demandworks Step1.Theuseropensabrowserandclicks ahyperlink. Step2.IBMHostOn-Demandapplet downloadstotheclientworkstation. Step3.Whentheappletisdownloaded, IBMHostOn-DemandconnectsdirectlytoanyTelnetservertoaccess hostapplications. SessioninformationisconfiguredintheHTMLfileorHostOn-Demand configurationserver.Formoreinformationabouttheconfiguration server,seePlanningfordeployment. HostOn-Demandclientappletscanberunasdownload clients,WebStartclients,orcachedclients.Downloadclientsare downloadedfromtheWebservereverytimetheyareused.Cachedclient andWebStartclientsaredownloadedfromtheWebserverandstored ontheclientcomputer.Aftertheinitialdownload,thecachedclient isloadedfromthelocalmachine.ThecachedclientcheckstheHost On-Demandserverfornewversionsoftheclientandautomatically downloadstheupdatedversion. HostOn-Demandincludesthefollowingadministrativecomponents: TheDeploymentWizard,atoolforcreatingemulatorclientHTML files.TheDeploymentWizardenablesadministratorstoquicklyand easilybuildHostOn-DemandHTMLfilesthatarecustomizedforan organization'sneeds. Administrationclientsthatcanbeusedbysystemadministrators todefinecommonsessions,createusersandgroups,andperformother administrativetasksontheHostOn-Demandserver. Inaddition,anumberofpredefinedclientsarealsosuppliedwith HostOn-DemandtodemonstrateHostOn-Demand'sclientfunctionsfor usersandadministrators(forexample,emulation,DatabaseOn-Demand, cachedclientremoval,andproblemdeterminationutilities). WhyuseHostOn-Demand? Acost-effectiveapproachtoconnectivity Youcanreducemaintenancecostsandincreaseyourreturnoninvestment byinstallingHostOn-DemandonaWebserver,eliminatingtheneed tomanageindividualuserdesktops. SincetheappletsresideonaserverandaredownloadedtoWeb browserswhenneeded,younolongerhavetoschedulemaintenanceand upgrades.Upgradethesoftwareontheserveranduserscanreceive theupgradethenexttimetheyaccesstheclientapplet. Centralizedmanagementofconfigurationdata Administratorscancentrallydefineandcontrolallsessionconfiguration informationavailabletotheirusers,includingconnectionoptions, securityfeatures,macrodefinitions,keyboardspecifications,and colormappings.Furthermore,administratorshavefullcontrolover whichfieldstheusercanorcannotmodify,andcanchoosewhereuser updatesshouldbestored. OnWindowsplatforms,thedefaultHostOn-Demandgraphical userinterfaceisbasedontheNimbusLookandFeelprovidedbyJava 1.6andlater.TheNimbusLookandFeelfortheadministrationgraphical userinterfacescanbedisabledbysettingtheSETHODNIMBUSGUIenvironment variablevaluetofalse. ConnectdirectlytoanyTelnetserver WithHostOn-Demand,theclientappletcontainstheemulation functionality.Withtheemulatorresidingontheclient,themiddle-tier server,suchasIBMCommunicationsServerorathird-partySNAserver, canbeeliminated.Anyperformanceandsecurityissuesintroduced withthisintermediarypiecewillalsoberemoved.Oncetheapplet isservedtotheclient,itiseasytoconnectdirectlytoanystandard Telnetserverthatprovidesthebestaccesstotherequireddata. Youcanaccessmanyhostsessionsconcurrently.Byeliminatingthe needforamiddle-tierserver,HostOn-Demandalsominimizescapacity restrictions.Toseehowthisworks,refertoFigure1. Browser-baseduserinterface Thebrowser-basedaccessofHostOn-Demandgivesyou asimplewaytocentrallymanageanddeploycriticalhostapplications anddata.HostOn-DemandusesthepowerofJavatechnologytoopen thedoorstoyourhostsystemwheneveryouneedit,whereveryouneed it,directlyfromyourbrowser.Justclickonahyperlinktolaunch theHostOn-DemandJavaapplet.ThisWeb-to-hostconnectivitysolution providessecureWeb-browseraccesstohostapplicationsandsystem datathroughJava-basedemulation,soyoucantakeexistinghostapplications totheWebwithoutprogramming.BecauseHostOn-DemandisJava-based, itsinterfacehasthesamelook-and-feelacrossvarioustypesofoperating environments. OnWindowsplatforms,thedefaultHostOn-Demandclient graphicaluserinterfaceisbasedontheNimbusLookandFeelprovided byJava1.6andlater.TheNimbusLookandFeelcanbedisabledusing thesetHODNimbusGUIHTMLparameter ortheSETHODNIMBUSGUIenvironment variable. Note: HostOn-Demandportletsinheritthelook oftheirportalserver. Supportsmanydifferentplatformsandnetworkenvironments HostOn-Demandserversandclientsaresupportedona widevarietyofplatformsandcanbeusedoveranyTCP/IPnetwork. Thisgivesyouagreatdealofflexibilityinsettingupyoursystem andenablesHostOn-Demandtobedeployedinyourcomputingenvironment withouthavingtopurchasenewhardware. SupportforJava HostOn-Demandiscompatiblewithbrowsersthatsupport Javastandards.Inaddition,somenewfeaturesofHostOn-Demandtake advantageofcapabilitiesofferedonlybyJava. SupportforInternetProtocolVersion6 SupportforInternetProtocolVersion6requiresJava 1.4orhigher.However,HostOn-DemandVersion12supportsJava 1.6orhigher. AnInternetProtocolisaprotocolusedtoroutedatafromits sourcetoitsdestinationthroughanInternetenvironment.AnIPis anintermediarybetweenhigherprotocollayersandthephysicalnetwork. InternetProtocolVersion6isthereplacementforInternetProtocol Version4.InternetProtocolVersion6expandsthenumber ofavailableIPaddressesandmakesimprovementsinroutingandnetwork configuration.BothInternetProtocolVersion6andInternetProtocol Version4weredesignedbytheInternetEngineeringTaskForce(IETF). MostoftheInternetcurrentlyusesInternetProtocolVersion4. InternetProtocolVersion6isexpectedtoreplaceInternetProtocol Version4overaperiodofyears. TheHostOn-Demandserveralsosupports InternetProtocolVersion6fortheRedirector.Formoreinformation, refertoRedirectorsupportforIPv6. Supportsmanynationallanguages HostOn-Demandisavailableinmultiplelanguages,including double-bytecharacterset(DBCS)languages.SupportfortheEuropean currencysymbol,aswellaskeyboardandcodepagesupportformany morelanguagessuchasArabic,HebrewandThai,isalsoprovided. Alllanguageversionsareavailableonthesamemedia,andmultiple languageversionscanbeaccessedconcurrently. Secureconnections UsingTransportLayerSecurity(TLS)version1.0, HostOn-Demandextendssecurehostdataaccessacrossintranets,extranets, andtheInternet.MobileworkersaccessasecureWebsite,receive authenticationandestablishcommunicationwithasecureenterprise host.Withclientandservercertificatesupport,HostOn-Demandcan presentadigitalcertificate(X.509,Version3)totheTelnetserver -suchasIBMCommunicationsServerforz/OS-forauthentication. HostOn-Demandcanalsobeconfiguredforuseinenvironmentsthat includefirewalls.Firewallportsneedtobeopenedforthefunctions definedinyourHostOn-Demandsessiondefinitions.Formoreinformation, refertoUsingHostOn-Demandwithafirewall. CustomHTMLfiles HostOn-DemandincludesaDeploymentWizardthatyou canusetocreatecustomHTMLfiles.Withthesefilesyoucantailor thecontentoftheclientandthefunctionnecessarytomeettheneeds ofspecificgroupsofusers.FormoreinformationabouttheDeployment Wizard,refertoConfiguringHostOn-Demandemulatorclients. Toolkitforcreatingnewe-businessapplications HostOn-DemandincludestheJavacomponent-basedHostAccessToolkit forcreatingcustomizede-businessapplications.ThisToolkitcontains arichsetofJavalibrariesandapplicationprogramminginterfaces, includingtheHostAccessClassLibrary(HACL),HostAccessBeans forJava,andJavaEnterpriseEdition(J2EE)connectors. HACLprovidesanon-visualAPIforinteractingwithback-end hostmachinesrunningapplicationsoriginallydesignedforhumaninteraction. Hostapplicationsrelyonreadablecharacterpresentation,formatted fields,color-coding,andkeyboardresponses.HACLprovidesspecialized classesforfunctionalitiesneededtomimictraditionalinteraction withaseriesofhostscreenpresentations(greenscreens).HACLcontains noGUI(visiblecomponent)classes.Forexample,aJavaprogramcould berunningonamainframeasasecondaryapplication.Thesecondary applicationprograminteractsfirstwithanothermainframerunning aCICSdataapplication,andthenwithaclientbrowserthroughdynamically generatedHTMLpages.Thesecondaryapplicationinterpretsclient inputsintosimulatedterminalactionswhicharesenttotheCICS machineusingtheHACLAPI.TheresponsescreensfromtheCICSmachine arecapturedusingHACLAPIs,convertedintodynamicHTMLpages,and sentbacktotheclient. HostOn-DemandJ2EEConnectorprovidesasetofResource adaptersthatcommunicateto3270,5250,CICS,andVThosts.These resourceadaptersaredeployedtoaconformingapplicationserver, suchasIBMApplicationServer.TheuserscanwriteWebapplications usingtheAPIsprovidedinHostOn-DemandJ2EEConnectorviaWebSphere StudioApplicationDeveloperIntegrationEdition. ProgrammableHostOn-Demand ProgrammableHostOn-DemandisasetofJavaAPIsthatallowsdevelopers tointegratevariouspiecesoftheHostOn-Demandclientcode,such asterminals,menus,andtoolbars,intotheirowncustomJavaapplications andapplets.TheAPIgivesthedevelopercompletecontroloverthe HostOn-Demanddesktop(whattheusersees)withoutstartingwith theHostAccessJavaBeansfoundintheToolkit.TheunderlyingHost On-Demandcodehandlesallthe"wiring"ofthevariouscomponents, includingsavinguserpreferences,suchasmacros,keyboardremappings, andcolorremappings,tothelocalfilesystemforfutureuse.The developermustonlydeterminethelayoutoftheHostOn-Demanddesktop.Formoreinformation,refertotheProgrammable HostOn-DemandReference. HostOn-DemandSessionManagerAPIs Inadditiontotheapplicationprogramminginterfaces(APIs)provided withtheHostAccessToolkit,HostOn-Demandprovidesspecialized publicAPIsthatprovidesupportforembeddinghostsessionsinWeb pagesusingJavaScript.TheseJavaScript-basedAPIshelpapplication developersmanagehostsessionsandtext-basedinteractionswithhost sessionsandareavailablethroughtheHostOn-DemandSessionManager. RefertotheSessionManagerAPIReferencefor moreinformation. SupportforWebSpherePortal HostOn-DemandcanrunasaportletonPortalServer,acomponent ofWebSpherePortal.PortalServerhassophisticateddesktopmanagement andsecurityfeaturesthatofferadministratorsmorecontrolover useraccessrightsanduserscontrolovertheappearanceandarrangement oftheportaldesktop. AdministratorscancreatecustomizedHostOn-Demandportletsquickly andeasilyusingtheDeploymentWizardandthenloadthemdirectly intoPortalServer. Note: PortalServerisaseparateproduct andrequiresindependentinstallation. ConnectionstoDB2databasesonIBMSystemiservers DatabaseOn-DemandisincludedwithHostOn-Demandtoprovideaccess toDB2informationstoredonIBMSystemi5serversusingaJavaDatabase Connectivity(JDBC)driver.DatabaseOn-DemandisaJavaappletthat allowsyoutoperformStructuredQueryLanguage(SQL)requeststo IBMSystemi5databasesthroughaJDBCdriver.DatabaseOn-Demand isaseparateappletfromtheHostOn-Demandappletandisstarted byaseparateHTMLfile.YoucanalsousetheDatatransfersupport fromwithinanemulatorsessiontoperformSQLrequestsifyouneed bothterminalemulationandsupportforSQLqueries. What'snew? GettingthelatestinformationonHostOn-Demand ForthemostrecentinformationaboutHostOn-DemandVersion12, seetheproductreadmefile. Forup-to-dateproductinformation,gotothe HostOn-DemandWebsite. ForthelatesttechnicalhintsandtipsforHostOn-Demand, gototheHostOn-DemandHintsandTipssite. Forgeneralsoftwaresupportinformation,gotoSoftwareSupportHandbook. NewfunctionsinHostOn-DemandVersion12 ThefollowingfunctionsandenhancementshavebeenaddedtoHost On-DemandVersion12: TheHODadministratorcanchooseJava SecureSocketExtension(JSSE)forsecureconnectionsusingRedirector. HODAdministratorcanenableClient AuthenticationforthesecuredconnectionsofRedirectortoallow connectionsfromspecificsetofclientswithavalidcertificate. KeyUsageandExtendedKeyUsageallowstheHODclient tosendPersonalCertificatebasedonKeyUsage. ThedefaultthemeforWindowsclientsisbasedonNimbusLook andFeelofJava. TheHODuserscanselectthetextontheterminalscreeninuneven fashionsimilartotexteditingapplication,suchasNotepadinWindows. UserscanclosetheembeddedHODsessionswithusingtheclose buttononthesessiontab. HODV12.0includeskeytype-aheadfeaturethatenablesusersto continuetypingwheninputisinhibited. HODV12.0includesagraphicalinterfacefortheexistingcommand linetoolDirUtilforWindowsandLinux. Copyasimageallowstheendusertocopythegreenscreen(presentation space)orpartofthegreenscreen(presentationspace)asImage. ThePrintGraphicsfeaturebased onPrintGraphicsofPCOMM.Itprintsthemarkedareaofscreenas image. TheHODadministratorcanfindtheHODserverversionbyexecuting ascriptorbatchfileavailableforallthesupportedoperatingsystems. HODV12.0supportsbrowserswithoutJavaplugin. HODV12.0usesIBMInstallationManageronallthesupportedplatforms. HODV12.0includesastand-aloneclientpackagethatworkswithout anydependencyonHODserver. HODV12.0canbeinstalledasa64-bitapplicationona64-bit Operatingsystem.HODServiceManagerrunsasa64-bitprocess. HODV12.0supportsWindows10. Planningfordeployment HostOn-DemandprovidesaccesstohostapplicationsfromaWeb browser.ThebrowserdownloadstheHostOn-DemandJavaappletfrom theWebserverandthenconnectstoanyTelnetservertoaccesshost applications.TheHostOn-Demandappletneedsconfigurationinformation todeterminewhichhosttoconnecttoandotherhostsessionproperties. ThisconfigurationinformationcanbeprovidedtotheHostOn-Demand appletfromanHTMLfilethatisusedtolaunchHostOn-Demandor bytheHostOn-Demandconfigurationserver.Theconfigurationserver isapartofHostOn-Demandthatcentrallystoressessionconfiguration informationanduserpreferencesbyuserandgroupIDs.Usersthen accesssessioninformationanduserpreferencesbycontactingthe configurationserver.Theconfigurationserverismanagedthrough theadministrationclient.ForinformationonconfiguringtheHost On-Demandconfigurationserver,seetheonline help. YoucancreatecustomclientHTMLfilesusingtheDeploymentWizard. WhencreatingtheseHTMLfiles,youcanchoosefromthreedifferent configurationmodelstospecifyhowsessionconfigurationinformation anduserpreferencesaredefinedandmanaged:theHTML-basedmodel, theconfigurationserver-basedmodel,andthecombinedmodel. Thesemodelsaredescribedbelow.Fordetailedinformationoneach modelandbenefitsandlimitationstousingeachmodel,seetheonlinehelp. UnderstandingtheHTML-basedmodel IfyouchoosetheHTML-basedmodel,allhostsessionconfiguration informationiscontainedintheHTMLfileitself,andnothingmore isneededtodefinehostsessions.Therefore,youarenotrequired tousetheconfigurationservertospecifysessions,whichmeansyou donothavetoopenupaportonyourfirewall.Ifyouallowusers tosavechangestothehostsessionconfigurationinformation,their changesarestoredonthelocalfilesystemwherethebrowserisrunning. Youaresuggestednotusingtheport8999becauseyou donotneedtostarttheHODserverbyusingtheHTML-basedmodel. Inthiscasetheserverresourceissaved. ThisoptionofdefiningconfigurationinformationintheHTMLfiles isonlyavailableinclientsthatarecreatedusingtheDeployment Wizard. Figure2.HTML-basedmodel Understandingtheconfigurationserver-basedmodel Intheconfigurationserver-basedmodel,hostsessioninformation ismaintainedontheconfigurationserverusingtheAdministration client,andtheinformationisdefinedusingauserandgroupstructure. Bydefault,theconfigurationserverstoresitsdatadirectlyonthe HostOn-Demandservermachine,thoughitcanbeconfiguredtouse LDAPinstead.Usersaccesstheirconfigurationsusingeithercustom HTMLfilescreatedintheDeploymentWizardorbyusingoneofseveral HTMLfilesthatareprovidedaspartofHostOn-Demand.UserIDsare definedintheconfigurationserver,andinmostcasestheuserneeds tologontotheHostOn-Demandserverbeforeviewinghissessions. Ifadministratorsallowuserstosavechanges,userpreferencesare storedintheconfigurationserverbyuserID.Becausetheircustomizations aresavedontheconfigurationserver,thismodelmaybethebest choiceifusersneedtoaccesstheirsessionsfrommultiplemachines. Bydefault,theWebbrowsercommunicatesdirectlytotheconfiguration server.Ifyoucommunicatethroughafirewall,youneedtoopenthe configurationserver'sportonthefirewall.Alternatively,youcan usetheconfigurationservlettoeliminatetheneedtoopentheconfiguration server'sportonthefirewall.TheWebbrowserconnectstotheconfiguration servletoveranHTTPorHTTPSconnectionandtheconfigurationservlet theninteractswiththeconfigurationserver.SeeConfiguring theconfigurationservletformoreinformationaboutusingthe configurationservlet. Figure3.Configurationserver-basedmodelandcombinedmodel Figure4.Configurationserver-basedmodelandcombinedmodelusingconfigurationservlet Understandingthecombinedmodel HostOn-Demandsupportsacombinedmodel,wherethehostsession informationisdefinedintheconfigurationserver(liketheconfiguration server-basedmodel)anduserupdatesaresavedontheuser'smachine (liketheHTML-basedmodel).Inaddition,liketheHTML-basedmodel, usersofthecombinedmodeldonotneedtologontotheHostOn-Demand servertoviewtheirsessions. Clientdeploymentconsiderations Additionally,forclientdeploymentconsiderations,you needtodecidewhethertousecached,download,orWebStartclients (seeUsingHostOn-Demandemulatorclients)andwhichversionofJavatouse (seePlanningforJavaontheclient). PlanningforJavaontheclient Thischapterprovidesdetailedinformationrelatedto runningtheHostOn-DemandclientonaJava-enabledbrowser. ImprovementstothecachedclientforJavadescribesfunctions oftheHostOn-DemandJavacachedclient. EnhancedfeaturesprovidedbyJavadescribesadvancedfeaturesof theHostOn-DemandclientthatareavailableonlywithaJava-enabled browser. MacOSXwithJavadiscussesissuesinvolvedinusingtheApple MacOSXasaHostOn-DemandclientwithJava. BrowsersandJavaplug-insdiscussesissues involvedinusingJava-enabledbrowsersandJavaplug-ins. ImprovementstothecachedclientforJava ThefollowingimprovementsbringtheJavacachedclient uptothesamelevelofuser-friendlinessandflexibilityastheJava 1cachedclient.WiththeJavacachedclient,youcandothefollowing: InstalltheJavacachedclientfromaLANdriveorDVDdrive. Formoreinformation,refertoInstallingthecachedclientfromaLANorDVD. SharetheJavacachedclientbetweenmorethanoneuseronWindows. Formoreinformation,refertoCachedclientsupportforWindows. RemovetheJavacachedclientinoneoperation,withoutclearing thecacheofJavaplug-in.Formoreinformation,refertoRemovingthecachedclient. UpgradetheJavacachedclientinthebackground. Note: Thefollowingrestrictionapply: UserswhoupgradethecachedclientfromHostOn-Demandv7to HostOn-Demandv11cannotchoosetoupgradeitinthebackground. AfewJavacachedclienttypescannotbeupgradedinthebackground. SeeLimitsofsupportformoreinformation. AlmostallHostOn-DemandJavacachedclientssupportthese improvements.TheJavaWebStartclientalsosupportstheseimprovements. Limitsofsupport ThefollowingtypesofJavacachedclientsdonotsupporttheimprovements totheJavacachedclient: WebStartclient ProcessCollectionwindowforPrintScreenCollection SupportforthesecureShell(SSH)forVTdisplaysessionsand secureFileTransferProtocol(sftp)sesstions AutoIME/on-the-SpotConversion PrintScreenEnhancements InternetProtocolVersion6(IPv6) Accessbilityfeatures DuplicateKeySupport CustomizablePopupKeypad MousewheelSupport Forbidirectionallanguages,supportisnowprovidedforOS/400 CodeCharacterSetIdentifiers(CCSIDs)fordisplayingUnicodecharacters. EnhancedfeaturesprovidedbyJava UsingaJava-enabledbrowserwith aJavaplug-in,youcantakeadvantageofthefollowingadvancedfeatures offeredbytheHostOn-Demandclient.FormoreinformationonJava-enabled browsers,refertoBrowsersandJavaplug-ins. WebStartclient ProcessCollectionwindowforPrintScreenCollection SupportfortheSecureShell(SSH)forVTDisplaysessionsand secureFileTransferProtocol(sftp)sessions AutoIME/On-the-SpotConversion PrintScreenEnhancements InternetProtocolVersion6(IPv6) Accessiblityfeatures DuplicateKeySupport CustomizablePopupKeypad MousewheelSupport Forbidirectionallanguages,supportisprovidedfor OS/400CodedCharacterSetIdentifiers(CCSIDs)fordisplayingUnicode characters. DownloadingaclientwithJava Thefollowingsectionsdiscussthelimitationsindownloading aclientwithJava. Cannotdownloadacomponentnotinthepreloadlist WiththeJavadownloadclient,ausercannotdownload aHostOn-Demandclientcomponentthatisnotintheoriginalpreload list.Consequently,youneedtospecifyallthecomponentsthatyour usersmightrequireinthepreloadlist. Thislimitationiscausedbyaconflictbetweenthemethodused byadownloadclienttodownloadcomponentsnotonthepreloadlist andsecurityrestrictionsimposedbytheJavaplug-in. HTMLfilesdonotcontainsomecomponents WithJava,thedefaultdownloadclientHTMLfiles(HOD_xx.html,wherexxisthe two-letterlanguagesuffix)donotcontainthefollowingclientcomponents: Datatransfer 5250filetransfer 5250hostprintsupport Import/export SLP Thaisessions FTPCodepageConverter Bidirectionalsessions 5250Hindisessions DBCSsessionsusinguser-definedcharactersettings ZipPrintinDBCSsessions IBMremovedtheselessfrequentlyusedcomponentsfrom thepreloadlistoftheJavadefaultdownloadHTMLfilestoshorten downloadtime.However,withtheJavadownloadclient,anycomponent notinthepreloadlistcannotbedownloadedlater. Ifyouwantsomeorallofthesecomponentstobeinthepreload list,performoneofthefollowingactions: UsetheDeploymentWizardtocreateadownloadclientorcached clientJavaHTMLfilethatcontainsexactlythecomponentsthatyou need. UsethedefaultHTMLfileforthecachedclient(HODCached_xx.html, wherexxisthetwo-letterlanguagesuffix) insteadofthedefaultHTMLfileforthedownloadclient. Usethedebugversionofthedefaultdownloadclient(HODDebug_xx.html, wherexxisthetwo-letterlanguagesuffix).Thedebugversioncontains allthecomponents.However,thedebugversionofthedefaultdownload clientislargerthanthenon-debugversion. MacOSXwithJava HostOn-DemandMacOSXemulatoranddatabaseclients supportSafari,Firefox,andtheMacversionofInternetExplorer. HostOn-DemanddoesnotsupporttheadministrationclientsonMac OSX.HostOn-DemandVersion12.0supportsJava1.6orhigher. TheDuplicateKeySupportfeaturerequiresaJavaPlug-in of1.4.2orneweronMacintoshclients.However,HostOn-DemandVersion 11supportsJava1.6orhigher. MacOSXlimitations MacOSXdoesnotsupporttheJavacachedclientimprovements describedinImprovementstothecachedclientforJava.Formoreinformation, refertoCachedclientsupportforMacOSX(Javaclientsonly). SlightlyslowerstartuptimeswithJavaclients WithaJava-enabledbrowser,theHostOn-Demand clientstartsalittlemoreslowly(5to15secondsslower,depending ontheworkstationtype).Thedelayiscausedbythesystemloading theJavaplug-in. Also,withaJava-enabledbrowser,ahostsession ontheHostOn-Demandclientdesktopcantakealittlelongertostart. LimitationsofspecificJavaplug-ins IfyouareusingaOracleJavaplug-inandHindicharacters arenotdisplayedcorrectly,makesureyourSunJRElevelisthelatest. Limitationswithcustomer-suppliedappletsandJava Ifauserrunsacustomer-suppliedapplet(thatis,an appletwrittenbyyourcompanyorathirdparty)withasession(such as3270Display)launchedfromaJavaHostOn-Demandclient,andif thisappletrequiresanyJavapermissions,youaresuggestedtaking oneofthefollowingactionstomeetthesecurityrequirementsof Java: TheappletmustbearchivedinasignedJava.JARfile. Thepermissionsmustpreviouslyhavebeengrantedontheworkstation usingtheJavaPolicyToolthatisprovidedwiththeJavaplug-in. IfyoudonotmeetthesecurityrequirementsofJava, theappletsilentlyfails. LimitationswithrestrictedusersandJava RestrictedusersdonothavetheauthoritytoinstalltheJava plug-in.AuserwithadministrativeauthoritymustinstalltheJava plug-in. BrowsersandJavaplug-ins ThissectiondiscussesissuesinvolvedinusingJava-enabled browsersandJavaplug-ins. Java-enabledbrowsers AJava-enabledbrowserdoesnothaveaJVMincludedwith it.ItcandisplayHTMLfilesonitsown,butitneedsaseparate Javaplug-ininstalledtolaunchaJavaappletsuchastheHostOn-Demand client.ExamplesofJava-enabledbrowsersareFirefoxandMicrosoft InternetExplorerwiththeJavaplug-ininstalled. Browsersandplug-inssupportedbyHostOn-Demandclients UserswithclientworkstationsrunningWindowscandownload theIBMJavaplug-infromanyHostOn-Demandserver. AsvendorsofJavaplug-inssuchasOracleandIBMpublish newversionsoftheirJavaplug-ins,andasIBMextendsHostOn-Demand tosupportthesenewversions,IBMwillannouncesupportofthenew versionsontheHostOn-DemandWeb site. MicrosoftInternetExplorerwithaJavaplug-in WhenaJavaplug-inisproperlyinstalledandconfigured onaWindowsclientworkstation,MicrosoftInternetExplorerwill functionasaJava-enabledbrowser,dependingonhowHostOn-Demand choosestolaunchtheclient. FirefoxwithaJavaplug-in TorunaJavaappletonFirefox,youneedtoinstall aJavaplug-in. Consequently,HostOn-Demandexpectsyoutoconfigure theJavaplug-insothatitisthedefault JavaRuntimeforFirefox.Forinstructionsonhowtocheckorchange thissetting,refertotheSettingthedefault JavaRuntimeforaJava-enabledbrowsertopicintheonlinehelp. Note: Restrictedusers,suchasrestrictedusers sharingacachedclientonWindows,orrestrictedusersonaLinux orAixworkstation,cannotinstalltheJavapug-in Planningforsecurity WhetheryouareimplementingHostOn-Demandpurelywithinyour corporatenetwork,oryouareusingittoprovideaccesstoyourhost systemsovertheInternet,securityisaconcern.Thischapterprovides anoverviewofHostOn-Demandsecurity. TransportLayerSecurity(TLS). Providesencryption,certificate-basedauthentication,andsecurity negotiationsoveranestablishedTelnetorFTPconnection.SeeTLSforHostOn-Demandfordetails. TheRedirector.SupportsTLSbetweenHost On-DemandclientsandtheHostOn-Demandserver.SeeTheRedirectorfordetails. Firewalls.YoucanconfigureHostOn-Demandtogothroughafirewall. SeeUsingHostOn-Demandwithafirewallfordetails. UserIDsecurity.IncludesWebExpressLogon,NativeAuthentication, andWindowsDomainlogon.SeeUserIDsecurityfordetails. FederalInformationProcessingStandards(FIPS)environments. SeeFIPSenvironmentsifyourenvironmentrequiresthatyoursecurity componentsuseFIPS-certifiedcomponents/modules. TransportLayerSecurity(TLS) HowTLSsecurityworks TLSisbasedontheSSLprotocol.TLSusestheinitial handshakeprotocolforestablishingclient/serverauthenticationand encryption.FordetailedinformationonTLS,seethedescriptionofTheTLSProtocolVersion1.0. TheTLSprotocolusespublic-keyandsymmetric-keycryptographic technology.Public-keycryptographyusesapairofkeys:apublic keyandaprivatekey.Informationencryptedwithonekeycanbedecrypted onlywiththeotherkey.Forexample,informationencryptedwiththe publickeycanbedecryptedonlywiththeprivatekey.Eachserver's publickeyispublished,andtheprivatekeyiskeptsecret.Tosend asecuremessagetotheserver,theclientencryptsthemessageby usingtheserver'spublickey.Whentheserverreceivesthemessage, itdecryptsthemessagewithitsprivatekey. Symmetric-keycryptographyusesthesamekeytoencryptanddecrypt messages.Theclientrandomlygeneratesasymmetrickeytobeused forencryptingallsessiondata.Thekeyisthenencryptedwiththe server'spublickeyandsenttotheserver. TLSprovidesthreebasicsecurityservices: Messageprivacy Achievedthroughacombinationofpublic-keyandsymmetric-key encryption.Alltrafficbetweenaclientandaserverisencrypted usingakeyandanencryptionalgorithmnegotiatedduringsession setup. Messageintegrity Ensuresthatsessiontrafficdoesnotchangeenroutetoits finaldestination.TLSusesacombinationofpublic/privatekeysand hashfunctionstoensuremessageintegrity. Mutualauthentication Exchangeofidentificationthroughpublic-keycertificates. Theclientandserveridentitiesareencodedinpublic-keycertificates, whichcontainthefollowingcomponents: Subject'sdistinguishedname Issuer'sdistinguishedname Subject'spublickey Issuer'ssignature Validityperiod Serialnumber Table2.Tip YoucanalsousesecureHTTP(HTTPS)toensure thataclient'ssecurityinformationisnotcompromisedasitis downloadedfromaserver. Certificates Securityiscontrolledbydigitalcertificatesthatactaselectronic IDcards.Thepurposeofacertificateistoassureaprogramora userthatitissafetoallowtheproposedconnectionand,ifencryption isinvolved,toprovidethenecessaryencryption/decryptionkeys. TheyareusuallyissuedbyCertificateAuthorities(CAs),whichare organizationsthataretrustedbytheindustryasawholeandwhose businessistheissuingofInternetcertificates.ACA'scertificate, whichisalsoknownasarootcertificate,includes(amongotherthings) theCAsignatureandavalidityperiod. Encryptionandauthenticationareperformedbymeansofapair ofkeys,onepublic,oneprivate.Thepublickeyisembeddedinto acertificate,knownasasiteorservercertificate.Thecertificate containsseveralitemsofinformation,includingthenameoftheCertificate Authority(CA)thatissuedthecertificate,thenameandpublickey oftheserverorclient,theCA'ssignature,andthedateandserial numberofthecertificate.Theprivatekeyiscreatedwhenyoucreate aself-signedcertificateoraCAcertificaterequestandisused todecryptmessagesfromclients. ATLSsessionisestablishedinthefollowingsequence: Theclientandtheserverexchangehellomessagestonegotiate theencryptionalgorithmandhashingfunction(formessageintegrity) tobeusedforthesession. TheclientrequestsanX.509certificatefromtheservertoprove itsidentity.Optionally,theservercanrequestacertificatefrom theclient.Certificatesareverifiedbycheckingthecertificate formatandthevaliditydatesandbyverifyingthatthecertificate includesthesignatureofatrustedcertificateauthority(orisself-signed). Theclientrandomlygeneratesasetofkeysthatisusedforencryption. Thekeysareencryptedwiththeserver'spublickeyandsecurelycommunicated totheserver. TLSforHostOn-Demand TherearethreeareaswhereyoucanconfiguresecurityforHost On-Demand:sessionsecurity,Webserversecurity,andconfiguration security. Sessionsecurity HostOn-DemandVersion12.0usestheTLSprotocolto providesecurityforemulatorandFTPsessions. TheTLSprotocolprovidescommunicationsprivacyacross aTCP/IPnetwork.TLSisdesignedtopreventeavesdropping,message tampering,ormessageforgery.TLSalsoprovidesaframeworkthat allowsnewcryptographicalgorithmstobeincorporatedeasily.Host On-DemandsupportsencryptionofemulationandFTPsessionsandserver/client authenticationaccordingtoTLS ProtocolVersion1.0. Supportisprovidedforthefollowing: RSAtype-4dataencryptiononconnectionsbetweenthe HostOn-DemandclientsandTelnetorFTPserversthatsupportTLS version1.0,1.1,1.2. X.509certificates. Bulkencryptionalgorithmsusingkeysupto168bitsinlength. Authenticationalgorithmsusingkeysupto2048bits inlength. Serverandclientauthentication. Supportforstorageanduseofclientcertificatesontheclient system. Optionalpromptingofuserforclientcertificatewhenrequested byserver. Securesessionindicators.Alockiconisdisplayedonthesession statusbartoindicatetotheuserthatthesessionissecure.The encryptionstrength,forexample,64,128,or256,isalsodisplayed nexttothelockiconandwhenthemousehoversoverthelockicon.ForHostOn-Demand,youcanuseaCAcertificate,butyoucan alsocreateyourownself-signedcertificate,asdescribedintheUsingaself-signedcertificatetopicintheonline help. AgraphicalCertificateManagementutility(availableonWindows andAIXplatforms)isprovidedto: Createcertificaterequests Receiveandstorecertificates Createself-signedcertificates IKEYCMDisatool,inadditiontotheCertificateManagementutility, thatyoucanusetomanagekeys,certificates,andcertificaterequests. IKEYCMDisfunctionallysimilartoCertificateManagementandismeant torunfromthecommandlinewithoutagraphicalinterface.Formore information,refertoAppendixB.UsingtheIKEYCMDcommand-lineinterface. TosupportTLSservices,HostOn-Demandusessixdatabases: HODServerKeyDb.kdb YoucreatetheHODServerKeyDb.kdbthefirsttimeyou configureTLSfortheHostOn-DemandRedirector.Thisdatabasecontains theserver'sprivatekeyandcertificateaswellasalistofCA(or signer)certificates.TheseCAsareconsideredwell-knownand aretrustedbytheHostOn-Demandserver. YoucanaddcertificatesfromotherCAs(unknownCAs)andcertificates thatyoucreateandsignyourself(self-signed)tothisdatabase. RefertoTheRedirectorformoreinformation. HODServerKeyStore.jks RedirectorcanbeconfiguredtouseJavaSecureSocketExtenstion(JSSE) insteadofGSKit.WhenconfiguredwithJSSE,redirecorreadstheprivate keyandcertificatesfromHODServerKeyStore.jks.RefertoTheRedirector formoreinformation. CustomizedCAs.p12 TheCustomizedCAs.p12isaPKCS#12formatfilethatcontains therootcertificatesofunknownCAsandself-signedcertificates thatarenotintheWellKnownTrustedlist.Ifyouuseaself-signed certificateoracertificatefromanunknownauthority(CA),youneed tocreateorupdatetheCustomizedCAs.p12.HostOn-Demanddoesnot installaCustomizedCAs.p12filebydefault. TheCustomizedCAs.p12 fileisanewerversionoftheCustomizedCAs.classfile,whichyou mayhavecreatedwithanearlierreleaseofHostOn-Demand.TheCustomizedCAs.class filesupportsHostOn-DemandVersion7andearlierclients,andis locatedinyourpublishdirectorybydefault.Ifyouarerunning WindowsorAIX,whenyouupgradetoversion12,theHost On-DemandinstallationautomaticallydetectstheCustomizedCAs.class file,createsthenewCustomizedCAs.p12file,andplacesitinthe publishdirectory.Bothfilesremaininyourpublishdirectoryand areavailabletoclientsofdifferentversions.Ifyouhaveanseparate userpublishdirectoryandnotthedefaultpublishdirectory,the HostOn-DemandinstallationwillnotbeabletodetecttheCustomizedCAs.class fileandyouwillneedtorunthemigrationtoolmanuallyonthecommand line. If youcreatetheCustomizedCAs.p12fileforthefirsttimeusingthe HostOn-DemandCertificateManagementutility(IKEYMAN),youwill alsowanttohavetheolderCustomizedCAs.classfileinyourpublish directorysothatolderclientscanstilloperatewiththenewserver. Also,whenyousubsequentlyupdatetheCustomizedCAs.p12file,you willwanttomakesurethesechangesarepickedupbytheCustomizedCAs.class file.ForWindowsplatforms,ifthesefilesareinthedefaultpublish directory,c:\ProgramFiles\IBM\HostOnDemand\HOD,eachtimeyouopen IKEYMANtoupdatetheCustomizedCAs.p12fileandthencloseIKEYMAN, theCustomizedCAs.classfileisautomaticallyupdatedalongwiththe CustomizedCAs.p12file.Ifthesefilesarenotinthedefaultpublish directory,youneedtomanuallyrunthereverse-migrationtoolfrom yourpublishdirectoryusingthefollowingcommand.Thecommandappears onthreelines,butyoushouldtypeitononeline. ..