1
© 2013 IBM Corporation
© 2013 IBM Corporation
Follow us @IBMpowersystems
Learn more at www.ibm.com/power
The Next Generation of IBM i Access
Gateway400 User Group April 10, 2014 Presenter: Jesse R. Gorzinski, MBA ([email protected])
© 2013 IBM Corporation 2
Agenda
Overview Background
System configurations
Features
Edit->Preferences
Password caching
Advanced topics Shell commands
Deployment
Migration
Hiding/restricting function
Mobile device access
Q&A
2
© 2013 IBM Corporation 3
IBM i Access Family
The r7.1 IBM i Access Family of Products IBM i Access for Windows (5770XE1)
• Client Access • Most mature and widely used product
System i Navigator
5250 Display and Printer Emulation
Data Transfer
Operations Console & Virtual Control Panel
IBM i Access for Web (5770XH2) • IBM i System Hosted HTML based web product • Very robust capability and increasingly deployed
5250 Display
Print Access
Database Access
IBM i Access for Linux (5770XL1) • Lightly embraced product specifically for Linux RPM Operating Systems
ODBC provider
5250 Display
Incoming Remote Command
Data Access Providers
Remote Command
Print Drivers
Integrated File System Access
Commands
Jobs
© 2013 IBM Corporation 4
New Client Product
On April 24th, 2012, IBM Announced the upcoming Technology Preview of a brand new Client Product member of the IBM i Access Family.
IBM i Access Client Solutions (5733XJ1) Consolidates commonly used tasks for managing your IBM i into one simplified
location The core of the product is a Java client that is not platform specific. Runs on most full featured client/server Operating Systems that support Java 6.0
or higher such as most versions of Windows, Macintosh and Linux. Same deployment, configuration, settings, problem determination across all
platforms. Features include:
• Ease of Deployment • 5250 Display and Printer Emulation • Data Transfer • 5250 LAN Console and Virtual Control Panel • Links to HMC, Systems Director Navigator, and other consoles
3
© 2013 IBM Corporation 5
New Client Product
Comes in three parts:
Core offering (today's conversation piece) contains platform-independent code
Application packages offer platform-specific API's for applications.
http://www.ibm.com/developerworks/ibmi/library/i-ibmi-access-client-solutions/
© 2013 IBM Corporation 6
How the pieces fit
5770XE1 functions are finding a new home…
4
© 2013 IBM Corporation 7
How the pieces fit
5770XL1 functions are finding a new home…
© 2013 IBM Corporation 8
Agenda
Overview Background
System configurations
Features
Edit->Preferences
Password caching
Advanced topics Shell commands
Deployment
Migration
Hiding/restricting function
Mobile device access
Q&A
5
© 2013 IBM Corporation 9
System Configurations
Use the System Configurations panel to store connection information on the IBM i Systems that will be used
© 2013 IBM Corporation 10
System Configurations
Create, Edit or Delete connection information for IBM i Systems that are used. System Name: What is entered by the user to connect to for this host IP Address: What the PC’s DNS environment last returned when
connecting to the System Name Service Host Name: The System’s Console host name or IP address as
configured Description: Defined by the user when created
6
© 2013 IBM Corporation 11
New System Configuration
OK - Saves the information entered and closes the panel
Save/New - Saves the information entered and clears the panel
Cancel - Closes the panel without saving anything
© 2013 IBM Corporation 12
Agenda
Overview Background
System configurations
Features
Edit->Preferences
Password caching
Advanced topics Shell commands
Deployment
Migration
Hiding/restricting function
Mobile device access
Q&A
7
© 2013 IBM Corporation 13
Console
5250 Console – Opens a interactive console to the current System
Virtual Control Panel – Opens a Virtual Control Panel if Lan Console is used for the current System
Hardware Management Interface 1 – Opens a web browser to the management console specified for the current System
© 2013 IBM Corporation 14
5250 HMCConsole
8
© 2013 IBM Corporation 15
Virtual Control Panel
© 2013 IBM Corporation 16
Hardware Management Interface
9
© 2013 IBM Corporation 17
Hardware Management Interface
HMC Pre-Login Monitor
© 2013 IBM Corporation 18
Console Configuration
Console information is configured in the System Configuration panel Lan Console / Virtual Control Panel
• Service Host Name HMC 5250 Console
• Host Name or IP Address to the HMC 5250 Proxy interface
• Supports SSL Hardware Management Interfaces
• Host name or IP address
Can append a port to the name or address
x.x.x.x:port
• Description • Examples of management interfaces
Advanced System Management Interace (ASMI)
Integrated Virtualization Manager (IVM)
Hardware Management Console (HMC)
10
© 2013 IBM Corporation 19
HMC Advanced Configuration
Clicking the "Advanced" button lets you set a specific managed system and partition.
