CICS Transaction Gateway: UNIX and Linux Administration - IBM
CICS Transaction Gateway: UNIX and Linux Administration - IBM
CICS Transaction Gateway: UNIX and Linux Administration - IBM
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
<strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
Version 7.0<br />
���<br />
SC34-6752-00
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
<strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
Version 7.0<br />
���<br />
SC34-6752-00
Note!<br />
Before using this information <strong>and</strong> the product it supports, be sure to read the general information under “Notices” on page<br />
243.<br />
First Edition (November 2006)<br />
This edition applies to Version 7.0 of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, program number 5724-I81. It will also apply to<br />
all subsequent versions, releases, <strong>and</strong> modifications until otherwise indicated in new editions.<br />
This edition replaces SC34-6372. Technical changes to the text are indicated by a vertical line to the left of the<br />
change.<br />
© Copyright International Business Machines Corporation 1996, 2006. All rights reserved.<br />
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract<br />
with <strong>IBM</strong> Corp.
Contents<br />
About this book . . . . . . . . . . . vii<br />
Installation path . . . . . . . . . . . . viii<br />
What’s new on the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> on the <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong><br />
platform . . . . . . . . . . . . . . ix<br />
Chapter 1. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
overview . . . . . . . . . . . . . . 1<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> Version 7.0 scenarios . .2<br />
What <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> provides . . . .3<br />
A <strong>Gateway</strong> daemon . . . . . . . . . . .3<br />
The <strong>Gateway</strong> classes . . . . . . . . . . .3<br />
J2EE resource adapters . . . . . . . . . .4<br />
A Client daemon . . . . . . . . . . . .4<br />
The external access interfaces (ECI, EPI, ESI) . . .4<br />
Additional functions . . . . . . . . . . . .5<br />
3270 terminal emulation (cicsterm) . . . . . .5<br />
3270 printer support (cicsprnt) . . . . . . .5<br />
Controlling the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> . . .5<br />
Controlling the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
dynamically . . . . . . . . . . . . .6<br />
Network security . . . . . . . . . . . . .6<br />
Encryption . . . . . . . . . . . . . .7<br />
Digital signatures <strong>and</strong> digital certificates . . . .7<br />
Obtaining a digital certificate . . . . . . . .8<br />
Key rings <strong>and</strong> KeyStores . . . . . . . . .9<br />
Authentication using SSL . . . . . . . . .9<br />
Security exits . . . . . . . . . . . . .10<br />
The J2EE resource adapters . . . . . . . . .10<br />
Dynamic Logical Partitioning (DLPAR, AIX only) . .11<br />
Local mode explained . . . . . . . . . . .11<br />
Benefits of local mode . . . . . . . . . .12<br />
Benefits of remote mode . . . . . . . . .16<br />
Considerations when deciding whether to use<br />
local mode . . . . . . . . . . . . .17<br />
Enabling local mode . . . . . . . . . .17<br />
Chapter 2. Planning your installation 19<br />
Hardware requirements . . . . . . . . . .19<br />
Supported software . . . . . . . . . . . .19<br />
Operating systems . . . . . . . . . . .19<br />
Web browsers . . . . . . . . . . . .21<br />
Java support for the <strong>Gateway</strong> daemon . . . .21<br />
Java support for the resource adapters <strong>and</strong> Java<br />
Client applications . . . . . . . . . . .21<br />
JSSE . . . . . . . . . . . . . . .22<br />
<strong>CICS</strong> servers . . . . . . . . . . . . .22<br />
J2EE application servers . . . . . . . . .22<br />
SNA communications . . . . . . . . . .23<br />
TCP/IP communications . . . . . . . . .23<br />
TCP62 communications . . . . . . . . .23<br />
Compilers <strong>and</strong> application development tools .23<br />
Other tools . . . . . . . . . . . . .24<br />
GPL licence <strong>and</strong> copyright issues on <strong>Linux</strong> . . .24<br />
<strong>CICS</strong> server PTF requirements . . . . . . . .24<br />
Terminal Sign-on capability . . . . . . . .24<br />
Timeout support . . . . . . . . . . . .24<br />
Communication with <strong>CICS</strong> servers . . . . . .25<br />
Restrictions on <strong>CICS</strong> <strong>Transaction</strong> Server for<br />
iSeries . . . . . . . . . . . . . . .26<br />
Why use a particular protocol? . . . . . . .26<br />
DBCS multibyte characters . . . . . . . . .26<br />
Server code page support . . . . . . . . . .27<br />
Chapter 3. Installing the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> . . . . . . . . 29<br />
Choosing what to install . . . . . . . . . .29<br />
Before you install the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> . .29<br />
Known issues . . . . . . . . . . . . .29<br />
Installing with the InstallShield wizard . . . . .30<br />
Installing from the console . . . . . . . . .30<br />
Installing silently . . . . . . . . . . . .31<br />
Creating a response file . . . . . . . . .31<br />
Using the response file to install silently . . . .31<br />
Installing silently with no response file . . . .31<br />
Actions after installation . . . . . . . . . .31<br />
Install the Java runtime environment . . . . .31<br />
Installing a shared library on Red Hat Enterprise<br />
<strong>Linux</strong> V3 . . . . . . . . . . . . . .31<br />
Adding features after installation . . . . . . .32<br />
Removing features . . . . . . . . . . . .32<br />
Updating the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> . . . .32<br />
Uninstalling the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> . . . .32<br />
Uninstalling from the console . . . . . . .32<br />
Uninstalling silently . . . . . . . . . .32<br />
Installation <strong>and</strong> uninstallation logs . . . . . .32<br />
National language support . . . . . . . . .33<br />
Using an alternative code set on AIX . . . . .33<br />
Using an alternative code set on other operating<br />
systems . . . . . . . . . . . . . . .34<br />
Using X-Window System from a remote system . .34<br />
Chapter 4. Setting up communication<br />
with <strong>CICS</strong> servers . . . . . . . . . . 37<br />
TCP/IP configuration . . . . . . . . . . .37<br />
Verifying the TCP/IP installation . . . . . .37<br />
On <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS . . . .37<br />
Next steps . . . . . . . . . . . . . .39<br />
TCP62 configuration . . . . . . . . . . .39<br />
On z/OS . . . . . . . . . . . . . .40<br />
On <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS . . . .40<br />
On the client workstation . . . . . . . . .41<br />
Firewall implications . . . . . . . . . .41<br />
KeepAlive packets . . . . . . . . . . .41<br />
Next steps . . . . . . . . . . . . . .41<br />
SNA configuration . . . . . . . . . . . .41<br />
Configuring for the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> 42<br />
Configuring SNA Communications product . .43<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 iii
|<br />
Defining SNA connections on <strong>CICS</strong> <strong>Transaction</strong><br />
Server for z/OS . . . . . . . . . . . .44<br />
Data conversion . . . . . . . . . . . . .45<br />
Configuring message queues . . . . . . . .46<br />
Message queues on HP-UX . . . . . . . .46<br />
Message queues on <strong>Linux</strong> . . . . . . . .46<br />
Message queues on Solaris . . . . . . . .47<br />
Chapter 5. Configuration . . . . . . . 49<br />
Before you start to configure your system . . . .49<br />
Gather information . . . . . . . . . . .49<br />
Configure your programming environment . . .49<br />
Recommended Java options for the Solaris JVM 49<br />
Using the Configuration Tool . . . . . . . .50<br />
Running the Configuration Tool for a different<br />
operating system . . . . . . . . . . .50<br />
The Configuration Tool interface . . . . . .50<br />
Configuring <strong>Gateway</strong> daemon settings . . . .53<br />
Configuring Client daemon settings . . . . .64<br />
Configuring Server settings . . . . . . . .70<br />
Trace settings . . . . . . . . . . . . .79<br />
Applying your changes to the system . . . .82<br />
J2EE setup <strong>and</strong> configuration . . . . . . . .82<br />
<strong>Transaction</strong> management models . . . . . .82<br />
Deploying <strong>CICS</strong> resource adapters . . . . . .82<br />
Tracing . . . . . . . . . . . . . . .87<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> logging facility . .88<br />
Setting up the environment for <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> logging . . . . . . . . . . .88<br />
Sample configuration <strong>and</strong> mapping files . . . . .89<br />
Keyboard mapping for cicsterm . . . . . . .89<br />
Keyboard mapping file syntax . . . . . . .90<br />
The keyboard mapping file . . . . . . . .90<br />
Customizing the screen colors for cicsterm . . . .91<br />
Color mapping syntax . . . . . . . . . .92<br />
The color mapping file . . . . . . . . .92<br />
Preparing to use local <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
support . . . . . . . . . . . . . . . .93<br />
Checking your configuration . . . . . . . .93<br />
Chapter 6. Network Security . . . . . 95<br />
Java Secure Socket Extension (JSSE) . . . . . .95<br />
Migrating to JSSE . . . . . . . . . . .95<br />
Migrating keys <strong>and</strong> certificates . . . . . . .95<br />
Maintaining your digital certificates for JSSE . .96<br />
Using iKeyMan to manage self-signed certificates<br />
under JSSE . . . . . . . . . . . . .97<br />
Using externally signed certificates under JSSE 100<br />
Using keytool for certificate management . . . 100<br />
Transport Layer Security . . . . . . . . . 105<br />
Configuring <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> for SSL 106<br />
SSL configuration settings . . . . . . . . 106<br />
Using the SSL protocol . . . . . . . . . 106<br />
Chapter 7. Client security . . . . . . 107<br />
Client security overview . . . . . . . . . . 107<br />
Default connection settings . . . . . . . . . 107<br />
ECI security . . . . . . . . . . . . . . 108<br />
EPI terminal security . . . . . . . . . . . 108<br />
Changing the user ID <strong>and</strong> password . . . . 108<br />
iv <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
Password expiry management . . . . . . . . 109<br />
Sign-on capable <strong>and</strong> sign-on incapable terminals 109<br />
Specifying the sign-on capability of a terminal 109<br />
Chapter 8. Performance . . . . . . . 113<br />
Assessing system performance . . . . . . . .113<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> threading model 113<br />
Tuning your configuration parameters . . . . .115<br />
Java considerations . . . . . . . . . . .116<br />
Other system factors . . . . . . . . . . .117<br />
Tracing <strong>and</strong> performance . . . . . . . . .118<br />
Performance monitoring tools . . . . . . . .118<br />
Chapter 9. Operating the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> . . . . . . . . 121<br />
Starting the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> . . . . . 121<br />
Stopping the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> . . . . 121<br />
Changing the system time . . . . . . . . . 121<br />
Chapter 10. Operating the <strong>Gateway</strong><br />
daemon . . . . . . . . . . . . . . 123<br />
Starting the <strong>Gateway</strong> daemon . . . . . . . . 123<br />
Starting the <strong>Gateway</strong> daemon with preset<br />
options . . . . . . . . . . . . . . 123<br />
Starting the <strong>Gateway</strong> daemon with<br />
user-specified options . . . . . . . . . 123<br />
Stopping the <strong>Gateway</strong> daemon . . . . . . . 125<br />
Running the <strong>Gateway</strong> daemon in the background 126<br />
Administering your system . . . . . . . . . 126<br />
Setting the <strong>Gateway</strong> trace . . . . . . . . 127<br />
Setting the JNI trace . . . . . . . . . . 127<br />
Setting <strong>Gateway</strong> <strong>and</strong> JNI trace . . . . . . . 127<br />
Querying trace settings . . . . . . . . . 127<br />
Shutting down the <strong>Gateway</strong> daemon . . . . 127<br />
Getting help . . . . . . . . . . . . . 127<br />
<strong>Administration</strong> options . . . . . . . . . 127<br />
Chapter 11. Operating the Client<br />
daemon . . . . . . . . . . . . . . 133<br />
The cicscli comm<strong>and</strong> . . . . . . . . . . . 133<br />
Starting the Client daemon . . . . . . . . 133<br />
Starting connections with additional servers . . 134<br />
Shutting down the Client daemon normally . . 134<br />
Shutting down the Client daemon immediately 134<br />
Restarting the Client daemon normally . . . . 134<br />
Restarting the Client daemon immediately . . 135<br />
Starting client tracing . . . . . . . . . . 135<br />
Specifying the trace components . . . . . . 135<br />
Stopping client tracing . . . . . . . . . 135<br />
Security considerations for trace <strong>and</strong> log files 136<br />
Setting up security for the Client daemon . . . 136<br />
Displaying information about the version of the<br />
Client daemon . . . . . . . . . . . . 137<br />
Listing the connected servers . . . . . . . 137<br />
Disabling the display of messages from the<br />
Client daemon . . . . . . . . . . . . 137<br />
Destination for error messages . . . . . . . 137<br />
Displaying comm<strong>and</strong> options for the Client<br />
daemon . . . . . . . . . . . . . . 137
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
cicscli comm<strong>and</strong> reference . . . . . . . . . 137<br />
Changing the system time . . . . . . . . . 141<br />
Chapter 12. Terminal Emulation . . . 143<br />
Summary of Terminal Emulation comm<strong>and</strong>s . . . 143<br />
The cicsterm comm<strong>and</strong> . . . . . . . . . . 143<br />
Using cicsterm . . . . . . . . . . . . 143<br />
Stopping a terminal emulator . . . . . . . 144<br />
cicsterm <strong>and</strong> user exits . . . . . . . . . 144<br />
cicsterm <strong>and</strong> RETURN TRANSID IMMEDIATE 144<br />
Using clients for X-Window System . . . . . 145<br />
Keyboard mapping in cicsterm . . . . . . 145<br />
cicsterm comm<strong>and</strong> reference . . . . . . . . 145<br />
The cicsprnt comm<strong>and</strong> . . . . . . . . . . 147<br />
Using cicsprnt . . . . . . . . . . . . 148<br />
cicsprnt <strong>and</strong> user exits . . . . . . . . . 148<br />
