Features Added in Enterprise Server 5.0

Amazon Web Services Quick Start for Enterprise Server

Back to Top

Micro Focus has worked with Amazon Web Services (AWS) to create an AWS Quick Start for Enterprise Server. The Quick Start includes AWS CloudFormation templates and a deployment guide with step-by-step instructions that enable you to deploy Enterprise Server into a new or existing virtual private cloud (VPC) on the AWS Cloud in about 1 hour and 15 minutes.

For full information see Micro Focus Enterprise Server on AWS.

Enterprise Server and Scale Out Architecture

Back to Top

Note: This feature is in Early Adopter Program (EAP) release status.

This release offers an enhanced and improved availability, and serviceability of Enterprise Server through the ability to administer and maintain a cross-system group of regions as a single system image with the new Performance and Availability Cluster (PAC).

In order for different Enterprise Server instances to be able to work together, they need to be able to share data. This is achieved through the use of a Scale Out Repository (SOR). All ES instances in a PAC will have a common SOR (PSOR) which is used to store CICS resources (limited to PCTs, PPTs, FCTs, DCTs and TSTs in this release) as well as internal system data to facilitate synchronisation between instances. Temporary Storage Queues and Transient Data Queues can also be shared between Enterprise Server instances by directing them to a SOR. Benefits of using PACs and SORs in this way include:

  • Reduced hardware costs - taking advantage of the PAC to scale-out rather than scaling-up for more efficient use of processor resources.
  • Easier maintenance - Dynamically adding or removing of regions to the PAC for system maintenance.
  • Increased availability - in the event of the failure of an Enterprise Server instance, the PAC can continue to operate with reduced capacity. Enterprise Server instances can reside on different machines, improving availability further.
  • Dynamic scaling - Enterprise Server instances can be added to, or removed from, the PAC depending on demand.
  • Better performance - throughput is no longer restricted by the resources on a single machine (scale-up).
  • Improved serviceability - you can now administer the PAC and any associated regions as a single image from a new contemporary web-based administration interface (ESCWA).

Enterprise Server Common Web Administration

Back to Top

Note: This feature is in Early Adopter Program (EAP) release status.

Enterprise Developer now includes a new Enterprise Server Common Web Administration interface (ESCWA). ESCWA is a web user interface and server for modern administration, monitoring and control of Enterprise Server. It offers improved usability that consolidates the different Enterprise Server user interfaces so that native and managed regions, and security stores can be managed in one place. Features include:

  • Administering directory servers across multiple hosts.
  • Monitoring and control of CICS and JES Enterprise Server instances.
  • Configuring and administering a security store, defined in an LDAP-compatible security manager such as Microsoft Active Directory or OpenLDAP.
  • Administering the Scale-Out features - enable you to specify logical groups of Enterprise Server instances, and configure and run Performance Availability Clusters (PACs) and their related Scale-Out Repositories (SORs).
  • Administering, monitoring and control of Enterprise Server for .NET regions and listeners.
  • The use of current web frameworks that have a greater focus on security.
  • (Included with 5.0 Patch Update 2 ) - support for Enterprise Server XA, MQ and PL/I configuration and monitoring. This includes support for XA resources, configuring MQ, Listeners and Writers, PL/I, MFCS console, Region Trace options, displaying the current ESMs on logon page and Local/loopback connections warning changes.

CICS Support

Back to Top

Note: This feature is in Early Adopter Program (EAP) release status.

This release includes the following enhancements:

  • CRCN CICS transaction - this new in-built CICS transaction monitors the state of XA connections for each resource manager (RM) entry defined in the system. If CRCN finds that connections have become unavailable, it will attempt to reconnect at regular intervals. (The frequency of the monitoring is controlled by the ES_XA_RECONNECT environment variable.) CRCN will emit messages to the console to warn of connections lost and regained.

Data File Tools

Back to Top

This release provides the following enhancements:

  • The Data File Editor now includes a Compare Files tool that enables you to compare the contents of two data files side-by-side.
  • Structure files, and the layouts within them, can now be created within the Data File Editor; you no longer need to use the Classic Data File Tools utility to manage your layouts.
  • When connecting to a VSAM dataset stored in an enterprise server region, you can store any passwords required for access, for the duration of your current session.
  • You can view archived JES spool jobs that have been merged into one spool file using the merging archived spool files process.
  • You can now quickly duplicate records in non-indexed files, using the Duplicate Record option.

Database Connectors

Back to Top

You can now create an identity column in your database by using a new XFD directive - IDENTITY_COLUMN. This must be specified on a numeric field.

Enterprise Server Security

Back to Top

This release includes the following enhancements:

  • Security - security features can now be employed when developers and administrators install new COBOL services (web services and EJBs) into an enterprise server instance over the network. There are a number of authentication and authorization options that can be enabled. See Deployment Listeners and The .mfdeploy File.
  • Vault Facility - a new security feature has been added that enables some Enterprise Server components to keep certain sensitive information in a form of storage defined as a vault, accessible via a configurable vault provider. The default vault provider stores data in encrypted format on disk.
  • OpenSSL 1.1.1 - the OpenSSL security provider has been updated to OpenSSL version 1.1.1.

    This is the stable Long Term Support version of OpenSSL.