Doing so enables Virtual Control Panel
Requires SSH login
© 2013 IBM Corporation 20
Locate Console
Scans your LAN for LAN-console-enabled systems
Allows you to launch directly to virtual control panel (VCP) or 5250 console
11
© 2013 IBM Corporation 21
Data Transfer
Select the Data Transfer option Will default to the current System
© 2013 IBM Corporation 22
Data Transfer
Displays the Data Transfer interaction panel Starts out with a Data Transfer to IBM i and Data Transfer from
IBM i tab to the current System on the main panel
12
© 2013 IBM Corporation 23
Data Transfer
Data Transfer interaction panel All active Data Transfer requests are displayed in a tab on this
panel Open Saved Requests Save Requests Create IBM i Files Data Transfer Migration
© 2013 IBM Corporation 24
Data Transfer from IBM i
Data Transfer to Display
13
© 2013 IBM Corporation 25
Data Transfer from IBM i
Data Options Query options to narrow data results
© 2013 IBM Corporation 26
Data Transfer from IBM i
File Details
14
© 2013 IBM Corporation 27
Data Transfer from IBM i
Format Options
© 2013 IBM Corporation 28
Data Transfer from IBM i
Properties
15
© 2013 IBM Corporation 29
Data Transfer to IBM i
File Details
© 2013 IBM Corporation 30
Data Transfer to IBM i
Properties
16
© 2013 IBM Corporation 31
Create IBM i File
Wizard to create IBM i database file based on client file Same behavior of Access for Windows client
© 2013 IBM Corporation 32
Data Transfer Migration
Access for Windows Data Transfer saved request migration Migrate saved .dtt and .dtf files to IBM i Access Client Solutions
.dttx and .dtfx files
17
© 2013 IBM Corporation 33
5250 Emulation
Provides nearly identical interaction, look and feel to the Access for Windows PC5250 emulator
© 2013 IBM Corporation 34
5250 Session Manager
5250 Session Manager
18
© 2013 IBM Corporation 35
5250 Session Manager
Similar to Access for Windows PC5250 Session Manager Start a saved session Create new Display or Printer Session Create a Multiple session start batch file from existing saved
sessions
© 2013 IBM Corporation 36
New Display Session
Very different look and feel to the configuration panels, but nearly the same capabilities are available
19
© 2013 IBM Corporation 37
New Printer Session
Printer session configuration panel
© 2013 IBM Corporation 38
5250 Emulation Sessions
IBM i Access Client Solutions 5250 Emulation sessions are saved as .hod files Access for Windows PC5250 .ws files can be imported into
.hod files .hod files can also be saved outside of the Session Manager
• Need to setup a file association in the PC Operating System to run the file and have it open the emulator
20
© 2013 IBM Corporation 39
Agenda
Overview Background
System configurations
Features
Edit->Preferences
Password caching
Advanced topics Shell commands
Deployment
Migration
Hiding/restricting function
Mobile device access
Q&A
© 2013 IBM Corporation 40
SSL Options
21
© 2013 IBM Corporation 41
“Client SSL must be FIPS compliant” option
On IBM JRE’s: The IBM FIPS-compliant cryptography provider will be used
The IBM JSSE provider will run in FIPS mode for SSL connections
On Oracle/other JRE’s: The administrator must configure the JRE to default to FIPS-compliant SSL providers
© 2013 IBM Corporation 42
Default communication to SSL
Newly-created session configurations will have the SSL option on by
default
22
© 2013 IBM Corporation 43
Default communication to SSL
When a connection is made to a system name for which there is no stored
configuration, SSL will be used
© 2013 IBM Corporation 44
Edit -> Preferences
“mouseover” text
a description is
displayed in the
main panel when
highlighted
(next slide)
Set the active
language
(restart needed)
[for IBM service]
23
© 2013 IBM Corporation 45
Enable Description Panel (checked [default])
© 2013 IBM Corporation 46
Enable Description Panel (unchecked)
24
© 2013 IBM Corporation 47
Agenda
Overview Background
System configurations
Features
Edit->Preferences
Password caching
Advanced topics Shell commands
Deployment
Migration
Hiding/restricting function
Mobile device access
Q&A
© 2013 IBM Corporation 48
Password caching
Password caching options are slightly different from IBM i Access for
Windows. What's different?