\hod_jre\jre\bin\java-cp..\lib\sm.zip; com.ibm.eNetwork.HOD.convert.CVT2SSLIGHT CustomizedCAs.p12hodCustomizedCAs.class OnAIX,for theCustomizedCAs.classfiletopickupthechangesyoumaketothe CustomizedCAs.p12file,youneedtorunthisreverse-migrationtool manuallyfromyourpublishdirectoryusingthefollowingcommand. Thecommandappearsonthreelines,butyoushouldtypeitonone line. ../hod_jre/jre/bin/java-cp../lib/sm.zip com.ibm.eNetwork.HOD.convert.CVT2SSLIGHT CustomizedCAs.p12hodCustomizedCAs.class CustomizedCAs.class TheCustomizedCAs.classisaJavaclassfilethatcontains thecertificatesofunknownCAsandself-signedcertificatesthat arenotintheWellKnownTrustedlist.Ifyouuseaself-signedcertificate oracertificatefromanunknownauthority(CA),youneedtoupdate theCustomizedCAs.classfile.However,notethatyoucannolonger createorupdatetheCustomizedCAs.classfileusingtheCertificate ManagementutilityonWindowsorAIXplatforms.InHostOn-Demand Versions9orlater,youcanonlycreateanewerversionofthisfile calledCustomizedCAs.p12.Allclientsstillsupporttheolderformat, however.Formoreinformation,refertothedescriptionofCustomizedCAs.p12 above. WellKnownTrustedCAs.class, WellKnownTrustedCAs.p12,andWellKnownTrustedCAs.jks TheWellKnownTrustedCAs.class,WellKnownTrustedCAs.p12, andWellKnownTrustedCAs.jksarethefilessuppliedbyHostOn-Demand thatcontainthepubliccertificatesofalltheCAsthatHostOn-Demand trusts.Youshouldnotmodifythesefiles. WellKnownTrustedCAs.class/WellKnownTrustedCAs.p12and WellKnownTrustedCAs.jks,CustomizedCAs.p12and/orCustomizedCAs.class andCustomizedCAs.jksmustbepresentintheHostOn-Demandpublish directory.TheHostOn-Demandclientusesthesefilestotrustthe server'scertificateduringtheTLShandshake. CustomizedCAs.jks TheCustomizedCAs.jksfileisdifferentfromtheCustomizedCAs.p12 filewhichisusedforSSLitewhentheUseJSSEsettingissetto No.YoucancreateaCustomizedCAs.jksfileeitherbyconvertingthe existingCustomizedCAs.p12toJKSformatorbycreatinganewfile inthisformat.YoucanusetheCertificateManagementutilitythat isinstalledwithHostOn-Demandorkeytool.execommand-linetool, whichisaJavaKeyandCertificateManagementToolavailableinthe JREforthispurpose. BasicTLSenablementforHostOn-Demandclients WhenyouselecttheTLSprotocolfortheHostOn-Demand client,abasicTLSsessionisestablished.DuringtheTLSnegotiation process,theserverpresentsitscertificatetotheclient.Withbasic TLSenablement,thecertificatemustbesignedbyanauthoritythat theclienttrusts.TheclientchecksWellKnownTrustedCAs.class/WellKnownTrustedCAs.p12 first,followedbytheCustomizedCAs.p12ortheCustomizedCAs.class. IfHostOn-DemandisconfiguredtouseJSSEforTLSenablement,WellKnownTrustedCAs.jks andCusomizedCAs.jksfileswillbeused.Theclientrejectsthesession ifitdoesnotfindthesignerinthesefiles.Iftheclientfinds thesignerinthesefiles,thesessionisestablished.Thisisbasic ServerAuthentication.HostOn-Demandallowsyoutoconfigureamore enhancedformofServerAuthenticationinitsclientconfiguration. Refertothefollowingsectionformoreinformation. Serverauthentication Encryptingthedataexchangebetweentheclientand theserverdoesnotguaranteetheclientiscommunicatingwiththe correctserver.Tohelpavoidthisdanger,youcanenableserverauthentication, sothattheclient,aftermakingsurethattheserver'scertificate canbetrusted,checkswhethertheInternetnameinthecertificate matchestheInternetnameoftheserver.Iftheymatch,theTLSnegotiation willcontinue.Ifnot,theconnectionendsimmediately.Seeserverauthenticationintheonlinehelpformore information. Clientauthentication Clientauthenticationissimilartoserverauthenticationexcept thattheTelnetserverrequestsacertificatefromtheclienttoverify thattheclientiswhoitclaimstobe.Notallserverssupportclient authentication,includingtheHostOn-DemandRedirector.Toconfigure clientauthentication,youneedtodothefollowing: obtaincertificatesforclients sendthecertificatestotheclients configuretheclientstouseclientauthenticationRefertoconfiguringclientstouseclient authenticationintheonlinehelpformoreinformation. ExpressLogon TherearetwotypesofExpressLogon: WebExpressLogon:WebExpressLogonallowsuserstologonto hostsystemsandhostapplicationswithouthavingtoprovideauser IDandpassword.Thisfeatureworksinconjunctionwithyournetwork securityapplicationbyacquiringtheuser'snetworkcredentialsand mappingthemtotheirhostcredentials,eliminatingtheneedtolog onmultipletimes.Dependingonyourhost,thelogonautomationprocess canbemacro-basedorconnection-based.Formoreinformation,refer totheWebExpressLogonReference. CertificateExpressLogon:CertificateExpressLogon ismacro-basedandalsoallowsuserstologonwithouthavingtoenter auserIDandpassword.ItisfunctionallysimilartoWebExpress Logon,althoughitrequiresyoutoconfigureyoursessionforTLS andclientauthentication,andtheCommunicationsServermustsupport andbeconfiguredforExpressLogon.Formoreinformation,refertoExpresslogonintheonlinehelp. Table3.Tip StartingwithHostOn-DemandV9,WebExpress Logonoffersatypeoflogonautomationthatusesclient-sidecertificates. Thismodeliscalledcertificate-basedWebExpressLogonandissignificantly differentthanCertificateExpressLogon.WithCertificateExpress Logon,clientcertificatesareusedtoauthenticateuserstoanExpress Logon-enabledTN3270serverthatisconfiguredtoautomatethelogin process.Withcertificate-basedWebExpressLogon,however,client certificatesareusedtoauthenticateuserstoaWebserveroranetwork securityapplication,andtheloginprocessisautomatedbyaplug-in andamacro.Formoreinformation,refertotheWeb ExpressLogonReference. TLS-basedTelnetsecurity Telnet-negotiatedsecurityallowsthesecuritynegotiations betweentheclientandtheTelnetservertobedoneontheestablished Telnetconnection.YoucanconfigureTelnet-negotiatedsecurityfor HostOn-Demand3270displayandprintersessions. The TelnetservermustsupportTLS-basedTelnetsecurity(asdescribed intheIETFInternet-DraftTLS-based TelnetSecurity)fortheHostOn-DemandclientstouseTelnet-negotiated security.TheCommunicationsServerforz/OSsupportsTLS-basedTelnet security. Formoreinformation regardingTelnet-negotiatedsecurity,seetheTelnet-negotiated securityoverviewintheonlinehelp.RefertoyourTelnetserver's documentationformoreinformationaboutconfiguringTLSontheTelnet server,andrefertotheSecuritytopicin theonlinehelpformoreinformationaboutconfiguringaclientto connecttoasecureTelnetserver. TLS-basedFTPSecurity HostOn-DemandprovidesTLS-basedsecurefiletransfer forFTPsessions.TheFTPsessiondoesnotsupportimplicit/unconditional TLSnegotiationstoport990/989.So,port990shouldnotbeused forsecureFTPsessions.Itonlysupportsexplicit/conditional(AUTH command)TLSnegotiationstoanyotherport. Thesecurityproperties oftheFTPsessionareindependentoftheemulatorsession'ssecurity properties.ForanintegratedFTPsession,youneedtoconfigureFTP securityinformationusingthenewSecuritytabinFTPsessionproperties. IfyouconfigureanemulatorsessiontobesecureandtheFileTransfer TypeissettoFTP,theFTPsessionwillnotbesecuredautomatically. Inthissituation,thefollowingmessageappearswhenyouclickthe OKbutton:Ifasecurefiletransfersessionisdesired,configure thesecurityinformationinFileTransferDefaults. TheTLS basedsecureFTPfunctionissupportedbyz/OSV1R2orlater. Examplesofwhentousesessionsecurity Refertothefollowingexamplesassituationswhereyoumightwant tousesessionsecurity: AllowingcustomerstoorderyourproductsovertheInternet.In thissituation,youwanttomakesuretheinformationcustomersgive you,suchasacredit-cardnumber,isencryptedsothatitcannot bestolen.Youalsowanttomakesureinformationyougivetocustomers isprotected. Givingyoursuppliersorbusinesspartnersaccesstoinformation onyourhostcomputers.Youdonotwantanyoneelsetobeableto accessthisdata. Allowingyourstafftohaveaccesstoyourhost-computerinformation fromremotesitesorwhentheyaretraveling. Givingdoctorsaccesstopatientrecordsfromwherevertheyare andmakingsurethatunauthorizedpeoplecannotaccesstheserecords. Webserversecurity YoucanconfigureyourWebservertouseTLS,sothat thedatastreamfromyourWebservertoyourbrowserisencrypted. SeeyourWebserverdocumentationformoreinformationaboutconfiguring yourWebserverforTLS.Oncetheclientisloadedinabrowser,however, itcommunicatesdirectlywiththehost.YoucanconfigureHostOn-Demand toprovideTLSsecuritytoyourhostsessions.Formoreinformation, seeConfiguringTLSintheonlinehelp. Configurationsecurity IfyouusetheHTMLmodel,yoursessionconfigurationinformation willbeencryptedifyouuseHTTPS.Forallothermodels,youneed toconfigureHostOn-Demandtousetheconfigurationservletover HTTPS(afterconfiguringyourWebapplicationserver)toencryptthe sessionconfigurationinsteadofcommunicatingdirectlywiththeconfiguration server.SeeInstallingtheconfigurationservletinthisguidefor moreinformationaboutinstallingtheconfigurationservlet,andseeconfiguringtheconfigurationservletintheonline helpformoreinformationaboutconfiguringclientstousetheconfiguration servlet. TheRedirector TheRedirectorisaservicethatrunsontheHostOn-Demandserver andthatallowsaHostOn-DemandclienttocommunicatewithaTelnet serverbyconnectingtoaRedirectorportontheHostOn-Demandserver. Normally,aHostOn-Demandclient: ConnectsdirectlytotheHostOn-Demandservertodownloadthe clientcodeandtoaccesspublicHTMLfiles. AlsoconnectsdirectlytoaTelnetserverthatrunsonorisconnected toa3270,5250,VT,orCICShost. However,whentheRedirectorisused,theRedirectoractsasan intermediarybetweentheclientandtheTelnetserver.Theclient, insteadofconnectingdirectlytotheTelnetserver,connectstoa RedirectorportontheHostOn-Demandserver.TheRedirectorthen sendstotheTelnetserverthedatareceivedfromtheclient.When theTelnetserverreplies,theRedirectorsendstotheclientthe datareceivedfromtheTelnetserver.Thisprocesscontinuesuntil thesessionends. WhyusetheRedirector? IfyourTelnetserverdoesnotsupportTLS,andifyou arerunningtheHostOn-Demandserverononeoftheoperatingsystems onwhichtheRedirectorsupportssecuresessions(seeOperatingsystemssupportedbytheRedirector),youcanconfiguretheHostOn-Demand RedirectortoprovidetheTLSsupport. Table4.Tip ManyTelnetserverssupportTLS (forexample,IBMCommunicationsServersonzSeries,IBMSystemi, AIX,orNT).IfyourTelnetserversupportsTLS,westronglyrecommend usingyourTelnetserver.IfyourTelnetserverdoesnotsupportTLS, theCommunicationsServerforAIXRedirectoroffersamorescalable alternativetotheHostOn-DemandRedirector. TheRedirectoractsasatransparentTelnetproxythatusesport remappingtoconnecttheHostOn-DemandservertootherTelnetservers. Eachdefinedservercanconfigureasetoflocal-portnumbers.Instead ofconnectingdirectlytothetargetTelnetserver,aclientconnects totheHostOn-Demandserverandportnumber.TheRedirectormaps thelocal-portnumbertothehost-portnumberofthetargetandmakes aconnection. Table5.Recommendation TherecommendedsolutionforaTelnetproxy istouseLoadBalancer,afeatureofWebSphereApplicationServer's EdgeComponents,orasimilarproductthatprovidesaddresstranslation aspartoftheoverallfirewallsolution,insteadoftheHostOn-Demand Redirector. HowtheRedirectorworks Figure5illustrateshowtheRedirectorsends theclientdatatotheTelnetserverandsendstotheclienttheresponding datafromtheTelnetserver. Figure5.HowtheRedirectorworks TheRedirectorcanbeconfiguredinanyoneofthefollowingfour modes: Passthrough TheRedirectorcommunicateswiththeTelnetserverandtheclient withoutchangingthecontentofthedata. Client-side TheclientandtheRedirectorcommunicateinasecure sessionusingTLS(thecontentisencrypted/decrypted). TheRedirectorandtheTelnetservercommunicateinanon-secure session. Host-side TheclientandtheRedirectorcommunicateinanon-securesession. TheRedirectorandtheTelnetservercommunicatein asecuresessionusingTLS(thecontentisencrypted/decrypted) Both TheclientandtheRedirectorcommunicateinasecure sessionusingTLS(thecontentisencrypted/decrypted). TheRedirectorandtheTelnetservercommunicatein asecuresessionusingTLS(thecontentisencrypted/decrypted). BeforeyouusetheClient-side,Server-side,orBoth modes,youneedtocreatetheHODServerKeyDb.kdborHODServerKeyStore.jks(ifconfiguredtouseJSSE) fortheRedirector. YoucanusethePass-throughmodewhenencryptionbytheRedirector isnotnecessary,eitherbecausethedatastreamdoesnotneedto beencrypted,orbecausethedatastreamisalreadyencryptedbetween theclientandtheTelnetserver.youneedtousethePass-through modeiftheHostOn-DemandclientisconnectingthroughtheRedirector toahostthatrequiresclientauthenticationorExpressLogon. RefertoAddingahosttotheRedirectorin theonlinehelpformoreinformation. Redirectorloadcapacity ForRedirectorloadcapacityrecommendations,refertotheReadme. OperatingsystemssupportedbytheRedirector TheRedirectornowsupports: AlloperatingsystemsthataresupportedbytheHostOn-Demand serverandthatalsosupportInternetProtocolVersion4(IPv4). SomeoperatingsystemsthataresupportedbytheHostOn-Demand serverandthatalsosupportInternetProtocolVersion6(IPv6).NoteveryRedirectormodeissupportedoneveryoperatingsystem. ThenexttwosubsectionsdescribeRedirectorsupportinmoredetail. FormoreinformationonIPv4andIPv6seeSupportforInternetProtocolVersion6. OperatingsystemsthatsupportIPv4 ForoperatingsystemsthatsupportIPv4theRedirectorsupports thefollowing: Pass-throughmodeonalloperatingsystemssupportedbytheHost On-Demandserver Othermodes(Client-side,Host-side,andboth)ononlysomeof theoperatingsystemssupportedbytheHostOn-DemandserverTable6andTable7showthisinformation: Table6.32-bitOperatingsystemsandRedirectormodesforwhichtheRedirectorsupportsIPv4usingGSKit Operatingsystem: Pass-through: Client-side: Host-side: Both: Windows Yes Yes Yes Yes AIX Yes Yes Yes Yes Linux Yes Yes Yes Yes Allotheroperatingsystems Yes No No No Table7.64-bitOperatingsystemsandRedirectormodesforwhichtheRedirectorsupportsIPv4usingJSEE OperatingSystems Pass-through: Client-side: Host-side: Both: Windows Yes Yes Yes Yes AIX Yes Yes Yes Yes Linux Yes Yes Yes Yes Allotheroperatingsystems Yes No No No RedirectorsupportforIPv6 Table8andTable9showtheoperatingsystemsandtheRedirector modesforwhichtheRedirectorsupportsInternetProtocolVersion 6(IPv6): Table8.32-bitOperatingsystemsandRedirectormodesforwhichtheRedirectorsupportsIPv6usingGSKit Operatingsystem Pass-through: Client-side: Host-side: Both: Windows Yes Yes Yes Yes Linux Yes Yes Yes Yes AIX Yes Yes Yes Yes Table9.64-bitOperatingsystemsandRedirectormodesforwhichtheRedirectorsupportsIPv6usingJSEE Operatingsystem: Pass-through: Client-side: Host-side: Both: Windows Yes Yes Yes Yes Linux Yes Yes Yes Yes AIX Yes Yes Yes Yes UsingHostOn-Demandwithafirewall IfyouareconfiguringHostOn-Demandtogothrougha firewall,werecommendthatthefirewalladministratoropenonlythose portsrequiredfortheclientstofunction.TelnetportsallowTLS-encrypted sessiontraffic. Figure6.Sessionsecuritythroughafirewallorproxyserver Ifyouareusingtheconfigurationserver-basedorcombinedmodels, theHostOn-DemandconfigurationservletallowsHostOn-Demandclients tocommunicatewiththeconfigurationserveracrosseitherHTTPor HTTPS. Figure7.Configurationsecuritywithandwithouttheconfigurationservletthroughafirewallorproxyserver ForHostOn-Demandclientsconnectingtoahostsystemthrough openportsinthefirewall,seeConfiguringfirewallportsfordetails. ForHostOn-DemandclientsconnectingtoahostsystemthroughaSocks orHTTPproxyserver,seeConnectingtoahostsystemthroughaproxyserverfordetails. Configuringfirewallports Ifyouareusingtheconfigurationserver-basedmodelorthecombined model,yourHostOn-Demandclientswillneedtocommunicatewiththe configurationserver.Toallowthisthroughafirewall,youwillneed toeitheropentheHostOn-DemandServiceManagerportorusethe HostOn-Demandconfigurationservlet.TheServiceManagerlistens onport8999bydefault.Youcanchangethisdefaulttoanyother availableportnumber.Fordetails,refertoChanging theServiceManagerportintheonlinehelp.TheHostOn-Demand configurationservletallowsHostOn-Demandclientstocommunicate withtheconfigurationserveracrosseitherHTTPorHTTPS.Therefore, theServiceManagerportdoesnotneedtobeopenonthefirewall. (SeeFigure4.)RefertoInstallingtheconfigurationservletandConfiguringthe configurationservletintheonlinehelpfordetailsonusing theconfigurationservlet. IfyouareusingtheHTML-basedmodel,thereisnorequirement forHostOn-Demandclientstoaccesstheconfigurationserver,and theServiceManagerportdoesnotneedtobeopenonthefirewall. Theclientswillstillattempttocontacttheconfigurationserver forlicensecountingbutwillfailsilentlyiftheServiceManager portisnotopen.Ifyouwanttopreventclientsfrommakinglicense countingrequests,youcanaddaparameterDisablewithavalueof LUMintheAdditionalParameterstreeviewontheAdvancedOptions windowintheDeploymentWizard. InadditiontotheServiceManagerport,makesurethe firewalladministratoropensanyportsthatarebeingusedforfunctions yourclientsuse.Forexample,ifyouhaveaTLSsessionwiththe Redirectoronport5000,port5000mustbeopenforTelnettraffic. ThefollowingtablesummarizestheportsthatHostOn-Demandcanuse. Table10.HostOn-Demandfunctionsandtheportstheyuse HostOn-Demand Function PortsUsed Displayemulation(3270andVT)and3270Printer emulation 23(Telnet),80(HTTP),or443(TLS) and8999(configserver)3 5250DisplayandPrinteremulation 23(Telnet)or9921(TLS)or80(HTTP)or443(TLS)and8999 (configserver)3 3270filetransfer 23(Telnet),80(HTTP),or443(TLS) and8999(configserver)3 5250filetransfer-savfile 80(HTTP),8999(configserver)3,21(FTP)4, >1024(FTP)4,446(drda)4,449(as-svrmap)4, 8470(as-central)124,8473(as-file)14,8475(as-rmtcmd)1 4,and8476(as-signon)14 5250filetransfer-database 80(HTTP),8999(configserver)3,446(drda)4, 449(as-svrmap)4,8470(as-central)124,8473(as-file)1 4,8475(as-rmtcmd)14,and8476 (as-signon)14 5250filetransfer-streamfile 80(HTTP),8999(configserver)124,449(as-svrmap)4, 8470(as-central)124,8473(as-file)14,and8476(as-signon)1 4 FTP 21(FTP),80(HTTP),8999(configserver)124,and>1024(FTP)5 CICS 2006 DatabaseOn-Demand 80(HTTP),8999(configserver)3,449(as-svrmap)4, 8470(as-central)124,8471(as-database)14,and8476(as-signon)1 4 LicenseUseManagement(LUM) 8999(configserver)for defaultlicenseusecountingusingtheconfigurationserver HostOn-Demandclients 23(Telnet),80(HTTP),and8999(configserver)3 Administrationclients 80(HTTP)and8999(configserver)3 SSH(theSecureShell) 22 Table11.Notes Notes: 1 Youcanchangetheportnumberswiththecommand WRKSRVTBLE.Theportnumberslistedarethedefaultvalues. 2 Theportforas-centralisusedonlyifacodepage conversiontableneedstobecreateddynamically(EBCDICto/fromUnicode). ThisisdependantontheJVMandthelocaleoftheclient. 3 Youcanchangetheconfigserverport.Port 8999isthedefault. 4 Theseportsdonotneedtobeopenedonthe firewallifyouareusingIBMSystemiproxyserversupport.You willneedtoopenthedefaultproxyserverport3470.Youcanchange thisport. 5 Inpassive(PASV)mode,theFTPclientinitiates bothconnectionstotheserver,solvingtheproblemoffirewallsfiltering theincomingdataportconnectiontotheclientfromtheserver.When openingaFTPconnection,theclientopenstworandomunprivileged portslocally(N>1024andN+1).Thefirstportcontactstheserver onport21,butinsteadofthenissuingaPORTcommandandallowing theservertoconnectbacktoitsdataport,theclientissuesthe PASVcommand.Asaresult,theserverthenopensarandomunprivileged port(P>1024)andsendsthePORTPcommandbacktotheclient.The clienttheninitiatestheconnectionfromportN+1toportPonthe servertotransferdata. Fromtheserver-sidefirewall'sstandpoint, tosupportpassivemodeFTP,youneedtoopenthefollowingcommunications ports: Port21oftheFTPserverfromanywhere(clientinitiatesconnection) Port21oftheFTPtoremoteports>1024(serverrespondstoclient's controlport) PortsoftheFTPserver>1024fromanywhere(clientinitiates dataconnectiontorandomportspecifiedbyserver) PortoftheFTPserver>1024toremoteports>1024(serversends ACKs(anddata)toclient'sdataport) Ifyoudonotwanttoopenport8999onthefirewall,youcanstill allowuserstoaccessHostOn-Demand.Therearetwooptions: UsetheDeploymentWizardtocreateHTMLfilesthatcontainall configurationinformation.Thiseliminatestheneedtoaccessthe configurationserver.WhencreatingtheHTMLfiles,choose"HTML-based model"fromtheConfigurationModelpageoftheDeploymentWizard. Ifyouwanttousetheconfigurationserver,youcanconfigure clientstousetheconfigurationservlet.RefertoConfiguring theconfigurationservletintheHostOn-Demandonlinehelp.This optionisonlyavailableifyourWebserversupportsservlets. If youusetheconfigurationserveranditisseparatedfromyourWeb browserbyafirewall,youwilleitherneedtoopentheconfiguration serverportonthefirewallorruntheHostOn-Demandconfiguration servlet.Theconfigurationservletallowsthebrowsertocommunicate withtheconfigurationserveracrossstandardWebprotocols,such asHTTPorHTTPS.(SeeFigure4.) Connectingtoahostsystemthroughaproxyserver HostOn-Demandclientscanuseaproxyservertotransparently accesshostsystemsfrombehindafirewall.Twotypesofproxyservers aresupported: Socksproxyservers,describedinConnectingthroughaSocksproxyserver.Both version4andversion5ofSocksaresupported. HTTPproxyservers,describedinConnectingthroughanHTTPproxyserver. Beforeyoucanconnecttoahostsystemthroughaproxyserver, youneedtofindoutwhichprotocoltheproxyserversupports.Decide whetheryouwanttospecifytheproxyserversettingsthroughthe Webbrowserorexplicitlyidentifyaproxyserverforthesession. Ifyoudecidetoexplicitlyidentifyaproxyserver,youneedtospecify theprotocolthattheproxyserveruses,theproxyservernameand portnumber,andotherinformation. Ingeneral,ifaSocksproxyserverisavailable,configureHost On-Demandsessionstouseit.ConfiguresessionstouseanHTTPproxy serverifthatistheonlytypeofproxyserversupportedatyour site. ConnectingthroughaSocksproxyserver ManyorganizationsuseSocksproxyserverstoprotectcomputing resourcesbehindafirewall.SocksisaprotocolforTCP/IP-based networkproxies.ItallowsapplicationsononesideofaSocksproxy servertogainfullaccesstohostsontheothersideoftheSocks proxyserverwithoutdirectlyconnectingtothem.Proxyserversare generallyusedinconjunctionwithfirewalls.UndertheSocksprotocol, aclientthatrequestsaconnectiontoahostsystemthroughafirewall actuallyconnectstoaSocksproxyserver.TheSocksproxyserver actsasanintermediarybetweentheclientandthehostsystem.It authorizescommunicationrequests,connectstothehostonbehalf oftheclient,andrelaysdatabetweenthetwosystems. HostOn-Demandsupportsbothversion4andversion5oftheSocks protocol. Socksversion4specifiesthemessageformatandconventionsto allowTCP-basedapplicationusersaccessacrossafirewall.Itprovides accesscontrolbasedonTCPheaderinformation,includingIPaddresses andsourceanddestinationportnumbers. Socksversion5(alsoknownasauthenticatedfirewalltraversal (AFT))isanopenInternetstandardfornetworkproxies.Itaddsauthentication, bettersupportforresolvingdomainnames,supportforIPv6addresses, andotherfeaturestoversion4.Thesefeaturesareveryusefulfor clientslocatedoutsideafirewall.ASocksuserIDandpasswordfor theproxyservercanoptionallybesentovertheconnectionbetween theHostOn-Demandclientandtheproxyserver.TheuserIDandpassword arenotencrypted.Formoreinformationonversion5,seeSocksProtocolVersion5. TheJavaVirtualMachine(JVM)usedinmostWebbrowserssupports Socksversion4.AsessioncanaccesseitheraSocksversion4or version5proxyserver,bypassingtheproxyserversettingsinthe Webbrowser.YoucanalsohavethesessionnegotiateaSocksversion 4connectioniftheproxyserverdoesnotsupportversion5.Formore informationonSocksproxyserversettings,refertoProxy Serverintheonlinehelp. ConnectingthroughanHTTPproxyserver HTTPproxyservershandleHTTPrequeststhroughfirewalls.They actasintermediariesbetweenprivatelocalnetworksandtheInternet. TheHTTPproxyserverisconnectedtoboththelocalnetworkandthe Internet.LocalusersconfiguretheirbrowserstopassHTTPrequests throughtheHTTPproxyserverbyspecifyingtheproxyserver'sIP addressandTCPportnumber.TheHTTPproxyserveracceptstheseHTTP requestsandforwardsthemtotheactualWebserversspecifiedby theURLsenteredinthebrowser. ForHostOn-Demandclients,HTTPproxyserversactasforwarding agentsforconnectionstoahostsystem.TheHTTPproxyserveropens aconnectiontothehostsystemandsendsdatabackandforthbetween thehostsystemandtheclient.AlthoughanHTTPproxyserverusually closesaconnectionafterservicinganHTTPrequest,HostOn-Demand keepstheconnectionopenforhosttrafficbyusingtheHTTPConnect method(ifitisenabledfortheproxyserver). TohaveasessionuseaHTTPproxyserver,youneedtoselectHTTP proxyastheproxytypeandspecifytheproxyservernameandport number.FormoreinformationonHTTPproxyserversettings,refer toProxyServerintheonlinehelp. UserIDsecurity WebExpressLogon Ifyouhaveanetworksecurityapplicationinplaceandyouare usingtheconfigurationserver-basedmodel,youcanselectWebExpress LogonintheDeploymentWizardtoallowuserstoaccesshostsand host-basedapplicationswithoutprovidinganadditionaluserIDand password.EnteringthefullURLoftheCredentialMapperServertells HostOn-DemandwheretolocatetheCredentialMapperServlet,which processestheHTTPSrequestfromtheuser,performsalookup,and returnstheuser'scredentials.Thecredentialsarethenusedtoperform asecure,automatedHostOn-Demandlogin. NativeAuthentication Ifyouusetheconfigurationserver-basedmodel,you canconfigureyourHostOn-Demanduserstobenativelyauthenticated. ThisoptionallowsuserstologontoHostOn-Demandusingthesame passwordastheywouldtologontotheoperatingsystem(AIXorz/OS) whereHostOn-Demandisactive.WhenauserlogsontoHostOn-Demand, theirpasswordisvalidatedagainsttheoperatingsystempassword, ratherthanaseparateHostOn-Demandpassword.Thisgivestheadministrator asinglepointofcontrolforpasswordadministrationandtheuser asinglepasswordtoremember. RefertoNativeAuthenticationintheonline helpformoreinformationonenablingthisoption. WindowsDomainlogon IfyourusersareloggedontoaWindowsdomain,thisoption(available withtheconfigurationserver-basedmodelintheDeploymentWizard) automaticallylogsusersontoHostOn-DemandusingtheirWindows username.TheHostOn-Demandlogonwindowdoesnotappearandthe WindowsusernameisusedastheHostOn-DemanduserID.IfaHost On-DemanduserIDdoesnotalreadyexist(matchingtheWindowsuser name),youcanalsochoosetohaveauserIDautomaticallycreated inthespecifiedHostOn-Demandgroup. RefertoLogonTypeintheonlinehelpfor moreinformationaboutchoosinghowusersaccesstheHostOn-Demand configurationserver. FIPSenvironments Ifyouareinanenvironmentthatmandatesorrequiresthatyour securitycomponentsuseFederalInformationProcessingStandards(FIPS)-certified components/modules,considerthefollowing.ForsecureTelnetand FTPconnections,HostOn-DemandusesFIPS-compliantmodulesbydefault. IfyourenvironmentrequirestheconnectiontoanIBMSystemihost forfiletransferordatatransfer,ensurethatyourthesystemmeets thefollowingrequirements: YouareusingaJavaJREthatisFIPScertified,for example,IBM1.6.0ServiceRelease5. YouneedtoconfiguretheHTMLparameterUseJSSEforiSerieson theAdvancedOptionswindowoftheDeploymentWizardandsetitsvalue totrue. YouneedtoaddthecertificatefromtheIBMSystemihostto theJavaSecureSocketExtension(JSSE)clienttruststoreforthe JavaJRE.RefertoyourJavaJREproviderforconfigurationdetails.WhenyouhaveasecureconnectiontoanIBMSystemihostand areaccessingthefiletransfercapabilities,youwillbeaskedto enterthepathandthepasswordfortheJSSETrustStore.Ifyouare performingdatatransfertoanIBMSystemihost,youwillalsosee additionalfieldsforenteringthepathandpasswordfortheJSSE TrustStore. AnotherwaytoenterthepathandpasswordistouseaRunApplet thatisprovidedwithHostOn-Demand.Todothis,takethefollowing steps: Fromthemenuofadisplaysession,selectActions>RunApplet. Entercom.ibm.eNetwork.HOD.util.jsse.JSSESetupinthe fieldfortheclassname. ClickOK.YouonlyneedtoconfiguretheJSSETrustStoreforoncec.It isaglobalsettingthatappliestoallsessions.Afteryouhaveentered thevalues,theypersistuntilthebrowserisrestarted. InearlierversionsofHostOn-Demand,youcanenable FIPSmodeauthenticationthroughanHTMLparameter.Thecurrentversion ofHostOn-Demandprovidesamenuoptiontoenableordisablethe FIPSmodeforeachsession.Bydefault,FIPSmodeisenabledforall thesessions. Planningfornationallanguagesupport HostOn-Demandisprovidedinmultiplelanguages.The sessionwindows,configurationpanels,helpfiles,andthedocumentation havebeentranslated.Inaddition,display,keyboard,andprocessing supportareprovidedinArabic,Hebrew,Thai,andHindi.Thissupport isfullyexplainedintheonlinehelp. AllthetranslatedversionsareprovidedontheDVDs andonthezSeriestapes.WhenyouinstallHostOn-Demandoni/OS, OS/400,Windows,AIX,Linux,andSolarisusingthegraphicalinstallation program,youcanchoosewhichlanguagestoinstall.Onz/OSandNovell, allthelanguagesarealwaysinstalled. Nationallanguagesupportisoperating-system dependent,sotheappropriatefontandkeyboardsupportforthelanguage youwanttousemustbeinstalledintheoperatingsystem.Forexample, ifyouwanttouseKoreanasthehost-sessionlanguagebutdonot havetheKoreanfontandkeyboardsupportinstalled,youmaynotbe abletodisplaythecorrectcharacters. DBCScannotbeusedastheHTMLfilename. Supportedlanguages ThelanguagesintowhichHostOn-Demandhasbeentranslatedare listedbelow,alongwiththelanguagesuffixesyoucanusetoload translatedversionsoftheHostOn-Demandclients.Forexample,IBM-supplied HTMLpageshavelanguageextensionstoidentifydifferentlanguage installationsanddifferentlanguagepredefinedHTMLfiles,suchas HOD_en.htmlforEnglish. Language Languagesuffix SimplifiedChinese zh TraditionalChinese zh_TW Czech cs Danish da Dutch nl English en Finnish fi French fr German de Greek el Hungarian hu Italian it Japanese ja Korean ko Norwegian no Polish pl BrazilianPortuguese pt Portuguese pt_PT Russian ru Slovenian sl Spanish es Swedish sv Turkish tr Catalan Ca Supportedhostcodepages HostOn-Demandsupportsmultiplecodepages.Youcanspecifythese codepagesonasession-by-sessionbasis. 