cicsprnt <strong>and</strong> RETURN TRANSID IMMEDIATE 149<br />
cicsprnt comm<strong>and</strong> reference . . . . . . . . 149<br />
Chapter 13. Problem determination<br />
<strong>and</strong> problem solving . . . . . . . . 153<br />
Problem determination: preliminary checks . . . 153<br />
What to do next . . . . . . . . . . . 154<br />
Problems installing the product . . . . . . . 154<br />
Problems with the <strong>Gateway</strong> daemon . . . . . 155<br />
Messages . . . . . . . . . . . . . . 155<br />
Tracing . . . . . . . . . . . . . . 155<br />
Diagnosing common problems: <strong>Gateway</strong><br />
daemon . . . . . . . . . . . . . . 157<br />
Problems with the Client daemon . . . . . . 162<br />
Messages . . . . . . . . . . . . . . 162<br />
Tracing . . . . . . . . . . . . . . 162<br />
Diagnosing common problems: Client daemon 168<br />
Problems with Client applications . . . . . 176<br />
Telnet clients . . . . . . . . . . . . 176<br />
Problems running the Configuration Tool . . . . 177<br />
Program support . . . . . . . . . . . . 177<br />
Reporting problems . . . . . . . . . . 177<br />
Documenting problems . . . . . . . . . 178<br />
Locating <strong>and</strong> compiling information . . . . . 179<br />
Submitting the documentation . . . . . . . 179<br />
APARs <strong>and</strong> fixes . . . . . . . . . . . 180<br />
Chapter 14. Migration . . . . . . . . 181<br />
Migrating to Version 7 . . . . . . . . . . 181<br />
Migration considerations at Version 6 . . . . . 181<br />
HTTP <strong>and</strong> HTTPS protocols . . . . . . . 181<br />
Supported ECI <strong>and</strong> EPI versions . . . . . . 182<br />
Configuration file: change of default name . . 182<br />
User exits: change of file name . . . . . . 182<br />
<strong>Linux</strong> C++ applications . . . . . . . . . 182<br />
Deprecated features . . . . . . . . . . 182<br />
Migration: support for resource adapters . . . . 183<br />
Migrating from <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> Version<br />
4 <strong>and</strong> earlier . . . . . . . . . . . . . . 183<br />
Chapter 15. Statistics introduction 185<br />
Which statistics do I need? . . . . . . . . . 185<br />
Statistics for tuning <strong>and</strong> capacity planning . . 185<br />
Statistics to diagnose system problems . . . . 186<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Statistics on resource usage . . . . . . . . 186<br />
Statistics for throughput analysis . . . . . . 187<br />
Setting up your system for statistics . . . . . . 187<br />
Displaying statistics . . . . . . . . . . . 187<br />
Displaying all available statistics . . . . . . 188<br />
Selecting the statistics to display . . . . . . 188<br />
Listing available resource groups . . . . . . 188<br />
Listing all available statistical IDs . . . . . 188<br />
Listing statistical IDs for selected resource<br />
groups . . . . . . . . . . . . . . 189<br />
Getting help on statistics . . . . . . . . 189<br />
Resource groups . . . . . . . . . . . . 189<br />
List of statistics . . . . . . . . . . . . . 189<br />
Connection manager statistics . . . . . . . 190<br />
<strong>Gateway</strong> daemon statistics . . . . . . . . 191<br />
Protocol h<strong>and</strong>ler statistics . . . . . . . . 192<br />
Worker thread statistics . . . . . . . . . 192<br />
Appendix A. Data conversion when<br />
using the Client daemon <strong>and</strong> a <strong>CICS</strong><br />
server . . . . . . . . . . . . . . 193<br />
Supported conversions . . . . . . . . . . 193<br />
Arabic . . . . . . . . . . . . . . . 194<br />
Baltic Rim . . . . . . . . . . . . . 195<br />
Cyrillic . . . . . . . . . . . . . . 195<br />
Estonian . . . . . . . . . . . . . . 196<br />
Greek . . . . . . . . . . . . . . . 196<br />
Hebrew . . . . . . . . . . . . . . 196<br />
Japanese . . . . . . . . . . . . . . 197<br />
Korean . . . . . . . . . . . . . . 198<br />
Latin-1 <strong>and</strong> Latin-9 . . . . . . . . . . 199<br />
Latin-2 . . . . . . . . . . . . . . 200<br />
Latin-5 . . . . . . . . . . . . . . 200<br />
Simplified Chinese . . . . . . . . . . 201<br />
Traditional Chinese . . . . . . . . . . 201<br />
Vietnamese . . . . . . . . . . . . . 202<br />
Unicode data . . . . . . . . . . . . 202<br />
Appendix B. Editing the configuration<br />
file ctg.ini . . . . . . . . . . . . . 203<br />
ctg.ini: GATEWAY section . . . . . . . . . 203<br />
TCP protocol . . . . . . . . . . . . 205<br />
SSL protocol . . . . . . . . . . . . . 205<br />
ctg.ini: CLIENT section . . . . . . . . . . 206<br />
ctg.ini: SERVER section . . . . . . . . . . 207<br />
ctg.ini: DRIVER section . . . . . . . . . . 208<br />
The product library <strong>and</strong> related<br />
literature . . . . . . . . . . . . . 211<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> books . . . . . . .211<br />
Sample configuration documents . . . . . . .211<br />
Redbooks . . . . . . . . . . . . . . .211<br />
Other Useful Books . . . . . . . . . . . 212<br />
<strong>CICS</strong> <strong>Transaction</strong> Server publications . . . . 212<br />
APPC-related publications . . . . . . . . 213<br />
TCP62–related publications . . . . . . . . 213<br />
Obtaining books from <strong>IBM</strong> . . . . . . . . . 213<br />
Contents v
Accessibility features for <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> . . . . . . . . 215<br />
Installation . . . . . . . . . . . . . . 215<br />
Documentation . . . . . . . . . . . . . 215<br />
Configuration Tool accessibility . . . . . . . 215<br />
Components . . . . . . . . . . . . . 215<br />
Keys . . . . . . . . . . . . . . . 215<br />
Customizing colors <strong>and</strong> fonts . . . . . . . 218<br />
cicsterm . . . . . . . . . . . . . . . 218<br />
vi <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
Glossary . . . . . . . . . . . . . 221<br />
Index . . . . . . . . . . . . . . . 237<br />
Notices . . . . . . . . . . . . . . 243<br />
Trademarks . . . . . . . . . . . . . . 244<br />
Sending your comments to <strong>IBM</strong> . . . 247
About this book<br />
“What’s new on the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> on the<br />
<strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> platform” on<br />
page ix<br />
Chapter 1, “<strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> overview,” on page 1<br />
Chapter 2, “Planning your<br />
installation,” on page 19<br />
Chapter 3, “Installing the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>,” on page<br />
29<br />
Chapter 4, “Setting up<br />
communication with <strong>CICS</strong><br />
servers,” on page 37<br />
Chapter 5, “Configuration,” on<br />
page 49<br />
Chapter 6, “Network Security,”<br />
on page 95<br />
Chapter 7, “Client security,” on<br />
page 107<br />
Chapter 8, “Performance,” on<br />
page 113<br />
Chapter 9, “Operating the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>,” on page<br />
121<br />
Chapter 10, “Operating the<br />
<strong>Gateway</strong> daemon,” on page<br />
123<br />
Chapter 11, “Operating the<br />
Client daemon,” on page 133<br />
Chapter 13, “Problem<br />
determination <strong>and</strong> problem<br />
solving,” on page 153<br />
Chapter 14, “Migration,” on<br />
page 181<br />
This book describes the planning, installation, configuration, <strong>and</strong> operation, of the<br />
<strong>IBM</strong> ®<br />
<strong>CICS</strong> ®<br />
<strong>Transaction</strong> <strong>Gateway</strong> product.<br />
You should be familiar with the operating system on which your <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> runs, <strong>and</strong> also with Internet terminology.<br />
Read this for information on functional changes made in this version of <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>.<br />
Read this for an overview of <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> <strong>and</strong> the functions it<br />
provides.<br />
Read this for information on planning your installation, including the hardware<br />
<strong>and</strong> software you need to run <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
Read this for information on how to install <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
Read this for information on how to set up communication links between <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> <strong>and</strong> <strong>CICS</strong> servers.<br />
Read this for information on how to configure your <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
Read this for information on how to set up <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> to use the<br />
SSLnetwork security protocol.<br />
Read this for information on how to provide a user ID <strong>and</strong> password when<br />
connecting to a <strong>CICS</strong> server.<br />
Read this for information on how to tune your <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, <strong>and</strong><br />
other system components, to achieve the best possible performance.<br />
Read this for information on how to operate the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
Read this for information on how to operate the <strong>Gateway</strong> daemon.<br />
Read this for information on how to operate the Client daemon of <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>.<br />
Read this for information on problem determination <strong>and</strong> problem solving.<br />
Read this if you are currently using an earlier version of <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
or <strong>CICS</strong> Universal Client.<br />
Statistics Read this for information about statistics that the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
provides.<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 vii
Installation path<br />
The term is used in file paths to represent the directory where you<br />
installed the product. The default location for new installations is:<br />
<strong>UNIX</strong> ®<br />
<strong>Linux</strong> ®<br />
platforms<br />
/opt/<strong>IBM</strong>/cicstg<br />
platforms<br />
/opt/ibm/cicstg<br />
If you are upgrading, the installation process keeps your existing directory<br />
structure.<br />
viii <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
What’s new on the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> on the <strong>UNIX</strong><br />
<strong>and</strong> <strong>Linux</strong> platform<br />
This edition replaces SC34-6372-01. Technical changes to the text are indicated by a<br />
vertical line to the left of the change.<br />
v Online statistics for real-time monitoring of <strong>CICS</strong> TG systems, enabling current<br />
activity to be monitored proactively; see Chapter 15, “Statistics introduction,” on<br />
page 185, <strong>and</strong> “Displaying statistics” on page 187.<br />
v Support for Internet Protocol V6 (IPv6) connections from remote Java <br />
clients,<br />
providing for better routing, enhanced security, <strong>and</strong> global scalability delivered<br />
in this latest version of the IP st<strong>and</strong>ard. This affects the “Bind Address” on page<br />
60 configuration setting.<br />
v Support for the Transport Layer Security (TLS) 1.0 protocol enabling more<br />
stringent encryption capabilities <strong>and</strong> better interoperation with a variety of<br />
secure clients; see “Transport Layer Security” on page 105.<br />
v The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> JCA resource adapters can be used in remote<br />
mode from a WebSphere ®<br />
Application Server running in a 64-bit runtime<br />
environment; see “Java support for the resource adapters <strong>and</strong> Java Client<br />
applications” on page 21.<br />
v JVM <strong>and</strong> system configuration dumps are available; see “JVM <strong>and</strong> system<br />
dumps” on page 161.<br />
v A new configurable server idle timeout option to reduce network overheads of<br />
many attached clients; see “Server idle timeout (mins)” on page 72.<br />
v Extensions to Systems Network Architecture (SNA) support to include the <strong>Linux</strong><br />
on Intel ®<br />
, <strong>Linux</strong> on POWER , <strong>and</strong> Sun Solaris environments, allowing you to<br />
maintain your SNA infrastructure or migrate away from TCP62 environments;<br />
see “SNA configuration” on page 41.<br />
Removed <strong>and</strong> changed function<br />
For information on removed <strong>and</strong> changed function, see “Migrating to Version 7”<br />
on page 181.<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 ix
x <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Chapter 1. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> overview<br />
Figure 1. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
<strong>IBM</strong> <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> provides secure, easy access from Java Client<br />
applications to <strong>CICS</strong> applications, using st<strong>and</strong>ard Internet protocols in a range of<br />
configurations. It is a robust <strong>and</strong> scalable complement to a J2EE application server.<br />
You can implement it as an e-business connector for <strong>IBM</strong> WebSphere Application<br />
Server, which is a J2EE-compliant runtime environment for Java servlets <strong>and</strong><br />
enterprise beans. An API is provided that allows Java programmers to take<br />
advantage of features provided in J2EE-compliant runtime environments.<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> runs on a wide variety of operating systems. On<br />
operating systems other than z/OS ® , <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> can access many<br />
different types of <strong>CICS</strong> server. On z/OS, the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> can access<br />
only <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS. See “Supported software” on page 19 for<br />
information on supported operating systems <strong>and</strong> <strong>CICS</strong> servers.<br />
On operating systems other than z/OS, <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> uses a Client<br />
daemon to route External Call Interface (ECI), External Presentation Interface (EPI),<br />
<strong>and</strong> External Security Interface (ESI) requests to a <strong>CICS</strong> server (see “The external<br />
access interfaces (ECI, EPI, ESI)” on page 4). On z/OS, <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
can route only ECI requests, <strong>and</strong> has no Client daemon.<br />
Figure 1 shows how a web client can access <strong>CICS</strong> programs <strong>and</strong> data. Note that<br />