25
© 2013 IBM Corporation 49
Password caching
"User Windows user name" has been replaced with "Use shared
credentials"
Shared credentials uses a single password cache for all IBM i systems
One login can now suffice for 20 systems (it may or may not be the same
as your windows login)
© 2013 IBM Corporation 50
Agenda
Overview Background
System configurations
Features
Edit->Preferences
Password caching
Advanced topics Shell commands
Deployment
Migration
Hiding/restricting function
Mobile device access
Q&A
26
© 2013 IBM Corporation 51
Shell Commands
IBM i Access Client Solutions provides several shell or command line utilities that can be used outside of the graphical user interfaces
Basic syntax is (all on the same line) acslaunch_win-32.exe /plugin=<name>
[/system=<system>] [/options]
Or java -jar acsbundle.jar /plugin=<name>
[/system=<system>] [/options]
The “/system” parm is only valid for commands pointed at a specific system
© 2013 IBM Corporation 52
Shell Commands
Examples include:
Backup •Saves the client configuration to file
Restore •Restores the client configuration from file
Cfg •Creates system configuration
Dump •Requests all running client processes to write service information
Medic •Packages the existing logs and dumps
Log •Sets the client logging level
Logon • Manages user id and password caching
27
© 2013 IBM Corporation 53
Shell Commands And…
Props • Opens the Edit -> Preferences panel
Maint • Maintenance options
Ping • IBM i Access Client Solutions connection verification
Sm • Opens 5250 session manager
5250 • Opens 5250 display session
DTGui • Opens Data Transfer interaction panel
Download • Runs a previously saved data transfer download .dtfx
CLDownload • Runs a data transfer download without a .dtfx
Upload • Runs a previously saved data transfer upload .dttx
© 2013 IBM Corporation 54
Shell Commands
Shell Command Ping example
28
© 2013 IBM Corporation 55
Shell Commands - Emulator
/plugin=SM Launches a Session Manager
/plugin=5250 Launches a 5250 session
/PLUGIN=5250 /SYSTEM=<system> [/<options>]
© 2013 IBM Corporation 56
Shell Commands – options for /plugin=5250
Valid options are:
/name=<name> - session name
/wide - use a wide screen size (27x132)
/id=<id> - sets the short session id
/nosave - do not save settings on exit
/prompt - force the configuration dialog to appear
/port=<port> - port number
/ssl - connect using secure sockets
/sso - bypass signon screen
/kerberos - Use kerberos
/width=<width> - initial width of the emulator window
/height=<height>- initial height of the emulator window
/xpos=<xpos> - initial x-coordinate position of the top-left corner of
the emulator window
/ypos=<ypos> - initial y-coordinate position of the top-left corner of
the emulator window
29
© 2013 IBM Corporation 57
Shell Commands – Check connectivity
/PLUGIN=ping /SYSTEM=<system> [</options>]
Options include:
/SSL=<1/0> Turn SSL on or off
/ACCEPTALLCERTS=<1/0> Whether or not to automatically add all SSL
certificates to the trusted set (when using SSL).
/SERVERAUTH=<1/0> Turn SSL Server authentication on or off (default is
off). This option is disregarded if not testing SSL.
/GUI=<1/0> Toggle GUI window on/off (default is off if launched
from command-line)
/PORTS=<port1,port2> A comma-separated list of ports to test. It can be
numbers or service names (e.g. /PORTS=as-signon,as-sts). If not
specified, a default set of ports is tested.
Specifying .CONSOLE will check a list of console specific ports.
/TIMEOUT=<seconds> Specify a timeout value, in seconds.