    • Added support for the ratified TLS protocol version 1.3. TLS 1.3 benefits include:
      • Much shorter initial connection negotiation sequence. This reduces the time taken to establish a link before starting to transmit data.
      • Using only the most secure ciphers and hash methods.
      • TLS 1.3 will be negotiated in preference to the older TLS protocols.
    • Added support for new Ciphers and Key Exchange groups in line with TLS 1.3 requirements.
    • The default security level for previously configured endpoints has been moved from Security Level 0 to Security Level 1. This removes the ability to accidentally make use of known-weak elements such as SSL3 and MD5. Similar changes to the default Security Level have recently happened to Java, Chrome, Firefox, and other systems providing secure connections.
  • Fileshare Security - the Fileshare Secure TCP/IP transport provider now supports the trusted use of X509 certificates bearing the name of the Fileshare service as the Common Name element of the certificate.

    In previous releases, a secure connection to a Fileshare server was made using a certificate that represented the network location upon which the Fileshare service was located. This method is still supported, but does not distinguish between the exact Fileshare server that is being connected to when more than one service can exist on a single host system. With this change, individual Fileshare services can identify themselves by using a unique certificate. While running on the same host and registered with the same network endpoint.

  • Support for Active Directory user groups and group name mapping - the Enterprise Server External Security Facility's MLDAP ESM Module can now use Active Directory user group objects for Enterprise Server user groups. Also, the module can now map long group names to the 8-character-maximum names required for mainframe emulation.
  • Selective auditing - administrators can audit only security activity of particular interest, reducing audit overhead and the volume of events. The Enterprise Server External Security Facility's MLDAP ESM Module can now enable ESF Audit events only for particular users, groups, and resources.
  • Improved interaction with LDAP client libraries resulting in fewer LDAP-related issues and easier diagnostics - the Enterprise Server External Security Facility's MLDAP ESM Module has improved interoperation with LDAP client libraries:
    • The client library vendor and version information is logged after the library is loaded
    • The module has better heuristics for loading the correct library supplied by the OS vendor, so the "provider" configuration option can generally be omitted
    • For OpenLDAP, the module sets its proprietary "connect timeout" option
  • SNI support (requires 5.0 Patch Update 1 or later) - support has been added in Patch Update 1 for the Server Name Identification (SNI) extension to TLS. This helps to avoid connectivity issues related to a growing number of Web services being hosted on SNI servers.

JCL Support

Back to Top

This release includes the following enhancements:

  • Spool file housekeeping - you can now merge your archived spool files to a central location where they can be viewed using the Micro Focus Data File Editor. This copies the archived spool files and merges them into a new, combined archive. It does not change the original archive, so the audit trail remains untouched, but the combined archive allows viewing of all the jobs that have been merged. The merge process is carried out using a JCL job or by using a command line utility.
  • A new user exit MFJFAXIT - this user exit allows you to receive notifications when 'file open' events are processed by the JCL engine. A sample exit can be found in the src\enterpriseserver\exits sub-directory of your product install directory. You can enable this exit by using the MFJFAXIT environment variable, to point to the exit program.

Mainframe Access

Back to Top

This release provides enhancements in the following areas:

  • Browse dataset using IDCAMS dump - when using the MFDAS BROWSE command, it is now possible to view the output of the IDCAMS DUMP command on the specified dataset in hex and printable characters side-by-side.
  • Improved JES support for executing jobs and input datasets - it is now possible for MFA Server to interact with JES jobs that are in executing phase, and to list and download input datasets.
  • Retrieve binder information for load modules - when executing the MFDAS BINDER command, it is now possible to view the binder information from a load module.
  • TSO command server - MFA Server includes a new type of application server to support executing TSO commands as the current user. The address space is spawned as your user id and any valid TSO command can be executed.
  • UNIX sub-system (USS) support - MFA Server can now operate on files stored on a USS file system. The available functions are - edit, browse, rename, delete, and copy USS files and directories.

Micro Focus Native Database File Handler

Back to Top

The Micro Focus Database File Handler (MFDBFH) is a file handler that enables your native CICS and batch enterprise server applications to interact with data files and certain infrastructure files stored within a database.

VSAM files may experience logical and/or physical corruption in the event of a hardware failure. This is due to a single COBOL I-O operation consisting of multiple physical I-O operations. If all the physical I-O operations that make up the COBOL I-O operation are not performed, the file can be left without integrity. In previous releases you could guard against such occurrences with Fileshare and logging, but they required some manual intervention and came with performance cost.

In this release, configuration options have been added that allow the I-O operations to be routed to an RDBMS to take advantage of the availability and performance characteristics of the database. This can be achieved with no changes required to the application. The file will be routed to the SQL database simply by changing the filename prefix to sql://.

Features include:

  • CICS and batch Cobol file I-O can now be routed to an RDBMS with only simple configuration changes. No application changes are required.
  • Supports all Micro Focus file formats
  • Files can be routed to an RDBMS on a file by file basis.
  • Utilities are provided to enable data to be moved between disk files and RDBMS.
  • Support for PostgreSQL 10.x, Amazon Aurora PostgreSQL, Db21, and MS SQL Server (on Windows and Linux Intel)

PL/I Support

Back to Top

Enhancements are available in the following features:

  • PL/I Run-Time System - support is now available for:
    • Optionally generating Windows "Mini-Dumps" or a Linux coredump off the back of a call to PLIDUMP.
    • Dynamic allocation of datasets using the TITLE option(s).
    • Raising an ERROR condition when a called subroutine raises a COBOL RTS error.
    • FILE variables can have differing DCB when used in differing contexts.
    • STATIC FIXED BIN(31) variable accessed at open within the RECSIZE() attribute of the ENVIRONMENT.

Platform Support

Back to Top

Support is now available for the following additional or updated operating systems:

  • SUSE (Power) 11 SP3, 12
  • Red Hat (Power) 7.2, 7.3
  • Windows Server 2019

For a full list of supported platforms, check HTTPS://SUPPORTLINE.MICROFOCUS.COM/PRODAVAIL.ASPX.