the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is shown as installed on a J2EE application server<br />
machine. This is necessary only if you are using the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
with Java applets or servlets.<br />
Communication between <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> <strong>and</strong> the Client application<br />
uses the following protocols:<br />
v TCP/IP sockets<br />
v Secure Sockets Layer (SSL)<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 1
TCP/IP sockets <strong>and</strong> SSL provide an efficient method of communication for intranet<br />
applications.<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> can manage many concurrent links to connected Web<br />
browsers. It can also control asynchronous conversations to multiple <strong>CICS</strong> servers.<br />
The multithreaded architecture of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> enables a single<br />
<strong>Gateway</strong> to support multiple concurrently connected users.<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> Version 7.0 scenarios<br />
A number of parts, both internal <strong>and</strong> external to the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, are<br />
used when creating a business solution using the product. Figure 2 shows some of<br />
the possible scenarios, <strong>and</strong> the terminology used.<br />
Figure 2. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> uses, with their associated terminology<br />
The following explains the terms used in Figure 2:<br />
<strong>Gateway</strong> daemon<br />
This is a long running Java process used only in remote mode. The<br />
<strong>Gateway</strong> daemon listens for network requests from remote Java Client<br />
applications. It issues these requests to <strong>CICS</strong> using the facilities of the<br />
Client daemon on <strong>UNIX</strong>, Windows ®<br />
<strong>and</strong> <strong>Linux</strong> platforms, or using the<br />
EXCI on z/OS. The <strong>Gateway</strong> daemon runs the protocol listener threads,<br />
the connection manager threads <strong>and</strong> the worker threads. It uses the<br />
2 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
GATEWAY section of ctg.ini (<strong>and</strong> on z/OS the STDENV file or the<br />
ctgenvvar script) for its configuration.<br />
Client daemon<br />
The Client daemon, process cclclnt, exists only on <strong>UNIX</strong>, Windows <strong>and</strong><br />
<strong>Linux</strong>. It manages network connections to <strong>CICS</strong> servers. It processes ECI,<br />
EPI, <strong>and</strong> ESI requests, sending <strong>and</strong> receiving the appropriate flows from<br />
the <strong>CICS</strong> server to satisfy the application requests. It uses the CLIENT<br />
section of ctg.ini for its configuration.<br />
<strong>Gateway</strong> classes<br />
This is the Java class library used by Java Client applications to invoke<br />
services in <strong>CICS</strong>.<br />
External <strong>CICS</strong> Interface (EXCI)<br />
An MVS ®<br />
application programming interface provided by <strong>CICS</strong><br />
<strong>Transaction</strong> Server for z/OS that enables a non-<strong>CICS</strong> program to call a<br />
<strong>CICS</strong> program <strong>and</strong> to pass <strong>and</strong> receive data by means of a COMMAREA.<br />
The <strong>CICS</strong> application program is invoked as if linked-to by another <strong>CICS</strong><br />
application program. The EXCI is used as the communications interface by<br />
the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> for z/OS. Compare with External Call<br />
Interface (ECI).<br />
Client API<br />
This is the interface used by Client applications to invoke services in <strong>CICS</strong><br />
using the facilities of the Client daemon. See External Call Interface,<br />
External Presentation Interface <strong>and</strong> External Security Interface.<br />
Client application<br />
A user application written in a supported programming language, other<br />
than Java, that uses the Client API.<br />
Java Client application<br />
A user application written in Java, including servlets <strong>and</strong> enterprise beans,<br />
that uses the <strong>Gateway</strong> classes.<br />
local mode<br />
A term that describes the use of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> local<br />
protocol. The <strong>Gateway</strong> daemon is not used in local mode.<br />
remote mode<br />
A term that describes the use of one of the supported <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> network protocols to connect to the <strong>Gateway</strong> daemon. See<br />
<strong>Gateway</strong> daemon.<br />
What <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> provides<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> provides the following:<br />
A <strong>Gateway</strong> daemon<br />
The <strong>Gateway</strong> daemon communicates with <strong>CICS</strong> applications running on <strong>CICS</strong><br />
servers through ECI, EPI, or ESI. It is usually resident on a J2EE application server.<br />
The <strong>Gateway</strong> classes<br />
This Java library includes classes that:<br />
v Provide Application Programming Interfaces (APIs) for ECI, EPI, <strong>and</strong> ESI.<br />
This allows communication between Java Client applications <strong>and</strong> the <strong>Gateway</strong><br />
daemon.<br />
Chapter 1. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> overview 3
v Allow Java Client applications to communicate with transactions on a server <strong>and</strong><br />
h<strong>and</strong>le 3270 data streams.<br />
v Allow your Java Client applications to use the SSL network security protocol.<br />
J2EE resource adapters<br />
These provide a J2EE-compliant interface to <strong>CICS</strong> for your Java Client applications.<br />
A Client daemon<br />
The Client daemon can support concurrent, ECI, <strong>and</strong> EPI calls to one or more <strong>CICS</strong><br />
servers.<br />
The Client daemon can communicate with multiple <strong>CICS</strong> servers using a variety of<br />
protocols. See “Communication with <strong>CICS</strong> servers” on page 25. Support for a<br />
protocol may be provided by one or more communication software products, so<br />
you can use the products best suited to your network environment. See<br />
“Supported software” on page 19.<br />
The way that the Client daemon operates, <strong>and</strong> the servers <strong>and</strong> protocols used for<br />
communication, are defined in the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> initialization file.<br />
You can use the Configuration Tool to define these settings. See Chapter 5,<br />
“Configuration,” on page 49.<br />
The external access interfaces (ECI, EPI, ESI)<br />
An external interface allows non-<strong>CICS</strong> applications to access <strong>and</strong> update <strong>CICS</strong><br />
resources by calling <strong>CICS</strong> programs, or by initiating <strong>CICS</strong> transactions. When used<br />
in conjunction with the <strong>CICS</strong> communication facilities, it enables non-<strong>CICS</strong><br />
programs to access <strong>and</strong> update resources on any <strong>CICS</strong> system. This supports such<br />
activities as developing graphical user interface (GUI) front ends for <strong>CICS</strong><br />
applications, <strong>and</strong> allows the integration of <strong>CICS</strong> systems <strong>and</strong> non-<strong>CICS</strong> systems.<br />
External Call Interface (ECI)<br />
The ECI enables a user application to call a <strong>CICS</strong> program synchronously<br />
or asynchronously. It enables the design of new applications to be<br />
optimized for client/server operation, with the business logic on the server<br />
<strong>and</strong> the presentation logic on the client.<br />
External Presentation Interface (EPI)<br />
The EPI enables a user application to act as a logical 3270 terminal <strong>and</strong> so<br />
control a <strong>CICS</strong> 3270 application. It enables modern technologies, such as<br />
graphical or multimedia interfaces, to be used with traditional <strong>CICS</strong> 3270<br />
applications.<br />
External Security Interface (ESI)<br />
The ESI enables user applications to verify <strong>and</strong> change passwords for<br />
specified user IDs that are managed by an external security manager (ESM)<br />
on a <strong>CICS</strong> server.<br />
For more information on the external access interfaces, see <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong>: Programming Guide <strong>and</strong> <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming Reference.<br />
4 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Additional functions<br />
3270 terminal emulation (cicsterm)<br />
<strong>CICS</strong> 3270 terminal emulation enables a <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> system to<br />
function as a 3270 display for <strong>CICS</strong> applications, without needing a separate 3270<br />
emulator product. Multiple <strong>CICS</strong> 3270 emulation sessions can run to one or more<br />
<strong>CICS</strong> servers.<br />
You can use mapping files to customize the client emulator’s screen color attributes<br />
<strong>and</strong> keyboard settings, for example, to comply with company st<strong>and</strong>ard keyboard<br />
layouts.<br />
<strong>CICS</strong> Client terminal definitions are autoinstalled on the <strong>CICS</strong> server, <strong>and</strong> do not<br />
have to be predefined.<br />
3270 printer support (cicsprnt)<br />
<strong>CICS</strong> 3270 printer support allows you to define a printer terminal on a <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> system. This enables <strong>CICS</strong> applications running on a server to<br />
send output to a printer attached to the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
You can send output to a physical printer or you can specify a comm<strong>and</strong> to<br />
process the data into a format more suitable for special-purpose printers.<br />
<strong>CICS</strong> 3270 printer support uses <strong>CICS</strong> 3270 terminal emulation functions. See<br />
Table 1 on page 25 for information on which <strong>CICS</strong> servers currently support <strong>CICS</strong><br />
3270 emulation <strong>and</strong> hence <strong>CICS</strong> 3270 client printer support.<br />
Controlling the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
Comm<strong>and</strong>s are provided to:<br />
v Control the <strong>Gateway</strong> daemon<br />
You can:<br />
– Specify the TCP/IP port on which the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> listens.<br />
– Specify the initial number <strong>and</strong> maximum number of ConnectionManager<br />
threads<br />
– Specify the initial number <strong>and</strong> maximum number of worker threads<br />
– Enable st<strong>and</strong>ard tracing<br />
– Disable the reading of input from the console<br />
– Specify the file to which trace output is written<br />
– Enable full debug tracing<br />
– Specify the maximum size of the trace output file<br />
– Specify the maximum size of any data blocks that are shown in the trace<br />
– Enable the display of symbolic TCP/IP host names in messages<br />
– Specify the offset from which displays of any data blocks start<br />
– Enable Java exception stack tracing<br />
– Pass an argument to the JVM<br />
v Control the Client daemon<br />
You can:<br />
– Start or stop the client daemon<br />
– Turn client trace on or off<br />
– Specify the client components to be traced<br />
– Set up security by specifying user IDs <strong>and</strong> passwords for a <strong>CICS</strong> server<br />
– List connected servers<br />
Chapter 1. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> overview 5
Network security<br />
– Enable <strong>and</strong> disable the display of messages<br />
– Perform controlled restarts of the client daemon<br />
v Control terminal emulation<br />
You can:<br />
– Start <strong>and</strong> stop the terminal emulator<br />
– Specify the initial transaction<br />
– Define the terminal characteristics<br />
– Specify the name of the keyboard <strong>and</strong> screen color mapping files<br />
– Define the comm<strong>and</strong> used to process print requests<br />
– Specify the name of a file used for appending print requests<br />
v Control client printer operation<br />
You can:<br />
– Start <strong>and</strong> stop the client printer emulator<br />
– Specify the initial transaction to be run against the client printer<br />
– Define the printer terminal characteristics<br />
– Define the comm<strong>and</strong> used to process print requests<br />
– Specify the name of a file used for appending print requests<br />
Controlling the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> dynamically<br />
Using the ctgadmin script, you can:<br />
v Set the trace for the <strong>Gateway</strong> daemon<br />
v Set JNI trace<br />
v Query trace options<br />
v Shut down the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> provides comprehensive support for secure<br />
communication, which is critical to successful Internet operation. The secure<br />
network protocol SSL allows your Client applications <strong>and</strong> Java Client applications,<br />
to communicate securely with your <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>. Network security<br />
<strong>and</strong> its implementation on <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is discussed in detail in<br />
Chapter 6, “Network Security,” on page 95; the following sections summarize the<br />
functions provided by SSL.<br />
The characteristics of secure communication are:<br />
Confidentiality<br />
Integrity<br />
Accountability<br />
6 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
The content of messages remains private as they pass over the Internet, or<br />
your intranet.<br />
Data exchanged between the client <strong>and</strong> the server is encrypted. Only your<br />
client (your application or servlet) <strong>and</strong> your server (the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong>) can make sense of the data.<br />
Messages are not altered during transmission.<br />
Integrity guarantees that the message you sent reaches the recipient intact.<br />
Encryption <strong>and</strong> digital signatures ensure integrity.