© 2013 IBM Corporation 58
Shell Commands – Run Data Transfer saved request
/PLUGIN=download /file=<dtfx_filename> [/userid=<userid>]
/PLUGIN=upload /file=<dttx_filename> [/userid=<userid>]
Userid option is optional
OR… new "DTBATCH" plugin:
/PLUGIN=dtbatch <dttx_filename> <dtfx_filename>
30
© 2013 IBM Corporation 59
Shell Commands – Simple download (no saved request)
/PLUGIN=cldownload /system=<system>
[/userid=<userid>]
{/hostfile=<library/filename> | /sql="statement"}
{/clientfile=<path><filename>.<extension> | /display}
/userid - user id to use when connecting to the target system
/hostfile - Source library and file on the IBM i system for the download
e.g. /hostfile=QIWS/QCUSTCDT
/sql - specify an SQL statement
e.g. /sql="select CUSNUM,LSTNAM,INIT,ZIPCOD from QIWS/QCUSTCDT"
/clientfile - Target file location for the download.
The format of this file will be determined by the specified
extension (for example, .csv .ods .xlsx .xlsx)
If the file extension is not specified or is of a type
not supported, the data will be formatted as a .csv file
/display - write the output to the terminal
© 2013 IBM Corporation 60
Shell Commands – simple download
Shell command CLDownload example, on IBM i
Note: no login needed!!
31
© 2013 IBM Corporation 61
Shell commands
Many, many more…
Virtually any major function you can launch from main GUI
See GettingStarted documentation for details, and visit:
https://www.ibm.com/developerworks/ibmi/library/i-acs-commandline/
© 2013 IBM Corporation 62
Agenda
Overview Background
System configurations
Features
Edit->Preferences
Password caching
Advanced topics Shell commands
Deployment
Migration
Hiding/restricting function
Mobile device access
Q&A
32
© 2013 IBM Corporation 63
What you get in the package
© 2013 IBM Corporation 64
Ways you can launch
1. “java -jar acsbundle.jar”
2. Binary launcher (preferred)
33
© 2013 IBM Corporation 65
Deployment: initial questions
When thinking about deployment, ask yourself where you want to put:
1. the product image? (jar file)
2. the user’s settings? (system configurations,
5250 sessions, etc.)
© 2013 IBM Corporation 66
Deployment: What might be our options?
Computer (local)
Network Share
USB Thumb Drive
Intranet (http:// URL)
34
© 2013 IBM Corporation 67
Where can I put the image (jar file)?
6
7
Computer (local)
Network Share
USB Thumb Drive
Intranet (http:// URL)
Any filesystem (local, USB drive, network)
or
Intranet link (http:// or https://)
NOTE: A Java Runtime Environment (JRE) will also
need to be accessible
© 2013 IBM Corporation 68
Where can I put the user’s settings?
Computer (local)
Network Share
USB Thumb Drive
Intranet (http:// URL)
Any filesystem (local, USB drive, network)
35
© 2013 IBM Corporation 69
How do I place the product image where it needs to be?
For filesystem locations, simply copy the file(s) and give users access
For http:// or https://, you have two options:
Static-serving the file from your web server
• Simply have your web server “serve” the file via a static link or some similar
mechanism
• (requires the user to have file association for .jar, and for that association to launch a
Java 6 JRE)
Using Java WebStart technology
• Only requires the user to have some Java installed (does not have to be Java 6)
© 2013 IBM Corporation 70
How do I configure where user settings go? AcsConfig.properties
This can be configured in the product configuration file, named
“AcsConfig.properties”
AcsConfig.properties is simply a list of configuration properties and values.
These properties may also be specified on the command line
-D<property>=<value>
One such property is
com.ibm.iaccess.AcsBaseDirectory
36
© 2013 IBM Corporation 71
AcsConfig.properties (cont.)
© 2013 IBM Corporation 72
AcsConfig.properties (cont.)