3270and5250codepages Thecodepagesspecifiedbelowaresupportedbythe3270and5250 emulators.YoucanselectthemintheSessionConfigurationwindow. Countryorregion Codepage Note ArabicSpeaking 420 Austria 273 Austria(Euro) 1141 Belarus 1025 Belarus(Euro) 1154 Belgium 037 Belgium(Euro) 1140 Belgium(OldCode) 274 Bosnia/Herzegovina 870 Bosnia/Herzegovina(Euro) 1153 Brazil 037 Brazil(Euro) 1140 Brazil(Old) 275 Bulgaria 1025 Bulgaria(Euro) 1154 Canada 037 Canada(Euro) 1140 China(SimplifiedChineseExtended) 1388 Croatia 870 Croatia(Euro) 1153 CzechRepublic 870 CzechRepublic(Euro) 1153 Denmark 277 Denmark(Euro) 1142 Estonia 1122 Estonia(Euro) 1157 Finland 278 Finland(Euro) 1143 France 297 France(Euro) 1147 FYRMacedonia 1025 FYRMacedonia(Euro) 1154 Germany 273 Germany(Euro) 1141 Greece 875 Hebrew(NewCode) 424 Hebrew(OldCode) 803 Hindi 1137 5250displayonly Hungary 870 Hungary(Euro) 1153 Iceland 871 Iceland(Euro) 1149 Italy 280 Italy(Euro) 1144 Japan(Katakana) 930 Japan(KatakanaExtended) 930 Japanese(KatakanaUnicodeExtended;JIS2004) 1390 3270only Japan(LatinExtended) 939 1399Japanese(LatinUnicodeExtended;JIS2004) 1399 Kazakhstan(Euro) 1166 Korea(Euro) 1364 3270only Korea(Extended) 933 LatinAmerica 284 LatinAmerica(Euro) 1145 Latvia 1112 Latvia(Euro) 1156 Lithuania 1112 Lithuania(Euro) 1156 Multilingual 500 MultilingualISO(Euro) 924 Multilingual(Euro) 1148 Netherlands 037 Netherlands(Euro) 1140 Norway 277 Norway(Euro) 1142 OpenEdition 1047 Poland 870 Poland(Euro) 1153 Portugal 037 Portugal(Euro) 1140 Romania 870 Romania(Euro) 1153 Russia 1025 Russia(Euro) 1154 Serbia/Montenegro(Cyrillic) 1025 Serbia/Montenegro(Cyrillic;Euro) 1154 Slovakia 870 Slovakia(Euro) 1153 Slovenia 870 Slovenia(Euro) 1153 Spain 284 Spain(Euro) 1145 Sweden 278 Sweden(Euro) 1143 Taiwan(TraditionalChineseExtended) 937 Taiwan(TraditionalChineseExtended;Euro) 1371 Thai 838 Thai(Euro) 1160 Turkey 1026 Turkey(Euro) 1155 Ukraine 1123 Ukraine(Euro) 1158 UnitedKingdom 285 UnitedKingdom(Euro) 1146 UnitedStates 037 UnitedStates(Euro) 1140 Notes: 3270hostprintwithaPrinterDefinitionTable(PDT)supports onlyLatin-1,DBCS,bidirectional,andThaicodepages.Othercode pagesaresupportedeitherinAdobePDFprintingoronWindowsplatforms withoutaPDT. Inordertoincludemorecharacters(whicharedefinedinthe GB18030standardbytheGovernmentofthePeople'sRepublicofChina), 6582UnicodeExtension-Aand1,948additionalnon-Hancharacters(Mongolian, Uygur,Tibetan,andYi)wereaddedtotheSimplifiedChinesecode page1388forHostOn-DemandVersion6. VTcodepages Language Codepage Arabic ASMO708andASMO449 British 1101 DECGreek DECHebrew DECMultinationalReplacementCharacterSet 1100 DECTechnical Dutch 1102 Finnish 1103 French 1104 FrenchCanadian 1020 German 1011 HebrewNRCS ISOGreekSupplemental(ISOLatin-7) 813 ISOHebrewSupplemental ISOLatin-1 819 Italian 1012 Norwegian/Danish 1105 PCDanish/Norwegian 865 PCInternational 437 PCMultilingual 850 PCPortugese 860 PRCGBK 936 PCSpanish 220 Spanish 1023 Swedish 1106 Swiss 1021 UnitedStates 1100 CICSGatewaycodepages Codepage Characterset 000 AutoDetect(default) 437 Latin-1 813 ISOGreek(8859_7) 819 ISOLatin1(8859_1) 850 Latin1 852 Latin2 855 Cyrillic 856 Hebrew 857 Latin5 864 Arabic 866 Cyrillic 869 Greek 874 Thai 912 ISOLatin2(8859_2) 915 ISOCyrillic(8859_5) 920 ISOLatin5(8859_9) JapaneseJIS2004Unicodesupport TheJIS2004supportcannowbeenabledbyselectingtheexisting hostcodepages1390Japanese(KatakanaUnicodeExtended)and1399 Japanese(LatinUnicodeExtended).Thefollowingfeaturesaresupported: Presentationspaceediting Keyassignment Filetransfer Printscreen Printersession GDI AdobePDF HostAccessClassLibrary(HACL) FunctionsnotincludedduetoUnicodeformatsnotcurrentlysupported inHOD: Macro Useprinterdefinitiontable(PDT)inprintersession User-definedcharactermapping Fordouble-bytecharacterset(DBCS)languages,youcan usecustomizeduser-definedcharacter(UDC)mappinginyoursession (3270,5250,3270hostprint)insteadofthedefaultmapping.You cancreateaUDCtranslationtableusingtheUDCmappingeditorto storecustomizedmappingforyoursession.Forinstructionsforhow tousetheUDCmappingeditortochangeyourcharactermapping,seeUsingtheuser-definedcharacter(UDC)mappingeditorin theonlinehelp. UnicodeSupportfori/OSandOS/400 SeeUnicodeSupportfori/OSandOS/400. Installing,upgrading,anduninstallingHostOn-Demand InstallingtheHostOn-Demandserverandrelatedsoftware Thischapterdiscussesinstallingthefollowingthree HostOn-Demandcomponents: TheHostOn-Demandserver,whichisnecessaryforusingHostOn-Demand. RefertoInstallingHostOn-DemandusingInstallationManagerforinstructions. TheHostOn-Demandconfigurationservlet,whichisneeded onlyinspecificinstanceswhenyouarerunningHostOn-Demandin conjunctionwithafirewall.RefertoInstallingtheconfigurationservletfor furtherexplanationandinstructions. TheDeploymentWizard,anextremelyusefultoolthatrunsonWindows togeneratecustomizedHostOn-Demandclients.InstallingtheDeployment Wizardisnotrequired,butitishighlyrecommended.RefertoDeploymentWizardforinstructions. InstallingHostOn-DemandusingInstallationManager YouneedtheIBMInstallationManagertoinstallHost On-Demand.IBMInstallationManagerneedstobeinstalledfirstin AdministratorModeonthesystemwhereHostOn-Demandisplannedto install.Thenyoucanusetheinstallationmanagertoinstallthe HostOn-Demand. IBMInstallationManagerVersion1.8.3orhigherisrequired toinstallHostOn-Demand. Importantlinks RefertotheinstructionsfromtheInstalling orUpdatingInstallationManagerforinstallingtheinstallation manager.FormoreinformationaboutIBMInstallationManager,refer totheIBMInstallationManagerKnowledgeCenter. BeforetheHODInstallation PreparingtoInstall Ensurethemachineonwhichtheinstallationtakesplacemeets allprerequisites. ThesoftwarerequirementsforHostOn-DemandcanbefoundintheSoftwareProductsCompatibilityReports. Checkthelistbelowforthepreparation: EnsurethatIBMInstallationManagerv1.8.3orhigherisinstalled. Yourmachineneedsminimum1.2GBdiskspaceforinstallation(installed andtemporaryspace)for32-bitarchitectureandonelanguage.To installmorethanonelanguage,thisvalueincreases4to8MBfor eachlanguage. Youneedminimum4.5GBforthemulti-platformproductrepository (downloadingandextracting). UsersarerequiredtologonwithprivilegesfromAdministrator. AsupportedversionofHTTPserver(forexample,IBMHTTPServer orApacheserver)isinstalledonthesystem. UpgradingfromearlierversionsofHostOn-Demand IfyouhaveapreviousversionofHostOn-Demand,suchasHODV11.0, thereisnodirectmigrationpathfromHODV11toHODV12.0andversions above.Followthesestepstomigrate: YouneedtobackupofallcustomizedfilesfromthepreviousHost On-Demanddirectories,specificallyfromtheprivatedirectoryand anyclientpagescreatedwiththeDeploymentWizard.Thesefilescan bereusedonHODV12.0. UninstallallexistingHostOn-DemandV11.0installations. TheinitialHostOn-Demandandaboveinstallrequiresthatan emptypathbeavailable.Therefore,youcaneitherrenameordelete anyexistingfoldersordirectorieswhereanearlierversionispreviously installed. InstallHostOn-DemandusingtheIBMInstallationManager.It isrecommendednottoclickCancelwhen aninstallationisinprogress. RestoretheprivatedirectorytotheHostOn-Demandfoldersor directories. EditanyclientscreatedwiththeDeploymentWizardwiththeHost On-DemandDeploymentWizardanddeploytotheHODserver. InstallingHostOn-Demand YoucaninstallHostOn-Demandusingtheinstallationmanageron allthesupportedplatforms. TheGUIofInstallationManager InstallationManagerGUI: StartInstallationManageraccordingtoinstructionsfortheplatform. SelectFile>Preferences. SelectRepositoriesontheleft. Thisoptionshowstheavailablerepositoriesthathavebeenadded toInstallationManager. SelectAddRepositoryifHostOn-Demand isnotlisted. ClickBrowseandnavigatetothe locationoftheextractedHostOn-DemandpathandselectthediskTag.inf filepresentindisk1folder. ClickOKandthenewrepository locationshouldbelisted. ClickTestConnectionstoensure thattheRepositoryURLisavailable. Fromthestartpageoftheinstallationmanager,clickInstall.Theinstallationmanagersearches thedefinedrepositoriesforavailablepackages. SelecttheHostOn-Demandpackage. ClickNext. Readthelicenseagreements.Ifyouagreetothetermsofthe licenseagreement,clickIaccepttheterms ofthelicenseagreement,andclickNextto continue. SelectCreateanewpackagegroupand choosetheArchitecture. Ifoperatingsystemis64-bit,youneedtoselect64-bitor32-bitto installtheproductinthecorrespondingbitmode. ClickNext. Selectthelanguagesyouwanttoinstall.ThedefaultisEnglish.ClickNext. SelecttheHostOn-Demand12.0feature. ClickNext. ReviewandspecifyallinformationundertheHostOn-Demand12.0 tab. OnthePublishInformationpanelunder HostOn-Demand12.0,setthePublishdirectory, specifytheweb-serveraliasandtheServiceManager Portnumber.ClickNext. The publishdirectorystoresfilesmustbeavailabletoclients.Theinstall wizardinformsyoutodesignateyourpublishdirectorybydisplaying thedefaultdirectory.Performthefollowingsteps: Specifyanaliasforthedirectory,defaultishod. SpecifytheServiceManagerport,throughwhichHostOn-Demand clientscommunicatewiththeServiceManager.Thiscommunicationis necessaryforthefollowingdeploymentoptions: Usingtheconfigurationservertomaintainsessionconfiguration informationasintheconfigurationserver-basedandcombineddeployment models,describedinPlanningfordeployment. License-UseCounting:refertoLicenseUsagein theonlinehelp. IBMrecommendsdesignatingport8999for thesepurposes.Checkyourserverdocumentationtoseeifthisport isbeingused.Ifitisinuse,youcanchangetheportduringthe installationorlater.FormoreinformationaboutchangingtheService Managerport,seeChangingtheServiceManager's configurationportintheonlinehelp. OnWebserverpanelunderHostOn-Demand12.0,selecttheweb-server optionthatisappropriateforyourrequirement: SelectNoWebServerwhenwebserver isconfiguredmanuallybytheuser.Thisisrecommendedforwebservers likeIPlanetandLotusDomino.Theuserisadvisedtocontacttheir webserveradministratororrefertothewebserverdocumentation fordetails. Selecttheoption'Selectfromlistofdetectedwebserver'and thenselecttheweb-serverfromthelistifmorethanonedetected. SelecttheoptionManuallyselectspecific webserver,incaseaIBMHTTPServerorApacheweb-serveris installedbutnotdetected. Selectthetypeofwebserverthatisinstalledonyoursystem. ClickontheBrowsebuttonand navigatetotheconfigurationfile(httpd.conf)forthewebserver installedinyoursystem.Youcanalternativelytypeintothefield thecompletepathofthehttpd.conffileinthewebserverinstallation directory. OntheApplicationserverpanelunderHostOn-Demand12,ifthe installationprogramdetectsIBMWebSphereApplicationServeronyour system,youcanconfiguretheConfigurationServlet.Thenextpanel fromApplicationServertabasksifyouwanttoconfiguretheHOD ConfigurationServletinWebSphereApplicationServer.SeeInstallingtheconfigurationservletfor moreinformation. Uncheckthecheckboxifyoudonotplantouse ConfigurationServlet. IfyouplantouseConfigurationServlet, selecttheapplicationserverfromthelistdetected.Theinstallation programautomaticallydeploystheconfigurationservletontheWeb applicationserveryoudesignate,anditconfiguresyourclientsto accesstheServiceManagerthroughtheservlet. Note: TheWebsphereapplicationserverisdetectedifitisinstalled bythesameIBMInstallationManagerprogramonthesystem.Theversions thatcanbedetectedareWebsphereApplicationServerV8.0andV8.5.2. AnApplicationServerwithadministrativesecurityenabledis notsupportedforservletconfigurationduringtheinstallation. Oncethepanelsareappropriatelyupdated,clickNext. Reviewthesummaryinformation,andclickInstall. Oncetheinstallationcompletes,asummarypageisdisplayed. Reviewthemessages. Iftheinstallationissuccessful,theprogramdisplaysamessage indicatingthattheinstallationissuccessful.Theprogrammight alsodisplayimportantpost-installationinstructions.ClickFinish. Iftheinstallationisnotsuccessful,clickViewLogFiletotroubleshoottheproblem. Toensuretheinstalliscompletedsuccessfully,youcantake thefollowingadditionalactions: Restartthewebserver. EnsurethatHODpagesareaccessibleoverthebrowser.Ifnot, checkthewebserverconfigurationandensurethatfilesintheHost On-Demandpublishdirectoryareaccessible.Refertoyourwebserver documentationfortheconfiguringdetails. DeploymentWizard TheDeploymentWizardisautomaticallyinstalledaspartofthe WindowsHostOn-Demandserverinstallation.Itisalsoavailableseparately forthosecustomerswhodonotwishtoinstalltheentireWindows HostOn-Demandserver.UserscanselectonlyDeploymentWizardoption duringtheinstallation. UpgradingfromearlierversionsofDeploymentWizard IfyouhaveapreviousversionofDeploymentWizard,suchasfrom HODV11.0,thereisnodirectupgradepathfromDeploymentWizard V11.0toDeploymentWizardV12.0andlaterversions.Performthefollowing tasksforupgrading: TakeabackupofanycustomizedfilesfromtheDeploymentWizard directory.YoucanreusethemonDeploymentWizard. UninstallanyexistingDeploymentWizardV11.0installation. ThenewDeploymentWizardrequiresthatanemptypathbeavailable. Hence,renameordeletetheexistingfolderoftheDeploymentWizard installation. InstallDeploymentWizardusingtheIBMInstallationManager. RedeployyourcustomizedfilesontheDeploymentWizardinstallation folder. InstallingtheDeploymentWizard ToinstallandruntheDeploymentWizard,performthefollowing tasks: OpenInstallationManager. AddtheHostOn-DemandrepositorylocationtotheInstallation Manager: OntheStartpageofInstallationManager,clickFile>Preferences, andthenclickRepositories.TheRepositories pageopens,showinganyavailablerepositories,locationsandconnection statusofthem. OntheRepositoriespage,clickAdd Repository. IntheAddRepositorydialogbox,clickBrowse. NavigatetothelocationofHostOn-Demanddisk1andselect thediskTag.inffile,andthenclickOK. Thenewrepositorylocationislisted. ClickTestConnectionstoensure thattheRepositoryURLisavailable. FromtheStartpage,clickInstall. TheInstallationManagersearchesthedefinedrepositoriesforavailable packages. Repeattheabovestepsforthe2nddisk.Ifyouproceedwithout configuringtheseconddisk,InstallationManagerconfirmswithuser foritduringtheinstallationprocess. SelecttheHostOn-DemandDeploymentWizardpackage. EnsurethatVersion12.0isalsoselectedunderit.ClickNext. OntheInstallPackagespanel,selectCreate anewpackageandIBMHostOn-Demand DeploymentWizardasthePackagegroupname. IncasetheArchitectureselectionissetto64-bit,changethe selectionto32-bitifnecessary.ClickNext. OntheInstallPackagespanel,selectthefeatureHostOn-Demand DeploymentWizard12.0.Thediskinformationinthelowerareaof thepanelgivesinformationabouttheavailablediskspaceandrequired diskspace.ClickNext. SelectthetabforDeploymentWizardHostOn-DemandWizardLocation panelundertheheadingHostOn-DemandWizard12.0inthelefttab. TheHostOn-DemandserverlocationindicatesthelinktotheHost On-Demandserver.EnsurethatavalidandworkinglinktotheHOD serverisenteredinthefield.ClickNext. Inthesummarypanel,reviewtheselectedpackagesandinstallation selections.ClickInstalltoproceed withinstallation. DownloadingtheDeploymentWizardinstallationimagefroma HostOn-Demandserver TheDeploymentWizardimageisshippedonallHostOn-Demandserver platforms,anditcanbedownloadedfromtheserverandinstalled onanymachine. TodownloadtheDeploymentWizardfromaHostOn-Demandserver, performthefollowingsteps: FromyourWindowsmachine,startyourbrowserandpointtothe HODMain_xx.htmlfileonyourHostOn-Demandserver,wherexxisyourtwoletterlanguagesuffix. ClicktheAdministratorstab3. ClicktheDeploymentWizardlinktodownloadtheDeploymentWizard installationimagetoyourWindowsmachine. RuntheDeploymentWizardinstallationtoinstalltheDeployment Wizard. Oncetheinstallationiscomplete,youcanopentheDeployment WizardfromtheStart>Programsdesktopmenu. HostAccessToolkit TheHostAccessToolkitisautomaticallyinstalledaspartofthe WindowsHostOn-Demandserverinstallation.Itisalsoavailableseparately forthosecustomerswhodonotwishtoinstalltheentireWindows HostOn-Demandserver.UserscanselectonlyHostAccessToolkitoption duringtheinstallation. UpgradingfromearlierversionsofHostAccessToolkit IfyouhaveapreviousversionofHostAccessToolkit,suchas fromHostAccessToolkitV11.0,thereisnodirectupgradepathfrom HostAccessToolkitV11.0toHostAccessToolkitV12.0andabove. Performthefollowingtasksforupgrading: TakeabackupofanycustomizedfilesfromtheHostAccessToolkit directory.YoucanreusethemonHostAccessToolkit. UninstallanyexistingHostAccessToolkitV11.0installation. ThenewHostAccessToolkitrequiresthatanemptypathbeavailable. Hence,renametheexistingfolderoftheHostAccessToolkitinstallation. InstallHostAccessToolkitusingtheIBMInstallationManager. RedeployyourcustomizedfilesontheHostAccessToolkitinstallation folder. InstallingtheHostAccessToolkit PerformthefollowingbasicstepstoinstalltheHostAccessToolkit onaWindowssystem: OpenInstallationManager. AddtheHostOn-DemandrepositorylocationtotheInstallation Manager. OntheStartpageofInstallationManager,clickFile>Preferences, andthenclickRepositories.TheRepositories pageopens,showinganyavailablerepositories,thelocationsand connectionstatusofthem. OntheRepositoriespage,clickAdd Repository. IntheAddRepositorydialogbox,clickBrowse. NavigatetothelocationofyourHostOn-Demanddisk1andselectthe diskTag.inffile.ThenclickOK.The newrepositorylocationislisted. ClickTestConnectionstoensure thattheRepositoryURLisavailable. FromtheStartpage,clickInstall. TheInstallationManagersearchesitsdefinedrepositoriesforavailable packages. Repeattheabovestepsforthe2nddisk.Ifyouproceedwithout configuringtheseconddisk,installationmanagerconfirmswithyou foritduringtheinstallationprocess. SelecttheHostAccessToolkitpackage. EnsurethatVersion12.0isalsoselectedunderit.ClickNext. OntheInstallPackagespanel,selectCreate anewpackageandselectIBMHostAccess Toolkitasthepackagegroupname. IncasetheArchitectureselectionissetto64-bit,changethe selectionto32-bitbecauseitistherecommended.ClickNext. Selectthelanguagesyouwanttoinstall.ThedefaultisEnglish.ClickNext. OntheInstallPackagespanel,selectthefeatureHostAccess Toolkit12.0.Thediskinformationinthelowerareaofthepanel givesinformationabouttheavailablediskspaceandrequireddisk space.ClickNext. SelectthetabforHostAccessToolkit12.0panelundertheheading HostAccessToolkit12.0inthelefttab. Inthesummarypanel,reviewtheselectedpackagesandinstallation selections.ClickInstalltoproceed withtheinstallation. InstallingintheConsoleMode ThischaptercontainsinstructionsofusingInstallationManager consolemodetoinstallHostOn-Demandonplatformsthatdonotsupport aGraphicalUserInterface. Note: ifyouareinstallingforIBMiSeries,youaresuggested readingBeforeinstallingHODonIBMiSeries. AboutinstallingintheConsoleMode Linux,UNIX,andz/OSsystemsthatdonotsupportagraphicaluser interface(GUI),administratorscanusetheconsole-basedinterface ofInstallationManagertoinstallHostOn-Demand. UsingconsolemodeofIBMInstallationManager,youcanworkon theinstallationpackagestocompletethefollowingtasks: Installation Upgrade Modify Rollback Uninstallation TostartInstallationManagerconsolemode,usetheimclutility availableintheInstallationManagertoolsdirectory. Theseinstallationstepscoveratypicalinstallationscenario byusingconsolemode.Duringtheinstallationsession,consolemode promptsaredisplayedspecifictothepackagebeinginstalled.You canfollowtheoptionsastheyappearontheconsolescreentoproceed withtheinstallation. TheInstallationManagerconsolemodeinterfaceusestheseconventions: [X]indicatesaselectedoption. []indicatesanoptionthatisnotselected. Defaultcommandsareenclosedinbrackets[]. [N]IndicatesthatthedefaultcommandisN:Next. Note: More informationaboutInstallationManagerandconsolemodeisavailable intheInstallationManagerKnowledgeCenterfortheInstallation Managerversionyouhaveinstalled.SeeIBMInstallationManagerKnowledge Center. TheInstallationManagercanbeinstalledusingtheinformation givenintheInstallationManagerdocumentationInstallingorupdating InstallationManager. InordertoinstallHostOn-Demand,theInstallationManagermust beinstalledinAdministratormode.Formoreinformationaboutdownloading InstallationManagerseeSystemRequirementsforIBMInstallation ManagerandPackagingUtility,minimumlevelis1.8.3inorderto installHostOn-Demand. FormoreinformationaboutusingInstallationManager,referto theIBMInstallationManagerKnowledgeCenter. BeforeinstallingHODonIBMiSeries InstallationofHostOn-DemandonIBMiSeriesplatformsissupported throughtheconsolemodeofInstallationManager.TheGUImodeof installationisnotavailableonIBMiSeries. AdditionalnotesbeforeHostOn-DemandinstallationonIBMiSeries arelistedbelow: EnsurethatIBMInstallationManagerV1.8.3orhigherisinstalled anditmustbeinstalledintheAdministratormode.Youarerecommended tofollowthedocumentationofIBMInstallationManagerforfurther details.InformationoninstallingInstallationManagerV1.8.3is availableat:InstallingInstallationManageronIBMi. Installationisperformedbyauserwiththeadministratoror therootprivileges. RemoteinstallationonIBMiisnotavailableinHODV12.0using InstallationManager. Tobegintheinstallation,youneedtoperformthefollowingtasks: CopytheHostOn-DemandESDzipfilestotheIBMifromFTP(File TransferProtocol)orbyanyregularmeansandExtractthezipfile. OpentheInstallationManagerandconfigurearepositorybyproviding thecompletepathtothediskTag.inffilethatisintheHostOn-Demand disk. Proceedwiththeremainingsteps,asprovidedintheconsolemode installation. Installationprocedure ToinstallHODintheConsoleMode,performthefollowingtasks: StartIBMInstallationManagerinconsolemode.Openacommand promptwithadministrator'sprivilegesandchangetothetoolsfolderwithintheIBMInstallationManager Installationdirectory. Runthefollowingcommandinthetoolsdirectory imcl-c. On differentoperatingsystems,forexample: AIX®orLinux: /opt/IBM/InstallationManager/eclipse/tools/imcl-c IBMi: /QIBM/ProdData/InstallationManager/eclipse/tools/imcl-c Windows: \ProgramFiles\IBM\InstallationManager\eclipse\tools\imcl.exe-c z/OS: /InstallationManager/bin/eclipse/tools/imcl-c For moredetailsonstartingInstallationManagerinconsolemode,refer toStartingconsolemode. Intheconsolewindow,specifytheIBMHostOn-Demandrepository: TypeP,andthenpressEnterto editpreferences. Type1,andthenpressEnterto specifyrepositories. TypeD,andthenpressEnterto addarepository. TypetherepositorypathforIBMHostOn-Demand12.0.Forexample,\HOD\disk1\diskTag.inf. TypeA,thenpressEnterto savetherepositoryinformation. TypeR,andthen typepressEntertoreturntothemainmenu. Select1toinstallfromthemainmenu. Ifyouhaverepositoriesthatrequirecredentials,youareinformed toenteryourIDandthenpassword.Youcanalsosavethecredentials whenyouareasked.SeeSavingcredentials inconsolemodeintheInstallationManagerKnowledgeCenter. Onthepaneltoselectpackagestoinstall,typetheappropriate numbertoselecttheHostOn-Demand12.0package. Onthesubsequentpaneltypetheappropriatenumbertochoose version12.0forinstallationandtypepressEnter. EnterNtoproceed. Reviewthelicenseagreementbytypingtheappropriatenumber toviewlicenseinformation.Toacceptthelicenseagreement,typeA,andthenclickEnter. TypeNandpressEntertoproceed. SelecttheInstallationManagerShared ResourcesDirectory.RefertoOverviewof packagegroupsandthesharedresourcesdirectoryforfurther information.Tochangethedirectory,enterM, andthenEnter.Enterthecorrect path,thentypeNtoproceed. TheLocationpanelallowsyoutospecifythelocationoftheIBM HostOn-Demand12.0installationdirectory.TypeMto changelocationoftheinstallationdirectory.Enterthecorrect path,andenterNtoproceed. Thearchitectureofthepackageshowswheninstallingona64-bit operatingsystem.Fornewpackagegroups,youcanchangethebitmode byenteringT:Changetobit-architecture. Forexample,iftheSelectedArchitectureisdisplayedas64-bitand optionTisdisplayedtoChangeto32-bit architecture,typeTtochangeto32-bitarchitecture. Toacceptthedefaultvaluesortocontinueafterenteringadifferent value,typeNtoproceed. Onthelanguagepanel,enterthenumbertotheleftofthelanguage toaddorremovethelanguagefromthelistoflanguagesforinstallation. YoucanselectonlyonelanguageatatimeorSto selectalllanguages.Englishisselectedbydefaultanditismandatory. Yourlanguagechoicesapplytoallpackagesinstalledinthepackage group.TypeNtoproceed. ThenextpaneldisplaystheConfigurationsmenu,fortheconfiguration detailsrequiredbyHostOn-Demand12installation: Typically, theHostOn-Demand12configurationmenuhasthefollowingentries: PublishInformation Webserver EntertheappropriatenumbertotheleftofPublishInformation entrytoreviewthesettings.ThePublishInformationpaneldisplays thefollowinginformation: PublishDestinationDirectoryisthelocation wheretheHostOn-Demandfilesthatusersaccessfromthewebare installed.Adefaultvalueisshowninthepanel.Type1to changethelocationifneeded. HostOn-DemandPublishAliasistheweb-server aliassettingfortheHostOn-Demandpublishdirectory.TypeAtochangethelocationifneeded. Servicemanagerportistheportnumber onwhichtheHostOn-Demandservicemanagerlistens.SpecifyServiceManagerport,throughwhichHostOn-Demand clientscommunicatewiththeServiceManager.Thiscommunicationis necessaryforthefollowingdeploymentoptions: Usingtheconfigurationservertomaintainsessionconfiguration information(asintheconfigurationserver-basedandcombineddeployment models,describedinPlanningfordeployment). License-UseCounting(refertoLicenseUsagein