Authenticity<br />
The sender <strong>and</strong> the receiver both agree that the exchange took place.<br />
Accountability settles any disputes over whether the message was sent <strong>and</strong><br />
received. Digital signatures ensure accountability, so that you can identify<br />
who is responsible if something goes wrong.<br />
You know who you are talking to <strong>and</strong> that you can trust that person.<br />
Authenticity requires verification of identities, so that you can be sure that<br />
others are who they say they are. Digital signatures <strong>and</strong> digital certificates<br />
ensure authenticity.<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>’s implementation of the SSL protocol provides<br />
server authentication. This means that when a client establishes a connection<br />
with <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, it must authenticate the server’s details.<br />
You can also enable client authentication. This means that the server will<br />
authenticate the client’s details.<br />
Encryption<br />
Encryption ensures confidentiality in transmissions sent over the Internet. In its<br />
simplest form, encryption is the scrambling of a message so that it cannot be read<br />
until it is unscrambled later by the receiver. The sender uses an algorithmic<br />
pattern, or key, to encrypt the message, <strong>and</strong> the receiver uses a decryption key to<br />
unscramble the message.<br />
Two kinds of key can be used for encryption:<br />
Symmetric keys<br />
The sender <strong>and</strong> receiver use the same key to encrypt <strong>and</strong> decrypt the<br />
message. The risk with symmetric keys is that you need a safe<br />
transportation method to use when sending your key to the people with<br />
whom you want to communicate.<br />
Asymmetric keys<br />
These consists of a pair of keys: a public key <strong>and</strong> a private key. Unlike<br />
symmetric keys, these are different from each other. The private key holds<br />
more of the secret encryption pattern than the public key.<br />
A sender sends its public key to anyone it wants to communicate with<br />
securely. It retains the private key <strong>and</strong> protects it with a password. Only<br />
the sender can decrypt a received message encrypted with its public key,<br />
because only it has the private key.<br />
Asymmetric key encryption is also known as public key encryption.<br />
SSL uses both asymmetric <strong>and</strong> symmetric key encryption. It uses public key<br />
(asymmetric) encryption as a safe way of sharing a symmetric key between server<br />
<strong>and</strong> client. This symmetric key is then used to encrypt <strong>and</strong> decrypt all data<br />
transferred on the SSL connection. This encryption protects the data from other<br />
parties that try to eavesdrop <strong>and</strong> ensures that private information, such as credit<br />
card numbers, can be transferred securely. See “Authentication using SSL” on page<br />
9.<br />
Digital signatures <strong>and</strong> digital certificates<br />
A digital signature is a unique, mathematically computed, signature that ensures<br />
accountability.<br />
Chapter 1. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> overview 7
A digital certificate allows unique identification of an entity; it is essentially an<br />
electronic ID card, issued by a trusted third party. Digital certificates form part of<br />
the ISO authentication framework, also known as the X.509 protocol. This framework<br />
provides for authentication across networks.<br />
A digital certificate serves two purposes: it establishes the owner’s identity, <strong>and</strong> it<br />
makes the owner’s public key available. A digital certificate is issued by a certificate<br />
authority (CA), for example VeriSign, or Thawte. It is issued for only a limited time,<br />
<strong>and</strong> when its expiry date has passed, it must be replaced.<br />
A digital certificate consists of:<br />
v The public key of the person being certified<br />
v The name <strong>and</strong> address of the person being certified, also known as the<br />
Distinguished Name (DN)<br />
v The digital signature of the CA<br />
v The issue date<br />
v The expiry date<br />
The Distinguished Name is the name <strong>and</strong> address of a person or organization. You<br />
enter your Distinguished Name as part of requesting a certificate. The<br />
digitally-signed certificate includes not only your own Distinguished Name, but<br />
the Distinguished Name of the CA, which allows verification of the CA.<br />
To communicate securely, the receiver in a transmission must trust the CA that<br />
issued the certificate that the sender is using. This means that when a sender signs<br />
a message, the receiver must have the corresponding CA’s signer certificate <strong>and</strong><br />
public key designated as a trusted root key. For example, your Web browser has a<br />
default list of signer certificates for trusted CAs. If you want to trust certificates<br />
from another CA, you must receive a certificate from that CA <strong>and</strong> designate it as a<br />
trusted root key.<br />
If you send your digital certificate containing your public key to someone else,<br />
what keeps that person from misusing your digital certificate <strong>and</strong> posing as you?<br />
The answer is: your private key.<br />
A digital certificate alone is not proof of anyone’s identity. The digital certificate<br />
allows verification only of the owner’s identity, by providing the public key<br />
needed to check the owner’s digital signature. Therefore, the digital certificate<br />
owner must protect the private key that belongs with the public key in the digital<br />
certificate. If the private key were stolen, anyone could pose as the legitimate<br />
owner of the digital certificate.<br />
Obtaining a digital certificate<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> allows you to obtain digital certificates in two ways.<br />
You can buy externally-signed certificates from a certificate authority (CA), or you<br />
can establish yourself as a CA to allow you to issue self-signed X.509 certificates.<br />
Externally-signed certificates are more suitable for Internet use, while self-signed<br />
certificates might be suitable for internal use within an organization.<br />
Buying a certificate from a certificate authority<br />
If you plan to conduct commercial business on the Internet, buy a server certificate<br />
from a certificate authority (CA) such as VeriSign or Thawte.<br />
8 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
When you submit a certificate request to a CA, they require you to prove who you<br />
are before they issue you a certificate. The approval process is necessary to protect<br />
you, your organization, <strong>and</strong> the CA. The CA will digitally sign your certificate<br />
request <strong>and</strong> return the unique certificate to you by e-mail.<br />
Issuing certificates yourself<br />
If you act as a CA, you can sign your own or anyone else’s certificate request. This<br />
is a good choice if you need the certificates only within your own organization,<br />
<strong>and</strong> not for external Internet commerce. You can choose to allow access to only a<br />
carefully controlled group of key people within your intranet.<br />
Your key people should have browsers that can receive your self-signed CA<br />
certificate <strong>and</strong> designate it as a trusted root. They can then trust your<br />
communications <strong>and</strong> share information safely.<br />
See Chapter 6, “Network Security,” on page 95 for more information on obtaining<br />
digital certificates.<br />
Key rings <strong>and</strong> KeyStores<br />
Digital certificates, public keys, private keys, <strong>and</strong> trusted root keys are kept in<br />
special types of file that the security protocols can use. The Java Secure Socket<br />
Extension (JSSE) implementation of the SSL protocol uses files called KeyStores.<br />
See “Java Secure Socket Extension (JSSE)” on page 95 for information on how to<br />
create key rings <strong>and</strong> KeyStores. The SSL protocol requires access to these files to<br />
establish secure connections. See “Configuring <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> for SSL”<br />
on page 106 for information on how to provide this access.<br />
Authentication using SSL<br />
SSL allows the client to authenticate the identity of the server. This is called server<br />
authentication.<br />
SSL Version 3 also allows the server to authenticate a client. This is called client<br />
authentication, <strong>and</strong> is used if the server needs to check who a client is before<br />
responding. If SSL client authentication is enabled, the server requests the client’s<br />
certificate whenever the client makes an SSL connection. The server validates the<br />
DN information in the client request against the DN information in the client’s<br />
certificate before serving the document.<br />
SSL uses public key (asymmetric) encryption for a security “h<strong>and</strong>shake” when<br />
establishing a TCP/IP connection between the client <strong>and</strong> the server. Figure 3 on<br />
page 10 illustrates SSL h<strong>and</strong>shaking with server authentication. During the<br />
h<strong>and</strong>shake, the client receives the server’s digital (X.509) certificate. The client<br />
authenticates the server, using a list of known CAs. Also, if the client requests a<br />
document protected by SSL client authentication, the server requests the client’s<br />
certificate. The client then generates a r<strong>and</strong>om symmetric key <strong>and</strong> encrypts it using<br />
server’s public key. SSL then uses the symmetric key to encrypt <strong>and</strong> decrypt all of<br />
the information in both the client request <strong>and</strong> the server response, including:<br />
v The URL the client is requesting<br />
v The contents of any form being submitted<br />
v Authentication information, such as user names <strong>and</strong> passwords<br />
v All data sent between the client <strong>and</strong> the server<br />
Chapter 1. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> overview 9
Figure 3. SSL h<strong>and</strong>shaking with server authentication<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> supports the JSSE implementation of SSL. This is a Java<br />
implementation that provides support for 128 bit encryption. JSSE as supplied with<br />
the Java SDK is the only supported option. See Chapter 6, “Network Security,” on<br />
page 95 for more information about migration.<br />
Security exits<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> provides exits that enable the user to define security<br />
operations such as public key encryption. They can also be used for data<br />
compression. Some example source files are provided in this directory:<br />
The J2EE resource adapters<br />
/samples/java/com/ibm/ctg/samples/security<br />
You can also use the security exits to authenticate an X.509 client certificate when<br />
client authentication is enabled.<br />
For more information, refer to the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming Guide.<br />
An API in the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> allows Java programmers to take<br />
advantage of features provided in J2EE-compliant runtime environments (for<br />
example <strong>IBM</strong> WebSphere Application Server). The J2EE connector architecture<br />
(JCA) defines a st<strong>and</strong>ard for connecting the Java 2 Platform, Enterprise Edition<br />
(J2EE) to heterogeneous Enterprise Information Systems (EIS) such as <strong>CICS</strong>. The<br />
architecture defines a set of scalable, secure, <strong>and</strong> transactional mechanisms that<br />
enable the integration of EISs with application servers <strong>and</strong> enterprise applications.<br />
10 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
A proprietary J2EE application server, such as <strong>IBM</strong> WebSphere Application Server,<br />
can be extended to support the resource adapter architecture, <strong>and</strong> is then assured<br />
of a seamless connectivity to multiple EISs.<br />
The JCA defines a Common Client Interface (CCI) for EIS access. The CCI defines a<br />
client API for interacting with heterogeneous EISs. The JCA enables a vendor such<br />
as <strong>IBM</strong> to provide a st<strong>and</strong>ard resource adapter to allow access to its product. This<br />
resource adapter is deployed to an application server <strong>and</strong> provides connectivity<br />
between the EIS, the application server, <strong>and</strong> the enterprise application.<br />
The Programming using J2EE chapter in <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming<br />
Guide describes the J2EE resource adapters. The chapter includes information on<br />
the J2EE samples that are provided.<br />
The samples.txt file, in the \samples subdirectory, provides<br />
additional information on the J2EE sample programs.<br />
Dynamic Logical Partitioning (DLPAR, AIX only)<br />
Local mode explained<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> for AIX ®<br />
is a DLPAR-safe application. This means<br />
that it does not fail as a result of DLPAR operations. Its performance might suffer<br />
when resources are removed, <strong>and</strong> it might not scale when new resources are<br />
added, but the program still works as expected.<br />
Note: The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> does not manage I/O devices such as<br />
network adapters. Before removing such devices dynamically, ensure that<br />
they are no longer being used by the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, or any of<br />
its underlying network components.<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> provides connectivity from a variety of platforms<br />
to <strong>Transaction</strong> Server on z/OS, <strong>and</strong> other <strong>CICS</strong> servers on distributed platforms. To<br />
maximize flexibility <strong>and</strong> performance, the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> can be<br />
customized <strong>and</strong> configured in many ways. Using local mode where applicable is<br />
one of the most powerful ways to reduce complexity <strong>and</strong> increase performance,<br />
<strong>and</strong> yet this option sometimes gets little attention. This topic:<br />
v Explains what local mode is<br />
v Details the benefits of using local mode<br />
v Suggests when it might be most useful<br />
v Lists some points to consider when deciding whether to use local mode<br />
Local mode <strong>and</strong> remote mode<br />
“<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> Version 7.0 scenarios” on page 2 shows some possible<br />
configurations of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>. As can be seen from the diagram,<br />
the terms remote <strong>and</strong> local refer to the location of the <strong>Gateway</strong> classes (the API <strong>and</strong><br />
JCA Connector) relative to the <strong>Gateway</strong> daemon <strong>and</strong> the Client daemon (on<br />
distributed platforms), or the EXCI layer (on z/OS). The term local mode refers to<br />
usage of the local protocol.<br />
In remote mode, <strong>Gateway</strong> classes connect to the <strong>Gateway</strong> daemon over the<br />
network, using either TCP/IP or SSL. The <strong>Gateway</strong> daemon can accept connections<br />
from multiple instances of the <strong>Gateway</strong> classes, from multiple client systems.<br />
Implementing this type of architecture for the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> requires<br />