The following locations are searched for the AcsConfig.properties file: 1. In the classpath (that is, inside acsbundle.jar)
• Sample, default version included with the product
2. In the same directory as acsbundle.jar
• Sample, default version included with the product
3. By interrogating the “ibmi.acs.configuration” Java System property (the property’s
value is assumed to be the properties file). One would set this property on the
command line. Example:
acslaunch_win-32.exe -Dibmi.acs.configuration=M:\AcsConfig.properties
IMPORTANT NOTE!! When the configuration file exists in multiple locations, the last one
wins
37
© 2013 IBM Corporation 73
com.ibm.iaccess.AcsBaseDirectory
The value of this property determines: The location of user settings
The location of service logs/dumps/etc
The default directory used by the 5250 session manager (this can be configured
separately if desired)
The value is expected, therefore, to be a directory name on a filesystem. It
can be Left blank (which leaves behavior at the default location)
The path of a hardcoded directory name (fully-qualified is highly recommended)
A constructed path using special keywords (next slide)
Tip: use forward slashes (‘/’), not backslashes (‘\’)
© 2013 IBM Corporation 74
com.ibm.iaccess.AcsBaseDirectory : Special keywords
{USER} : would be the current username (valid anywhere in the path)
{PRODUCTDIR} : would mean the product’s location in the file
system (valid only at the beginning)
{TEMPDIR} : would be the temporary directory (valid only at the
beginning)
{ROOT} : the root of the file system where the product is located (valid
only at the beginning)
{CWD} : the current working directory (valid only at the beginning)
{HOME} : the user's home directory (valid only at the beginning)
{DEFAULT} : the default place the product normally puts its settings
(valid only at the beginning)
38
© 2013 IBM Corporation 75
Verifying location
© 2013 IBM Corporation 76
Verifying location
39
© 2013 IBM Corporation 77
Cliff’s notes: Common configurations
Default (“My Documents” on Windows, home dir otherwise) com.ibm.iaccess.AcsBaseDirectory=
Network share
com.ibm.iaccess.AcsBaseDirectory={ROOT}/config_directory/{USER}
com.ibm.iaccess.AcsBaseDirectory={PRODUCTDIR}/config_directory/{USER}
Thumb drive!
com.ibm.iaccess.AcsBaseDirectory={PRODUCTDIR}/config_directory
© 2013 IBM Corporation 78
Deployment
Remember these questions? There’s also an “extra credit question”……
Any guesses?
1. the product image? (jar file)
2. the user’s settings? (system configurations,
5250 sessions, etc.)
3. A Java Runtime Environment (JRE)
40
© 2013 IBM Corporation 79
Deployment: customizing your JRE
Some general notes about Java Runtime Environment: Use up-to-date versions of Java!
When using 32bit launchers (.exe’s), you must use a 32bit JRE (and 64bit launchers
require a 64bit Java)
© 2013 IBM Corporation 80
Deployment: customizing your JRE
Customizing your JRE (offering a specific JRE for all users) can be done in
the following ways: If launching the product by invoking java.exe (java –jar acsbundle.jar), fully-qualify a path
the java.exe you would like to launch with
If launching the product by invoking acslaunch_XXXXX.exe, use one of the command
line options:
Usage: [-options] [args...]
where options include:
-vm <path to jvm home directory>
-vmdll <path to a jvm lib file>
see java -help for other valid options
where args include:
/plugin=<name> [plugin-options...]
<file> Tip: place quotes around paths containing spaces!
41
© 2013 IBM Corporation 81
Deployment: customizing your JRE
Alternatively, if launching the product by invoking acslaunch_XXXXX.exe,
you can also place a JRE alongside the .exe file For instance, if your product image is expanded to C:\ACS,
• Launcher executable will be at C:\ACS\Start_Binaries\Windows_i386-32\acslaunch_win-32.exe
• You can put a JRE in C:\ACS\Start_Binaries\Windows_i386-32\jre\
• (e.g.: you can copy the directory “C:\Program Files (x86)\java\jre6”
to “C:\ACS\Start_Binaries\Windows_i386-32\jre”)
© 2013 IBM Corporation 82
Deployment: customizing your JRE
Why would you want to do this? JRE can be on a network share or thumb drive
The default JVM on a workstation may or may not be Java 6 or
newer (or there might not be a JVM on a particular workstation)
Gives the administrator more control
Need not worry about having Java installed on user workstations
Why would you NOT want to do this? Client VM may get updates automatically