theonlinehelp) Port8999isthedefaultportfor HostOn-Demand.Checkwithyoursystemadministratortoseeifthis portisoccupied.Ifitisinuse,youcanchangetheportduring theinstallationorlater.Formoreinformationaboutchangingthe ServiceManagerport,seeChangingtheService Manager'sconfigurationportintheonlinehelp. Enterthe numberassociatedwithanyoftheseoptionstochangetherespective settings.Refertotheremainingoptionsonthescreentonavigate. EntertheappropriatenumbertotheleftofWebservertoreview itssettings. Thewebserverpaneldisplaysthefollowingoptions.Youneed toselecttheweb-serveroptionthatisappropriateforyourrequirement: NoWebServer:Selectitwhenyouconfigure thewebservermanuallyorwhenthereisnowebserver.Thisisrecommended forwebserverslikeIPlanet,LotusDomino.Contactyourwebserver administratororrefertheweb-serverdocumentationfordetails. Note: SelectNoWebServerforz/OSinstallations becausethewebservercannotbedetectedandmustbeconfiguredmanually. Selectfromlistofdetectedwebservers: Toselectadetectedwebserver,selectthisoptionandthenselect thewebserverthathasbeendetected. Manuallyselectspecificwebserver:Select thisoptionwhenanIBMHTTPServer8.5orApachewebserver2.2is installedbutnotdetected.Youneedtoenterthecompletepathto thehttpd.conffileinthewebserverinstallationdirectory. Enterthenumberassociatedwiththerequiredoptiontochange therespectivesettings.Refertotheoptionsonthescreentonavigate. EnterNtoproceed. IftheinstallationprogramdetectsIBMWebSphereApplication Serveronyoursystem,thenextpanelaccessedusingApplicationServer tabasksifyouwanttoconfiguretheHostOn-Demandconfiguration servletinWebSphereApplicationServer.IfusersrunHostOn-Demand throughafirewall,thiseliminatestheneedtoopenanextraport forclientcommunicationswiththeHostOn-DemandServiceManager. SeeInstallingtheconfigurationservletformoreinformation. Ifyoutypenumberoralphabetthatappearstotheleftofthe question,IBMInstallationManagerdisplaysalistoftheversions oftheapplicationservers,theirprofilesandserversdetected,prompting userstochoosefromthem.Theinstallationprogramautomatically deploystheconfigurationservletontheWebapplicationserveryou designate,anditconfiguresyourclientstoaccesstheServiceManager throughthatservlet. Ifyouproceedwithoutchoosingtoconfiguretheservlet,the installdoesnotconfiguretheconfigurationservlet.Clientscan accesstheServiceManagerdirectlyonport8999(or analternativeportyouhadspecified). Note: TheWebsphereapplicationserverisdetectedifithasbeeninstalled bythesameIBMInstallationManagerprogramonthesystem.Theversions thatcanbedetectedareWebsphereApplicationServerV8.0andWebsphere ApplicationServerV8.5. Aserverwithadministrativesecurityenabledisnotsupported forservletconfigurationduringtheinstallation. Thenextpanelisthesummarypanel.Reviewyourselectionsbefore continuingwiththeinstallation. Togeneratearesponsefile,enterG:to generateaninstallationresponsefile. Enterthenameoftheresponsefileanduse.xmlas thefileextension.ResponsefilesareXMLfiles. Includeadirectorylocationwhenyouentertheresponsefile nametosavethefiletoadifferentlocation. EnterItostarttheinstallation. Whentheinstallationcompletes,enterF:to finish. EnterXtoexitInstallationManager. InstallingDeploymentwizardinConsolemode TheDeploymentWizardisautomaticallyinstalledaspartofthe WindowsHostOn-Demandserverinstallation.Itisalsoavailableseparately forthosecustomerswhodonotwishtoinstalltheentireWindows HostOn-Demandserver.UserscanselectonlyDeploymentWizardOption duringInstallation. RefertoInstallingintheConsoleModeformoredetails. InstallingHostAccessToolkitinconsolemode TheHostAccessToolkitisautomaticallyinstalledaspartofthe WindowsHostOn-Demandserverinstallation.Itisalsoavailableseparately forthosecustomerswhodonotwishtoinstalltheentireWindows HostOn-Demandserver.UserscanselectonlyHostAccessToolkitoption duringInstallation. RefertoInstallingintheConsoleModeformoredetails. InstallinginSilentMode InstallingHostOn-Demandinsilentmodeenablesyoutouseascript fortheinstallation.Youneedtocreatearesponsefilefirstbefore startingtheInstallationManagerusingtheresponsefile. ForinformationaboutinstallingpackagessilentlyusingInstallation ManagerversionV1.8.3,refertothefollowingtopicsintheInstallation ManagerInformationCenter: Silentinstallationroadmaps InstallationManagercommand-linearguments forsilentmode Installationprocedure ThissectioncontainsinstructionsofinstallingHODinSilent Mode. PerformthefollowingtaskstoinstallHODinSilentMode: Tocreatearesponsefile,recordaresponsefileusingtheIBM InstallationManagerinwizardmodeonamachinewhereGUIisavailable withthe-recordoption.Formoredetails, seeRecordaresponsefilewithInstallationManager. Forexample,onWindowstherecordofaresponsefiledisplayslike this: C:\ProgramFiles(x86)\IBM\InstallationManager\eclipse>IBMIM.exe-recorde:\recordResponse.xml Ifneeded,openthegeneratedXMLfileintoviewandeditpreferences. Fordetailsonthefile,refertoInstallation Managersilentresponsefilecommands. Toperformsilentinstallationusingthegeneratedresponsefile, usetheimclcommand-lineutilityprovided byIBMInstallationManager.Examplesondifferentoperatingsystems arelistedbelow: Windows: imcl.exeinputresponse_file-loglog_file Linux,UNIX,IBMi,IBMz/OS®, andOSX ./imclinputresponse_file-loglog_fileFormore details,seeInstallingapackagesilently byusingaresponsefile. Note: Itisrecommendedtoavoidusingthe-skipInstallparameter whenrecordingaresponsefileforHostOn-Demandinstallation. Ifawebserver,anapplicationserver,orbothareconfigured byHostOn-Demandduringthesilentinstallation,youneedtorecord theresponsefileinasimilarsoftwaresetupsothattheuserpreferences andsoftwareparametersarerecordedintheresponsefileaccordingly. Forexample,ifHTTPServerV8.5isgoingtobeconfigured,itis recommendedthatthefollowingparametersmatchforbetterresults: TheHTTPserverversion TheHTTPserverinstallationlocationpath Thehttpd.conffilelocationpathintheHTTPserver Similarly,forsilentinstallationinanenvironmentwhere WebsphereApplicationServerislocated,recordtheresponsefile onasystemwhereasimilarWebsphereApplicationServersetupis available. Ifaresponsefilerecordedinanenvironmentwhere WebsphereApplicationServerisnotinstalled,itisrecommendedto beusedinenvironmentswhereWebsphereApplicationServerisnot installed. Itisrecommendedandhelpfultomaintainseparateresponsefiles fordifferentdeploymentscenarios. Youneedtorecordtheresponsefileonthesameoperatingsystem platformthatHostOn-demandistobeinstalledon.Forexample,for silentinstallationonlinux,recordtheresponsefileonLinux.It isusefultomaintainseparateresponsefilesfordifferentoperating systems. Thepre-requisitesfortheconsoleortheGUImodeoftheinstallation (asapplicable)arerelevantinsilentinstallmodeaswell.These include(butnotlimitedto)thefollowing: Theloggedinusermusthavetheadministratorprivileges. TheInstallationManagermusthavebeeninstalledinAdministrator mode. InstallationManagerV1.8.3orhigherisinstalledtoinstall HostOn-Demand. Incasewhereadministrativesecurityisenabledon WebsphereApplicationServer,configurationoftheHostOn-demand ConfigurationServletisnotsupportedduringinstallation.Youneed toconfigureitmanually. Installingtheconfigurationservlet DuringtheHostOn-Demandinstallation,youcanchoose tohavetheconfigurationservletinstalledandconfiguredoni/OS, OS/400,Windows,AIX,Linux,andSolarisforIBMApplicationServer. AllWebserversandservletenginesareconfigured differently.CheckyourWebserverandservletenginedocumentation forservletconfigurationdetailsonyouroperatingsystem. Installingtheconfigurationservletisnecessaryonlyifboth ofthefollowingstatementsaretrueforyourHostOn-Demanddeployment: YouplantoconfigureHostOn-Demandsothatclientcommunication withtheServiceManagerisnecessary(asintheconfigurationserver-based andcombineddeploymentmodels,ifyouenableLicense-UseCounting, orifyouusetheRedirector). Afirewallprotectstheserver(s)onwhichyouplantomaintain sessionconfigurationinformation,andyoudonotwanttoopenaport inthatfirewalltogiveoutsideclientsaccesstotheServiceManager.Bydefault,theHostOn-Demandclientsuseport8999toaccess configurationinformationfromtheServiceManager.Ifanyofyour clientsareoutsidethefirewall,thefirewalladministratorneeds toopenport8999bothinternallyandexternally.However,youcan avoidopeningthisportbycustomizingyourclientstousetheconfiguration servlettoaccessconfigurationinformation. DeployingtheservletonWebSphereApplicationServer DuringHostOn-DemandinstallationonWindows,AIX,Linux, andSolaris,theinstallutilitysearchesyoursystemforaninstance ofWebSphereApplicationServer.Ifitdetectsaninstance,theinstall utilitycanautomaticallyinstallandconfiguretheconfiguration servletonWebSphereApplicationServerVersions5.1,6.0,6.1and 7.0. ForplatformsthatdoprovideaninstallationprogramsuchasSystem zandothers,youwillneedtomanuallyinstalltheconfiguration servlet.RefertoyourWebSphereApplicationServerdocumentation forstepsoninstallingenterpriseapplications.Youcanalsogotohttp://www.ibm.com/software/webservers/and navigatetotheWebSphereApplicationServersupportpage,whereyou canfindalinktothedocumentationofyourversion. TheHostOn-DemandconfigurationservletEARfile,cfgservlet.ear, islocatedinthelibdirectoryofyourHostOn-Demandinstallation. ForWebSphere ApplicationServer5:Afteryousaveyourdeploymentsettingsinthe administrativeconsole,youneedtostarttheHostOn-Demandconfiguration servletintheEnterpriseApplicationswindowofWebSphereApplication Server.ThengototheEnvironmentwindowandselectUpdateWebServer Plug-in. Aftertheconfigurationservletisinstalled,youcanconfigure yourclientstousetheconfigurationservletinsteadofdirectly accessingtheServiceManager.YoucanusetheDeploymentWizardto buildcustomizedHTMLclientpages.Thewizardsetstheappletparameters intheHTMLbasedonyourinput,soyoudonothavetolearnthesyntax andvalidparametervalues.IBMrecommendsthatyouusetheDeployment WizardtosettheConfigServerURLparameterintheclientHTMLtoHODConfig/HODConfig/hod. Formoreinformationregardingconfigurationservletparameters, configurationandexamples,seeConfiguringthe configurationservletintheonlinehelp. UninstallingtheHostOn-Demandserver YoucanusetheInstallationManagerGUItouninstall theHostOn-DemandVersion12.Followthestepsbelowfortheuninstallation: StopallHostOn-Demandrelatedapplications(Forexample,Deployment WizardandIBMHostOn-DemandServiceManager). StartInstallationManager.ClickUninstall. SelectIBM®HostOn-Demand andtheappropriateversionandclickNext. Reviewthesummaryinformation.ClickUninstall. Iftheuninstallissuccessful,theprogramdisplaysamessage thatindicatessuccess. Iftheuninstallisnotsuccessful,clickView logtotroubleshoottheproblem. ClickFinish. ClickFile>Exitto closeInstallationManager. UninstallingHostOn-DemandusingInstallationManagerConsole mode Youcanuseconsolemodetouninstallpackages.Touninstall,the usermustbetheadministratororloginwiththeadministratorprivilege. PerformthefollowingtaskstouninstallHODintheInstallation ManagerConsoleMode: CloseallprogramsthatareassociatedwithHostOn-Demandinstallation. Forexample,DeploymentWizardandIBMHostOn-DemandServiceManager. Enterthecommand :imcl-candpressEnter Enter5toproceedtheuninstallation. TypethenumberthatappearstotheleftoftheHostOn-Demand 12.0packagegroup.PressEnter. ReviewthedetailsoftheHostOn-Demand12.0packagegroupthat istobeuninstalled.TypeNforNextorpressEnter.Nisthedefaultselection. SelecttheHostOn-Demandpackagebytypingthenumberthatappears totheleftofHostOn-Demand12.0package.PressEnter. EnterNforNext. Confirmthepackagetobeuninstalled.TypeUforUninstall,andpressEnter. Thispanelalsoprovidesanoptiontocreatearesponsefile.PressGandEntertoproceedwith creatingaresponsefile.Thisstartsuninstallation. Atthenextprompt,pressFtoFinish. ConfiguringHostOn-Demand ConfiguringHostOn-Demandemulatorclients AfterinstallingHostOn-Demand,youneedtocreateHTMLfiles andconfigureHostOn-Demandsessionsforyourusers. HostOn-DemandprovidesasampleHTMLfile ofready-to-use3270,5250,VT,andFTPemulatorsessionspre-configured withdownloadclientandJavaauto-detectioncomponents.Thesesessions usetheHTML-basedconfigurationmodelandareprovidedtoallowyou togetHostOn-Demandupandrunningandaccessyourhostsystems quickly.Tousetheseemulatorsessions,takethefollowingsteps: Locatethehodclients.zipfileintheyour_publish_directory\samples\htmldirectory, whereyour_publish_directoryis thenameofyourHostOn-Demandpublishdirectory. Verifythatthehodclients.zipfilecreatedbytheDeployment Wizardislocatedinthedirectoryinwhichyouwanttounzipthe files(eitherintheHostOn-Demandpublishdirectoryorinaspecial-purpose publishdirectory).Ifnot,copythe.zipfiletothatdirectory. UsetheDWunziptooltounzipthecontentsofhodclients.zipto yourpublishdirectory.RefertoUsingDWunzipfor moreinformationabouthowtousethistool. Useyourbrowsertopointtohodclients.htmlonyourWebserver, forexample,http://host/alias/hodclients.html. Right-clicktheappropriatesessioniconandthenselectProperties toopensessionproperties.Fillinthecorrectdestinationaddress, port,andanyotherconnectionpropertiesofyourhostsystem.Click OK. Doubleclickthesessionicontostartthesession.YoucanusetheDeploymentWizardtocustomizetheHTMLfile. Formoreinformation,refertoUsingtheDeploymentWizard. CreatingHostOn-DemandHTMLfiles ThebestwaytocreateandsetupyourHTMLfilesforHostOn-Demand istousetheDeploymentWizard.TheDeploymentWizardallowsyou toeasilycreatecustomHTMLfilesthatcontainalloftheHostOn-Demand featurestailoredforyourenvironment.Thefollowingisalistof someofthemanyfeaturesthatcanbeconfiguredusingtheDeployment Wizard: Configurationmodels.Configurationmodels definethehigh-levelapproachyouwishtofollowwithregardtowhere youdefineyoursessionsandwhereanyuserpreferencesarekept. Formoreinformationaboutconfigurationmodels,refertoPlanningfordeployment. Preloads.HostOn-Demandruns asanappletorapplicationandmustdownloadcodetotheusers'machines. Bydefault,theHostOn-Demandclientdownloadsallofthecomponents, butyoumayreducethedownloadsizebyremovingthosecomponents thatarenotneeded. Cachedclient,WebStartclient,orDownload client.Cachedclientsretainthecodethefirsttimeusersaccess theHTMLfile,andstoreitontheusers'machines.TheWebStart clientcachestheclientcodeliketheCachedclientbutadditionally allowsyoutorunHostOn-Demandwithoutabrowser.Downloadclients downloadthenecessaryappletfileseachtimeusersaccesstheHTML files. Webpageappearance(customHTMLtemplates). YoucaneasilysetupatemplatethattheDeploymentWizardwilluse togenerateyourHTMLfiles.Thisfeaturemakesiteasytoaddyour ownbackground,banners,etc. CachedClient/WebStartoptions.Whenrunning thecachedclientorWebStartclient,thecodemustbeupgradedwhen newerversionsoftheclientareavailable.Youcanuseanumberof DeploymentWizardoptionstocontroltheupgrades. LocationoftheHostOn-Demandinstall (codebase).Usually,DeploymentWizardfilesareplacedinthe HostOn-Demandserver'spublishdirectory.However,sometimesitmay beusefultoputthesefilesinalocationthatisindependentof theHostOn-Demandserversothattheycanbegranteddifferentsecurity controlsormakeHostOn-Demandserverupgradeseasier,forexample. WebSpherePortal.WebSpherePortal providesaframeworkforpluggingcontentextensionsknownasportlets intoaWebsite.Portletsareapplicationsthatorganizecontentfrom varioussourcesanddisplayitonasingleHTMLfileinabrowser window.TheHTMLfilesthatareusedtolaunchHostOn-Demandsessions canbedeployedasportlets,allowinguserstoaccessHostOn-Demand throughaportalinterface. WindowsDomainlogon.Ifyourusersare loggedontoaWindowsdomain,thisoptionautomaticallylogsusers ontoHostOn-DemandusingtheirWindowsusername.Thisoptionis availableonlywhenusingtheconfigurationserver-basedmodelin theDeploymentWizard. SessionManagerAPIs.TheHostOn-Demand SessionManagerprovidesJavaScriptAPIsformanaginghostsessions andtext-basedinteractionswithhostsessions.TheseAPIsareintended toprovidesupportforembeddinghostsessionsintoaWebpageusing JavaScriptandcanbeenabledwiththeDeploymentWizard. TousetheWebStartclient,youneedtouse theDeploymentWizard.Predefinedfilesforthisclienttypearenot provided. ConfiguringHostOn-Demandsessions InadditiontosettingupyourHTMLfiles,youneedtodefinesessions foryourusers.IfyouareusingtheHTML-basedmodel,thenyouconfigure yoursessionsintheDeploymentWizardatthesametimethatyoucreate theHTMLfiles.Otherwise,ifyouareusingtheconfigurationserver-based modelorthecombinedmodel,orusingoneofthepredefinedclients, youwillneedtocreategroups,users,andsessionsintheconfiguration serverusingoneoftheadministrationclients. Thereisafullrangeofoptionsavailabletoyouwhenyouare configuringyoursessions,regardlessofwhetheryouneedtousethe DeploymentWizardoroneoftheadministrationclients: Sessionproperties.Allofthesessionproperties canbeconfigured,includingconnectioninformation,security,etc. Eachofthefieldsmaybelockedtopreventusersfromupdatingthem. Runtimeoptions.Whenconfiguring asession,youcanlaunchthesessionandconfigurefeaturessuch assessionsizeandplacement,colors,toolbarcustomization,and macros.YoucanconfigureruntimeoptionsintheDeploymentWizard andtheFulladministrationclient. Disablinguserfunctions.Youcandisable almostanyofthefunctionsthatusersnormallyreceiveaspartof theirHostOn-Demandsession,suchasbookmarking,creatingorrunning macros,etc. UsingtheDeploymentWizard TheDeploymentWizardrunsonWindowsandLinuxplatforms. TostarttheDeploymentWizard,selectoneofthefollowingways: IfyouautomaticallyinstalledtheDeploymentWizard aspartoftheWindowsHostOn-Demandserver,gotoStart>Programs>IBMHostOn-Demand>Administration>DeploymentWizard.TheDeployment WizardWelcomewindowappears. TheDeploymentWizardguidesyouthroughconfigurationchoices andprovidescomprehensivehelpforthefeatures.Whenyouhavefinished selectingfeatures,theDeploymentWizardcreatestheHTMLandsupporting filesforyou.ThesefilesneedtobeplacedontheHostOn-Demand serverinadirectoryknowntoyourWebserver;usually,thisdirectory isyourHostOn-Demandserver'spublishdirectory. DistributingtheDeploymentWizardoutputtoyourHostOn-Demand server IfyourHostOn-DemandserverisonaWindowsorIBMSystemiplatform, youmightbeabletowriteyourDeploymentWizardHTMLandconfiguration filesdirectlytoyourHostOn-Demandserver'spublishdirectory. OnthefinalscreenoftheDeploymentWizard,youcanselectwhere towritethegeneratedfiles.Youmayselectanylocalornetwork driveaccessiblebythemachinewhereyourDeploymentWizardisrunning. Inthiscase,youwoulddirecttheDeploymentWizardoutputtoapublish directoryontheHostOn-Demandserverandspecifyanoutputformat ofHTML.Assumingthatyouhavealreadydefined yoursessions,theHTMLpageisthenreadytobeaccessedbyyour users. Otherwise,ifyourDeploymentWizardcannotdirectlywritetoyour HostOn-Demandserver,thenyoushouldselecttohavetheDeployment Wizardgenerateazipfilefortheoutputformat.TheDeploymentWizard willthenproduceasinglezipfilecontainingalloftheHTMLand supportingfiles.YouwillneedtomovethezipfiletotheHostOn-Demand serveranduseDWunziptoexplodethezipfile intothedesiredpublishdirectory.Assumingthatyouhavealready definedyoursessions,theHTMLpageisthenreadytobeaccessed byyourusers. UsingHostOn-Demandadministrationandnewuserclients HostOn-Demandsuppliesseveralpredefinedclientsforadministering HostOn-Demandandcreatingnewuseraccounts.Beforeaccessingan emulatorclientoraDatabaseOn-Demandclientthatusestheconfiguration server-basedorcombineddeploymentmodels,youneedtoaddusers andconfiguresessionsforthemwithoneoftheadministrationor fulladministrationclients. Loadingadministrationandnewuserclients Toloadanadministrationornewuserclient,dooneofthefollowing: SpecifythefullURLoftheHTMLfileinyourbrowser: http://server_name/hod_alias/client_name.htmlwhereserver_nameis thehostnameorIPaddressoftheHostOn-Demandserver, hod_aliasisthealias(orpath)ofthepublish directory,andclient_name istheHTMLfile nameoftheadministrationornewuserclient.Forexample,youcan downloadthecachedversionoftheadministrationclientfromthe WebserverbyspecifyingaURLsuchasthefollowing: http://host.yourcompany.com/hod/HODAdminCached.html To logonastheadministratorthefirsttimeaftertheinitialinstallation: TypethedefaultuserID:admin. Typethedefaultpassword:password. ClickLogOn. LoadtheHODMain_xx.htmlfile,wherexxisyourtwo-letterlanguagesuffix,intoyour browsertoviewlinkstoalltheavailableadministrationandnew userclients,plusotherpredefinedclients.HODMain_xx.htmlislocated inthepublishdirectory. Administrationclients Administrationclientsenableyoutoperformthefollowingtasks fordatastoredontheconfigurationserver: Manageusers,groups,andsessions Configure,manageandtracetheRedirectorservice ConfigureDatabaseOn-Demand Enablesecurity Viewtraceandmessagelogs Disablefunctionstoendusers AdministrationclientsrunonallHostOn-Demandclientplatforms excepttheMacinstoshoperatingsystem.IfyouarecreatingHTMLfiles intheDeploymentWizardusingeithertheconfigurationserver-based orcombinedmodels,youneedtoconfiguresessionsontheconfiguration serverusinganadministrationclient.RefertoBasic ConfigurationStepsintheonlinehelpformoredetailedinformation aboutconfiguringtheHostOn-Demandconfigurationserver. HostOn-Demandsuppliesthefollowingpredefinedadministration andfulladministrationclients: Administrationclient(HODAdmin.html) Loadsthedownloadversionoftheadministrationclient. Administrationclientcached(HODAdminCached.html) LoadsthecachedversionoftheAdministrationclient.Theadvantage ofusingthisclientisthatitcanbecachedalongwiththecached clientinthebrowser. TobookmarkthecachedAdministrationclient, youneedtomanuallycreatethebookmark.ItmustpointtoHODAdminCached.html, sothatHostOn-Demandcancomparethecachedversiontotheserver version.ThisallowsHostOn-Demandtorecognizeandnotifyyouthat anewerversionofthecachedAdministrationclientisavailableat theserver. Administrationclientcachedwithproblemdetermination (HODAdminCachedDebug.html)1 LoadstheAdministrationclientinacachedenvironmentwith problemdetermination(sessionloggingandtracing)enabled. FullAdministrationclient(HODAdminFull.html)2 LoadsthedownloadversionofthefullAdministrationclient. Thefulladministrationclientgivestheadministratortheadditional abilityofstartingsessionstoconfigureruntimeproperties.However, thedownloadsizeofthefulladministrationclientislargerthan thedownloadsizeofadministrationclient. FullAdministrationclientcached(HODAdminCachedFull.html)2 LoadsthecachedversionofthefullAdministrationclient. LikethecachedversionoftheregularAdministrationclient,this clientcanbecachedalongwiththecachedclientinthebrowser. Fulladministrationclientcachedwithproblemdetermination (HODAdminCachedDebugFull.html)1,2 LoadsthecachedversionofthefullAdministrationclientwith problemdetermination(sessionloggingandtracing)enabled. Notes: Usetheproblemdeterminationclientsonlyifyouareworking withSupporttoresolveaproblemwithyourHostOn-Demandinstallation. ThefullAdministrationclientistheAdministrationclientwith StartSessionenabled. IfyouuseaJava-enabledbrowser,youneedtousetheJava ControlPaneltoremovetheAdministrationcachedclient.Forinstructions, refertoUsingtheJavaplug-inintheonline help. DirectoryUtility TheDirectoryUtilityisaJavaapplicationtheadministratorcan usetomanageuser,grouporsessionconfigurationinformation.This informationisstoredeitherintheHostOn-Demanddefaultdatastore, orinanLDAPdirectory.Thisutilityisonlyusefulintheenvironment wheretheConfigurationServer-basedmodelisinuse.TheDirectory Utilityenablesyoutoadd,delete,orupdatelargenumbersofusers, groups,orsessionsinabatchmodeenvironmentinsteadofusingthe Administrationclient.TheDirectoryUtilityreadsanXMLASCIIfile thatcontainsthefollowingactionstobeperformedonusers,groups, orsessionsdefinedtotheConfigurationServer: Add,update,anddeletegroups Add,update,anddeleteusersfromgroups Add,update,anddeletesessionsfromusersorgroups Listexistingusersandgroupsinoutputfiles,asproductsof uniquesearches Listexistingusersandgroupsinoutputfilesthatcanbereused asinput Searchesperformedwiththelistactionare eitheruser-based(returninguser-specificinformation)orgroup-based (returninggroup-specificinformation).LDAPenvironments,however, supportonlyuser-basedsearches. Formoreinformation,seeUsingtheDirectory Utilityintheonlinehelp. Newuserclients IftheadministratorhasenabledAllowuserstocreateaccounts intheUsers/Groupswindow,userscanusethepredefinednewuser clientstocreatenewaccounts.SeetheEnabling userstocreateaccountstopicintheonlinehelpformoreinformation aboutthisclient. ThefollowingnewuserclientsaresuppliedwithHostOn-Demand: Newuserclient(NewUser.html) LoadsthedownloadversionoftheNewuserclient. Newuserclientcached(NewUserCached.html) LoadstheNewUserclientinacachedenvironment. Newuserclientwithproblemdetermination(NewUserCachedDebug.html)1 LoadstheNewUserclientinacachedenvironmentwithproblem determination(sessionloggingandtracing). Note: Usetheproblemdeterminationclientsonlyifyou areworkingwithIBMSupporttoresolveaproblemwithyourHostOn-Demand installation. UsingHostOn-Demandemulatorclients Thischapterdiscussesissuesthatyouneedtobeawareofwhen configuringandusingHostOn-Demandterminalemulatorclients. LoadingemulatorclientsdescribeshowtoaccessHostOn-Demand emulatorclients. Selectingtheappropriateclientdiscusseshowtodecidewhichclient isbestforyourneeds. Cachedclientsdiscusseshowtousecached clients,includinginstallingandremovingthem,deployingthemover theInternet,supportforWindowsandMacOSX,andtroubleshooting problems. WebStartclientdiscusseshowtousetheWebStartclient, includinginstallingandremovingit,configuringyourWebbrowser, usingWebStartwithWindowsrestrictedusers,andupgrading. Downloadclientsdiscusseshowtousedownloadclients, includinginstallingthemandloadingthemafterdownloadingacached clientorWebStartclient. Predefinedemulatorclientsdescribesthepredefinedemulator clientssuppliedwithHostOn-Demand. Reducingclientdownloadsizediscussesstrategiesforreducing thedownloadsizeofclients. Deployingcustomer-suppliedJavaarchivesandclassesdescribeshowtodeployJavaarchives andclassfilestoyourclients. Loadingemulatorclients HostOn-DemandprovidesasampleHTMLfile ofready-to-use3270,5250,VT,andFTPemulatorsessionspre-configured withdownloadclientandJavaauto-detectioncomponents.Thesesessions usetheHTML-basedconfigurationmodelandareprovidedtoallowyou togetHostOn-Demandupandrunningandaccessyourhostsystems quickly.Formoreinformation,refertoConfiguringHostOn-Demandemulatorclients. ToloadaHostOn-Demandemulatorclient,auserstartsaWebbrowser andentersintheAddressfieldtheURLofaHostOn-DemandHTMLfile. TheHostOn-DemandHTMLfilemustbeoneofthefollowing: AnHTMLfilethatyoucreatewiththeDeploymentWizard. OneofseveralgenericpredefinedHTMLfilesincludedwithHost On-DemandIBMrecommendsthefirstoption.Formoreinformationonthe DeploymentWizard,seetheDeploymentWizardtopic intheonlinehelp.Formoreinformationonthegenericpredefined HTMLfiles,seePredefinedemulatorclients. Ifyouremulatorclientisdeployedwiththe configurationserver-basedorcombineddeploymentmodel,youneed toaddusersandconfiguresessionswiththeadministrationclient beforeyoucanusetheemulatorclient. TolaunchHTMLfilesgeneratedbytheDeployment Wizard,specifythefullURLoftheHTMLfileinyourbrowser: http://server_name/hod_alias/client_name.htmlwhereserver_nameis thehostnameorIPaddressoftheHostOn-Demandserver,hod_aliasisthealias(orpath)ofthepublish directory,andclient_nameistheHTMLfile nameoftheclient.Forexample,ifyoucreatedanHTMLfileinthe DeploymentWizardcalled3270sessions.html,youcanloaditbyspecifying aURLsuchasthefollowing: http://host.yourcompany.com/hod/3270sessions.html TolaunchapredefinedHTMLfileincludedwithHostOn-Demand, pointyourbrowsertoHODMain_xx.htmlfile, wherexxisyourtwo-letterlanguagesuffix, toviewlinkstoalltheavailablepredefinedclients.HODMain_xx.html islocatedinthepublishdirectory. Whenyouaccessaclient,asecuritywarningappearstonotify youthatHostOn-DemandwascreatedbyInternational BusinessMachines.UsersmustgrantJavasecurityprivileges forthissessionoranyfuturesessionsbyclickingtheappropriate buttonsinorderforHostOn-Demandtoworkproperly. Note: Pop-upblockersmightpreventtheJavasecuritywindows andotherresponsewindowsfromappearing. Selectingtheappropriateclient ThetypesofHostOn-Demandclientsthatyouusedependonyour computingenvironmentandyourpersonalpreferences. CachedclientsandWebStartclientsarestoredlocallyandload fasterthandownloadclients(unlessanupdatedversionoftheclient isbeingdownloadedfromtheWebserver).Youcanusethemequally wellovernetworkanddial-upconnections.CachedclientsandWeb Startclientstakeupmorelocaldiskspacethandownloadclients, butonmostmachinesthisisnotaproblem. TheWebStartclientallowsuserstorunHostOn-Demand sessionswithoutabrowser.UsersstartHostOn-Demandsessionsfrom theJavaWebStartApplicationManager.IfauserclosestheHost On-Demanddesktopandthereareactivesessionsrunning,theuser ispromptedtomakesurehewantstocloseallsessions. DownloadclientsaregenerallyusedinLAN-connectedenvironments becausehigh-speednetworkconnectionsreducethetimeittakesto downloadthemfromtheWebserver.Theyarenotrecommendedforuse overlow-speeddialupconnectionsbecausetheyneedtobedownloaded everytimetheyareused,whichtakesmoretimeondialupconnections. Thesmalldiskfootprintofdownloadclientsisespeciallywell-suited forclientmachinesthatdonothavealotoflocaldiskspace,such asNetStationmachines. Youcanusecached,WebStart,anddownloadclientsinthesame HostOn-Demandenvironment.RefertoRemovingthecachedclientfor instructionsonremovingcachedclients. IfyouplantousetheWebStartclient,youneedtousetheDeployment