Chapter 1. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> overview 11
careful planning <strong>and</strong> tuning to ensure that the solution meets the requirements of<br />
the system as a whole. This involves activities such as:<br />
v Planning network capacity<br />
v Ensuring that time-outs through out the solution synchronize correctly<br />
v Ensuring that the various thread pools that could be used are all consistent<br />
Local mode can be used if the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is on the same system<br />
as the Java Client application that is using the <strong>Gateway</strong> classes.<br />
In this mode, the <strong>Gateway</strong> classes communicate directly with the Client daemon<br />
(on distributed platforms) or the EXCI layer. Costly calls to the network layer, <strong>and</strong><br />
the requirement to run the <strong>Gateway</strong> daemon process, that are both required in<br />
remote mode, are not needed in local mode.<br />
Benefits of local mode<br />
Using local mode where applicable can bring numerous benefits to a solution;<br />
these can include the following, depending on the specific architecture being<br />
implemented.<br />
Increased Performance<br />
One of the biggest benefits of local mode is the increased performance through the<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> that it can provide, compared to remote mode. Local<br />
mode does not use the network to pass requests to the <strong>Gateway</strong> daemon; the<br />
<strong>Gateway</strong> daemon classes are already available to the Java virtual machine (JVM),<br />
<strong>and</strong> can be used direct.<br />
12 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Figure 4. Additional overhead in remote mode<br />
Figure 4 shows the additional overhead needed to make a call in remote mode<br />
compared to local mode. Local mode saves processor cycles because the following<br />
activities are not performed:<br />
Chapter 1. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> overview 13
Figure 5. Remote mode<br />
v Making calls to open connections to a remote host<br />
v Performing a h<strong>and</strong>shake with the remote <strong>Gateway</strong> daemon<br />
v Tidying <strong>and</strong> closing the connection when the call is complete<br />
Even the overhead of making the call is reduced, because in local mode there is no<br />
dependency on the network, which is typically a large cost of any remote mode<br />
call.<br />
Using connection pooling in remote mode can reduce the overheads associated<br />
with establishing connections. However, because remote mode requires network<br />
flows, performance is not as good as when local mode is used.<br />
Reduced complexity<br />
Using local mode can make the overall system less complex. This in turn can help<br />
to remove points of failure, cut administration <strong>and</strong> maintenance costs, <strong>and</strong> make<br />
problem determination easier.<br />
Figure 5 shows a typical 3-tier system, with Web clients connecting to a cluster of<br />
four WebSphere Application Server nodes on z/OS. The nodes connect to two<br />
<strong>Gateway</strong> daemons, also running on the same LPAR, <strong>and</strong> using TCP/IP port<br />
sharing to balance the work between them. These then connect into the same <strong>CICS</strong><br />
region through EXCI. In remote mode, the WebSphere nodes use TCP/IP to flow<br />
requests, although they are on the same LPAR as the <strong>Gateway</strong> daemons.<br />
14 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Figure 6. Local mode<br />
Figure 6 shows a much simpler picture. Each WebSphere node now has a direct<br />
route into <strong>CICS</strong> TS, through the <strong>CICS</strong> TG <strong>and</strong> the EXCI layer.<br />
v Removing the <strong>Gateway</strong> daemon on <strong>CICS</strong> TG servers means two fewer address<br />
spaces to configure, manage <strong>and</strong> maintain, <strong>and</strong> fewer system resources used.<br />
v Doubling the number of EXCI pipes available (in the z/OS example shown)<br />
increases the scalability of the system. To achieve this in remote mode, you<br />
would have to increase the number of <strong>CICS</strong> TG address spaces to 4.<br />
v Removing the network layer increases performance.<br />
The same principle can be applied to a distributed environment, to similar effect.<br />
Reduced use of system resources<br />
By removing the need for the <strong>Gateway</strong> daemon, <strong>and</strong> possibly even an entire tier in<br />
a solution, the amount of system resources required for that solution is reduced.<br />
Removing the <strong>Gateway</strong> daemon eliminates an entire JVM from the picture, <strong>and</strong><br />
with it the extra threads, memory <strong>and</strong> CPU time required. Network-related<br />
resources are also freed up. For example, limited resources such as network<br />
b<strong>and</strong>width <strong>and</strong> sockets are no longer taken up managing connections between the<br />
Java Client application <strong>and</strong> the <strong>Gateway</strong> daemon.<br />
Easier configuration<br />
The <strong>Gateway</strong> daemon component has several configuration options associated with<br />
it, including:<br />
v Which protocol to use<br />
Chapter 1. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> overview 15
v Security settings for SSL<br />
v The number of threads in various pools<br />
v Time-outs <strong>and</strong> other basic configurations settings<br />
In particular, the thread pools <strong>and</strong> time-outs should be tuned to match the specific<br />
solution being used. For example, how many connection manager threads should<br />
be available, how many worker threads, what should the idle <strong>and</strong> connection<br />
time-outs be? Each of those parameters can be affected by other components in the<br />
solution.<br />
v Connection managers can be affected by the number of remote clients, how often<br />
they connect, <strong>and</strong> how quickly they reconnect in the event of a network failure.<br />
v The number of worker threads can be affected by the number of threads<br />
configured in WebSphere Application Server, the maximum concurrent work<br />
expected (or allowed), <strong>and</strong> on z/OS how many <strong>CICS</strong> regions are being<br />
connected to.<br />
v Time-outs might have to tie up with time-outs in WebSphere Application Server,<br />
<strong>CICS</strong>, or the network.<br />
In local mode, settings directly related to the <strong>Gateway</strong> daemon are not used. There<br />
are no thread pools or associated time-outs to configure. Requests are passed<br />
directly from the <strong>Gateway</strong> classes to the Client daemon or EXCI. Of course, this<br />
does not completely remove the need for configuration <strong>and</strong> tuning, at the same<br />
time by removing a level of complexity, that configuration <strong>and</strong> tuning becomes<br />
much simpler.<br />
Benefits of remote mode<br />
The benefits of remote mode include the following:<br />
v You can present a single entry point to multiple <strong>Gateway</strong> daemons. All Java<br />
Client applications talk to the same IP address.<br />
Figure 7. Remote mode in z/OS, using TCP/IP load balancing<br />
v On the z/OS operating system, TCP/IP load balancing can improve quality of<br />
service.<br />
v Remote mode enables two-phase commit to be used from a distributed<br />
WebSphere Application Server.<br />
v Spreading the load across multiple address spaces can improve performance.<br />
16 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Considerations when deciding whether to use local mode<br />
Be aware of the following factors when deciding whether to use local mode.<br />
Tracing<br />
Because there is no <strong>Gateway</strong> daemon in local mode, the ability to enable <strong>and</strong><br />
disable tracing dynamically provided with <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is no longer<br />
applicable. Tracing is still available; to enable tracing in local mode, pass the<br />
appropriate system properties to the WebSphere Application Server JVM. Consult<br />
the documentation supplied with WebSphere Application Server for details of how<br />
to do this.<br />
Enabling local mode<br />
The way in which local mode is enabled varies from application to application. It<br />
can be done without a code change in most circumstances, <strong>and</strong> almost always<br />
when using JCA. It simply requires the ConnectionURL, which defines where the<br />
<strong>Gateway</strong> daemon is located, to be changed to local:. Where this is done depends<br />
on the application.<br />
1. JCA Connector - In the WebSphere <strong>Administration</strong> console, change the<br />
ConnectionURL in the Custom Properties for your J2C Connection Factory to<br />
local:<br />
2. Java Client applications Simply change the connection URL used by the<br />
Java<strong>Gateway</strong> object from the remote URL to local: . This can be done either by<br />
passing the URL directly to the Java<strong>Gateway</strong> constructor, or by using the<br />
setURL method of the Java<strong>Gateway</strong> object.<br />
Change this:<br />
java<strong>Gateway</strong>Object = new Java<strong>Gateway</strong>( tcp://127.0.0.1 , 2006);<br />
To this:<br />
java<strong>Gateway</strong>Object = new Java<strong>Gateway</strong>( local: , 0);<br />
The port will be ignored.<br />
Chapter 1. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> overview 17
18 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Chapter 2. Planning your installation<br />
This information helps you to plan the installation of the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> by listing the hardware <strong>and</strong> software that you need. The <strong>CICS</strong> servers to<br />
which <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> can connect are also listed.<br />
If you are using an earlier version of the product, or a <strong>CICS</strong> Universal Client, see<br />
Chapter 14, “Migration,” on page 181 for a discussion of migration issues.<br />
See the product readme file for any late changes to hardware <strong>and</strong> software<br />
requirements.<br />
v If you are installing from CD, the readme file is in the root directory:<br />
Operating system README file<br />
AIX README.AIX<br />
HP-UX README.HPUX<br />
<strong>Linux</strong> on Intel README.LNX<br />
<strong>Linux</strong> on POWER README.pLNX<br />
<strong>Linux</strong> on zSeries ®<br />
Hardware requirements<br />
Supported software<br />
README.zLNX<br />
Solaris README.SOL<br />
v If you downloaded the product, the packaged file that you downloaded contains<br />
the product code <strong>and</strong> the readme file for your operating system.<br />
When you install the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, the file is copied into your<br />
installation directory as readme.txt.<br />
v An <strong>IBM</strong> eServer <br />
zSeries system, or S/390 ®<br />
system supported by <strong>Linux</strong><br />
v An Intel 32-bit system supported by <strong>Linux</strong><br />
v An <strong>IBM</strong> eServer pSeries ® , iSeries <br />
or Open Power <br />
system supported by <strong>Linux</strong><br />
v An <strong>IBM</strong> eServer pSeries system supported by AIX<br />
v A Sun SPARC system supported by Sun Solaris<br />
v An HP PA-RISC 1.1 or 2.0 system supported by HP-UX<br />
For the latest details about supported software, visit the Web site at<br />
http://www.ibm.com/support/docview.wss?uid=swg21239203 <strong>and</strong> follow the<br />
Support link.<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is supported with the following products:<br />
Operating systems<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is supported on the following operating systems:<br />
v AIX V5.2. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is supported as a 32-bit application on both<br />
32-bit <strong>and</strong> 64-bit kernels.<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 19
v AIX V5.3. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is supported as a 32-bit application on both<br />
32-bit <strong>and</strong> 64-bit kernels.<br />
v <strong>Linux</strong> on Intel - SUSE <strong>Linux</strong> Enterprise Server 9, with SP2 minimum service<br />
level. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is supported as a 32-bit application on the<br />
32-bit kernel. <strong>Linux</strong> distributions that use OEM code from SUSE are also<br />
supported.<br />
v <strong>Linux</strong> on Intel - SUSE <strong>Linux</strong> Enterprise Server 10. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is<br />
supported as a 32-bit application on the 32-bit kernel.<br />
v <strong>Linux</strong> on Intel - SUSE <strong>Linux</strong> Enterprise Desktop 10.<br />
v <strong>Linux</strong> on Intel - Red Hat Enterprise <strong>Linux</strong> V3 with a minimum service level of<br />
Update 6. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is supported as a 32-bit application on the<br />
32-bit kernel. Only the NPTL threading model is supported.<br />
v <strong>Linux</strong> on Intel - Red Hat Enterprise <strong>Linux</strong> V4 with a minimum service level of<br />
Update 2. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is supported as a 32-bit application on the<br />
32-bit kernel.<br />
v <strong>Linux</strong> on POWER - SUSE <strong>Linux</strong> Enterprise Server V9. <strong>Linux</strong> distributions that<br />
use OEM code from SUSE are also supported. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is<br />
supported as a 32-bit application on the 64-bit kernel.<br />
v <strong>Linux</strong> on POWER - SUSE <strong>Linux</strong> Enterprise Server V10. <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> is supported as a 32-bit application on the 64-bit kernel.<br />
v <strong>Linux</strong> on POWER - Red Hat Enterprise <strong>Linux</strong> V3 with a minimum service level<br />
of Update 6. Only the NPTL threading model is supported. <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> is supported as a 32-bit application on the 64-bit kernel.<br />
v <strong>Linux</strong> on POWER - Red Hat Enterprise <strong>Linux</strong> V4 with a minimum service level<br />
of Update 4. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is supported as a 32-bit application on<br />
the 64-bit kernel.<br />
v <strong>Linux</strong> on zSeries - SUSE <strong>Linux</strong> Enterprise Server V9. <strong>Linux</strong> distributions that use<br />
OEM code from SUSE are also supported. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is<br />
supported as a 32-bit application on the 64-bit kernel.<br />
v <strong>Linux</strong> on zSeries - SUSE <strong>Linux</strong> Enterprise Server V10. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
is supported as a 32-bit application on the 64-bit kernel.<br />
v <strong>Linux</strong> on zSeries - Red Hat Enterprise <strong>Linux</strong> V3 with a minimum service level of<br />
Update 6. Only the NPTL threading model is supported. <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> is supported as a 31-bit application on the 31-bit kernel.<br />
v <strong>Linux</strong> on zSeries - Red Hat Enterprise <strong>Linux</strong> V4. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is<br />
supported as a 32-bit application on the 64-bit kernel.<br />
v Solaris V9. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is supported as a 32-bit application on<br />
both 32-bit <strong>and</strong> 64-bit kernels. Only SPARC hardware is supported.<br />