Your deployment is all based on local workstation, you don’t want
to deploy a JRE, and JRE’s may vary
Usually not necessary (most workstations have Java)
42
© 2013 IBM Corporation 83
Verifying JRE
© 2013 IBM Corporation 84
Agenda
Overview Background
System configurations
Features
Edit->Preferences
Password caching
Advanced topics Shell commands
Deployment
Migration
Hiding/restricting function
Mobile device access
Q&A
43
© 2013 IBM Corporation 85
Migration
The following information can be migrated from IBM i Access for Windows:
System configurations
Data Transfer saved requests
5250 session profiles
© 2013 IBM Corporation 86
Migration – System configurations
The tool for migrating system configurations is called “Copy Connections”
44
© 2013 IBM Corporation 87
Migration – System configurations
The “Copy Connections” tool lets you copy system configurations to and
from Windows platform-specific products
© 2013 IBM Corporation 88
Migration – Data Transfer saved requests
45
© 2013 IBM Corporation 89
Migrates saved .dtt and .dtf files to IBM i Access Client Solutions .dttx and .dtfx files
Migration – Data Transfer saved requests
© 2013 IBM Corporation 90
Migration – Data Transfer saved requests
46
© 2013 IBM Corporation 91
Migration – 5250 session profiles
© 2013 IBM Corporation 92
Migration – 5250 session profiles
47
© 2013 IBM Corporation 93
Migration – 5250 session profiles
© 2013 IBM Corporation 94
Migration – 5250 session profiles
Resulting .hod file is saved in session manager directory
Key mappings are also converted. A converted .kmp file will be saved in
session manager directory.
48
© 2013 IBM Corporation 95
Agenda
Overview Background
System configurations
Features
Edit->Preferences
Password caching
Advanced topics Shell commands
Deployment
Migration
Hiding/restricting function
Mobile device access
Q&A
© 2013 IBM Corporation 96
Hiding/Restricting function
You may not want all the features of ACS visible to your users.
There are two ways exclude them from view (hide them)
1. Hiding component for a deployment
2. Restricting component with workstation-level restrictions
49
© 2013 IBM Corporation 97
Hiding component for a deployment
Deployed via AcsConfig.properties Property must be set:
• com.ibm.iaccess.ExcludeComps
Set this property to a comma-separated list of function keywords
The function keywords which may be specified are: DATAXFER - Data Transfer to/from IBM I
EMULATOR - 5250 Display/Print emulation and 5250 Session Manager
KEYMAN - SSL certificate management
OPCONSOLE - Operations console and Virtual Control Panel
RMTCMD - Remote Command (available from the command line)
SPLF - Printer Output
HWCONSOLE - Hardware management interface
L1CPLUGIN - Navigator for i
© 2013 IBM Corporation 98
Excluding components – An example…
Without the property set (left) and with
com.ibm.iaccess.ExcludeComps=OPCONSOLE,HWCONSOLE,L1CPLUGIN (right)
50
© 2013 IBM Corporation 99
Workstation restrictions
Accessed via Edit->Preferences
© 2013 IBM Corporation 10
0
Workstation restrictions
Effective for all users on this workstation
Can only be set/removed by administrators
Non-administrators will not see the option
Scriptable via shell commands
/PLUGIN=restrict /<options>
Valid options are:
/restrict=<func1,func2,func3> Restricts the given functions on this workstation.
/unrestrict=<func1,func2,func3> Allows the given functions on this workstation.
/list Lists whether functions are allowed or restricted on this workstation.
/export=<file> Export restrictions to the named file with a .acsr file extension.
/import=<file>.acsr Import restrictions from a file with a .acsr file extension.
/exportreg=<file> Export a Windows registry file (.reg file).
51
© 2013 IBM Corporation 10
1
Agenda
Overview Background
System configurations
Features
Edit->Preferences
Password caching
Advanced topics Shell commands
Deployment
Migration
Hiding/restricting function
Mobile device access
Q&A
© 2013 IBM Corporation 10
2
Mobile device access
Unfortunately, ACS does not run "natively" on mobile devices.
Why?
Popular alternatives are to use remote access techniques. Run ACS on a
different platform (IBM i, Windows, Linux, Mac) and use VNC or remote
desktop protocol (RDP).
iPad /VNC article: https://www.ibm.com/developerworks/ibmi/library/i-access_client_solutions/
52
© 2013 IBM Corporation 10
3
Agenda
Overview Background
System configurations
Features
Edit->Preferences
Password caching
Advanced topics Shell commands
Deployment
Migration
Hiding/restricting function
Mobile device access
Q&A