WizardtogenerateyourHTMLfile.Ifyouplantousecachedclients ordownloadclients,IBMrecommendsthatyoucreateyourownclients usingtheDeploymentWizardinsteadofusingoneofthepredefined clients.RefertoReducingclientdownloadsizeformoreinformation. Cachedclients AHostOn-DemandcachedclientisanyHostOn-Demandclientwhose componentshavebeencached(storedlocallyforquickaccess)onthe harddiskofauser'sworkstation.Whenauserfirstrunsacached client,theHostOn-DemandstartupcodedownloadstheHostOn-Demand clientcomponentsandstoresthemontheharddiskoftheuser'sworkstation. Thisiscalledinstallingthecachedclient. Whentheuserthenrunsthecachedclient,theHostOn-Demandstartup codedownloadsonlyasmallstartupappletfromtheserver.Thestartup appletinturnstartstheHostOn-Demandclientfromthecachedcomponents ontheharddisk. Byusingthecachedclient,theuseravoidshavingtowaitfor theHostOn-Demandclientcomponentstobedownloadedbecausethey arealreadyimmediatelyavailableontheworkstation'sharddisk. Inaddition,thecachedclientispersistentacrossoperatingsystem restartsandbrowserreloads.Eventhoughthecachedclientwasoriginally intendedforuserswithslowconnectivity,suchasdial-upphonelines, wheredownloadingalargeappletwouldtakealongtime,manycustomers havepreferredusingthecachedclientevenforhigh-speedlines. LikeallHostOn-Demandclients,thecachedclientisstarted(both thefirsttimeandsubsequently)byspecifyingtheURLofaHostOn-Demand HTMLfileintheAddressfieldofasupportedWebbrowser.IBMrecommends thatyoucreateyourownHTMLfileusingtheDeploymentWizard.However, youcanalsouseoneofthegeneric,predefinedcachedclientHTML filesincludedwithHostOn-Demand. Theappletthatstartsthecachedclientalsodetermineswhether theversionnumberofanyoftheHostOn-Demandclientcomponents ontheHostOn-Demandserverisnewerthantheversionnumberofthe correspondingdownloadedcomponents.Ifso,thentheappletupgrades thecachedclientbydownloadingandcachingthenewercomponentfrom theserverbeforelaunchingthecachedclient. Theusercaninstallmultipletypesofacachedclient onthesameworkstation.Forexample,anemulatorcachedclient,a DatabaseOn-Demandcachedclient,andanadministrationcachedclient couldallbeinstalledononeworkstation.Also,withtheJavaversion ofHostOn-Demand,theusercaninstalltwoversionsofthesamecached client:onewithproblemdeterminationandonewithoutproblemdetermination. Installingcachedclients YoucaninstallacachedclienteitherfromaHostOn-Demand serverorfromaLANdriveorDVDdrive. Informationinstalledforthecachedclient Twotypesofinformationarestoredontheuser'sworkstationwhen aJavacachedclientisinstalled: HostOn-Demandcomponents Thesecomponentsarein theformofJavaarchivefiles(JAR). Controlinformation Thisinformationincludesdatasuchasthe URLoftheHostOn-Demandserverandtheversionofeachdownloaded component. Javacachedclient MultipleversionsoftheJavacachedclientcanexist ontheuser'sworkstationbecausetheJavacachedclientstartupcode storesthecachedclientcomponentsinadifferentdirectoryofthe workstation'sharddiskforeachserverfromwhichtheuserhasdownloaded acachedclient. FortheJavacachedclient,alltheclientcomponents thataredownloadedfromthesameserverarestoredinthesamedirectory ontheuser'sharddisk.Forexample,iftheuserinstallsaJava emulatorclientandaJavaDatabaseOn-Demandclientfromthesame server,thenthecomponentfilesforbothtypesofclientarestored inthesamedirectory. ForafewspecializedtypesofJavacachedclients,theclient componentsarestoredintheJavaplug-in'ssticky cache.Thesearethesamecachedclienttypesthatarelisted inLimitsofsupport. InstallingthecachedclientfromtheHostOn-Demandserver ToinstallthecachedclientfromaHostOn-Demandserver: SpecifythefullURLoftheHTMLfileinyourbrowser,asdescribed inLoadingemulatorclients. Ifyouwanttouseapredefinedclient,clickonthecachedclient linkafterloadinghttp://server_name/hod_alias/HODMain.html,whereserver_nameis thehostnameorIPaddressoftheHostOn-Demandserverandhod_aliasisthealias(orpath)ofthepublish directory. Thecachedclientbeginsinstallingimmediately.Awindowshows theprogressoftheinstallation.Theupperprogressbarofthiswindow showsthestatusofindividualfilesastheydownload,whilethelower progressbarshowsthestatusoftheoverallinstallation. Theinstallationprogresswindowdoesnotappear forafewtypesofJavacachedclients.ThesearethesameJavacached clientsthatarelistedinLimitsofsupport. Whentheinstallationcompletes,theinstallationcode immediatelylaunchestheJavacachedclient.Theuserdoesnothave torestartthebrowser. InstallingthecachedclientfromaLANorDVD Youcannowhavesomeorallofyourusersinitiallydownloadthe cachedclientfromaLANdriveoraDVD.Toinstallthecachedclient, theuserhastoaccesstheLANdriveorDVDonlyonce.Aftertheinstallation, theuserconnectstotheHostOn-Demandserverintheusualway. Theadvantagesofthismethodarethatthecachedclientcomponents areinstalledontheuser'sworkstationmorequicklythantheywould beiftheyhadtobedownloadedfromtheWebserver,andthatthe userisnotplacinganadditionalloadontheWebserverbydownloading anentiresetofcachedclientcomponents. Thismethodissupportedonmostclientplatforms.However, severalJavacachedclientsdonotsupportthisfeature.TheJava cachedclientsthatdonotsupportthisfeaturearelistedinLimitsofsupport. Limitations TheHTMLfilecannotspecifyaseparateuserpublish directory.(IfyouspecifiedaCodeBaseintheDeploymentWizard, theHTMLfilecannotbeusedtoinstallthecachedclientfromaLAN orDVDdrive.)Refertotheonlinehelpfor moreinformationabouttheseparateuserpublishdirectory. StepsfortheadministratortocreatetheDVDorLANimage UsetheFileNameandOutputFormatwindowintheDeploymentWizard tocreateyourcustomized*.htmlfiles(forexample,MyHOD.html). IfyouneedtodistributetheDeploymentWizardfilestoanotherserver, youmightwanttoselectOutputZiptoallowyoutouseDWunzip.For moreinformation,seeUsingDWunzipinthe onlinehelp. FortheJavacachedclient,youcanavoidhavingthe usertypeinthehostnameoftheHostOn-Demandserverduringinstallation byspecifyingtheadditionalHTMLparameterWebServerHostnameinthe DeploymentWizard.FormoreinformationseeHTML parametersintheonlinehelp. AfterloadingthenewDeploymentWizardfilestoyourserver, testthenewfilestomakesuretheyfunctionasexpected. CopyorFTPthefollowingfilesfromthepublishdirectoryof yourHostOn-DemandserverinstallationtoanetworkdriveorDVD (makesureyouputthesameversionofHostOn-DemandontheDVDor LANdrivethatyouhaveonyourHostOn-Demandserver): MyHOD.html MyHOD.jnlp(ifitexists) z_MyHOD.html(ifitexists) hoddetect*.html hodlogo.gif hodbkgnd.gif Installer.html Installer2.html *.jar *.properties *.js Copythefollowingfilesanddirectorieswhilepreserving thedirectorystructure: msgs\cached_*.properties HODData\MyHOD\*.* Ifyou arecopyingthesefilesfromaz/OSinstallationtoaDVDimage,note thatyouwillhavetoremovethe.asciifileextensionfromallHTML, PROPERTIES,JS,JNLP,andCSSfilesfirst.Forexample,afilenamed *.properties.asciishouldbecopiedtotheDVDas*properties. IfyouareusingaDVDforcachedclientinstallation, theDVDmustbedistributedwiththesameguidelinesastheLicense AgreementandExportandImportregulationsbecauseitcontainsencryption technology. Stepsfortheuser AftertheadministratorhassetuptheLANdriveorDVD,theuser mustperformthefollowingstepstoinstallthecachedclient. Preparetheclientmachineforinstallationbydoingthefollowing: GetaccesstotheLANdriveorDVDdrive. GetthenameandlocationoftheHTMLfile,suchasf:\myPath\MyHOD.html, thatthesystemadministratorhasplacedontheLANdriveorDVD. (TheHTMLfilehasthesamenameandthesamecontentsforallusers. Itisnotspecifictooneuser.) FortheJavacachedclientonly,find thehostnameoftheHostOn-Demandservertowhichtheuserwillattach afterinstallingthecachedclient.Forexample,iftheuserwill attachtohttp://myHODServer/hod/MyHOD.html,thenthehostname ismyHODServer. FortheJavacachedclient,thesystemadministrator caneliminatethisstepbyaddingtheHTMLparameterWebServerHostname totheHTMLfile.SeeHTMLparametersinthe onlinehelp. RuntheHTMLfile: TypethepathandnameoftheHTML fileinthebrowser'saddressinputfield,suchas: f:/mypath/MyHOD.html FortheJavacachedclientonly,when promptedbytheinstallationcode,enterthehostnameoftheHost On-Demandservertowhichtheuserconnectsafterinstallingthecached client.Forexample,iftheuserlauncheshttp://myHODServer/hod/MyHOD.html, thenthehostnameismyHODServer. FortheJavacachedclient,thesystemadministrator caneliminatethisstepbyaddingtheHTMLparameterWebServerHostname totheHTMLfile.SeeHTMLparametersinthe onlinehelp. WaitwhiletheHostOn-Demandcachedclientisinstalledfrom theLANdriveortheDVD. Whenprompted,restartthebrowserandpointittotheHTMLfile ofthesamenameontheHostOn-Demandserver,suchas: http://myServer/hod/MyHOD.htmlThe nameoftheHTMLontheHostOn-Demandserveristhesameasthename oftheHTMLfileontheLANorDVD. Aftercompletingthesesteps,theHostOn-Demandcached clientstartsintheusualway. Removingthecachedclient Ageneralpurposeremovalmethodisdiscussedinthe followingsections. Beforeyoubegin Removingthecachedclientmeanserasingtheinformation thatwasstoredontheuser'sharddiskwhentheJavacachedclient wasinstalled. AuserrunningtheJavaversionofthecachedclient hasaseparateversionofthecachedclientforeachHostOn-Demand serverforwhichhedownloadedacachedclient.Formoreinformation, refertoInformationinstalledforthecachedclient. RemovingtheJavacachedclientremovesonlytheversion oftheJavacachedclientthatwasdownloadedfromtheserverthat theuservisitswhenhedoestheremoval.Forexample,iftheuser visitstheserverhttp://myHODServerA/hod/HODRemove.htmlfor theservermyHODServerAtoremovetheJavacachedclientontheuser's workstation,thenonlytheJavacachedclientthatwasdownloaded frommyHODServerAisremoved. Finally,fortheJavacachedclient,removingthecached clientremovesallthetypesofcachedclients(suchasemulation, DatabaseOn-Demand,andadministration)associatedwiththatinstallation. RemovingtheJavacachedclientfromaworkstationwhile attachingtoservermyHODServerAremovestheemulation cachedclient,DatabaseOn-Demandcachedclient,andadministration cachedclientthatwerepreviouslydownloadedfromservermyHODServerA. However,onlythecachedclientcomponentsdownloadedfromthatserver areremoved.Cachedclientcomponentsfromotherservers,ifany, arenotremoveduntiltheuserconnectstothatserverandperforms aremove. RemovingJavacachedclients Thegeneral-purposeremovalmethodremovestheJavacached client.Followthesesteps: Startyourbrowser. StartaJava-enabled browsertoremoveaJavacachedclient. ConnecttoHODMain.htmlontheHostOn-Demandserver.Forexample, connecttothefollowingURL: http://myServer/HOD/HODMain.html IfyouareremovingaJavacachedclient,you needtoconnecttothesameserverfromwhichyouinstalledtheJava cachedclienttosuccessfullyremoveit.Formoreinformation,refer toBeforeyoubegin. ClickthefollowingentryunderUtilities: RemoveCachedClient Thereisalsoanalternateandmoredirectwayofperformingthis general-purposeremoval.Followthesesteps: Startyourbrowser. ConnecttoHODRemove.htmlontheHostOn-Demandserver.Forexample, connecttothefollowingURL: http://myServer/HOD/HODRemove.htmlThis removesthecachedclient. IfyouareremovingaJavacachedclient,you needtoconnecttothesameserverfromwhichyouinstalledtheJava cachedclienttosuccessfullyremoveit.Formoreinformation,refer toBeforeyoubegin. Whichevergeneral-purposeremovalmethodyouuse,youwillbeprompted tocleartheJavaplug-in'scacheifyouhaveremovedthefollowing Javacachedclients: Administrationcachedclients CachedclientsontheAppleMacOSX EmulatorcachedclientswithJavaScriptSessionManager APIenabled(onlyJavaMozilla)AwindowappearstonotifyyoutocleartheJavaplug-in'scache. Formoreinformation,refertoUsingtheJava plug-inintheonlinehelp. Removingacachedclientsharedbymultipleusers Ifmultipleusersshareasinglecachedclient,andoneofthese usersremovesthecachedclient,thenthecachedclientisremoved forallusers.Forinformationonsharingasinglecachedclient, refertoCachedclientsupportforWindows. Cachedclientsupportissueswhenaccessingmultiple HostOn-Demandservers Thefollowingsectionsdetailissuesandproblemsthatmightarise whencachedclientusersaccessmultipleHostOn-Demandservers. Javacachedclient AHostOn-DemandJavacachedclientinstallsaseparatecopyof thecachedclientcodeforeachHostOn-Demandserverthattheuser visits.Thereforethereisnoproblemaccessingserversatdifferent servicelevels.Withsomeversionsoftheplug-in,usersmayneed toincreasethesizeoftheirJavacacheiftheyaregoingtovisit manyHostOn-Demandservers. ThefollowingproblemscanoccurwiththeJavacached clients. Problemusinglocallystoredpreferences Ifyouareusinglocallystoredpreferences,thecustomHTMLfiles youcreatemusthavenamesuniquetoyourcompany,becausetheHTML filenamesdifferentiatebetweenthelocallystoredpreferencesof differentsites.Usinggenericnamescouldcausepreferenceconflicts foryourusers. SeetheHostOn-DemandsupportWebsiteformoreinformation IfyouhaveproblemsmanagingcachedclientdeploymentontheInternet, gotohttp://www.ibm.com/software/webservers/hostondemand/support.htmlfor moreinformation. CachedclientsupportforWindows Onamulti-userWindowsmachinerunningtheWindows7, theWindows8,theWindows10,ortheWindows2012operatingsystem, userscandownloadtheirownindependentversionofthecachedclient: AnysupportedbrowserwithaJavaplug-inIftheJavaScriptAPIisenabled,thecachedclientcannotbe sharedforMozillaJavabrowsersduetoatechnicallimitation. Alternatively,youcanaddthefollowingparametersusingthe HTMLparametersselectionoftheAdvancedOptionswindowoftheDeployment Wizard: ShareCachedClient:allowsuserstoshare asingleinstanceofthecachedclient SharedCachedDirectory:allowsyoutospecify thedirectorylocationwherethecachedclientistobeinstalled Whenthecachedclientissharedbutyoudonotspecifyadirectory, thecachedclientisinstalledinthedefaultdirectory\Documents andSettings\AllUsers\IBMHOD.Ifyouspecifyadirectory,forexample SharedCachedDirectory=c:\ibm,theHostOn-Demandcachedclientappends IBMHOD\HODCCtothisstring,andthecachedclientisinstalledin thisnewlocation,forexample,c:\ibm\IBMHOD\HODCC.Anadministrator orpowerusermusteithercreatetheinstalldirectorymanuallyor performthefirstinstallofthesharedcachedclient.Ineithercase, theadministratororpowerusermustchangethesecuritysettings forthisdirectorysothatrestrictedusershaveRead,Modify,and Writeaccess.TheAdministratorcaneitherchangethesecuritysettings andthendownloadthecachedclienttothedirectory,ordownload thesharedcachedclienttothedirectoryandthenchangethesecurity settings.Ifthesecuritysettingsarenotupdatedandarestricted userattemptstoinstallthesharedcachedclient,theuserreceives anerrormessagethatindicatestheremaybeaproblemwiththefile system,andtherestricteduserwillnotbeabletouseorupdate thecachedclient. Oncetheadministratororpoweruserchangesthesecurity settings,arestrictedusercanlogontoWindowsandcaneitherinstall thesharedcachedclientoruse(orupdate)apreviouslyinstalled versionofthesharedcachedclient.Otherrestricteduserscanlog ontoWindowsandusethecachedclientwithouthavingtodownload itfromtheHostOn-Demandserveragain.Theycanalsoupgradethe sharedcachedclient,ifnecessary. Ifyoudonotwantrestricteduserstosharethecachedclient, aseparateinstanceofthecachedclientisdownloadedtotheuser directoryforeachrestricteduser. Ifanadministratororapoweruserdownloadsthepreviousversion ofthecachedclient,andyouwanttoallowrestricteduserstoaccess it,theadministratororapowerusermustuseHODRemove.htmltoremove thepreviousversionofthecachedclient,andthenchangethesecurity settingstothesharedcachedclientdirectorytoRead,Modify,and Writeforrestrictedusers,asdescribedabove. Forinformationaboutremovingasharedcachedclient,seeRemovingacachedclientsharedbymultipleusers. CachedclientsupportforMacOSX(Javaclientsonly) CachedclientshavethefollowinglimitationsonMacOSX: StagingofHostOn-Demandupdatesismanagedonaperserverbasis. PreloadingcachedclientsfromaDVDorLANdriveservesnofunction. WhenthebrowserisredirectedtotherealWebsite,theplug-inconsiders thattobeadistinctWebserverandtheclientiscachedagain. HostOn-Demandrunsasanappletandmustdownloadcodetothe users'machines.TheHostOn-Demandclientdownloadsallofthecomponents, butyoucanreducethedownloadsizebyremovingthecomponentsthat youdonotneed.OnMacOSX,youcannotinstalladditionalcomponents aftertheinitialdownload. TheHostOn-DemandJavafilesusedtoruntheHostOn-Demandcached clientonaJava-enabledWebbrowserarestoredintheJavaRuntime Environment(JRE)cache.ToremovethecachedclientonMacOSX, youneedtousetheJavaControlPaneltocleartheJREcache.For instructions,refertoUsingtheJavaplug-inin theonlinehelp. Whenrunningthecachedclient,thecodemustbeupgradedwhen newerversionsoftheclientareavailable.Thereareanumberof DeploymentWizardoptionsthatallowyoutocontrolwhentheupgrades occur.TheseoptionsarenotavailableonMacOSX. TheJavacachedclientimprovementsdonot applytotheMacOSXJavacachedclient.Formoreinformation,refer toLimitsofsupport. Troubleshootingcachedclients Ifyoufindthatyoucannotloadthecachedclient,followthe troubleshootingsuggestionsprovidedbelow. MicrosoftInternetExplorer11.0 AfterupgradingyourbrowsertoMicrosoftInternetExplorer11.0, youmightreceivesecurityexceptionsintheJavaconsole.Whenyou installtheCachedClient,severalfilesarestoredintothebrowser's directorystructure.WhenyouupgradeInternetExplorertoVersion 11.0,thebrowserwillnolongerknowabouttheCABfilesthatcontain theHostOn-Demandcachedcode.Sincethebrowsercannotfindthe CABfiles,ittriestousetheclassfilesdirectlyfromtheserver, causingsecurityexceptions.Toresolvethisissue, youshouldupgradeyourbrowser,removeHostOn-Demandusing HODRemove.html,andthenreinstalltheproductusingHODCached.html. MozillaandFirefox WiththeMozillaandFirefoxbrowser,ifnothinghappenswhenyou trytoinstallthecachedclient,oriftheattempttoinstallthe cachedclientfails,checkthebrowser'ssettings.Makesurethat MozillaandFirefoxarenotsettosuppresspopupwindowsthatappear ontopoforundertheNavigatorwindow.Thissettingpreventsthe HostOn-Demandcachedclientfrombeinginstalled. ThislocationofthissettingdependsontheversionofMozilla: InMozilla1.2,thissettingisincludedunderEdit >Preferences>Advanced>Scripts&Plugins. InMozilla1.3,thissettingisincludedunderEdit >Preferences>Privacy&Security>PopupWindows. Afterthecachedclientisinstalled,youcanrestorethissetting tosuppresspopupwindows.Butifyouneedtoinstalltheentirecached clientagainorupdatetoanewerversionintheforeground,youneed tosetMozillaorFirefoxagainsothatitdoesnotsuppresspopup windows. Thesettingtosuppresspopupwindowsdoes nothinderthedownloadingofadditionalcomponentsthatwerenot includedintheinitialdownload(preloadlist). WebStartclient TheJavaWebStartclientallowsuserstostartHost On-Demandwithoutabrowser.YouneedtousetheDeploymentWizard togenerateaHTMLfilefortheWebStartclient.TheHTMLfilegenerated bytheDeploymentWizardpointstoaJavaNetworkLaunchProtocol (JNLP)file.TheJNLPfiledefinesaJavaApplication,includingparameters passedtotheapplicationandthearchivesthatcontainsclassfiles usedbytheapplication.TheJNLPfileandtheassociatedarchives arestoredonaWebserver. WhenauserpointstotheJNLPfile,thebrowserlaunches theWebStartapplicationontheclientcomputer.Itdownloadsthe associatedarchives,checkstoinsurethattheminimumrequiredJRE ispresent(ifspecified),storesthearchivesontheuser'smachine, setsupiconstorepresenttheapplication,andlaunchestheapplication. UserscanstartHostOn-DemandsessionsfromtheJava WebStartApplicationManager.ByusingtheJavaWebStartApplication Manager,HostOn-Demandsessionsdonotdependonabrowser.Therefore, closingabrowserdoesnotendaHostOn-Demandsession.Iftheuser attemptstoclosetheHostOn-Demanddesktopandthereareactive sessionsrunning,theuserispromptedtomakesurehewantstoclose allsessions.Ifso,thesessionsareterminatedcleanlytoprevent problemsthatoccurwhentherearesessionsrunninginthebrowser andthebrowserisabruptlyclosed. Aftertheinitiallaunchoftheapplication,youcan eitherpointtheWebbrowserattheJNLPfileagain,orclickthe mouseontheiconscreatedontheclientmachine.AfterWebStart isrestarted,itcheckstheWebserverforupdatestothearchives anddownloadsanyupdatedfiles. JavaWebStartisbundledwithJRE1.4.0orhigherversions oftheJavaRuntimeEnvironment.IfyouuseJRE1.3,thenyoushould upgradetoJRE1.4.FormoreinformationaboutJavaWebStart,refer tohttp://www.javasoft.com.HostOn-DemandVersion12recommends Java1.5orhigher. TheHostOn-DemandWebStartclienthasthefollowing requirements: JRE1.4orlaterisrequiredtouseHTTPStoaccessfilesfrom theWebserver. JRE1.4orlaterisrequiredtouseanHTTPproxywithWebStart. SessionpropertiesthatsayuseBrowsersettings(like proxyserverorTLS)cannotbeusedwithWebStart. InstallingtheWebStartclient TherearetwowaystoinstalltheWebStartclient.Typically, usersinstallitfromaHostOn-Demandserveroverthenetwork,either withorwithoutusingaWebbrowser.Alternatively,userscaninstall itfromaLANorDVDdrive,althoughthisrequiresasmalladditional downloadoverthenetwork.RegardlessofhowusersinstalltheWeb Startclient,onceitisinstalledandintheJavaWebStartApplication Manager,theycanstartitbyclickingtheappropriateiconinthe ApplicationManager. InstallingtheWebStartclientfromtheHostOn-Demandserver UserscaninstalltheWebStartclientfromtheHostOn-Demand servereitherwithorwithoutusingabrowser. UsingaWebbrowser ToinstalltheWebStartclientusingaWebbrowser,userscan performthefollowingsteps: SpecifythefullURLoftheHTMLfileinyourbrowser,asdescribed inLoadingemulatorclients. TheWebStartclientbeginsinstalling immediately.Awindowshowstheprogressoftheinstallation.The upperprogressbarofthiswindowshowsthestatusofindividualfiles astheydownload,whilethelowerprogressbarshowsthestatusof theoverallinstallation. Whentheinstallationcompletes,theinstallationcodeimmediately launchestheWebStartclient.Youdonothavetorestartthebrowser. WithoutusingaWebbrowser ForWindowsusers,distributetheJNLPfilethatwasgenerated fromtheDeploymentWizard(forexample,myhod.jnlp)toyourendusers. Oncethefileisdistributed,userscantypestartmyhod.jnlpto starttheWebStartapplicationandbegininstallingtheHostOn-Demand client.Sincethefileextension'.jnlp'willberegisteredtothe WebStartapplication,theWebStartapplicationwillstart,read thefile,anddownloadalltheappropriatearchivefilesfromthe HostOn-DemandserverthatwasspecifiedintheDeploymentWizard-generated JNLPfile.TheHostOn-DemandWebStartclientwillstartwhenthe downloadcompletes. IfyouhavenotdistributedtheJNLPfiletoWindowsusersoryour clientsarerunningplatformsotherthanWindows,userscanstill downloadtheWebStartclientwithoutaWebbrowserbystartingthe JavaWebStartApplicationManagerdirectlyandpointingtotheJNLP fileontheWebserver. ForWindowsclients,userscanperformthefollowingsteps: OpentheJavaWebStartApplicationManagerbydouble-clicking thejavaws.exefile,typicallylocatedintheC:\Program Files\JavaWebStartdirectory. PointtotheJNLPfileontheWebserverathttp://HODServer/HODAlias/myhod.jnlp. ForLinuxclients,ausercantype/javawshttp://HODServer/HODAlias/myhod.jnlpto installandruntheHostOn-Demandsession.AHostOn-Demandicon appearsintheJavaWebStartApplicationManager.Userscandouble-click thisicontolaunchHostOn-Demand. InstallingtheWebStartclientfromaLANorDVD Inordertoreducenetworktrafficandminimizedownloadtimes, somecompanieswishforuserstoinstalltheWebStartclientfrom aLANorDVD.SincetheWebStartclientandthecachedclientshare thesamecachedarchives,userscaninstallthemajorityoftheWeb Startclientusingthesameinstallationprocedureasthecachedclient. However,theWebStartclientrequiresanadditionalcomponentthat mustbeinstalleddirectlyfromtheHostOn-Demandserveroveranetwork. InstallingtheWebStartclientinvolvestwostepsfortheadministrator followedbytwostepsfortheenduser. First,theadministratorshouldperformthefollowingtwosteps: ReferringtoStepsfortheadministratortocreatetheDVDorLANimage,usetheDeploymentWizard togenerateaCachedClientHTMLfile. UsetheDeploymentWizardasecondtimetoedittheHTMLfile thatyoucreatedinthepreviousstep,changingtheclienttypefrom CachedClienttoWebStartclient.(Besurenottomakeanyother changessothatthedefinedsessionsandthepreloadcomponentlist staythesame.)ThissecondHTMLpageistheonethatyoushould publishforuserstoaccess.Second,onceyouhavepublishedyourHTMLfile,usersshould performthefollowingtwosteps: ReferringtoStepsfortheuser,installthecached clientthattheadministratorsetupontheLANorDVD. InstalltheadditionalcomponentfortheWebStartclientbyfollowing thestepsforInstallingtheWebStartclientfromtheHostOn-Demand Server:UsingaWebbrowser.TheWebStartclientcodewill determinethattheHostOn-Demandarchivefileshavealreadybeen downloadedandwillnotdownloadthemagain.Theremainingcomponent shoulddownloadquickly,andtheHostOn-DemandWebStartclientwill start. ConfiguringyourWebserverforWebStart TheadministratormustregistertheJNLPextensionasamimetype withtheWebserversothebrowserknowstolaunchtheWebStartapplication. Forexample,thefollowingsectionsdescribehowtoconfigureApache HTTPServer,IBMHTTPServer,andMicrosoftIIS. ApacheHTTPServerorIBMHTTPServer ToconfiguretheApacheHTTPServerorIBMHTTPServerforWeb Start,addthefollowinglinetomime.types: AddTypeApplication/x-java-jnlp-file.jnlp MicrosoftIIS7.0 ToconfigureMicrosoftIISforWebStart,completethefollowing steps: FromControlPanel>AdministrativeTools>InternetInformation Services,clickDefaultWebSite. ClicktheHTTPHeaderstabontheProperties. UnderMIMEMap,clicktheFileTypestabandselectNewType. IntheExtensionfield,type.jnlp. IntheContentTypefield,typeapplication/x-java-jnlp-file. ClickOK. UpgradingtheWebStartclient AftertheinitialinstalloftheWebStartclient,ifuserspoint theirbrowserstotheHTMLfilegeneratedbytheDeploymentWizard andupdatesareavailableontheHostOn-Demandserver,HostOn-Demand promptsuserstoupdate.Ifuserswanttoupdate,JavaWebStartdownloads theupdatedarchivefilesandlaunchesHostOn-Demand.Ifusersdecline toupgrade,HostOn-Demandpromptsthemagainthenexttimetheylaunch theHTMLfile. AddingWebStartcomponentsaftertheinitialinstall IfusersrequestafunctionthatisnotinstalledontheJavaWeb Startclient,HostOn-Demandpromptsthemtoinstalltheadditional componentsrequiredforthatfunction.Iftheychoosetoinstallthe additionalcomponents,theymustrestarttheHostOn-Demandclient tousethem. WebStartandWindowsRestrictedUsers WindowsRestrictedUserswithJavaWebStart1.0.1should removetheJREandJavaWebStartandreinstallanewerJREwithJava WebStart1.2. BookmarkingsessionswithWebStart SincetheWebStartclientrunsoutsideofabrowser,bookmarking isdisabledsincebookmarkingisabrowserfeature.Administrators cancreateWebStartclientsthatgiveusersthesamelookasrunning anembeddedbookmarkedsessionbydoingthefollowing: OntheAdvancedOptionswindowoftheDeploymentWizard,addthe HideHODDesktopparameterwithavalueoftrue. Configureasinglesessiontoautostart. Configurethesessiontonotstartinaseparatewindow. UsingWebStartwithHTTPS IfyouwanttouseHTTPSwiththeWebStartclient,thecertificate authorityusedforyoursecureHTTPconnectionshouldcomefroma wellknownrootauthority.WhenyouuseHostOn-Demandasanapplet anduseanHTTPSconnection,youaregiventheopportunitytotrust thecertificateusedfortheHTTPSconnectioniftherootauthority isnotknownbythebrowser.SinceJavaWebStartrunsasanapplication, thisbrowserfacilityisnotavailable.TheJavaVirtualMachineused byJavaWebStartcontainsseveralrootauthoritiesthatittrusts. IfthecertificatethatcomesfromtheHTTPSconnectionhasaroot authorityofoneoftheseauthoritiesknownbytheJVM,thesecure connectioncanbeestablished.Ifyouwanttouseacertificateauthority otherthanonesknownbytheJVMbydefault,forexample,aself-signed certificate,youneedtoimportthecertificateintothekeystore oftheJVMforeachoftheclientsaccessingthisJavaWebStartclient. ThisisrequiredtoestablishthesecureHTTPconnection. RemovingtheWebStartclient ToremovetheWebStartclient,completebothofthe followingsteps: IntheJavaWebStartApplicationManager,highlightyourapplication andclickRemove. LaunchHODRemove.htmlinyourbrowser. Downloadclients UnlikethecachedclientandWebStartclient,thedownloadclient doesnotcontrolhoworwhenclientcomponentsaredownloadedtothe workstation'sharddisk.Thedownloadclientleavesallcachingdecisions tothebrowser. Usethedownloadclientifyoumeetbothof thefollowingrequirements: Youdonotwanttotakeupdiskspaceonclientmachines byinstallingthecachedclientorWebStartclient. Yourinitialdownloadtimeisnotanissue. Launchingthedownloadclient LaunchthedownloadclientbydownloadingitfromtheHostOn-Demand serverintoyourbrowserwindow,asdescribedinLoadingemulatorclients. Launchingthedownloadclientafterinstallingthecachedclient orWebStartclient Java WithJavaclients,youcansuccessfullylaunchthedownloadclient afterinstallingthecachedclientorWebStartclient. Predefinedemulatorclients SeveralpredefinedemulatorclientHTMLfilesaresuppliedwith HostOn-Demand.TheyareincludedtodemonstratetherangeofHost On-Demandclientfunctionalityandtoserveasexamplesforcreating customizedHTMLfilesintheDeploymentWizard.Allofthemusethe Configurationserver-basedmodel.Toloadoneoftheseclients,follow theinstructionsinLoadingemulatorclients. Ingeneral,itisrecommendedthatyoudefine yourowncustomizedHTMLfileswiththeDeploymentWizardinstead ofusingthepredefinedclientHTMLfiles. ThefollowingpredefinedemulatorclientHTMLfilesareprovided byHostOn-Demand: Cachedclient(HODCached.html) ProvidesallHostOn-Demandclientfunctions. Cachedclientwithproblemdetermination(HODCachedDebug.html)1 Startsthecachedclientwithproblemdetermination(session loggingandtracing). Downloadclient(HOD.html) ProvidesallHostOn-Demandclientfunctionsexceptproblem determination. WithaJava-enabledbrowserthepredefined downloadclientfileHOD.htmlomitssomeinfrequentlyusedHostOn-Demand components.Formoreinformation,includingalistofexcludedcomponents