v Solaris V10. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is supported as a 32-bit application on<br />
both 32-bit <strong>and</strong> 64-bit kernels. Only SPARC hardware is supported.<br />
v HP-UX 11i v2. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is supported as a 32-bit application on<br />
both 32-bit <strong>and</strong> 64-bit kernels. Only PA-RISC hardware is supported.<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is a 32-bit application, <strong>and</strong> so can run on a 32-bit<br />
operating system, or on 64-bit operating system that can natively run 32-bit<br />
applications. Where available, both NPTL <strong>and</strong> LT threading models are supported<br />
unless otherwise stated; NPTL is preferred.<br />
All <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> operating systems require the Korn shell to be installed, so<br />
that scripts supplied with the product can run.<br />
20 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Web browsers<br />
v HTML functions: Any browser that supports HTML V1.0 should work with the<br />
product.<br />
v Java Functions: Any Java 1.5 compliant Web browser should work with the<br />
product.<br />
Note: Java applets are supported for compatibility with previous versions of the<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>. However, support for them might be removed in<br />
a future release. It is recommended that you use Java applications, or Java<br />
servlets, when developing new solutions.<br />
Java support for the <strong>Gateway</strong> daemon<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> supports the following Java runtime environments.<br />
Service Release 3 is the minimum service level required. It is recommended that<br />
the latest Service Release level is used.<br />
v AIX: <strong>IBM</strong> 32-bit Runtime Environment for AIX, Java 2 Technology Edition,<br />
Version 5<br />
v <strong>Linux</strong> on Intel: <strong>IBM</strong> 32-bit Runtime Environment for <strong>Linux</strong> on Intel architecture,<br />
Java 2 Technology Edition, Version 5<br />
v <strong>Linux</strong> on POWER: <strong>IBM</strong> 32-bit Runtime Environment for <strong>Linux</strong> on iSeries <strong>and</strong><br />
pSeries, Java 2 Technology Edition, Version 5<br />
v <strong>Linux</strong> on zSeries: <strong>IBM</strong> 31-bit Runtime Environment for <strong>Linux</strong> on zSeries<br />
architecture, Java 2 Technology Edition, Version 5<br />
v HP-UX: HP 32-bit Runtime Environment for J2SE HP-UX 11i platform, adapted<br />
by <strong>IBM</strong> for <strong>IBM</strong> software, Version 5<br />
v Solaris: <strong>IBM</strong> 32-bit Runtime Environment for Solaris, Java 2 Technology Edition,<br />
Version 5<br />
Java support for the resource adapters <strong>and</strong> Java Client<br />
applications<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> supports the following Java software development<br />
kits <strong>and</strong> runtime environments for use with Java Client applications. Service<br />
Release 3 is the minimum service level required. It is recommended that the latest<br />
Service Release level is used.<br />
v <strong>IBM</strong> 32-bit SDK for AIX, Java 2 Technology Edition, Version 5<br />
v <strong>IBM</strong> 32-bit SDK for <strong>Linux</strong> on Intel architecture, Java 2 Technology Edition,<br />
Version 5<br />
v <strong>IBM</strong> 32-bit SDK for <strong>Linux</strong> on iSeries <strong>and</strong> pSeries, Java 2 Technology Edition,<br />
Version 5<br />
v <strong>IBM</strong> 31-bit SDK for <strong>Linux</strong> on zSeries architecture, Java 2 Technology Edition,<br />
Version 5<br />
v HP 32-bit SDK for J2SE HP-UX 11i platform, adapted by <strong>IBM</strong> for <strong>IBM</strong> Software,<br />
Version 5<br />
v <strong>IBM</strong> 32-bit SDK for Solaris, Java 2 Technology Edition, Version 5<br />
v <strong>IBM</strong> 32-bit SDK for Windows, Java 2 Technology Edition, Version 5<br />
v <strong>IBM</strong> 31-bit SDK for z/OS, Java 2 Technology Edition, Version 5<br />
The following Java runtime environments are supported only under WebSphere<br />
Application Server v6.1 or later, for connectivity to a remote <strong>Gateway</strong> daemon.<br />
v <strong>IBM</strong> 64-bit SDK for AIX, Java 2 Technology Edition, Version 5<br />
Chapter 2. Planning your installation 21
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
JSSE<br />
v <strong>IBM</strong> 64-bit SDK for <strong>Linux</strong> on AMD64/EM64T architecture, Java 2 Technology<br />
Edition, Version 5<br />
v <strong>IBM</strong> 64-bit SDK for <strong>Linux</strong> on iSeries <strong>and</strong> pSeries, Java 2 Technology Edition,<br />
Version 5<br />
v <strong>IBM</strong> 64-bit SDK for <strong>Linux</strong> on zSeries architecture, Java 2 Technology Edition,<br />
Version 5<br />
v <strong>IBM</strong> 64-bit SDK for Windows, Java 2 Technology Edition, Version 5<br />
v <strong>IBM</strong> 64-bit SDK for z/OS, Java 2 Technology Edition, Version 5<br />
v <strong>IBM</strong> 64-bit SDK for z/OS, Java 2 Technology Edition, Version 5 with the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> in local mode running in WebSphere Application Server<br />
v6.1<br />
JSSE support is provided by the relevant supported Java SDK, or by WebSphere<br />
Application Server. The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> does not support the use of<br />
JSSE with applets.<br />
<strong>CICS</strong> servers<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is supported with the following <strong>CICS</strong> servers:<br />
v <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS V2.2<br />
– Apply APAR PQ92943 <strong>and</strong> PK17427 for EXCI<br />
– Apply APAR PK08496 for mixed-case password support.<br />
– If connecting over TCP/IP, you are recommended to apply APAR PQ75803<br />
<strong>and</strong> PQ82124.<br />
– Apply APAR PQ70543 for better recovery for EPI <strong>and</strong> cicsterm requests made<br />
over SNA, after a failure of <strong>CICS</strong> or the network.<br />
v <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS V2.3<br />
– Apply APAR PQ92943 <strong>and</strong> PK17427 for EXCI.<br />
– Apply APAR PK08496 for mixed-case password support.<br />
– If connecting over TCP/IP, you are recommended to apply APAR PQ81772<br />
<strong>and</strong> PQ82124.<br />
v <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS V3.1. Apply APAR PK17426 for EXCI.<br />
v <strong>CICS</strong>/VSE 2.3<br />
– Apply APAR PQ30169 for EPI support.<br />
v <strong>CICS</strong> <strong>Transaction</strong> Server for VSE/ESA <br />
1.1.1<br />
– If connecting over TCP/IP, you are recommended to apply APAR PQ80212<br />
<strong>and</strong> APAR PQ52342.<br />
– Apply APAR PQ30170 for EPI support.<br />
v TXSeries ®<br />
V5.1 (Windows, AIX, Solaris, HP-UX)<br />
v TXSeries V6 (Windows, AIX, Solaris, <strong>Linux</strong> on Intel PRPQ)<br />
v <strong>CICS</strong> <strong>Transaction</strong> Server for Windows V5.0<br />
v <strong>CICS</strong> <strong>Transaction</strong> Server for iSeries V5.1, V5.2 <strong>and</strong> V5.3<br />
J2EE application servers<br />
The resource adapters supplied with the <strong>CICS</strong> TG are supported with the<br />
following J2EE application servers:<br />
v <strong>IBM</strong> WebSphere Application Server V6.1.<br />
22 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
In remote mode, earlier versions of the <strong>CICS</strong> TG resource adapters can be used to<br />
connect to the current version of the <strong>CICS</strong> TG. To do this you must use a version<br />
of the <strong>CICS</strong> TG resource adapter that is supported with the J2EE application server<br />
in question. In local mode, the resource adapters <strong>and</strong> <strong>CICS</strong> TG must be at the same<br />
level.<br />
WebSphere Application Server V6<br />
As a migration aid for existing customer applications, the supplied <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> base classes are supported within the Web container in<br />
WebSphere Application Server V6.1 with the following limitations:<br />
v The base classes (Java<strong>Gateway</strong>, ECIRequest, ESIRequest) are currently supported<br />
for compatibility reasons. Support for the base classes under WebSphere<br />
Application Server might be removed in a future release.<br />
v All ECI requests must be non-transactional. This means that only the field<br />
ECI_NO_EXTEND is supported on the ECIRequest constructor as the<br />
Extend_Mode.<br />
v All ECI requests must be synchronous, that is only the fields ECI_SYNC or<br />
ECI_SYNC_TPN are supported as the call types.<br />
v The EPIRequest class is not supported with WebSphere Application Server. Use<br />
the EPI support classes (Terminal, Screen, <strong>and</strong> Field) instead.<br />
SNA communications<br />
Customers wishing to use SNA communications should install one of the following<br />
products:<br />
AIX<br />
<strong>IBM</strong> Communications Server V6.3 for AIX.<br />
<strong>Linux</strong> on zSeries<br />
<strong>IBM</strong> Communications Server for <strong>Linux</strong> V6.2.<br />
<strong>Linux</strong> on POWER<br />
<strong>IBM</strong> Communications Server for <strong>Linux</strong> V6.2.<br />
<strong>Linux</strong> on Intel<br />
<strong>IBM</strong> Communications Server for <strong>Linux</strong> V6.2.<br />
Solaris<br />
SNAP-IX V7 for Solaris.<br />
SNA communications connections are not available when using other <strong>UNIX</strong> <strong>and</strong><br />
<strong>Linux</strong> operating systems.<br />
TCP/IP communications<br />
TCP/IP support is provided by the operating system.<br />
TCP62 communications<br />
TCP62 support is provided by the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
Compilers <strong>and</strong> application development tools<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is supported with the following compilers <strong>and</strong><br />
application development tools:<br />
AIX<br />
v <strong>IBM</strong> VisualAge ®<br />
C++ Professional V6.0<br />
v <strong>IBM</strong> C for AIX V6.0<br />
Chapter 2. Planning your installation 23
Other tools<br />
v XL C/C++ Enterprise Edition 7.0 for AIX<br />
v XL C/C++ Enterprise Edition 8.0 for AIX<br />
HP-UX<br />
v HP ANSI C<br />
v HP aC++<br />
<strong>Linux</strong> on Intel<br />
v GNU C/C++ compiler (gcc) 3.2, 3.3, <strong>and</strong> 3.4<br />
<strong>Linux</strong> on POWER<br />
v GNU C/C++ compiler (gcc) 3.2, 3.3, <strong>and</strong> 3.4<br />
v XL C/C++ Advanced Edition V7.0 <strong>and</strong> V8.0 for <strong>Linux</strong><br />
<strong>Linux</strong> on zSeries<br />
v GNU C/C++ compiler (gcc) 3.2, 3.3, <strong>and</strong> 3.4<br />
Solaris<br />
Sun ONE Studio 9, 10, <strong>and</strong> 11<br />
v Adobe Acrobat Reader 6.0<br />
GPL licence <strong>and</strong> copyright issues on <strong>Linux</strong><br />
This product uses the following libraries from the glibc package: libnsl.so, libm.so,<br />
libdl.so, ld.so, libc.so <strong>and</strong> libpthread.so. Refer to the glibc package on your<br />
machine for the various copyright statements <strong>and</strong> licensing terms for these<br />
libraries.<br />
This product also uses libncurses.so from the ncurses package. Again, refer to this<br />
package on your machine for the copyright statement <strong>and</strong> licensing terms<br />
applicable to this library.<br />
IMPORTANT: Your use of the libstdc++ or egcs-c++ packages is subject to the<br />
GNU GPL licence terms which could require you to provide source code in certain<br />
circumstances. Note that <strong>IBM</strong> will not supply source code, for example for the<br />
<strong>CICS</strong> <strong>Gateway</strong>s C++ libraries.<br />
<strong>CICS</strong> server PTF requirements<br />
See the README file for the latest details on APARs <strong>and</strong> PTFs applicable to the<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
Terminal Sign-on capability<br />
<strong>CICS</strong> servers require APAR fixes to support the terminal sign-on capability<br />
function available in this release; see “Supported software” on page 19 for details<br />
of the APAR relating to your <strong>CICS</strong> server. If the server does not have the required<br />
APAR applied <strong>and</strong> the ’-a’ option is not specified when the cicsterm comm<strong>and</strong> is<br />
issued, the installed terminal will give unpredictable results.<br />
Timeout support<br />
Any TXSeries or <strong>CICS</strong> <strong>Transaction</strong> Server on the Windows <strong>and</strong> <strong>UNIX</strong> operating<br />
systems must include the appropriate PTF level to provide complete support for<br />
timeouts. See “Supported software” on page 19 for details.<br />
24 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
If the server does not have the required APAR applied <strong>and</strong> the ’-a’ option is not<br />
specified when the cicsterm comm<strong>and</strong> is issued, the CTIN transaction abends with<br />
code A42B. You see the following:<br />
v The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> displays the message: CCL7053E Errors found<br />
while communicating with server<br />
v This message is written to cicscli.log:<br />
CCL3105 Inbound <strong>CICS</strong> data stream error (CTIN,4, 0)<br />
v On the server, the message: ERZ042004E/0112: An invalid request was received<br />
from client is written to CSMT.out<br />
v console.msg includes this: ERZ014016E/0036: <strong>Transaction</strong> CTIN Abend A42B<br />
Communication with <strong>CICS</strong> servers<br />
You can use these protocols to communicate with <strong>CICS</strong> servers:<br />
TCP/IP<br />
TCP/IP is a widely used, robust, suite of protocols, particularly important<br />
in connecting heterogeneous networks.<br />
SNA The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> uses Advanced Program-to-Program<br />
Communication (APPC) to provide SNA LU 6.2 communication. APPC is<br />
an implementation of the SNA LU 6.2 protocol that provides<br />
device-independent application-to-application communication over LU 6.2<br />
sessions.<br />
TCP62 TCP62 is a communications mechanism that allows connections from a<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> to a <strong>Transaction</strong> Server for z/OS region over an<br />
IP network. It uses <strong>IBM</strong>’s Multiprotocol Transport Networking (MPTN)<br />
protocol switching technology to send LU6.2 SNA flows over an IP<br />
network.<br />
The protocols that you can use for the various client/server connections are shown<br />
in Table 1. This table lists the protocols that you can use to connect your <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> to your <strong>CICS</strong> server. It also shows whether EPI emulation<br />
<strong>and</strong> ECI are supported for your combination of <strong>CICS</strong> server <strong>and</strong> <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> operating system.<br />
Table 1. Protocols <strong>and</strong> functions supported. If a protocol or feature is supported by the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
only on certain operating systems, the operating systems are listed. * means that the protocol or feature is<br />
supported; V means that it is not supported.<br />
SERVER TCP/IP SNA TCP62 ECI<br />
EPI<br />
See note ESI<br />
<strong>CICS</strong> <strong>Transaction</strong><br />
Server for z/OS V2.2,<br />
V2.3, <strong>and</strong> V3.1<br />
<strong>CICS</strong> <strong>Transaction</strong><br />
Server for VSE/ESA<br />
V1.1.1<br />
<strong>CICS</strong>/VSE ®<br />
* (ECI only)<br />
* (ECI only)<br />
V2.3 V<br />
AIX<br />
<strong>Linux</strong><br />
Solaris<br />
AIX<br />
<strong>Linux</strong><br />
Solaris<br />
AIX<br />
<strong>Linux</strong><br />
Solaris<br />
* * * *<br />
V * * *<br />
V * * *<br />
TXSeries V5, V5.1 * V V * * V<br />
<strong>CICS</strong> <strong>Transaction</strong><br />
Server for Windows<br />
V5.0<br />
* V V * * V<br />
Chapter 2. Planning your installation 25
|<br />
|<br />
|<br />
|<br />
Table 1. Protocols <strong>and</strong> functions supported (continued). If a protocol or feature is supported by the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> only on certain operating systems, the operating systems are listed. * means that the protocol or feature is<br />
supported; V means that it is not supported.<br />
SERVER TCP/IP SNA TCP62 ECI<br />
<strong>CICS</strong> <strong>Transaction</strong><br />
Server for iSeries V5.1<br />
<strong>CICS</strong> <strong>Transaction</strong><br />
Server for iSeries V5.2<br />
<strong>and</strong> V5.3<br />
V<br />
*<br />
AIX<br />
<strong>Linux</strong><br />
Solaris<br />
AIX<br />
<strong>Linux</strong><br />
Solaris<br />
EPI<br />
See note ESI<br />
* * * *<br />
* * * *<br />
Note: EPI also incorporates <strong>CICS</strong> 3270 terminal emulation <strong>and</strong> <strong>CICS</strong> 3270 client<br />
printer support.<br />
Restrictions on <strong>CICS</strong> <strong>Transaction</strong> Server for iSeries<br />
The following restrictions apply:<br />
v DBCS languages are supported when communicating using ECI but NOT EPI.<br />
v Sign-on capable terminals are not supported.<br />
v You cannot start the CEDA transaction from a client terminal.<br />
v You cannot use PF1 to get <strong>CICS</strong> online help from a client terminal.<br />
Why use a particular protocol?<br />
As shown in table Table 1 on page 25, some protocols can be used only for certain<br />
types of client/server connection. Access to 3270-based <strong>CICS</strong> transactions might<br />
require SNA or TCP62 connections. SNA network connections are the<br />
recommended approach because they can be routed over IP networks using the<br />
DBCS multibyte characters<br />
SNA Remote API Client or Enterprise Extender functionality, <strong>and</strong> do not require<br />
complex AnyNet ®<br />
definitions.<br />
For information on configuring TCP62, see “TCP62 configuration” on page 39. For<br />
information on continuing AnyNet support in z/OS Communications Server, refer<br />
to the information in the z/OS Statements of direction announcement, Software<br />
Announcement 203-266, dated October 7, 2003; <strong>and</strong> the z/OS V1.7 preview<br />
announcement, Software Announcement 205-034, dated February 15, 2005.<br />
Some characters in certain code pages are represented with 3 or more bytes. The<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> does not support multibyte characters that are longer<br />
than 2 bytes. If you try to display such characters on a <strong>CICS</strong> terminal, you will get<br />
unpredictable results.<br />
If you are running on a locale that is unique to AIX or Solaris, you might<br />
experience problems when connecting to certain <strong>CICS</strong> servers. The table below lists<br />
the relevant client/server combinations.<br />
<strong>CICS</strong> Client code page <strong>CICS</strong> Server operating<br />
system<br />
ja_JP (33722) OS/2 ®<br />
ja_JP (33722) Windows NT ®<br />
26 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
<strong>CICS</strong> Server code page<br />
932<br />
932
Server code page support<br />
<strong>CICS</strong> Client code page <strong>CICS</strong> Server operating<br />
system<br />
ja_JP (33722) AIX 932<br />
ko_KR (970) OS/2 949<br />
ko_KR (970) Windows 949<br />
zh_TW (964) OS/2 950<br />
zh_TW (964) AIX 950<br />
zh_CN (1383) OS/2 1381<br />
zh_CN (1383) Windows NT 1381<br />
<strong>CICS</strong> Server code page<br />
Some <strong>CICS</strong> servers do not support all the code pages that are supported by the<br />
operating system on which the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is running.<br />
If the code page of an ECI application is different from the code page of the server,<br />
data conversion must be performed at the <strong>CICS</strong> server. This applies for EBCDIC<br />
<strong>CICS</strong> servers such as <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS. For more information, see<br />
Appendix A, “Data conversion when using the Client daemon <strong>and</strong> a <strong>CICS</strong> server,”<br />
on page 193, the <strong>CICS</strong> server documentation, <strong>and</strong> the Redbook Java Connectors for<br />
<strong>CICS</strong>.<br />
Chapter 2. Planning your installation 27
28 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Chapter 3. Installing the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
Choosing what to install<br />
This information describes how to install the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
You can choose either a complete or custom installation.<br />
Complete installation<br />
Installs all features:<br />
v Program files<br />
v Development kit, consisting of the following features:<br />
– Programming samples (installed to /samples/)<br />
– Toolkit (includes Javadoc information)<br />
into the default installation directory (see “Installation path” on page viii).<br />
Custom installation<br />
v Select the features to install<br />
Before you install the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
1. Check that your operating system is supported; see “Supported software” on<br />
page 19 for supported operating systems. The product will not install if the<br />
version of the operating system is below that supported.<br />
2. Log on as root.<br />
3. <strong>Linux</strong> operating systems: if the system default does not allow other users to<br />
read <strong>and</strong> execute files that root has created, issue the following comm<strong>and</strong> from<br />
the comm<strong>and</strong> line:<br />
umask 022<br />
4. Close down any programs that are running, including the following:<br />
v Client daemon (issue the cicscli -x comm<strong>and</strong>)<br />
v <strong>Gateway</strong> daemon<br />
v Configuration Tool<br />
5. The installation process can upgrade from the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> V5 or<br />
later. Remove any other versions of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> <strong>and</strong> <strong>CICS</strong><br />
Universal Client before installing this product. Remove any beta versions of the<br />
product.<br />
Known issues<br />
v On the <strong>Linux</strong> on Intel platform, if a folder created during installation cannot be<br />
removed by the uninstallation program, a warning might be displayed. This<br />
warning will be issued if the folder contains a file that has been modified or is<br />
new, for example ctg.ini. This warning can be ignored.<br />
v On the HP-UX platform, if an installation or uninstallation is cancelled midway<br />
through execution, exceptions might be thrown reporting missing files from the<br />
com.sun.java.swing.plaf.motif.MotifLookAndFeel package. For example,<br />
com.sun.java.swing.plaf.motif.MotifLookAndFeel/icons/UpFolder.gif not<br />
found. These can be ignored.<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 29
v On the HP-UX platform, when creating a response file for installation or<br />
uninstallation, formatting errors might be displayed. For example, ″Error<br />
formatting options file entry (starting with ″This file contains v...″): Illegal<br />
character ″8″ in encoding name.″ These can be ignored.<br />
Installing with the InstallShield wizard<br />
Installing from the console<br />
Follow these steps to install the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>:<br />
1. Insert CD1 into the drive. If installing from a network drive, connect to the<br />
drive.<br />
2. Issue a comm<strong>and</strong> like the following: ///installer, where<br />
is the name of your mounted cd drive <strong>and</strong> is your<br />
operating system.<br />
3. A welcome screen is displayed. Click Next.<br />
4. If you are upgrading, you see the Upgrade warning screen. Click Next to<br />
continue.<br />
5. The license agreement is displayed. Read the agreements, click the appropriate<br />
radio button, <strong>and</strong> then click Next. You must accept all license agreements that<br />
are shown to continue the installation. License files are stored in the<br />
/license subdirectory. If you run a console-based installation in<br />
a DBCS locale, the License agreement is displayed in English, <strong>and</strong> not the<br />
local language. Installation using a Graphical User Interface is not affected.<br />
6. The README file is displayed, giving details of any late changes to the<br />
product. Read it <strong>and</strong> then click Next.<br />
7. Choose the type of installation required. Select Complete or Custom as<br />
appropriate, <strong>and</strong> then click Next.<br />
If you chose a complete installation, go to step 9. If you chose a custom<br />
installation, continue at step 8.<br />
8. A screen showing the features that can be installed is displayed. Select the<br />
check box for each feature that you want to install.<br />
9. (Resume here if you chose a complete installation in step 7.) Information<br />
about the choices you have made is displayed on screen. Read this <strong>and</strong> then<br />
click Next to start installing. The installation process keeps you informed of<br />
progress.<br />
10. Read the information about configuring the product <strong>and</strong> click Finish to end<br />
the installation process.<br />
To install from the comm<strong>and</strong> line, take the following steps:<br />
1. Insert CD1 into the drive. If installing from a network drive, connect to the<br />
drive.<br />
2. Issue a comm<strong>and</strong> like the following:<br />
///installer -console<br />
where is the name of your mounted cd drive <strong>and</strong> is your<br />
operating system.<br />
You cannot cancel a comm<strong>and</strong> line installation after the installer has started to<br />
copy files.<br />
30 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Installing silently<br />
You can use a silent installation to install the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> without<br />
going through any of the installer screens. The installation process takes its input<br />
from a response file; no user input is required. If you do not provide a response<br />
file, all default options are used.<br />
Creating a response file<br />
Use one of the following methods to create a response file:<br />
v Use the supplied sample file installResponseSamp.txt. Edit this file as<br />
appropriate.<br />
v Create a response file by installing the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> <strong>and</strong> recording<br />
the responses that you enter. Issue the following comm<strong>and</strong>:<br />
installer -options-record response_file_name<br />
This stores your responses in file response_file_name. Note that there is no<br />
space between -options <strong>and</strong> -record.<br />
Using the response file to install silently<br />
To install silently, take the following steps:<br />
1. Make the response file <strong>and</strong> the install image available to computer on which<br />
the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is to be installed.<br />
2. Issue the following comm<strong>and</strong>:<br />
installer -options "response_file_name" -silent<br />
Installing silently with no response file<br />
To install silently without using a response file, issue the following comm<strong>and</strong>:<br />
Actions after installation<br />
installer -silent -V licenseAccepted=true<br />
All options will use default values.<br />
Install the Java runtime environment<br />
You need Java to run the <strong>Gateway</strong> daemon, <strong>and</strong> the Configuration Tool. You do<br />
not need it to run only the Client daemon.<br />
Install the JRE at the following location:<br />
//JRE/<br />
where is the name of the mounted CD drive that contains CD2, <strong>and</strong><br />
is the name of your operating system.<br />
Installing a shared library on Red Hat Enterprise <strong>Linux</strong> V3<br />
Shared library /usr/lib/libstdc++-libc6.2-2.so.3 is not installed by default for Red<br />
Hat Enterprise <strong>Linux</strong> (RHEL) 3.0, but is required by the run-time environment. The<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> will not work correctly without it. The rpm that<br />
contains this library is compat-libstdc++-7.3-2.96.122.i386.rpm. To install the library,<br />
at a shell prompt type:<br />
rpm -ivh compat-libstdc++-7.3-2.96.122.i386.rpm<br />
Chapter 3. Installing the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> 31
Adding features after installation<br />
Removing features<br />
1. Follow the steps in “Installing with the InstallShield wizard” on page 30 as far<br />
as step 7 on page 30.<br />
2. Select Custom as the type of installation, <strong>and</strong> select the features that you want<br />
to install.<br />
3. Complete the remaining steps in the installation process to add the new<br />
features.<br />
1. Run /bin/ctguninst<br />
2. Click Next on the Welcome screen.<br />
3. The uninstaller screen is displayed, with all features selected. Leave selected the<br />
features that you want to remove; deselect any features that you want to keep.<br />
Click Next.<br />
4. Read the summary information <strong>and</strong> then click Next to remove the features.<br />
5. Click Finish when prompted.<br />
Updating the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
After installing the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, you can update the product, or<br />
obtain corrective service software (“fixes”).<br />
For information about corrective service software, visit the Web site at<br />
www.ibm.com/software/cics/ctg <strong>and</strong> follow the Support link.<br />
Uninstalling the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
To uninstall the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, run the ctguninst script.<br />
Uninstalling from the console<br />
Issue the following comm<strong>and</strong>:<br />
ctguninst -console<br />
Uninstalling silently<br />
Issue the following comm<strong>and</strong>:<br />
ctguninst [-options "response_file_name"] -silent<br />
You do not have to provide a response file. If you do not, the whole product is<br />
uninstalled.<br />
Installation <strong>and</strong> uninstallation logs<br />
Errors <strong>and</strong> warnings generated during the installation or uninstallation of the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> are recorded in the appropriate log file. The log files, if<br />
created, are at the following locations:<br />
Installation<br />
/tmp/cicstgInstall.log<br />
Uninstallation<br />
/tmp/cicstgUninstall.log<br />
32 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
National language support<br />
If a log file already exists any new messages are appended to the end of the file.<br />
Use the log to diagnose any problems that might have caused an installation or<br />
uninstallation to fail, especially in silent mode where there is no user interaction<br />
with the program.<br />
After installation, you can change the language in which user messages are<br />
displayed by entering the ctgmsgs comm<strong>and</strong>. To do this:<br />
1. Stop the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
2. Change the locale of the machine to the locale in which messages are to be<br />
displayed.<br />
3. Run the ctgmsgs comm<strong>and</strong>:<br />
ctgmsgs XX <br />