andadescriptionofworkarounds,seeHTMLfilesdonotcontainsomecomponents.AccessingHOD.htmlwithaJava browserworkswithlimitedfunctions. Downloadclientwithproblemdetermination(HODDebug.html)1 Loadsthedownloadclientwithproblemdetermination(session loggingandtracing). Notes: Usetheproblemdeterminationclientsonlyifyouareworking withIBMSupporttoresolveaproblemwithyourHostOn-Demandinstallation. Reducingclientdownloadsize Ingeneral,itisagoodideatokeepthesizeofyour HostOn-Demandclients(whetherdownload,WebStart,orcachedclients) assmallaspossible.Thisspeedsuptheirdownloadtimeandconserves diskspaceonclientmachines. ThebestwaytominimizethesizeofyourHostOn-Demandclients istocreatethembyusingtheDeploymentWizard.Thepredefined clientssuppliedwithHostOn-Demandaretypicallylargerthanthe customclientscreatedwiththeDeploymentWizardbecausetheycontain HostOn-Demand'sfullrangeofclientfunctionality.Clientscreated intheDeploymentWizardcontainonlythefunctionsthatyouselect tobepre-installed.Inaddition,DeploymentWizardclientsaredownloaded incompressedformat.Thisfurtherreducestheirdownloadsize. WhenyoucreateacustomizedclientwiththeDeploymentWizard, youcanselectonlythefunctionsthatyouknowusersaregoingto needonthePreloadOptionswindowintheDeploymentWizard.Forinstance, ifyourusersareonlygoingtoneed3270terminaland3270printer sessions,donotselectanyothersessiontypeswhenyouarecreating theclientintheDeploymentWizard.Includingsupportforunused sessiontypesincreasesthesizeoftheclientwithoutimprovingits functionality. IfyouclickAutoSelectonthePreloadOptionswindow,theDeployment Wizardselectsthecomponentsyouneedbasedonyoursessionconfiguration. Youcanalsochoosenottodownloadcomponentsforfunctionsthat arenotfrequentlyused.Unlessyouchoosetodisablethatfunction intheDeploymentWizard,userswillbepromptedtodownloadanynecessary componentswhentheyusethatfunction.Ifyouneedadditionalsession typeslater,youdon'tnecessarilyhavetocreateanewclienttype. YoucanaddthenewsessiontypestothepreloadlistonthePreload Optionswindowinstead. OnMacOSX,youcannotinstalladditional componentsaftertheinitialdownload.Formoreinformation,refer toCachedclientsupportforMacOSX(Javaclientsonly). DonotusedebuggingorproblemdeterminationineitherDeployment Wizard-generatedorpredefinedclients.Thisgreatlyincreasesthe sizeoftheclientandcanslowdownaclient'sperformance.Debugging andproblemdeterminationclientsarenotintendedforgeneraluse. UsethemonlyinconjunctionwithHostOn-Demandtechnicalsupport todiagnoseandsolveproblemswithyourHostOn-Demandsystem. Deployingcustomer-suppliedJavaarchivesandclasses Customer-suppliedJavaclassesandarchivesareJava classfilesandarchivefilesthatarenotincludedeitheraspart oftheHostOn-DemandclientoraspartoftheJavaRuntimeEnvironment. ExamplesofsuchfilesareJavaclassesorarchivesthatyouyourself haveimplementedorthatyouhaveobtainedfromthirdparties. Youwouldwanttodeploysuchclassesorarchivesforusewith theemulatorclientinthefollowingsituations: Youwantyouruserstorunmacrosthatcallcustomer-supplied Javamethods. Youwantyouruserstorunacustomer-suppliedappletwiththe session(eitherstartedautomaticallywiththesessionorlaunched usingtheActions>RunApplet...selectiononthemenuofthesession window). ForJavalimitationsonrunningcustomer-supplied applets,seeLimitationswithcustomer-suppliedappletsandJava. Althoughseveralmethodsareavailablefordeployingthesefiles, eachmethodworksonlyundercertaincircumstances.Thepossiblemethods are: UsingtheAdditionalArchivesHTMLparameterintheDeployment Wizard.SeeUsingtheAdditionalArchivesHTMLparameter. CopyingthefilestotheHostOn-Demandserver'spublishdirectory. SeeDeployingfromthePublishdirectory. Thedeploymentmethodyouchoosedependson: Thetypeoffiledeployed(JavaclassesandJavaarchives) Wherethefileswillbedeployed(HostOn-Demandserverorclient workstation) Thetypeofclientplatformandthetypeofbrowser. Thethreemethodsavailablefordeployingcustomer-supplied Javaarchivesandclassesaredescribedinthefollowingsections. Inaddition,Hintsandtipsforarchivefilesprovidesmoreinformationaboutusing archivefiles. UsingtheAdditionalArchivesHTMLparameter YoucanusethismethodwhenyouwanttodeployJava archivestoaHostOn-Demandserver.Thismethodworksforthecached emulatorclient,thedownloademulatorclient,andfortheWebStart client. JavaarchivesmustbeJava.JARfiles. TheadvantageofusingtheAdditionalArchivesHTMLparameteris thatitcausesyourJavaarchivestobedownloadedtotheuser'sworkstation automaticallywhenoneofyourusersconnectswiththecachedclient ordownloadclientHTMLfileonyourHostOn-Demandserver. ThedisadvantageofthismethodisthattheseJavaarchivesor classfileswillbedownloadedagaineverytimeauserconnectsto thatHTMLfileregardlessofwhetheryouareusingacachedclient ordownloadedclient.Thereasonfordownloadingthearchivesevery timeyouruserconnectsistoensurethattheHostOn-Demandclient hasthelatestversionsofyourarchivesorclassfiles.Asaresult, thismethodworksbestwhentheJavaarchivesorclassfilesarerelatively fewandrelativelysmall,sothatyourusersdonothavetowaita longtimeforthesefilestobedownloaded,andsothatdownloading thesefilestoyourusersdoesnotplaceaheavyloadonyourWeb server. Tousethismethod,performthefollowingsteps: PlacethearchivesinyourHostOn-Demandpublishdirectory.The defaultpublishdirectoryisthesubdirectoryHODinyourHostOn-Demand server'sinstalldirectory,suchasc:\ProgramFiles\IBM\HostOnDemand\HOD\. EdittheHTMLfilewiththeDeploymentWizard.Then: OntheAdvancedOptionspanel,clickHTMLParameters. IntheNamefield,enterAdditionalArchives. IntheValuesfield,enterthenamesofyourJavaarchives, separatedbycommas,withoutfileextensions(.jar).Forexample: myCustomA,myCustomB,MyCustomCFormoreinformation,seeAdditionalArchivesin theonlinehelp. DeployingfromthePublishdirectory Thismethodworksinthefollowingsituation: WhenyouwanttodeployJavaclassfilestoaHostOn-Demandserver. TheJavaclassfilesmustnotbelongtoanyHostOn-Demandpackage. Tousethismethod,placethearchivesinyourHostOn-Demandpublish directory.ThedefaultpublishdirectoryisthesubdirectoryHODin yourHostOn-Demandserver'sinstalldirectory,suchasc:\Program Files\IBM\HostOnDemand\HOD\. Hintsandtipsforarchivefiles Thefollowinghintsandtipsmightprovidehelpfulinformation aboutusingarchivefiles: Whenyoucreateyourarchive(.jar),verifythatthe pathofeachclassfileiscorrect.Forexample,thepathforcom.mycompany.MyClass shouldbecom\mycompany\.ItshouldnotbeC:\MyTestDirectory\com\mycompany\, anditshouldnotbeblank(sincetheclassfileispartofapackage). Verifythattheproperpermissionsaresetforyourarchivefiles. Thatis,inoperatingsystemsthatusefilepermissions,suchasLinux, AIX,Unix,andz/OS,thefilepermissionsforthearchivefilesshould besetto755(thatis,rwxr-xr-x). Ifyouhavetwodifferentcachedclientpagesthatspecifydifferent AdditionalArchivesparameters,youneedtocloseandrestartthebrowser whenswitchingfromonepagetoanother.Otherwise,whenyouswitch fromonepagetoanother,thecachedclientisnotreloadedand,as aresult,theAdditionalArchivesparameterisnotchecked. UsingDatabaseOn-Demandclients TheDatabaseOn-DemandclientisaJavaappletthatallowsanend usertobuildSQLstatementsandFileUploadstatements,tosendthese SQLstatementsandFileUploadstatementstoaremotedatabaseserver, andtoretrievetheresultsofSQLqueries(SQLSelectstatements) fromtheremotedatabaseserver. TheusercancommunicatewithadatabaseserverrunningonanIBM Systemiserverorotherplatform,solongastheproperJavaDatabase Connectivity(JDBC)driverisinstalledontheDatabaseOn-Demand clientworkstation.FormoreinformationrefertoObtainingandinstallingaJDBCdriverinthismanual. FeaturesofDatabaseOn-Demandinclude: TextandgraphicalinterfacesforconstructingSQLstatements andFileUploadstatements. TheabilitytosaveandreuseSQLstatementsandFileUploadstatements. ForSQLstatements: TheabilitytorunanSQLstatementanddisplaytheresults. TheabilitytosavetheresultsofanSQLstatementintoafile invariousfileformats,includingXML(seeFileformatsfordatabaseaccessin thismanual). ForFileUploadstatements: TheabilitytousethefollowingFileUploadtypes:create,replace, append,andupdate. Theabilitytoreaddatafilesinvariousfileformats,including XML(seeFileformatsfordatabaseaccessinthismanual). TheDatabaseOn-Demandclientisavailableonlythroughoneof threepredefinedclientHTMLfiles(seeDatabaseOn-Demandpredefinedclients). YoucannotusetheDeploymentWizardtocreateaDatabaseOn-Demand client. However,asanalternativetotheDatabaseOn-Demandclient,you cannowusedatabasefunctionsinHostOn-Demandemulationclients andinmacros(seeDatabasefunctionsinDisplayEmulationclientsandinmacros). FormoreinformationseeOverviewofdatabase accessintheHostOn-Demandonlinehelp. TheDatabaseOn-DemandclientexistsinaJavaversion. Therefore: AnenduserrunningaJava-enabledbrowserautomaticallyruns theJavaversionoftheDatabaseOn-Demandclient.ThisDatabaseOn-Demandclientcantakeadvantageoftheadvanced capabilitiesoftheJavaplug-in. DatabasefunctionsinDisplayEmulationclientsandinmacros AsanalternativetotheDatabaseOn-Demandclient,almostall ofthefunctionsthatareavailableintheDatabaseOn-Demandclient arenowalsoavailableinthedisplayemulationclient,including thefollowingsessiontypes: 3270Displaysession 5250Displaysession VTDisplaysession YoucanalsouseSQLstatementsandFileUploadstatementsinmacros indisplayemulationclientsessions(seetheSQLQuery actionandtheFileUploadactionintheMacroProgrammingGuide). Forexample,whileyouareconnectedtoaremotehostina3270 Displaysession,youcanlaunchamacrothatautomaticallyreadsdata fromthe3270Displaysessionwindowandwritesthedataintoatable inadatabasethatislocatedonanotherremotehost.Similarly,you canlaunchamacrothatautomaticallyreadsdatafromatableina remotedatabaseandwritesthedataintothe3270Displaysession window. FormoreinformationseeOverviewofdatabase accessintheHostOn-Demandonlinehelp. StartingaDatabaseOn-Demandclient TostartaDatabaseOn-Demandclientontheclientworkstation, useoneofthefollowingtwomethods: ConnectyourbrowsertoapredefinedDatabaseOn-DemandHTMLfile, bytypingtheURLoftheHTMLfileintotheaddressfieldofyour browser(orbyclickingalinkthatdirectsthebrowsertothatURL). TheformatfortheURLis: http://server_name/hod_alias/client_name.htmlwhereserver_nameisthehostnameorIPaddressof theHostOn-Demandserver,hod_aliasis thealiasofthepublishdirectory,andclient_name isthenameoftheHTMLfile.Forexample,assumingthatwww.myHODServer.com isyourHostOn-Demandserverandthathodisthealiasofthepublish directory,thentheURLforthedownloadversionoftheDatabaseOn-Demand clientis: http://www.myHODServer.com/hod/HODDatabase.html ConnectyourbrowsertotheIBMHostOn-DemandClientsHTMLfile, andthenclickthelinkfortheDatabaseOn-Demandclientthatyou wanttorun.TheURLoftheClientsHTMLfileis: http://server_name/hod_alias/HODMain_xx.htmlwhereserver_nameandhod_aliashavethesamemeaningsasabove.In thenameofthefileHODMain_xx,thexxisatwo-lettermnemonicforthelanguagethat youwanttouse.Forexample,forEnglish,thefileisnamedHODMain_en.html, andthefullURLis(assumingthesameserverandaliasasabove): http://www.myHODServer.com/hod/HODMain_en.html DatabaseOn-Demandpredefinedclients TheDatabaseOn-Demandclientisavailablethroughanyoneofthree predefinedclientHTMLfiles.YoucannotusetheDeploymentWizard tocreateaDatabaseOn-DemandclientHTMLfile.Thepredefinedclients aredescribedbelow. DatabaseOn-Demandclient(HODDatabase.html) Thisisthedownloadclient."Download"meansthatallthe clientcodeisdownloadedtotheclientworkstationeachtimethe enduserstartstheDatabaseOn-Demandclient. DatabaseOn-Demandclientcached(HODDatabaseCached.html) Thisisthecachedclient."Cached"meansthatmostofthe clientcodeisdownloadedthefirsttimetheenduserstartstheDatabase On-Demandclientandisstoredontheclientworkstation.Afterthe firstdownload,thecachedclientstartsmuchmorequicklythanthe downloadclient,becausemostoftheclientcodeisalreadyavailable ontheclientworkstation.ThecachedDatabaseOn-Demandclienthas manycomponentsincommonwiththecachedHostOn-Demandclient. Forthecachedclient,ifyourenduserrequires morethanonecodepage,youneedtoaddthenameofthearchivefile (.jarfile)foreachadditionalcodepagetothepreloadlistinthe predefinedHTMLfile.Foralistofcodepagelanguagesandcorresponding filenames,seeUsingmultiplecodepageswithDatabaseOn-Demand. DatabaseOn-Demandclientcachedwithproblemdetermination (HODDatabaseCachedDebug.html) Thisisthecachedclientwithextraproblemdetermination codeforloggingsessioneventsandtracing. Usetheproblemdeterminationclientonlyif youareworkingwithIBMSupporttoresolveaproblemwithyourHost On-Demandinstallation. ConfiguringDatabaseOn-Demandforusers ToconfigureDatabaseOn-Demandforusers,followthesesteps: UsetheAdministrationUtilitytodefinegroupsandusers(seeManagingusersandgroupsintheHostOn-Demand onlinehelp). Specifythedatabasefunctionsthatyouwantgroupsandusers tobeabletoperform,andspecifydefaultvaluesforsomeofthe databaseparametersinnewSQLstatementsandFileUploadstatements (seeDatabaseOn-DemandGroup/UserOptionsin theHostOn-Demandonlinehelp). IfyouwanttocreatepredefinedSQLstatementsandFileUpload statementsforusersandgroups,followthesesteps: RuntheDatabaseOn-Demandclientasanenduser,andcreateSQL statementsandFileUploadstatements(seeGetting startedwithDatabaseOn-DemandintheHostOn-Demandonline help). LaunchtheAdministrationUtilityandcopytheSQLstatements andFileUploadstatementstootherusersortogroups(seeDatabaseOn-DemandGroup/UserStatementsinthe HostOn-Demandonlinehelp). ObtainingandinstallingaJDBCdriver Toconnecttoadatabaseserverrunningonaremotehost,theend userneedsaJavaDatabaseConnectivity(JDBC)driverinstalledon theclientworkstation. TheHostOn-DemandclientandtheDatabaseOn-Demandclientalready includeaJDBCdriverfromtheIBMAS/400ToolboxforJava.Thisdriver allowsaclienttoaccessaDB2/400databaseonaproperlyconfigured IBMSystemiorAS/400hostsystem.Youdonotneedtoregisteror deploythisdriver. IfyouneedadifferentJDBCdriver: Contactthevendorortheadministratoroftheremotedatabase toobtaintheJDBCdriver. RegistertheJDBCdriverwithHostOn-DemandorDatabaseOn-Demand. SeeRegisteringaJDBCdriverintheHost On-Demandonlinehelp. DeploytheJDBCdrivertotheworkstationsofyourendusers. SeeDeployingaJDBCdriverintheHostOn-Demand onlinehelp. Fileformatsfordatabaseaccess TheenduserselectsafiletypeforanSQLstatementoraFile UploadstatementontheOutputtaboftheSQLWizardwindoworon theFiletaboftheFileUploadwindow. Forinformationonfileformats,seeFileformats fordatabaseaccessintheHostOn-Demandonlinehelp. UsingmultiplecodepageswithDatabaseOn-Demand IfyouwishtousemultiplecodepageswithDatabaseOn-Demand, youneedtoaddjarorcabfilestoyourHTMLfile.Onlythosecode pagesthatcorrespondtothelanguageoftheHTMLfileareautomatically loaded.Forexample,ifyouarerunningfromaFrenchcomputer,but youwanttoaccessaDutchhost,youneedtomakethesemodifications. EdittheCommonJars.jsfile.Ifyouareusingadownloadclient, lookforthelinethatstarts"dbaDownloadJars="andaddthe appropriatefilenamesfromthetablebelow.Usejarfilenames,even ifyourclientswillbeusingInternetExplorer(thenameswillbe convertedtocabfilenameslater).Ifyouareusingacachedclient, lookforthelinethatstarts"dbaCachedComps="andaddthe appropriatecomponentnamefromthetablebelow. SupportedDatabaseOn-Demandcodepages ThefollowingtableliststhesupportedDatabaseOn-Demand clientcodepagelanguages,thecorresponding.jarfilenames,and thecachedcomponentnames: Codepagelanguage .JARfilename Component name Arabic hacpar.jar HACPAR Czech,Hungarian,Polish,Slovenian hacpce.jar HACPCE Danish,Finnish,Dutch,Norwegian,Swedish hacp1b.jar HACP1B German,Spanish,French,Italian,Portuguese, BrazilianPortuguese hacp1a.jar HACP1A Greek hacpgr.jar HACPGR Hebrew hacphe.jar HACPHE Japanese hacpja.jar HACPJA Korean hacpko.jar HACPKO Russian hacpru.jar HACPRU SimplifiedChinese hacpzh.jar HACPZH Thai hacpth.jar HACPTH Turkish hacptr.jar HACPTR TraditionalChinese hacptw.jar HACPTW Creatinganddeployingservermacrolibraries ServermacrolibrariesareavailablefortheHTMLmodel pagesandConfigmodelusers.FortheHTMLpage,userscanuseDeployment wizardtocustomizetheservermacrolibrary;fortheConfigmodel, userscanusetheHostOn-Demandadminconsole.GUIbasedconfiguration allowstheadministratortoconfigureforeachsession.Fortheadministrator toconfigureforallthesessionsdefined,usetheHTMLparameterSetServerMacroLibraryPath. ThevalueofSetServerMacroLibraryPathissharepathorrelativepath. Youcanusethevaluestocreateandmaintainacentralrepository ofmacrosforuserstoaccessfromtheirHostOn-Demandsessions. Thesemacrosaredownloadedtotheuser'smachineonlywhenitis needed.Whenyoumakechangestoaservermacro,usersautomatically getyourupdatesthenexttimewhentheyaccessthemacro. Servermacrolibrarieshaveseveralbenefits: Theyprovideaconvenientwaytostore,edit,andadministermacros, allfromoneeasy-to-accesslocation. Theyalloweasysharingofmacrosamongmultipleusersandacross anynumberofsessions. TheyeliminatetheneedtoimportmacrosintotheHostOn-Demand session,andcanthereforereducethesizeofthesession.Themacros areonlydownloadedtotheuser'smachineifandwhentheuseraccesses them. Youcaneditmacrosandreplacethefilesintheservermacro libraryatanytimewithoutregeneratingHostOn-Demandsessionsor modifyingtheHTMLfiles.Anychangesyoumakeareautomaticallyavailable thenexttimeauserrequeststhatmacro. ServermacrolibrariescanresideonaWebserveroronashared networkdrive.Forbothtypesoflibraries,youcancontrolwhich macrosareavailabletoparticularHostOn-Demandsessions.Ifyou useaWeb-basedmacrolibrary,youneedtocreateatextfilethat identifiesthespecificmacrosthatyouwanttobeavailableforthe sessionthatyouareconfiguring.Ifyouuseashareddrive-based macrolibrary,thenallthefilesinthespecified directorywillbeavailabletothesession.Userswillnotbeallowed towritetoaWeb-basedmacrolibrary,buttheymayupdateashared drive-basedmacrolibraryiftheyhavewrite-access. DeployingaservermacrolibrarytoaWebserver PutyourmacrosinaplacethatuserscanaccessthroughaWeb server.ThisdoesnotneedtobetheHostOn-Demandpublishdirectory. Foreachsessionthatrequiresaseparatesetofmacros,create atextfilethatcontainsthelistofthemacrofilenames.Thetext fileformatcanonlyhaveonemacrofilenameperline,forexample: macro1.mac macro2.mac macro3.macBesuretonotethefollowingrules: Themacronamemustbethefirstelementontheline,sinceeverything afterthefirstelementisignored. Ifthefirstelementonthelinestartswith//,thelineisconsidered tobeacommentandisignored. Eachmacrothatyoulistinthetextfilemusthavea.macextension. Putthistextfileinthesamelocationasthemacrosthatit references. IntheDeploymentWizard,clicktheConfiguremenuontheHost SessionswindowandselectServermacrolibrary...Checkthe'Use aservermacrolibraryforthissession'boxandselectWebserver macrolibrary. SpecifythefullyqualifiedURLofthemacrolistthatyoucreated inStep2,forexample,http://servername/hod/macrolist.txt.Click OK. Whenusersopentheirsessions,theycanusethePlayMacroor AvailableMacroswindowstoseethemacrosspecifiedinthelistthat youcreatedfortheirsession.Thesemacrosareavailablewhenusers selectServerlibraryastheirmacrolocation.TheServerlibrary locationisonlyavailableifyouhaveconfiguredthesessiontouse aservermacrolibrary. Note: ServerMacroLibrarycanalsobeconfigured inAdminClient. Deployingaservermacrolibrarytoashareddrive Putyourmacrosinashareddirectoryonyournetwork. IntheDeploymentWizardHostSessionswindow,selectthesession youwishtoconfigure,clicktheConfiguremenu,andselectServer macrolibrary.Checkthe'Useaservermacrolibraryforthissession' boxandselectShareddrivemacrolibrary. Specifythedirectorypath.Examplesofvaliddirectorypaths includethefollowing: Absolutepaths.Mappednetworkdriveletterscanalsobeused intheabsolutepath.Notethataservermacrolibraryshouldnever pointtoalocaldrive. RemotecomputernamesorIPaddressesareallowedaslongasthe user'scomputerisalreadyremotelyconnectedandauthenticatedto thecomputerthatissharingthedirectory.Thefollowingaretwo examplesofpathstoshareddrivemacrolibraries: \\your_host\macro_library,whereyour_hostis thehostnameandmacro_libraryisthemacro directory. \\123.45.67.89\macro_library,where123.45.67.89is theIPaddressofthehostandmacro_libraryis themacrodirectory.Ifyouareconfiguringamacrolibraryformorethanonesession, andeachsessionusesitsownsetofmacros,youwillneedtocreate aseparatedirectoryforeachsession. ClickOK. Whenusersopentheirsessions,theycanusethePlayMacroor theAvailableMacroswindowstoseealistofthemacrosinthedirectory. ThesemacrosareavailablewhenusersselectServerlibraryastheir macrolocation.TheServerlibrarylocationisonlyavailableifyou haveconfiguredthesessiontouseaservermacrolibrary. Modifyingsessionpropertiesdynamically HostOn-Demandsessionsaredefinedbytheadministratorandretrieved bytheHostOn-DemandclientwhenauseraccessesaHostOn-Demand HTMLfile.Thesessionpropertiesauserseesarefixedvaluesand consistofacombinationoftheadministrator'sinitialconfiguration andanyuserupdates.However,theremaybetimeswhenitwouldbe usefulwithsomeHTMLfiles,orwithcertainsessionproperties,to dynamicallysetavalueatthetimethattheHTMLisaccessed.This typeofcontrolallowsyoutosetparticularsessionpropertyvalues basedoninformationsuchastheIPaddressoftheclientorthetime ofday. Inordertodynamicallysetsessionpropertiesatthetimethe HTMLisaccessed,theadministratormustwriteaprogramthatruns ontheWebserverandeffectivelymodifiestheHTMLjustbeforeit issenttotheclient.Eventhoughtheinitialsessionproperties arenotdefinedintheHTML,HostOn-Demandprovidesthecapability tooverridemanyofthesessionpropertiesintheHTML.Theseoverride valuesarealwaysusedbytheclientandtakeprecedenceoverboth theinitialsessionpropertiessetupbytheadministrator,aswell asanyupdatesforthepropertymadebytheuser.TheHTMLoverride valueisneverstored,sotheclientwillreturntousingpriorsettings forthepropertywhenevertheadministratorremovestheoverride. Also,theoverriddenpropertyislockedsoausercannotchangeit. Therearemanywaysinwhichanadministratorcouldwriteaprogram todynamicallysetoneormoresessionpropertiesusingtheHTMLoverrides, suchasusingJavaServerPages(JSP),servlets,Perl,REXX,orActive ServerPages(ASP).Thischaptertakesyouthroughacoupleofexamples thatfocusoncommonadministratorissues.Theseexamplesaremeant todemonstratethesyntaxandtechniqueofoverridingparticularproperties. Thesemechanismsapplytowhicheverprogrammingapproachtheadministrator maychoose. SettinguptheinitialHTMLfile TheinitialHTMLfileshouldbecreatedusingtheDeployment Wizard,whichwillallowyoutosetupthefeaturesthatareimportant toyou,suchasthesizeofthedownloadedcodeandthefunctions availabletoyourusers.ThefollowingsectionsdescribetheHTML parametersyouwillneedtoinclude.However,keepinmindthatthe exactformatrequiredfortheseparameterswillvarydependingon theformatoftheHTML.NotethatinHostOn-Demand7andlater,some oftheHTMLisgeneratedusingJavaScript,andHTMLparametersare specifiedwithinaJavaScriptarrayorusingJavaScriptdocument.write statements.Also,theformatoftheHTMLvariesaccordingtotheclient (cachedordownloadclient)selected. SettingtheCodebase TosetthecodebasewhencreatinganHTMLusingtheDeployment Wizard,dothefollowing: OntheAdditionalOptionswindow,clickAdvancedOptionsandgo totheOtherbranchinthetreeview. Typetherelativepath/hod/intheCodebasefield. SavetheHTMLfiletothedefaultHostOn-Demandpublishdirectoryyour_install_directory\HOD.TheHTMLfileisnowlocatedinthesamedirectorywiththeHost On-Demand'sarchivefiles. CodebasereferstotheinstalledHostOn-Demandpublishdirectory andnotthedirectorywhereDeploymentWizardfilesarepublished. AlthoughyoucanenterafullyqualifiedURLintheCodebasefield, westronglyrecommendthatyouentertherelativepath/hod/forthe defaultpublishdirectorywhenmodifyingsessionpropertiesdynamically. IfyouenterafullyqualifiedURL,anyuserswhospecifythehost nameinadifferentmannerthanyouspecifiedastheCodebasewill notbeabletoaccessthefiles,eveniftheDNSentriesresolveto thesameIPaddress. AddtheConfigBaseParameter AddaparametertotheHTMLfilecalledConfigBase.Similarto defining/hod/astheCodebaseinSettingtheCodebase,theConfigBase parameterisnecessarybecauseyouwilleventuallydeployyourJSP filetoalocationthatisdifferentthanthedefaultpublishdirectory, andtheHostOn-Demandappletneedstoknowhowtofindthesession configurationfileslocatedinthehostondemand/HOD/HODDatadirectory. ThesefilesarecreatedatthesametimeyousaveyourDeployment WizardHTMLfiletothepublishdirectory.UnlikeCodebase,theConfigBase parameterrequiresafullyqualifiedURL.ConfigBaseisatermthat isspecifictoHostOn-Demand. Formoreinformation,refertoDeveloping JavaServerPagesfileswithWebSphereextensions. OverridingHTMLparameters Thereareseveralstepsyouneedtofollowinordertodynamically setsessionproperties(theexamplesshownlaterinthischapterwill helpclarifyhowsomeoftheseparametersshouldbespecified): EnableHTMLoverrides.Bydefault,theclient willignoreHTMLoverrides.Toenableoverrides,youwillneedto includeanHTMLparametercalledEnableHTMLOverridesandsetitto avalueoftrue. Listthesessionstobeoverridden.Because theremaybemultiplesessionsassociatedwithanHTML,youwillneed tolistwhichoneswillbeoverridden.Youwillneedtoincludean HTMLparametercalledTargetedSessionList,havingavalueoftheexact namesofthesessionsthatshouldacceptoverrides.Thevalueshould beacomma-separatedlistofsessionnames,suchas"Session1Name, Session2Name". Specifytheoverrideitself.Foreachsession propertytobeoverridden,youwillneedtoincludeanHTMLparameter calledthepropertyname,withthevaluebeingthedesiredoverride. Thevalueyouspecifywillthenapplytoallsessionslistedinyour TargetedSessionListparameter.Ifyouwishtoonlyoverrideasubset ofthesessionsinyourTargetedSessionList,youcanspecifyavalue intheformatof"Session1Name=value1,Session2Name=value2",forexample. Specificsessionpropertiesthatcanbeoverridden Thefollowingtabledescribesthesessionpropertiesthatcanbe overriddenandgivestheacceptablevaluesforeachparameter: Table12.Sessionpropertiesthatcanbeoverridden Parametername Description Validvalues Host HostnameorIPaddressofthetargetserver. Appearsas"Destinationaddress"onpropertypanels.Appliestoall sessiontypes. HostnameorIPaddress. HostBackup1 HostnameorIPaddressofthebackup1server. Appearsas"Destinationaddress"ofbackup1onpropertypanels.Applies toallsessiontypes. HostnameorIPaddress. HostBackup2 HostnameorIPaddressofthebackup2server. Appearsas"Destinationaddress"ofbackup2onpropertypanels.Applies toallsessiontypes. HostnameorIPaddress. Port Theportnumberonwhichthetargetserveris listening.Appearsas"Destinationport"onpropertypanels.Applies toallsessiontypes. AnyvalidTCP/IPportnumber. PortBackup1 Theportnumberonwhichthebackup1server islistening.Appearsas"Destinationport"ofbackup1onproperty panels.Appliestoallsessiontypes. AnyvalidTCP/IPportnumber. PortBackup2 Theportnumberonwhichthebackup2server islistening.Appearsas"Destinationport"ofbackup2onproperty panels.Appliestoallsessiontypes. AnyvalidTCP/IPportnumber. CodePage Thecodepageoftheservertowhichthesession willconnect.Appearsas"HostCode-Page"onpropertypanels.Applies toallsessiontypesexceptFTP. Thenumericportion(forexample,037)ofthe supportedhostcodepagelistedinthesessionpropertypanel. SessionID Theshortnameyouwanttoassigntothissession (appearsintheOIA).Itmustbeuniquetothisconfiguration.Appears as"SessionID"onpropertypanels.Appliestoallsessiontypes. Onecharacter:A-Z. LUName ThenameoftheLUorLUPool,definedatthe targetserver,towhichyouwantthissessiontoconnect.Appears as"LUorPoolName"onpropertypanels.Appliesto3270Displayand 3270Printersessiontypes. ThenameofanLUorLUPool. LUNameBackup1 ThenameoftheLUorLUPool,definedatthe backup1server,towhichyouwantthissessiontoconnect.Appears as"LUorPoolName"ofbackup1onpropertypanels.Appliesto3270 Displayand3270Printersessiontypes. ThenameofanLUorLUPool. LUNameBackup2 ThenameoftheLUorLUPool,definedatthe backup2server,towhichyouwantthissessiontoconnect.Appears as"LUorPoolName"ofbackup2onpropertypanels.Appliesto3270 Displayand3270Printersessiontypes. ThenameofanLUorLUPool. WorkstationID Thenameofthisworkstation.Appearsas"Workstation ID"onpropertypanels.Appliesto5250Displayand5250Printsession types. Auniquenameforthisworkstation. ScreenSize Definesthenumberofrowsandcolumnsonthe screen.Appearsas"ScreenSize"onpropertypanels.Appliesto3270 Display,5250Display,andVTDisplaysessiontypes. value=rowsxcolumns 2=24x80(3270,5250,VT) 3=32x80(3270) 4=43x80(3270) 5=27x132(3270,5250) 6=24x132(VT) 7=36x80(VT) 8=36x132(VT) 9=48x80(VT) 10=48x132(VT) 11=72x80(VT) 12=72x132(VT) 13=144x80(VT) 14=144x132(VT) 15=25x80(VT) 16=25x132(VT) SLPScope ServiceLocationProtocol(SLP)Scope.Appears as"Scope"under"SLPOptions"onpropertypanels.Appliesto3270 Display,3270Printer,5250Display,and5250Printersessiontypes. Contactyouradministratortogetthecorrect valueforthisfield. SLPAS400Name ConnectsasessiontoaspecificIBMSystem i.Appearsas"iSeriesName(SLP)"onpropertypanels.Appliesto 5250Displayand5250Printersessiontypes. Thefully-qualifiedSNACPname(forexample, USIBMNM.RAS400B). FTPUser SpecifiestheuserIDthesessionuseswhen connectingtotheFTPserver.Appearsas"UserID"onpropertypanels. AppliestoFTPsessiontypes. AvaliduserID. FTPPassword Specifiesthepasswordthesessionuseswhen connectingtotheFTPserver.Appearsas"Password"onpropertypanels. AppliestoFTPsessiontypes. Avalidpassword. UseFTPAnonymousLogon EnablesthesessiontologintoanFTPserver usinganonymousastheuserID.Appearsas"AnonymousLogin"onproperty panels.AppliestoFTPsessiontypes. YesorNo. FTPEmailAddress Specifiesthee-mailaddresstousewhenconnecting totheFTPserverwhileusingAnonymousLogin.Appearsas"E-mail Address"onpropertypanels.AppliestoFTPsessiontypes. Avalide-mailaddress. PromptForDestinationAddress Specifieswhethertoprompttheuserforthe destinationaddresstousewhenconnectingtotheFTPserver.Appears as"DestinationAddress"onpropertypanels.AppliestoFTPsession types. yesorno CICSInitialTransEnabled Enablesaninitialtransactiontobestarted whenaCICSGatewaysessionisestablished. trueorfalse CICSInitialTrans Specifiesthenameoftheinitialtransaction tobestarteduponconnectiontoaCICShost.AppliestoCICSGateway sessionsonly.TheCICSInitialTransEnabledparametermustbeset totrueforthespecifiedtransactiontobestarted. Validtransactionidentifiersarestringsof between1and128characters.Thestringidentifiestheinitialtransaction andanyparameterstoberunuponconnectiontotheserver.Thefirst fourcharacters,orthecharactersuptothefirstblankinthestring aretakenasthetransaction.Theremainingdataispassedtothe transactiononitsinvocation. Netname Thenameoftheterminalresourcetobeinstalled orreserved.Ifthisfieldisblank,theselectedterminaltypeis notpredictable.AppliestoCICSsessionsonly. Avalidterminalresourcename. AnyerrorsencounteredinprocessingtheHTMLparametersaredisplayed intheJavaConsole. Example#1:OverridingtheLUnamebasedontheclient'sIP address AdministratorsmaywanttoavoidspecifyingLUnamesdirectlyin sessiondefinitions.Thisexampleshowsasimplewayofusingthe IPaddressoftheclienttolookupanLUnamelistedinatextfile anduseitasanoverridevalueinasession. ThisexampleiswrittenusingJSP.TheDeploymentWizard wasusedtocreateanHTMLfilethatcontainstwosessionsnamed3270 Displayand5250Display.NotethatinHostOn-Demand 7andlater,someoftheHTMLisgeneratedusingJavaScript, andHTMLparametersarespecifiedwithinaJavaScriptarrayorusing JavaScriptdocument.writestatements.Also,theformatoftheHTML variesaccordingtotheclient(cachedordownloadclient)selected. ThisexampleusesacachedJavapagetostartfromwith theneededchangesforHTMLoverridesinbold.WhentheDeployment WizardisusedtogenerateacachedJava2pageitgeneratesthefollowing files: Example1.html z_Example1.html Example_J2.htmlAMacintoshclientmakesuseoftheExample_J2.htmlpage. Afile(c:\luname.table)isreadthatcontainsIPaddress/LUname pairs.TheIPaddressoftheclientisusedtolookuptheproper LUname,whichisoverriddeninthe"3270Display"session.Seethe commentsintheexampleformoredetail.ThelinesaddedtotheDeployment Wizardoutputaredisplayedinbold. -//W3C//DTDHTML3.2Final//EN">

Example#2:Allowingtheusertospecifythehosttoconnect tousinganHTMLform AdministratorsmayalsowanttouseHTMLformstospecifyoverride valuesratherthancalculatingthem.Thefollowingexampledisplays asimpleformforentryofahostname.TheformpoststoaJSPprogram whichusesthehostnamespecifiedintheformtooverridethehost nameinthe3270Session. ThisexampleiswrittenusingJSP.TheDeploymentWizard wasusedtocreateanHTMLfilethatcontainstwosessionsnamed"3270 Display"and"5250Display."NotethatinHostOn-Demand 7andlater,someoftheHTMLisgeneratedusingJavaScript, andHTMLparametersarespecifiedwithinaJavaScriptarrayorusing JavaScriptdocument.writestatements.Also,theformatoftheHTML variesaccordingtotheclient(cachedordownloadclient)selected. Whenusingforms,theformdataneedstoberetainedacrossrequests totheprogram.ThisisbecauseHostOn-DemandHTMLfilesreloadthemselves forJavadetectionandforbookmarkingsupportwhenusingconfiguration server-basedmodelpages.IfJava1isselectedandbookmarkingsupport isdisabledifusingtheconfigurationserver-basedmodel,thepage willnotneedtoreloadandthereisnoneedtoretaintheformdata. ThisexampleusesaJSPsessiontostoretheformdataacrossreloads. HereisasimpleHTMLformthatallowsforentryofahostname. TheformpoststotheJSPprogram(example2.jsp): Hostname
HereisthemodifiedoutputfromtheDeploymentWizard.Seethe commentsintheexampleformoredetail.ThelinesaddedtotheDeployment Wizardoutputaredisplayedinbold. //----StartJavaScriptvariabledeclarations----// varhod_Locale=''; varhod_jsapi=false; varhod_AppName=''; varhod_AppHgt='80%'; varhod_AppWid='80%'; varhod_CodeBase='/hod/'; varhod_FinalFile='z_example2.html'; varhod_JavaType='java2'; varhod_Obplet=''; varhod_jars='habasen.jar,hodbasen.jar,hodimg.jar,hacp.jar,hodsignn.jar,ha3270n.jar, hodcfgn.jar,ha5250n.jar'; varhod_URL=newString(window.location); varhod_DebugOn=false; varhod_SearchArg=window.location.search.substring(1); varhod_AppletParams=newArray; hod_AppletParams[0]=''; hod_AppletParams[1]=''; hod_AppletParams[2]=''; hod_AppletParams[3]=''; //Thenext2linesarerequiredinordertooverridesessionproperties. //Thefirstlineturnsontheprocessingforthisfunctionanddoesnot //needtobemodified.Thesecondlineidentifiesthesessionsthatyou //wanttochange.Inthisexample,thereare2sessionsidentified //named:"3270Display"and"5250Display". //Becarefultoincrementthearrayindexcorrectly. hod_AppletParams[4]=; hod_AppletParams[5]=; //ThefollowinglinechangestheHostorDestinationAddresssessionparameter //forthesessionnamed"3270Display".Inthisexample,theHostisbeingset //tothevaluesavedintheJSPsessionfromtheHTMLform. //Whenyouareinitiallytestingyourchanges,youmaywanttouseaconstant //valuetoverifythatthesyntaxiscorrectbeforeyouinsertyour //calculations. //Hereweoverridethehostforthe3270sessiontothevaluesavedinthe //jspsessionfromthehtmlform. hod_AppletParams[6]=">; //hod_AppletParams[x]=''; //----EndJavaScriptvariabledeclarations----// functiongetHODMsg(msgNum){ returnHODFrame.hodMsgs[msgNum]; } functiongetHODFrame(){ returnHODFrame; } varlang=detectLanguage(hod_Locale); document.writeln(''); document.writeln(''); document.writeln(''); ConfiguringHostOn-DemandonzSeries Thischapterdescribeshowtosetupseparateread/writeprivate andpublishdirectoriesforconfiguringHostOn-DemandonazSeries system. Thepurposeofthisconfigurationscenarioistoprovideinstructions forcommonzSeriesconfigurationtasks. Settingupseparateread/writeprivateandpublishdirectories SetupaseparateFileSystemfortheHostOn-Demandprivate directory WhenHostOn-Demandisinstalled,filesinthe/usr/lpp/HOD/hostondemand/privatedirectory areupdatedinanexecutionenvironment,notjustbymanufacturing refreshreleases.Becausethisdirectoryisnowupdatedduringthe HostOn-Demandsoftware'sexecution,youarerecommendedtomount aseparate(non-service)FileSystem.Youcandothisinoneofthe followingways: MOUNTtheseparateFileSystemonthecurrentprivatedirectory location,suchas/usr/lpp/HOD/hostondemand/private. Createasymboliclinktotheprivatedirectorylocationasfollows: DoaTSOMKDIRtocreateadifferentmountpoint,suchas/etc/HOD/private. Rename,orbackupanddelete,youroriginalprivatedirectory. Createasymboliclinkfromtheexpectedlocation,/usr/lpp/HOD/hostondemand/private, topointtothereallocation,/etc/HOD/private. Usethefollowinglinkcommand: ln-s/etc/HOD/private/usr/lpp/HOD/hostondemand/private IfyouareusingLDAPandnativeauthentication,manuallycopy theHODrapdandthe/keysdirectorytothe system-specific/privatedirectory. Whenthesystem-specific/privatedirectory ismounted,itoverlaysbutdoesnotdestroythemaster/privatedirectory.Whenmaintenancereleases areapplied,usethemaster/privatedirectory. Ifthesefilesarechanged,copythemtothesystem-specific/privatedirectory. Setupaseparateuserpublishdirectory FilesgeneratedfromtheDeploymentWizardcanbeplacedinauser-defined directorythatisseparatefromtheHostOn-Demandpublishdirectory. ThismakesiteasiertoapplyfutureHostOn-Demandupgrades.This solutionkeepstheHostOn-Demandpublishdirectoryreadonlyand providesaseparatewriteablelocationfordeployingDeploymentWizard files. ForinstructionsondeployingDeploymentWizardfilesinaseparate userpublishdirectoryandforinformationonotheruser-modified filesthatcanbeplacedoutsidethepublishdirectory,refertomigration instructionofdeploymentwizard. Youcancreateandmountaseparatefilesystemfortheuser-defined publishdirectory.ThegeneratedDeploymentWizardzipfileareto betransferredtothisdirectoryandunzippedbytheDWUnziputility. TheWebserverneedstoincludeanaliasstatementspecifictothe user-definedpublishdirectory. YoucanaccessthepagethroughtheURLthatspecifiesthealias oftheuser-definedpublishlocation.Forexample,ifthepublish directoryis/usr/lpp/HOD/publish,andthealiasisuserpublish,then theURLtoaccesstheclientpagewouldbehttp:///userpublish/.html. Migrationconsiderationsforz/OS WhenupgradingfromapreviouslevelofHostOn-Demand,toHost On-DemandV12.0,youneedtoconsiderthepreviouscustomization. Unlikepreviousmigrations,youcannotinstallHODV12.0ontopof apreviouslevelofHostOn-DemandbecausetheInstallationManager isusedtoinstallHODVersion12andyouneedtostartwithanempty filesystem.AfterHODV12.0isinstalled,youcancopyyourprevious privatedirectorytothenewprivatedirectoryforanyGroupsand Usersandsessionspreviouslydefined.Thenusethepaxor thetarcommandtocopyyourexistingprivate directoryintotheHODV12.0FileSystem.RefertoBackinguptheprivatedirectory. AsforthepreviousclientscreatedwiththeDeploymentWizard, youneedtoinstalltheDeploymentWizardonaWindowscomputer.Then editandredeploytheclienttotheHODV12.0server.RefertoInstallingtheDevelopmentWizardfromthez/OSserver. Backinguptheprivatedirectory Theprivatedirectorycanbebackedupusingeitherthepaxcommandorthetarcommand. AssumethecurrentprivatedirectoryforHODV11is/usr/lpp/HOD/hostondemand/private: FromtheHostOn-DemandV11FileSystem,changethedirectory totheprivatedirectory:cd/usr/lpp/HOD/hostondemand/private. Archivetheprivatedirectoryina/tmpdirectory.The-zoptioncompressesthefile;the-vprovides alistoffilesandsubdirectoriesbeingarchived(optional):pax-wzvf/tmp/private.pax.Z*. Copytheprivate.tar.Zfiletothe/tmpdirectory onthesystemforHostOn-DemandV12,ifitisadifferentsystem. OntheHostOn-DemandV12.0HFS,changethedirectorytotheprivate directorywherethefilewillbeextracted:cd /usr/lpp/HOD/hostondemand/private. Issuethepaxcommandtoextracttheprivate.pax.Z file.The-zoptionspecifiesacompressed file;the-vprovidesalistoffilesand subdirectoriesbeingextracted(optional):pax -rzvf/tmp/private.pax.Z. InstallingtheDevelopmentWizardfromthez/OSserver TheDeploymentWizardnormallylocatesonaWindowsmachineduring theinstallationoftheproduct.Onz/OS,adownloadisprovided foryoutoinstalltheDeploymentWizardonWindowssoyoucangenerate clientpagesforthez/OSHODserver.Refertothefollowingsteps forinstallingtheDevelopmentWizardfromthez/OSserver: UseFTPinbinarytorelocatethisfileofaWindowsworkstation:/usr/lpp/HOD/hostondemand/HOD/depwiz/DW.zip. Extractthezipfileintoafolder. Tostarttheinstall,goto\DeploymentWizard\disk1in Explore. DoubleclickimLauncherWindows.battolaunchInstallationManager UserInterface. Followtheinstructionstofinishtheinstallation. OncetheDevelopmentWizardisinstalled,youcanlaunchit.Go toStart>All Programs>IBMHostOn-DemandDeployment Wizard. ConfiguringHostOn-DemandonIBMSystemi AfteryouinstallHostOn-DemandontheIBMSystemi platform,configurethesoftwareasfollows: TosetuptheServiceManager,followtheinstructionsinConfiguring,starting,andstoppingtheHostOn-DemandService ManageronIBMSystemi. TousetheDeploymentWizardwithanIBMSystemisystem,follow theinstructionsinUsingtheDeploymentWizardwithIBMSystemi. Toconfiguresecurity,followtheinstructionsinConfiguringIBMSystemiserversforsecureconnection. TounderstandtherequirementsforUnicodesupportusingCoded CharacterSetIdentifiersseeUnicodeSupportfori/OSandOS/400. Configuring,starting,andstoppingtheHostOn-DemandService ManageronIBMSystemi ThefollowingcommandscanbeusedfromtheIBMiv7r1 orOS/400commandline. Configure YoucanusetheNCServiceManager-OS400.shscriptfile toconfigureServiceManager.NCServiceManager-OS400.shislocated inthefollowingdirectoryontheIBMSystemi: HOD_install_directory>/lib/samples/NCServiceManager/. ToconfiguretheServicemanagersettings,performthe followingtasks: Accessthedirectory//lib/samples/ NCServiceManager/.Here,is thelocationorpathwhereHostOn-Demandhasbeeninstalled.For example,/QIBM/ProdData/HostOnDemand/. OpentheNCServiceManager-OS400.shfile. Verifythattheruntimevariablesarecorrectandcorrespondwith yourenvironment.Changethedefaultvaluesoftheruntimevariables iftheydonotcorrespondwithyourenvironment.Theseincludethe following: LocationoftheJRE:JAVA_ENGINE Update thevalueoftheJAVA_ENGINEtothecompletepathorlocationofthe jreinstalledonthesystem.ItmustbeJavaV6orhigher.Itmust pointto/bin/javain theJavainstallationdirectory. LocationoftheHostOn-Demandpublishdirectoryon theserver:MY_HOD_DIRECTORY Verify,andupdate ifnecessary,thevalueofMY_HOD_DIRECTORYtothecompletepathof theHostOnDemandinstallationdirectory.Itmustbetheinstallation directoryofHostOn-Demandandthedirectorycontains/bin,/lib andotherfoldersofHostOn-Demand.Generally,thisvalueisupdated onceatthetimeofinstallation.Forexample,/QIBM/ProdData/HostOnDemand. Targetpathsspecifiedwithinthecommandfile:MY_PUBLISHED_DIRECTORY Verify,andupdateifnecessary, thevalueofMY_PUBLISHED_DIRECTORYtothecompletepathoftheHost On-DemandPublishdirectory.Generally,itisthe/HODdirectory, whereistheHostOn-Demand installationdirectory. ConfirmthatNCServiceManager-OS400.shhasthenecessaryexecute permissionsandauthorizedtowritetodirectoriesintheHostOn-Demand installationontheserver. Start TostarttheHostOn-DemandServiceManager,runNCServiceManager-OS400.sh sothatitstartsandcontinuestoruninthebackground. OnewaytoachievethisonIBMiSeriesistosubmit ajobbyinvokingtheIBMPASEforSystemitorunthescript.Contact yourIBMiSeriesadministratorforthedetailsonbestwaystosubmit ajobsuitabletoyouriSeriessetupandrequirements. Anexamplecommandthatsubmitsajob: sbmjobcmd(callpgm(qp2shell)parm('/QOpenSys/usr/bin/-sh''/QIBM/ProdData/HostOnDemand/lib/samples/NCServiceManager/NCServiceManager-OS400.sh')) Stop Tostoptheservicemanager,endthejobonIseries. ContactyourIseriesadministratorfordetailsonasuitablemethod forstoppingtheservice. Onewaytodothisiswiththefollowingexample steps: TypeWRKACTJOBtoopenalistofactive jobs. IntheWorkwithActiveJobsmenu, theHostOn-DemandservicemanagerjobgetslistedwithfunctionnameJVM-NCServiceM.Scrolldownthemenutothisjob entryandselecttheWorkWith..option, typicallyoption5. SelecttheEndjoboption.For this,type41toendthejob,andpresstheEnterbutton.Thisendstheservicemanagerjob andstoptheservicemanager. WorkwithHODServerstatus TodeterminewhethertheServiceManagerisrunning, itneedstobecheckedwhethertheJavaprogramNCServiceManager, whichisstartedbythescriptNCServiceManager-OS400.sh,isrunning ornot.Therefore,themethodtochecktheserverstatusmightvary accordingtothemethodusedtostarttheservicemanager. Intheexampleabove,the ServiceManagerisstartedbysubmittingajobtoruntheNCServiceManager-OS400.sh script.Hence,theyoucanperformfollowingtwowaystocheckthe status: UsetheWRKACTJOBcommandtoreviewthestatus: Enterthecommand: WRKACTJOBThisprovidesalistof activejobs. IntheWorkwithActiveJobsmenu,theHostOn-Demandservice managerjobgetslistedwiththefunctionnameJVM-NCServiceM. UsethePageDownorPageUpbutton toscrolldownthemenutothisjobentryandentertheappropriate optionnumbertoWorkwith..thejob, typicallyoption5. Utilizethemenuoptionstoreviewthejobstatus. Querytheprocessstatusinthecommandline. IntheexampleofStart,thescript NCServiceManager-OS400.shisexecutedbyinvokingtheIBMPASEfor Systemi(qp2shell)intheSBMJOBcommand.Hence,inthiscase,the followingstepscanalsohelptocheckthestatus: OntheIBMSystemi,signontoagreenscreencommandline. b) EnterthePASEshellenvironment.Onthegreenscreencommand line,enterthefollowingcommand: callqp2term. OnthePASEshell,typethefollowingcommand: ps-ef|grepNCServ. Note: NCServiceManageristhenameof theJavaprogramthatrunstheservicemanager. IfthecommanddetectsthattheServicemanagerisrunning, itwillprovideanoutputthatwouldlooklikethefollowing: $ >ps-ef|grepNCServ kushald31461015:23:30-0:00/QIBM/ProdData/OS400/Java400/jFr omPASEjava-classpath.:sm.zip:ibmjndi.jar:jndi.jar:jsdk.jar:ods.jar:jt400.j ar-Djava.net.preferIPv4Stack=true-DFIPS=oncom.ibm.eNetwork.HODUtil.service s.admin.NCServiceManager/QIBM/ProdData/HostOnDemand $ Note: ThePASEshelliscase-sensitive.Hence, itisimportanttomaintainthecorrectcaseofalphabetsincommand (stepc). CertificateManagement CertificateManagementfunctionscanbeperformedusing theP12KeyringutilityprovidedbyHostOn-demand.Thisprovidesan easywaytocreateanddeployanSSLkeyringdatabase.Usethisoption toworkwithSSLcertificatesinoneoftheHostOn-Demandkeyrings. RefertoPlanningforsecurityforgeneralinformationonSSLrelated sessions. InformationonP12Keyringanditsusageisavailable inAppendixC.P12Keyringutility. SomesamplecommandscanbeviewedatthelinkHowtocreate,addorconvertcertificatesto CustomizedCAs.p12fileonz/OSforHostOn-Demand. StartInformationBundler IntheeventthatyouneedtocontacttheIBMSupport Centerforassistance,thealreadyavailableInformationBundlerscript filecanbeusedtogatherinformationaboutyourHostOn-Demandconfiguration. Forusageinformation,referthesectionRunningtheInformationBundlerofthe HODV10document. CreateHODPrinterDefinitionTable CreateacustomprinterdefinitiontableforHostOn-Demand 3270printersessions.Inordertousethisfunction,pleaserefer thesectionunderCompilingaPDTonaniSeries serversection. Acustomprinterdefinitionmightbenecessaryifyou haveaspecialpaperformoriftheprinterisnotsupported.The followingoptionsarenotavailableonHODV12.0: UsingtheDeploymentWizardwithIBMSystemi TousetheDeploymentWizardtodeployscreenstoanIBMSystem i-basedHostOn-Demandserver,dothefollowing: FromaWindowsworkstation,mapanetworkdriveto/qibmdirectoryontheIBMSystemisystem thatisHostOn-Demandserver.RefertotheIBM SystemiWebsiteformoreinformation. DownloadDeploymentWizardinstallationimagefromanalready installedHostOn-Demandv12server.AccessHODMain.html(forexamplehttp://hodserver.name.com/hod/HODMain.html,and clickonDeploymentWizardInstallation ImageforWindows. RefertotheinstallationinstructionsforinstallingDeployment Wizard.YoucanrunthiswithouthavingtoinstalltheentireHost On-Demandserver. Designthecustomfeaturesandselections. SavethecustomizedHTMLfiletothemappednetworkdrive(For example,y:\ProdData\hostondemand\hod\myweb). Useabrowsertotestoutthefile(Forexample,http://iSeries.name.com/hod/myweb.html). ConfiguringIBMSystemiserversforsecureconnection Ifyouareusingself-signedcertificatesorcertificates fromasigningagencythatisnotinthewell-knownlist,usethe P12KeyringutilitytoconfiguretheCustomizedCAskeyring.Formore details,refertoAppendixC.P12Keyring utility. FollowthestepsbelowtoconfigureaCustomizedCAskeyring: Ensurethatjavaisinstalledinthesystem. Openaunix/AIX-basedcommandline.Forexample,QSHELLorIBM IPASEshell. NavigatetotheHoston-Demandpublishfolderinthe HostOn-Demandinstallationdirectory.Generally,itis/QIBM/ProdData/HostOnDemand/HOD/. Enterthecommand java-classpath.:your_install_dir/lib/sm.zipcom.ibm.hod5sslight.tools.P12KeyringCustomizedCAsconnectmyServer.raleigh.ibm.com:702. Thiscommandcantakeafewminutestocomplete.Ifyouareasked forapassword,typehodandpressEnter. Selectthecertificatenumberthatcorrespondstothe CertificateAuthority(CA)thatyouwanttoaddtothekeyring.Be suretoaddtheCAcertificateandnotthesitecertificate.Ifthe portisnotresponding,refertoConfiguringIBMi7.1serversfor secureconnection. Repeatsteps3to5foreach targetserver. ToviewthecontentsoftheCustomizedCAskeyring,performthe followingsteps: Ensurethatjavaisinstalledinthesystem. Openalinux-basedshell,forexample,QSHELLorIBMiPASEshell. NavigatetotheHoston-DemandpublishfolderintheHostOn-Demand installationdirectory.Generally,itis/QIBM/ProdData/HostOnDemand/HOD/. Enterthecommand java-classpath.:your_install_dir/lib/sm.zipcom.ibm.hod5sslight.tools.P12KeyringCustomizedCAslist. InstallingandconfiguringHostOn-DemandwithTLS oni/OSandOS/400 Thefollowinglistprovidesahigh-leveloverviewofthesteps neededtoinstallandconfigureHostOn-DemandwithTLS: Verifyallsoftwareandhardwarerequirementsaremet. InstallallnecessaryIBMSystemisoftwareproducts.Referto yourIBMSystemidocumentationfordetails. InstallallrequiredPTFs.ThelatestPTFsarelocated onattheIBMeServerSystemisupportportal. InstallandconfiguretheIBMHTTPServerorIBMApplication Server.Refertotheproductdocumentationfordetails. CreateaCertificateAuthority(CA)fromtheDigitalCertificate ManagerontheIBMAdministrativeServerorpurchaseapublicCA. RefertoyourIBMSystemidocumentationfordetails. ConfigureTLSontheIBMHTTPServerorIBMApplication Server.Refertotheproductdocumentationfordetails. ConfigureHostOnDemandwithTLS.RefertoConfiguringTLSintheonlinehelpfordetails. ConfiguringaTelnetserverforsecureconnection VisitIBMSystemiKnowledgeCenterand searchonTLStolearnthestepsyouneed totaketoenableTLS.Youmightneedtorepeatthestepsforeach IBMSystemi7systemthatyouwanttousesecureconnectionswith. ConfiguringtheHostOn-DemandCustomizedCAskeyring Ifyouareusingself-signedcertificatesorcertificates fromasigningagencythatisnotinthewell-knownlist,usethe P12KeyringutilitytoconfiguretheCustomizedCAskeyring.Formore details,refertoAppendixC.P12Keyring utility. PerformthefollowingstepstoconfigureaCustomizedCAs keyring: Ensurethatjavaisinstalledinthesystem. Openalinux-basedshell,forexample,QSHELLorIBMIPASEshell. NavigatetotheHoston-Demandpublishfolderin theHostOn-Demandinstallationdirectory.Generally,itis/QIBM/ProdData/HostOnDemand/HOD/. Enterthecommand java-classpath.:your_install_dir/lib/sm.zipcom.ibm.hod5sslight.tools.P12KeyringCustomizedCAsconnectmyServer.raleigh.ibm.com:702This commandcantakeafewminutestocomplete.Ifyouarepromptedfor apassword,typehodandpressEnter. Selectthecertificatenumberthatcorrespondsto theCertificateAuthority(CA)thatyouwanttoaddtothekeyring. BesuretoaddtheCAcertificateandnotthesitecertificate.If theportisnotresponding,refertoConfiguringIBMSystemIservers forsecureconnection. Repeatsteps3to5for eachtargetserver. ToviewthecontentsoftheCustomizedCAskeyring,dothefollowing: Ensurethatjavaisinstalledinthesystem. Openalinux-basedshell,forexample,QSHELLorIBMIPASEshell. NavigatetotheHoston-DemandpublishfolderintheHostOn-Demand installationdirectory.Generally,itis/QIBM/ProdData/HostOnDemand/HOD/. Enterthecommand java-classpath.:your_install_dir/lib/sm.zipcom.ibm.hod5sslight.tools.P12KeyringCustomizedCAslist. IfyouhavemultipleIBMSystemi machinesandwouldliketocreateasinglecertificatethatallthe machinescanuse,considercrosscertification.RefertoManagingSecurity,Cryptographic ServicesAPIs,andApplicationSystem/400 CryptographicSupport/400Version3foradditionalinformation aboutcrosscertification. Clientauthentication Foradditionalsecurity,considerTLSwithclientauthentication totightlycontrolwhocanTelnettoyoursystemovertheInternet. Forexample,youcanconfiguretheTelnetservertoonlyallowauthentication iftheclientcertificatewasissuedbyyourIBMSystemi(through DigitalCertificateManager). Theclientcertificateshavealimitedvalidityperiod(forexample, 90days).Whenthecertificateexpires,theusermustperformthe ClientCertificateDownloadprocessinordertocontinue.Thisprocess requiresavalidIBMSystemiuserIDandpassword. NotallTelnetclientsoftwareis capableofclientauthentication.Whenenabled,allTLS-enabledTelnet connectionstotheIBMSystemirequireausercertificate. RefertotheIBMSystemiWebsite formoreinformation. ConfiguringtheHostOn-DemandOS/400proxyforsecureconnections TheOS/400proxycanbeconfiguredtoencryptfiletransferand DatabaseOn-Demandconnections.Todothis,thefollowingadditional softwaremustbeinstalledoneachtargetIBMSystemi: IBMCryptographicAccessProvider IBMClientEncryption HostServers DigitalCertificateManager SetupTLSuserauthorizations Youneedtocontrolauthorizationoftheuserstothefiles.To helpyoutomeettheTLSlegalresponsibilities,youneedtochange theauthorityofthedirectorythatcontainstheTLSfilestocontrol useraccesstothefiles.Inordertochangetheauthority,dothe following: Enterthecommandwrklnk'/QIBM/ProdData/HTTP/Public/jt400/*' Selectoption9inthedirectory. Ensure*PUBLIChas*EXCLUDEauthority. GiveuserswhoneedaccesstotheTLSfiles*RXauthoritytothe directory.Youcanauthorizeindividualusersorgroupsofusers. Rememberthatuserswith*ALLOBJspecialauthoritycannotbedenied accesstotheTLSfiles. SecureWebserving TheHostOn-DemandserverusestheWebservertodownload programobjectstothebrowser.Thisinformationcanbeencrypted, butwithaconsiderableperformanceimpact. Thedefaultportforsecurewebservingis443.Ifthatportis notenabled,port80isused.Toenablesecurewebserving,perform thefollowingsteps: FromaWebbrowser,enter:http://:2001(where istheTCP/IPhostnameofyourIBMSystemi).Ifyouareunableto connect,starttheHTTPserverwiththefollowingi/OSandOS/400 command: STRTCPSVRSERVER(*HTTP)HTTPSVR(*ADMIN) Enterthei/OSorOS/400userprofileandpassword(whenprompted). youneedtohave*ALLOBJand*SECADMauthoritiestocompletetheremaining configurationactivities. ClickIBMHTTPServerforAS/400. ClickConfigurationandAdministration. ClickConfigurations. SelecttheCONFIGconfigurationfromthelist. ClickSecurityConfiguration. FortheAllowHTTPconnectionsandAllowTLSconnectionsselections: Portnumber(443) SelectTLSClientauthenticationNone. SelectApply. ClickAS/400Tasksbuttononthelowerleftsideofthescreen. ClickDigitalCertificateManager. ClickSystemCertificates. ClickWorkwithSecureApplications. ClickQIBM_HTTP_SERVER_CONFIG;thenclickWorkwithSystemCertificate. ClickAssignNewCertificate. EndtheadministrationHTTPserverinstancewiththefollowing i/OSandOS/400command: ENDTCPSVRSERVER(*HTTP)HTTPSVR(DEFAULT) Wait10secondsfortheHTTPinstancetoshutdown. StarttheadministrationHTTPserverinstancewiththefollowing i/OSandOS/400command: STRTCPSVRSERVER(*HTTP)HTTPSVR(DEFAULT) FromaWebbrowser,enterhttps://server.name/hod/hodmain.html(whereserver.nameistheTCP/IPhostnameofyourIBM Systemi). FormoreinformationonawidevarietyofIBMSystem itopics,seeIBMiPDFfilesandmanuals. UnicodeSupportfori/OSandOS/400 Generalinformation Ina5250Displaysession,HostOn-Demandsupportsthe displayofUnicodedatalocatedinfieldstaggedwithCodedCharacter SetIdentifiers(CCSIDs).FormoreinformationseeUnicode supportfori/OSandOS/400usingCodedCharacterSetIdentifiers. Hostprogramminginformation Forhostprogramminginformation,refertotheIBMSystemiWebsite. DeployingHostOn-DemandwithWebSpherePortal AsanalternativetoaccessingHostOn-DemandthroughanHTMLfile, userscanaccessitthroughPortalServer,whichisacomponentof WebSpherePortal.PortalServerprovidesaframeworkforplugging contentextensionsknownasportletsinto aWebsite.PortletsareapplicationsthatrunwithinPortalServer. Theyorganizecontentfromdifferentsources(suchasWebsites,e-mail, andbusinessapplications)anddisplayitonasingleHTMLfilein abrowserwindow.TheWARfilesgeneratedbytheDeploymentWizard usedtolaunchHostOn-Demandsessionscanbedeployedasportlets, enablinguserstoaccessHostOn-Demandthroughtheportalinterface. IfyouareplanningtouseHostOn-DemandandPortalServerinconjunction withafirewall,refertoUsingHostOn-Demandwithafirewall.Also,ifyou areplanningtousesecurityfeaturesofWebSpherePortal,suchas theuser'sPortalIDorthePortalServerCredentialVault,refer totheWebExpressLogonReference. BothHostOn-DemandandPortalServermustbeinstalled torunaHostOn-Demandportlet. HowHostOn-DemandworkswithPortalServer Figure8showshowHostOn-DemandworkswithPortal Server. Figure8.HowHostOn-DemandworkswithPortalServer Auserlogsintotheportalthroughabrowserandisauthenticated byauserIDandpassword. Theuser'scustomizedsetofportletsisdownloadedtotheuser's machineandisdisplayedinthebrowser. IftheuserhasconfiguredaHostOn-Demandportlet,HostOn-Demand starts.ThisgivestheuserfullHostOn-Demandfunctionalitywithin theportletwindow,includingbeingabletostartsessionsandperform otherHostOn-Demandtasks. UsingHostOn-DemandclientswithPortalServer TouseHostOn-DemandwithPortalServer,youneeda HostOn-Demandportlet.Youcanquicklyandeasilycreateyourown customportletsusingtheDeploymentWizard.SeetheDeploymentWizard onlinehelpfordetailsaboutcreatingportlets. YoucanalsodownloadsampleHostOn-DemandportletsfromHostOn-DemandServiceKeyontheHostOn-Demand manufacturingrefreshpageunderToolsandUtilities. Afteryoucreateacustomportletorobtainasample one,youcanimportitdirectlyintoPortalServerjustlikeanyother portlet.RefertoWebSpherePortalforMultiplatformsfor moredetails. LimitationsonaccessingHostOn-Demandthroughaportlet ThePortalenvironmentsupportsfullHostOn-Demandfunctionality withthefollowinglimitations: AlthoughHostOn-DemandsupportsMacOSclientbrowsers,itis notrecommendedforPortalenvironments.Formoreinformationregarding supportedbrowsers,refertoWebSpherePortalfor Multiplatform. WhenrunningmultipleportletsonasingleWebSpherePortalpage, notethefollowing: UsetheHTML-basedconfigurationmodel. UseJavawhenconfiguringportletsascachedclients. Configureyourportletstobeeitherdownloadorcachedclients, notamixtureofthetwo. WhenusingaJava-enabledbrowserforsessions thatareconfiguredtoruninaseparatewindowandthathavethe AssociateEmbeddedMenuBarparametersettofalse,themenufor3270 and5250hostsessionsdisplaysasapop-upmenu.ForHostPrintand FTPsessions,thepop-upmenudoesnotdisplaybydefault.Inorder todisplaythemenuforHostPrintorFTPsessions,youneedtoconfigure thesessionstostartinaseparatewindow. InordertoembedthemenubarintheHostOn-Demandsessionthat isconfigurednottoruninaseparatewindow, youneedtohaveaJava-enabledbrowserandtheAssociateEmbeddedMenuBar parametersettotrue(thedefault).Inthefollowingcircumstances, themenubarfor3270,5250,VT,andCICShostsessionswilldisplay asapop-upmenu(andnotembeddedinthesession): TheclientbrowserisenabledwithJavaandtheAssociateEmbeddedMenuBar parameterissettofalseIftheHostOn-Demandsessionisconfiguredtostartinaseparate window,themenubarisalwaysassociatedtothesessionwindowand cannotdisplayasapop-upmenu. IftheportletusescachingforHostOn-Demand(asconfigured intheDeploymentWizard),eachmachineusedtoaccesstheportlet cachestheHostOn-Demandclient. HostOn-Demandbookmarkingdoesnotworkintheportalenvironment. IfyoudonotconfigureanappletsizeintheDeploymentWizard, itwilldefaulttofixedsize,medium. WhentheHostOn-Demandportletisrunning,youmayseewarning messageslikejava.io.FileNotFoundExceptionintheJava Console.Themessagesarecausedbyadummyarchivefilenamethat theHostOn-DemandportletusestoenablemultipleHostOn-Demand portletstorunonasingleportalpage.Thesemessagesdonotaffect theperformanceoftheportlet,soyoumayignorethem. SpecialconsiderationswhenusingaHostOn-Demandportlet WhenusingHostOn-DemandwithPortalServer,youmaywanttoconsider thefollowingissues: HostOn-Demandsessionswhentheuserlogsout ofPortalServer.HostOn-Demandrunsasanappletontheuser's machineandthereforedoesnotknowwhentheuserlogsoutofPortal Server.Ifthesessionisrunninginaseparatewindow(default), theHostOn-Demandsessionwillcontinueuntiltheusereithercloses thesessionorclosesthebrowser.IftheHostOn-Demandsessionis runningembeddedinthePortalServerwindowandtheuserlogsout ofPortalServer,thesessionmayappeartohaveended,althoughthe connectionmayremainuntilthebrowserwindowisclosed.Westrongly recommendthatusersclosetheirbrowserwindowatthetimetheylog outofPortalServer.Inaddition,youmaywishtoconfigureasession inactivitytimeoutforyoursessions. Sessioninactivitytimeout.Bydefault, HostOn-Demanddoesnotforceatimeoutonsessionconnections.However, whenrunningaportlet,itmaybebeneficialtotimeoutinactivesessions toreduceconsumptionofresources.Theinactivitytimeoutcanbe setformostemulatortypes,including3270displayandprintersessions, 5250displayandprintersessions,andVT.Youcanenableandset thetimeoutparameterSessionInactivityTimeoutinminutesforevery oneofthesesessionsintheConnectionwindowof sessionProperties. InstallingWebSpherePortalandHost On-Demandondifferentservers.IfyouinstallWebSpherePortal andHostOn-Demandondifferentservers,certainbrowsersmightgive youasecurityviolationwhenaccessingtheHostOn-Demandportlet. TheproblemoccursbecausesomeaspectsofHostOn-Demandfunctionality relyheavilyontheinteractionbetweenJava(fromtheHostOn-Demand server)andJavaScript(fromWebSpherePortal),andsomebrowsers willnotallowtheinteractionsimplybecausetheycomefromdifferent servers.Onesolutionistouseproxyingtomakeitappeartothe browserthatWebSpherePortalandHostOn-Demandareonthesameserver. Belowisanexampleofthestepsyouwouldneedtofollowtoset upproxyingontheApache/IBMHTTPserver: ConfigureyourHostOn-Demandportlet's"HODServerURL"(hodCodeBase) topointtothehostonwhichWebSpherePortalresides,withthe contextrootof/hod/(forexample,http://portal.company.com/hod). Uncommenttheline(removethe#)inhttpd.confbeginningwith LoadModuleproxy_module. AddaProxyPassruletohttpd.conftoconverttheHODServerURL requestintoarequestfortheactualHostOn-Demandserver(for example,ProxyPass/hod/http://hod.company.com/hod/). RestarttheWebserver. Now,theclient'sbrowserwillrequestHostOn-Demandfiles fromthesamehostastheportal,buttheserequestswillbeinternally reroutedbytheWebservertotheactuallocationofyourHostOn-Demand install. Cachingvs.nocaching.Thedefaultsetting intheDeploymentWizardistocacheHostOn-Demandoneachuser's machine.ManycustomerslikethisoptionwithHostOn-Demandbecause iteffectivelyinstallsallnecessarycodeontheuser'smachineand doesnotrequirenetworkloadseachtimetheuseraccessestheHTML fileorportlet.Howeverthecachingbehaviormaynotbefamiliar tomanyPortalServerusers,andyoumayelecttorejectthecaching option. ChoosingtheDeploymentWizardmodel.The modelyouchooseforyourportlet(Configurationserver,HTML,or Combined)reflectswhereyoursessionsareconfiguredanddetermines howuserchangesarestored.AlthoughHostOn-Demandtreatsportlets thesameasHTMLfiles,considerthefollowingcharacteristicsas youdecidehowtoconfigureyourportlet: HTMLmodel:Thismodelistherecommendedconfigurationmodel forHostOn-Demandportlets.IthasnodependencyontheHostOn-Demand configurationserver.Ifusersareallowedtomakeupdates,these updatesarestoredaspartoftheWebSpherePortalconfigurationand notonthelocalmachineoftheuser.Thisallowsuserstoroamfrom machinetomachineandstillhaveaccesstotheupdates. UserpreferencesarestoredinWebSphere Portalonlyifyouhavegranteduserstheappropriateaccesstothe portletandtheWebpagethatwillaccesstheportlet.WebSpherePortal usersmusthavePrivilegedUser,Editor,Manager,orAdministrator access.Formoreinformationabouthowtograntaccesstousers,refer toWebSpherePortaldocumentation. Configurationserver-basedmodel:Thismodelrequiresusersto accesstheHostOn-Demandconfigurationserver.Itallowsusersto roamfromonemachinetoanotherandstillseeanysessionmodifications theymayhavemade;however,itrequiresuserstobeauthenticated throughboththeHostOn-DemandconfigurationserverandWebSphere Portal. Combinedmodel:Thismodelrequiresuserstohaveaccesstothe HostOn-Demandconfigurationserverinordertoobtaintheinitial sessionconfigurations.Becauseuserchangesarestoredaspartof theWebSpherePortalconfigurationandnotlocally,itallowsusers toroamfromonemachinetoanotherandstillseeanysessionmodifications theymayhavemade;however,itrequiresuserstobeauthenticated throughboththeHostOn-DemandconfigurationserverandWebSphere Portal. UserpreferencesarestoredinWebSphere Portalonlyifyouhavegranteduserstheappropriateaccesstothe portletandtheWebpagethatwillaccesstheportlet.WebSpherePortal V5usersmusthavePrivilegedUser,Editor,Manager,orAdministrator access.Formoreinformationabouthowtograntaccesstousers,refer toWebSpherePortaldocumentation. Configuringadditionalparameters.When usingHostOn-Demandportlets,youmaywanttoconfigurethefollowing additionalparameterstoachievethedesiredappearanceontheportal page: StartAutomatically:SetthisoptiontoYesonthePreferences >StartOptionswindowofsessionpropertiestoallowtheHostOn-Demand portlettostartautomatically. StartinSeparateWindow:SetthisoptiontoNoonthePreferences >StartOptionswindowofsessionpropertiestoallowtheHost On-Demandportlettodisplayasanembeddedportlet. HideHODDesktopatStartup:SelectthisoptionontheAdvanced Options>AppearancewindowtohidetheHostOn-Demanddesktop. SpecifyinguniqueportletnamesinPortalServer. UsethePageTitlefieldontheFileNameandOutputFormatpagein theDeploymentWizardtospecifyuniqueportletnameswithinPortal Server. ExtendingtheHostOn-Demandportlets Undercertaincircumstances,youmaywishtomodifytheappearance orfunctionalityofyourHostOn-Demandportlets.Herearesometips andguidelinestohelpyouextendyourportlets: Portlettemplatefilesarelocatedintheportalsubdirectory ofyourHostOn-Demandpublishdirectory(orinyourDeploymentWizard installationdirectory,ifyouinstalleditseparately).Modifying thesetemplateswillaffectallportletsthataregeneratedsubsequently, sobesuretobackupthesefilesifyouaregoingtomodifythem. TemplatefilesincludethosefortheJSPsthatareusedtodisplay theHostOn-DemandappletandthosefortheXMLdescriptorsthatare usedtodeploytheportletstoWebSpherePortal. Eachportletisanarchivethatcaneasilybeextractedandre-archived usingaziputilityorthejarutilitypackagedwithaJRE.Extract theportlettoatemporarydirectory,preservingdirectorynames. Youcanthenmodifytheappropriatefiles,andre-archivetheportlet fromthetoplevelofthetemporarydirectory. XMLdescriptorsarelocatedinthetop-leveldirectory ofyourportlet.JSPfilesarelocatedinthe/WEB-INF/hod/htmldirectory forWebSpherePortal6. YoumaywishtoaddacustomHelpfiletoyourportlet.Todo this,youneedtoindicateinyourportlet.xmlfilethatyousupport thehelpmarkupmode.AddafilenamedWpsHODHelp.jsp (case-sensitive)containingyourhelpinformationandHTMLformatter toyourJSPdirectoryinyourportlet. Youmaywishtodevelopacustomportletthatdynamicallymodifies sessionproperties.Someusefuldatayoumaywanttoaccesswould betheusernameoftheportaluser,ortheIPaddressoftheclient requestingthepage.ConsulttheportletAPIsonhowtoaccessthis data.YoucanusetheHTMLoverridesyntaxdescribedinModifyingsessionpropertiesdynamicallytotheninsertdataderivedfromthisinformation intoyoursetofappletparameters. ConsulttheWebSpherePortaldocumentationinstalledwithWebSphere Portalfordetailedinformationregardingportletdevelopmentand APIs. Eclipse-Pluginsupport ThischapterdescribeshowtosetupHostOn-DemandfortheIBM Eclipse-Plugin. Note: HostOn-Demandcurrentlysupports Eclipse-PluginonWindowsplatformonly.PleasechecktheREADME foradditionalsupportasthatwillbeupdatedifadditionalplatforms areadded. Eclipse-Pluginisthefoundationfornext-generation,network-centric computing.BuiltontheEclipserichclientplatform,itprovides additionalfeaturesformanaginganddeployingapplicationseasily toendusers. OnEclipse-Plugin,allapplicationsarepackagedasEclipse"features", whichconsistof"plugins"and"fragments".Eclipse featuresareusuallyinstalledfroman"updatesite",which isadirectoryonamachinethatisweb-accessible. TobuildtheHostOn-DemandpluginforEclipse-Plugin,HostOn-Demand providesaJavaappletcalled"UpdateSiteUtility".TheUpdateSite UtilityconvertsHostOn-DemandjarfilesintoEclipsepluginsand fragmentsandplacestheminaneworanexistingupdatesitedirectory. Procedurestoinstallfeaturesfromanupdatesitearedifferent dependingonEclipse-Pluginplatforms,suchasWorkplaceManagedClient (WMC)orWebSphereEveryplaceDeployment(WED).WhenWMCisused, extraconfigurationstepsarerequiredonitsservercounterpart, WorkplaceCollaborationService(WCS).TheUpdateSiteUtilitygenerates anXMLfile,whicheasestheconfigurationstepsonWCS. CreatingHostOn-Demandplug-ins TocreateanddeploytheseHostOn-DemandpluginstoruninEclipse-Plugin, dothefollowing: EnsurethatyouhaveanHTML-modelDeploymentWizardpagethat definesthesessionsforyourplugin.YoucanuseanyexistingHTML-model pageorcreateanewone. Note: OnlyHTML-modelpagesare supportedfortheEclipse-Pluginfeature.Onceyour pageiscompleted,puttheunzippedDeploymentWizardoutputfiles intotheHostOn-Demandpublishdirectory. Createadirectory,forexamplec:\update, thatwillbeusedastheEclipseupdatesiteforyourplugin(s),if youdonotalreadyhaveonedefined.Next, DefineanaliastothatdirectoryintheWebserverconfiguration andrestarttheWebserver. YouarenowreadytocreatetheHostOn-Demandplugin. OntheEclipseupdatesitemachine,openabrowser,runningJavaJRE (1.6orhigher)andpointittotheHostOn-DemandURL:http:////WCTConfig.html. Note: OnLinux,youneedtosettheLD_LIBRARY_PATHenvironment variablewhenusingtheIBM1.4.2JavapluginServiceRelease2and later. Forexample,ifyouwanttousetheJavapluginthatis shippedbyHostOn-DemandserverforLinux,useexportcommandto settheLD_LIBRARY_PATHenvironmentvariableasfollows: exportLD_LIBRARY_PATH=/opt/ibm/HostOnDemand/hod_jre/jre/bin: $LD_LIBRARY_PATH ThisURLwillrunaspecialUpdateSiteUtilityapplettoassist inbuildingtheplugin. FillintheBasicInformationpaneloftheUpdateSiteUtility asfollows: UpdateSiteDestinationDirectory(Required) SpecifytheEclipseupdatesitedirectorycreatedinStep2,forexample c:\updates. HODCodeBase(Required)Thisfieldshould alreadybecorrectlyfilledin,ifyoupointedtoWCTConfig.htmlas describedinStep3.Thisfieldneedstospecifythelocationofthe HostOn-Demandpublishdirectoryintheform:http:/// TheHostOn-Demandservernamemustbefully-qualified.Itcannot bearelativeURLnameoronelike"localhost"or"127.0.0.1". DeploymentWizardOutputFile(Required)Specify thenameoftheHTML-modelDeploymentWizardpagecreatedinStep 1. FeatureVersion(Required)Specifytheversion stringusedinthegeneratedfeatureintheformatmajor.minor.service, like1.0.0. UserJARFilePath(Optional)Specifythe pathofajarfilecontainingcustomercodeusedforsolutionsthat requirecustomcodetointeractwiththeHostOn-Demandsessions. Youcanspecifymultiplefilesseparatedbycommas(,). Note: IfyouneedtousetheRunAppletfeature, youneedtopackageyourappletsinajarfileandspecifythefile pathhere. YoucanreducethesizeoftheEclipseplugintobecreatedby uncheckinganyunnecessaryfeaturesorhostcodepagesontheRuntimeCodesandtheCodePagespanels oftheUpdateSiteUtilitypanel. Whenyouhavecompletedallthefields,selectGenerateandDeployPlugin.Theapplet createstheHostOn-Demandplugin,andplacesitintheupdatesite youhavespecified. Followingfilesarecreatedormodifiedinthedirectoryspecified asUpdateSiteDestinationDirectory: Sitemapfile(site.xml):Thisfilelists thefeaturesthatareinstallablefromthisupdatesite. XMLAccessscriptfile:Thisfileisan inputofWebSpherePortalXMLAccessutilityforinstallingHostOn-Demand featureonWCS.Thefilenamesaregivenintheform:(deployment wizardoutputfilename)_DeployScript.xml.OnXMLAccess,refertoIBMAcceleratorsforWebSpherePortalfamily. featuressubdirectory:Thissubdirectory containstheHostOn-Demandfeaturearchives. pluginssubdirectory:Thissubdirectory contains: HostOn-Demandplugin Pluginitself.Filenameisgivenintheform:com.ibm.eNetwork.HOD.wct_(pluginversion).jar HostOn-Demandcodefragment HostOn-Demandruntimecode.Filenameisgiven intheform:com.ibm.eNetwork.HOD.wct.(function name)_(pluginversion).jar Configfragment Fragmentthatstoresconfigurationinformation. Filenameisgivenintheform:com.ibm.eNetwork.HOD.wct.configs.(deployment wizardoutputfilename)_(featureversion).jar imagessubdirectory:Thissubdirectorycontains animagefileusedonWMC/WCS. Forinformationaboutinstallingthepluginontheclient, refertodocumentsthatcomewithyourEclipse-Pluginplatforms. SettingSessionPropertiesDynamically OntheEclipse-Pluginplatform,HTMLoverridescannotbeusedin ordertodynamicallysetsessionpropertiesbecausenoHTMLfiles areusedforrunningtheHostOn-Demandplugin.Ifyouneedtohave thesimilarfunctionality,dothefollowingsteps: ImplementaJavaclassthatimplementsthecom.ibm.eNetwork.HOD.wct.IHODConfigFactoryinterface, whichisstoredinthewct.jarfile.Thewct.jarfileisinstalled intheHostOn-Demandpublishdirectory.Theinterfacehastwopublic methods: publicStringsetHodHtmlFileName() publicPropertiesgetHodHtmlParameters() Following isanexampleofsuchJavaclasses: Figure9.ExampleofJavaclasses packagecom.ibm.eNetwork.HOD.wct.samples; importjava.util.Properties; importcom.ibm.eNetwork.HOD.wct.IHODConfigFactory; publicclassConfigOverrideimplementsIHODConfigFactory{ /*(non-Javadoc) *@seecom.ibm.eNetwork.HOD.wct.IHODConfigFactory#getHodHtmlFileName() */ publicStringgetHodHtmlFileName(){ return"hodwmc"; } /*(non-Javadoc) *@seecom.ibm.eNetwork.HOD.wct.IHODConfigFactory#getHodHtmlParameters() */ publicPropertiesgetHodHtmlParameters(){ Propertiesp=newProperties(); p.put("EnableHTMLOverrides","true"); p.put("TargetedSessionList","3270Display"); p.put("host","3270Display=hostname"); returnp; } PackagetheJavaclassinajarfile. EdittheUpdateSiteUtilityHTMLfile(WCTConfig.html)inthe HostOn-DemandpublishdirectoryandsettheshowUserClassparameter totrue: varshowUserClass="true"; RuntheUpdateSiteUtilityand specifyadditionalparametersasfollows:UserJARFilePath:The filepathofthejarfilecreatedonthestep2. UserConfigurationFactoryClass:ThenameoftheJavaclassimplemented onthestep1. GenerateaHostOn-DemandpluginanddeployittoyourEclipse-Plugin platform. Usingaseparateuserpublishingdirectory Whenyouareusingaseparateuserpublishingdirectoryotherthan theHostOn-Demandpublishdirectory,youneedtospecifythedirectory onUpdateSiteUtilitywiththefollowingprocedure: EdittheUpdateSiteUtilityHTMLfile(WCTConfig.html)inHost On-DemandpublishdirectoryandsettheshowAlternatePublishDirectory parametertotrue: varshowAlternatePublishDirectory="true"; RuntheUpdateSiteUtilityandspecifyyourseparateuserpublishing directoryintheAlternatePublishDirectoryentryfield. ViewIDsusedinHostOn-Demandplugin FollowingisthelistofviewIDsusedbyHostOn-Demandplugin. Youaresuggestedknowingthemwhenyouconfigurepagelayouton WCSmanually. ID Description com.ibm.eNetwork.HOD.wct.SessionsView ConfiguredSessions com.ibm.eNetwork.HOD.wct.SessionLabelsView ActiveSessions com.ibm.eNetwork.HOD.wct.TerminalView Terminal(Display,Printer,FTP,etc.) LimitationsonusingHostOn-DemandinaEclipse-Pluginenvironment FollowingarelimitationsnotmentionedaboveonusingHostOn-Demand inanEclipse-Pluginenvironment: SometimesaHostOn-DemandmodaldialogcangetbehindtheEclipse-Plugin shellwindow.ThiswillhappenifHostOn-Demandhasadialogopen andtheuserswitchestoanotherapplicationoutsideofEclipse-Plugin. UserwillhavetodoALT-TABtofindtheHODdialogthatneedsto beacknowledged. "ConfirmOnExit"doesnotwork.The"ConfirmOn Exit"settingisignoredintheEclipse-Pluginenvironment.Since itisnotsupported,theoptionhasbeenremovedfromthesession properties. Ifasessionislaunchedandadestinationaddressisnotconfigured, theHostOn-Demandappletisabletolaunchthesessionproperties dialog.IntheEclipse-Pluginenvironment,usersreceiveamessage thatadestinationaddressisrequiredbutthepropertiesdialogdoes notopen. GUIelementslikeMacroManager,Keypad,andToolbarcannotbe addeddynamicallytoarunningsession.Instead,theseitemsmust beenabledusingtheexistingpropertiesinthePreferencessection ofthesessionproperties. Optionto"StartinaSeparateWindow"hasnomeaning inthisenvironmentsincethesessionisalwaysinaneditorpane. Thisoptionisremovedfromthesessionproperties. Onlyaclientwithdebugcapabilitiesisavailable.Reducing thepreloadcomponentsusingtheDeploymentWizardPreloadOptions tomakethefootprintsmaller(withtheexceptionofhostcodepages and5250FileTransfer)isnotpossible. UnliketheHostOn-Demandcachedclient,clientdoesnotautomatically updatetothenewcodelevel.TheAdministratorneedstore-configure UpdateSitesothattheEclipse-Pluginplatformcaninstallthenew plugin/fragments. RunAppletworksonlywhentheappletispackagedinaJARfile andinstalledonclientmachines. IPMONtracingissupportedonlyinthe"normal"mode. The"automatic"modeisnotsupported.Ontheexecution modesofIPMON,refertothe"OverviewofIPMONtracing"topic intheonlinehelp. WhenmultipleHostOn-Demandfeaturesareinstalled,theHost On-DemandplugindisplaysthelistofinstalledHostOn-Demandfeatures intheconfiguredsessionsviewtolettheuserselectonefeature amongthem.Afteronefeatureisonceselected,theuserneedsto restartWEDtoselectadifferentfeature. PressingandreleasingtheAlt-keythrowsanexceptiononthe Javaconsole.ThisisaknownproblemwiththeIBM1.4.2JREand hasbeenresolvedinIBM1.4.2ServiceRelease4.1andlater. ConfiguringHostOn-DemandServertouseLDAP TheHostOn-DemandServerisusedtomanageconfigurationdata fortheconfigurationserver-basedandcombinedmodels.Forthedefault operationalmodeoftheHostOn-DemandServer,thisdataissaved inanon-sharedprivatedatastore.Someenterprisecustomersneed tomanagetheirconfigurationinformationbetweenmultipleHostOn-Demand servers.Ifthesecustomersusethenon-sharedprivatedatastore, thentheiradministratorsmustmanagethedataforeachHostOn-Demand Serverseparately.ALightweightDirectoryAccessProtocol(LDAP) serverdirectoryprovidestheabilitytoshareuserandgroupconfiguration informationoverdifferentinstancesoftheHostOn-Demandconfiguration server. UsinganLDAPdirectoryservertomanageandshareyourdefinitions acrossmultipleHostOn-Demandserversisanoptionthatmustbecarefully plannedandexecuted.Migrationfromtheprivatedatastore,inparticular, hasimplicationsontheconfigurationdata.LDAPenablesthecustomer tomanagetheconfigurationinformationbyarrangingusersintoa hierarchicaltreeofgroups.Ifexistingusersaremembersofmore thanonegroup,thensomeinformationwillbelost.Notethatthe configurationdataintheprivatedatastoreisnotchangedwhena migrationtoLDAPoccurs.Refertoimplications ofmigratingtoLDAPintheHostOn-Demandonlinehelpformore detailedinformation. SettingupLDAPsupport DecidewhichLDAPDirectoryserveryouaregoingtouseand,if necessary,installit. IfyouarerunningaversionofLDAPthatdoesnotsupportthe schemaforHostOn-Demand,installtheHostOn-Demandschemaextension filesasdescribedinInstallingtheschemaextensions.(Theschemaextension filesarenotrequiredforIBMLDAPVersion3.xorlater.) AskyourLDAPadministratorforasuffixwhichHostOn-Demand willusetostoreconfigurationinformation.Makeanoteofthedistinguished name(DN)ofthissuffix;youwillneedthisinformationtocomplete theLDAPsetup. AskyourLDAPadministratorforanadministratorDNandpassword forHostOn-Demand;thesewillbeusedtoauthenticatetotheLDAP server.TheadministratorDNmusthavecreate,modifyanddeleteprivileges forthesuffixmentionedinthepreviousstep.Makeanoteofthe DNandpassword;youwillneedthisinformationtocompletetheLDAP setup. EnableLDAPontheDirectoryServicewindowintheadministration utility.Also,optionally,migratetheprivatedatastoreconfiguration informationtotheLDAPdirectoryserver.Formoreinformation,refer toConfiguringHostOn-DemandServertouseLDAP. Usersandgroupsthatarealreadydefinedin LDAPforotherpurposesarenotusedbyHostOn-Demand.Usersand groupsforHostOn-Demandmustbedefinedseparatelybyeithermigrating theconfigurationinformationfromtheprivatedatastoreorbysetting uptheusersandgroupsinHostOn-DemandafterenablingLDAP. IfyouareusingtheIBMLDAPserveronWindows andAIXplatforms,andyouarecreatingalargenumberofusers,make surethatDB2isconfiguredwiththepropervalueforAPP_CTL_HEAP_SZ. Whilethevalueforthisvariableisdependentonindividualinstallations, settingAPP_CTL_HEAP_SZto512isagoodstartingvalue. Toconfigure DB2heapsizeinaWindowsorAIXenvironment,issuethesecommands: setDB2INSTANCE=ldapdb2 db2connecttoldapdb2 db2updatedbcfgforldapdb2usingAPP_CTL_HEAP_SZ512 db2forceapplicationall db2terminate db2stop db2startAlso,besurethatSTMTHEAPislargeenough.Thesizeforthese parametersaredependentsolelyonindividualcustomerconfigurations andthenumberofHostOn-Demandusersthatarebeingmigratedto LDAP. Installingtheschemaextensions TheHostOn-DemandextensionstotheLDAPdirectory schemaareprovidedinseveralfilesthatarelocatedintheLDAP subdirectoryofthepublishdirectory(forexample,your_install_directory\HOD\ldap, whereyour_install_directoryisyourHost On-Demandinstallationdirectory).Thesefilescontainextensions totheLDAPschemaandarestoredinthestandardslapdformat.The schemaextensionsmustbeineffectbeforeHostOn-Demandcanstore configurationinformationinanLDAPserver.ContactyourLDAPadministrator tohavetheseschemaextensionsinstalled. RefertotheProgramDirectoryforinstructionsoninstallingthe schemaextensionsforthezSeries. YourLDAPadministratormayhavealreadyinstalled theseschemaextensionsforusebyanotherIBMproduct.Ifso,skip thesesteps.IfyouareusingtheIBMDirectoryServerVersion3.1.1 orlater,theschemaispre-installed,soyoucanskipthesesteps also. ToinstalltheHostOn-DemandschemaextensionsonaNetscapeLDAP Directoryserver: Copythefollowingslapdfilesfromthe/ldapdirectorytotheNetscapeLDAP configdirectoryontheLDAPserver: Netscape.IBM.at Netscape.IBM.oc StoptheLDAPserver. Editthe/slapd.conffile andaddthefollowingstatements: userat"/Netscape.IBM.at" useroc"/Netscape.IBM.oc" RestarttheLDAPServer. ToinstalltheHostOn-DemandschemaextensionsonanIBMLDAP Directoryserver: CopythefollowingslapdfilesfromtheHost On-Demandpublishdirectory/ldapdirectorytothe/etcdirectoryonyour LDAPserver: V2.1.IBM.at V2.1.IBM.oc StoptheLDAPserver. Editthe/etc/slapd.at.conffile andaddthefollowingstatementtotheendofthefile: include/etc/V2.1.IBM.at Editthe/etc/slapd.oc.conffile andaddthefollowingstatementtotheendofthefile: include/etc/V2.1.IBM.oc RestarttheLDAPserver. ConfiguringtheHostOn-DemandservertouseLDAPasadata store OpentheAdministrationwindowandlogontoHostOn-Demand. ClickServices>DirectoryService ClicktheUseDirectoryService(LDAP)boxandthenenterthe LDAPserverinformation. DestinationAddress TypetheIPaddressoftheLDAPdirectory.Useeitherthehost nameordotteddecimal format.Thedefaultisthehostnameofthe HostOn-Demandserver. DestinationPort TypetheTCP/IPportonwhichtheLDAPserverwillaccepta connectionfromanLDAPclient.Thedefaultportis389. AdministratorDistinguishedName Typethedistinguishedname(DN)ofthedirectoryadministrator thatallowsHostOn-Demandtoupdateinformation.youneedtouse theLDAPstringrepresentationfordistinguishednames(forexample,cn=Chris Smith,o=IBM,c=US). AdministratorPassword Typethedirectoryadministrator'spassword. DistinguishedNameSuffix Typethedistinguishedname(DN)ofthehighestentryinthe directoryinformationtree(DIT)forwhichinformationwillbesaved. HostOn-Demandwillstoreallofitsconfigurationinformationbelow thissuffixintheDIT.youneedtousetheLDAPstringrepresentation fordistinguishednames(forexample, cn=HOD,o=IBM,c=US). MigrateConfigurationtoDirectory Service Tomigrateusersandgroupsfromtheprivatedatastoretothe LDAPdirectory,clickthecheckbox.MigratingtoLDAPhassignificant implicationsforyourgroupanduserconfigurationinformation.Refer toLDAPMigrationImplicationsintheonline helpformoreinformation.Youcancheckthisboxeitherwhenyou switchtothedirectoryserver,orafteryouhavemadetheswitch. TheRedirectorconfigurationisnotmigrated tothedirectoryserver. IfyouhaveaproblemconnectingtoLDAPand migrating,trytoconnecttoLDAPfirst.Then,aftersuccessfully connecting,trytomigrate. ClickApply. WhenyouareaskedtoauthenticatewiththeLDAP directoryforthefirsttime,specifyauserIDof"admin"andapassword of"password".Youcanchangethispasswordafterthefirstlogon. Eventhoughyoumighthavechangedyourpasswordfortheprivate datastore,thatIDandpasswordcontinuestobevalidfortheprivate datastoreonly.FortheLDAPdirectory,aseparateuserIDandpassword arerequired.Toavoidconfusion,youcanchangeyourLDAPdirectory passwordtobethesameasyourprivatedatastorepassword. Changesmadeonthispanelareeffectiveimmediately.Onceyou haveswitchedtotheLDAPserver,subsequentuser-relatedchanges willbemadeonlyontheLDAPserver,includingadministrativechanges togroups,users,orsessions,andchangessuchasnewpasswords, macros,keyboardchanges,etc.,byeithertheadministratororauser. Appendixes AppendixA.Usinglocallyinstalledclients Thelocallyinstalledclientinstallstoalocaldisk.Theclient appletisloadeddirectlyintothedefaultsystembrowser,sothere isnodownloadfromaserver.Themostcommonreasontoconfigure alocalclientisforuserswhoconnectremotelyoverslowtelephone lines,wheredownloadtimecanbeanissueandconnectivityisunpredictable. Youcanalsousethelocallyinstalledclienttotesthostaccess capabilitieswithoutinstallingthefullHostOn-Demandproduct. Operatingsystemsthatsupport thelocallyinstalledclient HostOn-Demandcanbeinstalledasaclientonthefollowingoperating systems: Windows7 Windows8 Windows10 WindowsServer2012 Thelocally-installedclientrequiresapproximately320MBofdisk space. Installingthelocalclient ToinstalltheHostOn-DemandlocalclientonaWondowsworkstation, youneedtobeamemberoftheAdministratorsgroup. InserttheDVDandrunhodinstallwin.exe-lcfromthe\HODINSTdirectory oftheDVD. ClickInstall. Proceedthroughtherestofthewindows. Ifyouhavenotalreadydoneso,readtheReadmeavailablein thelastwindow. Attheendofinstallation,theHostOn-DemandService Managerisconfiguredandstartedautomatically.OnWindows7,Windows 8,andWindows10,theServiceManagerisinstalledasaService. Startingthelocalclient TostartHostOn-Demandasaclient,clickStart>Programs>IBMHostOn-Demand>Host On-Demand. Removingthelocalclient Toremovethelocalclient,useAdd/RemoveProgramsfromtheControl Panel. AppendixB.UsingtheIKEYCMDcommand-lineinterface IKEYCMDisacommand-linetool,inadditiontotheHostOn-Demand CertificateManagementUtility,thatcanbeusedtomanagekeys,certificates, andcertificaterequests.ItisfunctionallysimilartoCertificate Managementandismeanttoberunfromthecommandlinewithouta graphicalinterface.Itcanbecalledfromnativeshellscriptsand programstobeusedwhenapplicationsprefertoaddcustominterfaces tocertificateandkeymanagementtasks.Itcancreatekeydatabase filesforallofthetypesthattheCertificateManagementutility currentlysupports.Itcancreatecertificaterequests,importCA-signed certificatesandmanageself-signedcertificates.ItisJava-based andisavailableonlyonWindows,AIX,LinuxIntelandLinuxzSeries platforms. UseIKEYCMDforconfigurationtasksrelatedtopublic-privatekey creationandmanagement.YoucannotuseIKEYCMDforconfiguration optionsthatupdatetheserverconfigurationfile,httpd.conf.For optionsthatupdatetheserverconfigurationfile,youneedtouse theIBMAdministrationServer. Environmentset-upforIKEYCMDcommand-lineinterface SetuptheenvironmentvariablestousetheIKEYCMDcommand-line interfaceasfollows: ForWindowsplatforms,dothefollowing: Usingtheuserinterfaceorbymodifyingautoexec.batonacommand window,set/modifythePATHvariabletoincludethelocationofthe Javaexecutablefiles: setPATH=c:\ProgramFiles\IBM\HostOnDemand\hod_jre\jre\bin;%PATH%; Usingtheuserinterfaceorbymodifyingautoexec.batonacommand window,set/modifytheCLASSPATHenvironmentvariableasfollows: setCLASSPATH=c:\ProgramFiles\IBM\GSK7\classes\cfwk.zip;C:\ ProgramFiles\IBM\GSK7\classes\gsk7cls.jar;%CLASSPATH%; ForAIXplatforms: FirstensurethatyourxlCfiles(whichconstitutetherun-time libraryforthestandardAIXC++compiler)meetoneofthefollowing requirements: onAIX5.2:filesetxlC.aix50.rtemustbeatlevel6.0.0.3or laterUsethefollowingcommandtoconfirmyourversion: lslpp-ha"xlC.aix*.rte"(If yourxlCfilesetisoutdatedandyoustarttheHostOn-DemandServiceManager withCertificateManagementactive,errorsoccur.) Nextmakethefollowingspecifications: SetyourPATHtowhereyourJavaorJREexecutableresides: EXPORTPATH=/opt/IBM/HostOnDemand/hod_jre/jre/bin:$PATH SetthefollowingCLASSPATHenvironmentvariable: EXPORTCLASSPATH=/usr/local/ibm/gsk7/classes/cfwk.zip:/ usr/local/ibm/gsk7/classes/gsk7cls.jar:$CLASSPATH Onceyouhavecompletedthesesteps,IKEYCMDshouldrunfromany directory.TorunanIKEYCMDcommand,usethefollowingsyntax: javacom.ibm.gsk.ikeyman.ikeycmd IKEYCMDcommand-linesyntax ThesyntaxoftheJavaCLIis java[-Dikeycmd.properties=] com.ibm.gsk.ikeyman.ikeycmd