where XX is the two character message language. To obtain a list of available<br />
languages, enter the comm<strong>and</strong> without parameters. Figure 8 shows the output:<br />
This utility is used to change the language of user messages.<br />
-------------------------------------------------------------<br />
Language Locale Code Set<br />
--------------------- -------------- ----------<br />
en US English en_US ISO-8859-1<br />
EN_US UTF-8<br />
fr French fr_FR ISO-8859-1<br />
FR_FR UTF-8<br />
de German de_DE ISO-8859-1<br />
DE_DE UTF-8<br />
it Italian it_IT ISO-8859-1<br />
IT_IT UTF-8<br />
es Spanish es_ES ISO-8859-1<br />
ES_ES UTF-8<br />
tr Turkish tr_TR ISO-8859-9<br />
TR_TR UTF-8<br />
ja Japanese ja_JP EUCJP<br />
JA_JP UTF-8<br />
ko Korean ko_KR EUCKR<br />
KO_KR UTF-8<br />
zh Simplified Chinese zh_CN EUCCN<br />
Figure 8. Output from the ctgmsgs comm<strong>and</strong><br />
This also shows the locale <strong>and</strong> code set associated with the language.<br />
4. Restart the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
Using an alternative code set on AIX<br />
On AIX issue the comm<strong>and</strong> smitty iconv to use an alternate code set.<br />
This provides the Convert Flat File screen, on which you can enter parameters:<br />
Chapter 3. Installing the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> 33
Convert Flat File<br />
Type or select values in entry fields.<br />
Press Enter AFTER making all desired changes.<br />
[Entry Fields]<br />
* CURRENT FILE / DIRECTORY name []<br />
* CURRENT CODE set [] +<br />
* NEW FILE / DIRECTORY name []<br />
* NEW CODE set [] +<br />
F1=Help F2=Refresh F3=Cancel F4=List<br />
Esc+5=Reset F6=Comm<strong>and</strong> F7=Edit F8=Image<br />
F9=Shell F10=Exit Enter=Do<br />
Fill in this screen as follows:<br />
CURRENT FILE / DIRECTORY name<br />
Enter /bin/cclmsg.txt<br />
CURRENT CODE set<br />
Enter the code set for the language you selected with ctgmsgs.<br />
NEW FILE / DIRECTORY name<br />
Enter the name of the new file.<br />
NEW CODE set<br />
Enter the alternative code set. You can view a list of the alternative code<br />
sets using the smitty lang comm<strong>and</strong>, which is used to set the language<br />
environment. For example, the code set <strong>IBM</strong>-850 is an alternative for the<br />
US English code set ISO8859-1.<br />
When you have done the conversion, overwrite the cclmsg.txt file with the new<br />
file.<br />
Using an alternative code set on other operating systems<br />
To use an alternate code set, use the iconv routine for the flat file<br />
/bin/cclmsg.txt. For example, to convert /bin/<br />
cclmsg.txt from code set ISO8859-1 to code set ISO-850 enter:<br />
iconv -f ISO8859-1 -t ISO-850 /bin/cclmsg.txt > cclmsg.new<br />
When you have done this conversion, you can overwrite the cclmsg.txt file with<br />
the new file:<br />
mv cclmsg.new /bin/cclmsg.txt<br />
Using X-Window System from a remote system<br />
When using X-Window System from a remote system, for example, to access the<br />
Configuration Tool, you must set up the DISPLAY environment variable to allow<br />
the application to display its windows on that system.<br />
34 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
On the display system (that is the one that will display the windows), enter the<br />
comm<strong>and</strong>:<br />
xhost +appl<br />
where appl is the network name of the system being used to run the application.<br />
On the application system, before you run the application, enter the comm<strong>and</strong>:<br />
export DISPLAY=disp:0.0<br />
where disp is the host name or IP address of the system where the windows will<br />
be displayed (followed by a colon <strong>and</strong> the display id—normally 0.0). The<br />
application windows are then displayed on the disp system.<br />
Chapter 3. Installing the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> 35
36 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Chapter 4. Setting up communication with <strong>CICS</strong> servers<br />
TCP/IP configuration<br />
After you have installed the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, <strong>and</strong> set up your <strong>CICS</strong><br />
servers for communication, your next step is to set up the communication links<br />
between the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> <strong>and</strong> your <strong>CICS</strong> servers.<br />
After you have set up your communications links, continue at Chapter 5,<br />
“Configuration,” on page 49. This tells you how to make the required entries in the<br />
configuration file.<br />
Related information<br />
“Sample configuration documents” on page 211<br />
The TCP/IP stack on your local machine should already be correctly configured.<br />
Contact your system administrator if there are problems.<br />
Verifying the TCP/IP installation<br />
To verify that the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> can communicate with <strong>CICS</strong> servers,<br />
use the TCP/IP PING comm<strong>and</strong> to check the route to the <strong>CICS</strong> server:<br />
ping [machine address | name]<br />
To start PING, enter a comm<strong>and</strong> like the following:<br />
ping 192.113.36.200<br />
where 192.113.36.200 is the IP address of your <strong>CICS</strong> server. If you are using a<br />
Domain Name Server (DNS), you can specify the symbolic host name rather than the<br />
IP address of the server.<br />
If the statistics message shows a value other than 0% packet loss, it is possible that<br />
TCP/IP is not correctly configured:<br />
v Check for TCP/IP definition errors.<br />
v Check the physical connection to the network.<br />
The PING comm<strong>and</strong> differs slightly, depending on your operating system. For<br />
more information, refer to the documentation supplied with your operating<br />
system.<br />
Refer to “TCP/IP settings” on page 72 for information on TCP/IP settings.<br />
On <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> can send ECI requests over TCP/IP to <strong>CICS</strong><br />
<strong>Transaction</strong> Server for z/OS V2.2 <strong>and</strong> later. To configure this, do the following:<br />
1. Set the SIT parameter TCPIP=YES.<br />
2. Install the following:<br />
v <strong>CICS</strong>-supplied transient data queue CIEO, in group DFHDCTG<br />
v <strong>Transaction</strong> CIEP in group DFHIPECI<br />
v Program DFHIEP in group DFHIPECI<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 37
3. Define the TCP/IP address <strong>and</strong> host name for the z/OS system. By default they<br />
are defined in the PROFILE.TCPIP <strong>and</strong> TCPIP.DATA data sets.<br />
4. Add a TCP/IP listener to <strong>CICS</strong>. Use the following CEDA comm<strong>and</strong> to define a<br />
TCPIPSERVICE in a group:<br />
CEDA DEF TCPIPSERVICE(service-name) GROUP(group-name)<br />
Ensure that the group in which you define the service is in the startup<br />
GRPLIST, so that the listener starts when <strong>CICS</strong> is started.<br />
If you specified PJA1TCP as the TCPIPSERVICE, <strong>and</strong> PJA1GRP as the group,<br />
you see a screen like the following :<br />
OVERTYPE TO MODIFY <strong>CICS</strong> RELEASE =0620<br />
CEDA DEFine TCpipservice( PJA1TCP )<br />
TCpipservice : PJA1TCP<br />
GROup : PJA1GRP<br />
DEscription ==><br />
Urm ==><br />
POrtnumber ==> 08018 1-65535<br />
STatus ==> Open Open | Closed<br />
PRotocol ==> Eci Iiop | Http | Eci<br />
TRansaction ==> CIEP<br />
Backlog ==> 00100 0-32767<br />
TSqprefix ==><br />
Ipaddress ==> ANY<br />
SOcketclose ==> No No | 0-240000 (HHMMSS)<br />
SECURITY<br />
SSl ==> No Yes | No | Clientaut<br />
Certificate ==><br />
AUthenticate ==> No | Basic | Certificate | AUTORegister<br />
| AUTOMatic<br />
ATtachsec ==> Verify Local | Verify<br />
SYSID=PJA1 APPLID=SCSCPJA1<br />
DEFINE SUCCESSFUL TIME: 15.30.02 DATE: 02.183<br />
PORTNUMBER<br />
The port on which the TCP/IP service listens.<br />
PROTOCOL<br />
Indicates that the protocol of the service is ECI.<br />
TRANSACTION<br />
The transaction that <strong>CICS</strong> runs to h<strong>and</strong>le incoming ECI requests. Set it<br />
to CIEP.<br />
BACKLOG<br />
The number of TCP/IP requests that are queued before TCP/IP starts<br />
to request incoming requests.<br />
IPADDRESS<br />
The IP address (in dotted decimal form) on which the TCPIPSERVICE<br />
listens. For configurations with more than one IP stack, specify ANY to<br />
make the TCPIPSERVICE listen on all addresses.<br />
SOCKETCLOSE<br />
Specifies whether <strong>CICS</strong> should wait before closing the socket after<br />
issuing a receive for incoming data on that socket. NO is recommended<br />
for ECI connections, to ensure that the connection from the Client<br />
daemon always remains open.<br />
ATTACHSEC<br />
Specifies the level of attach-time security required for TCP/IP<br />
connections.<br />
5. Use the following comm<strong>and</strong> to install the TCPIPSERVICE definition:<br />
38 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Next steps<br />
TCP62 configuration<br />
CEDA INS TCPIPSERVICE(service-name) GROUP(group-name)<br />
1. Use the Configuration Tool to create a server definition; see “The Configuration<br />
Tool interface” on page 50.<br />
2. Configure the server definition (see “Configuring Server settings” on page 70.)<br />
The TCP62 support for <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> allows communication with<br />
certain <strong>CICS</strong> servers over a TCP/IP network. See “Communication with <strong>CICS</strong><br />
servers” on page 25 for details of <strong>CICS</strong> servers that support TCP62.<br />
On <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS, you can use autoinstall to define SNA client<br />
connections. The advantage of autoinstall is that it allows you to use the same<br />
client configuration settings for all workstations without having to define multiple<br />
entries in VTAM ®<br />
<strong>and</strong> <strong>CICS</strong>. Autoinstall allows the Client Local LU name <strong>and</strong> CP<br />
name to be created from a template <strong>and</strong> the IP address of the client machine.<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> TCP62 communication supports only parallel-session<br />
SNA connections, not single-session connections. This has implications for your<br />
<strong>CICS</strong> VTAM configuration, as explained in “On z/OS” on page 40.<br />
TCP62 links to the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> support data synchronization levels<br />
(sync levels) 0 <strong>and</strong> 1.<br />
To enable <strong>CICS</strong> on z/OS to communicate with a <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> using<br />
TCP62 requires actions on z/OS, <strong>CICS</strong>, <strong>and</strong> the client workstation. This section<br />
outlines the steps you need to take. You also need to make entries in the<br />
configuration file; see Chapter 5, “Configuration,” on page 49.<br />
Table 2 shows the entries that you need to make. The values in the Example<br />
column are taken from the sample configuration documents.<br />
Table 2. Matching definitions for TCP62 on z/OS, <strong>CICS</strong>, <strong>and</strong> configuration file.<br />
z/OS <strong>CICS</strong> Configuration Tool Client workstation Example<br />
IP address - - - 2.12.14.227<br />
DNSUFX - AnyNet domain name<br />
suffix<br />
NETID - Partner LU name. The<br />
Partner LU name is<br />
NETID.APPL.<br />
- hursley.ibm.com<br />
- ABC3XYZ4<br />
APPL Applid Partner LU name - IYCKCTU1<br />
LOGMODE Modename Mode name - LU62PS<br />
- - IP address mask for LU<br />
name template (optional)<br />
- - Fully qualified CP name<br />
or template<br />
- - Local LU name or<br />
template<br />
TCP/IP subnet mask FFFFFE00<br />
- ABC3XYZ4.PQRS1234<br />
- CCLI****<br />
Chapter 4. Setting up communication with <strong>CICS</strong> servers 39
On z/OS<br />
1. Define the TCP/IP address <strong>and</strong> host name for the z/OS system in the MVS<br />
TCP/IP PROFILE.TCPIP <strong>and</strong> TCPIP.DATA data sets.<br />
2. Install a TCP major node, which defines the AnyNet interface between TCP/IP<br />
<strong>and</strong> VTAM. The important parameters are:<br />
DNSUFX<br />
The domain name suffix, for example hursley.ibm.com. You will enter this<br />
later in the AnyNet domain name suffix field in the Configuration Tool.<br />
TCPIPJOB<br />
The TCP/IP job name refers to the TCP/IP stack that VTAM AnyNet will<br />
use if multiple stacks are in use.<br />
For more information about how to install a major node, see the Guide to SNA<br />
over TCP/IP.<br />
3. To allocate cross-domain resource definitions (CDRSC) dynamically, specify<br />
DYNLU=YES as a startup option for VTAM. If you set this parameter, you do<br />
not need to define multiple static CDRSCs within VTAM. The CDRSC names<br />
are dynamically generated from the CP name <strong>and</strong> IP address mask for CP<br />
name client configuration settings, along with the IP address of the client<br />
machine.<br />
4. Specify the NETID for VTAM in your VTAM start procedure.<br />
5. Create the VTAM APPL definition. In Table 2 on page 39, this value is<br />
IYCKCTU1. Because TCP62 supports only LU6.2 parallel sessions, specify<br />
PARSESS=YES.<br />
6. Configure a VTAM LOGMODE.<br />
The MPTN (multiprotocol transport networking) function supplied with the<br />
OS/390 ®<br />
or z/OS Communications Server, to provide the SNA over TCP/IP<br />
capability (using AnyNet), is required to complement TCP62 in the client.<br />
On <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS<br />
On <strong>CICS</strong>, do the following:<br />
1. Set the following SIT parameters:<br />
ISC=YES<br />
APPLID=applid<br />
AIEXIT=AIEXIT<br />
In Table 2 on page 39, the APPLID is IYCKCTU1. This is the VTAM APPL that<br />
you defined at step 5. AIEXIT is either DFHZATDY, or the name of an<br />
autoinstall user-replaceable module that you have written.<br />
2. Install these groups:<br />
v DFHISC<br />
v DFHCLNT<br />
3. Define an SNA connection to the client workstation. You can define a static<br />
connection, or autoinstall it. See the <strong>CICS</strong> Resource Definition Guide for details.<br />
v On the MODENAME option of the SESSIONS definition, specify the same<br />
modename as your VTAM LOGMODE. You will also use this value in the<br />
Mode name field of the configuration file.<br />
v On the MAXIMUM option of the SESSIONS definition, the first number<br />
refers to the Maximum logical SNA sessions field on the Configuration Tool;<br />
see “Maximum logical SNA sessions” on page 78. The default is 8; increase<br />
this if necessary. Specify the second value as 1, that is, that <strong>CICS</strong> is to have<br />
40 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
one contention winner. For example, MAXIMUM(8,1) means that the modeset is<br />
to support eight sessions, <strong>and</strong> that <strong>CICS</strong> has one contention winner.<br />
See also “Defining SNA connections on <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS” on<br />
page 44 for information about defining sessions <strong>and</strong> connections on <strong>CICS</strong><br />
<strong>Transaction</strong> Server for z/OS.<br />
On the client workstation<br />
If the domain name suffix is SNA.<strong>IBM</strong>.COM <strong>and</strong> the fully qualified partner LU name<br />
is NETID.LUA, TCP/IP must be able to resolve LUA.NETID.SNA.<strong>IBM</strong>.COM to the IP<br />
address of the server. Use one of the following methods to do this:<br />
v Supply the name <strong>and</strong> IP address to a TCP/IP domain name server<br />
v Add the name <strong>and</strong> IP addresses in the hosts file (/etc/hosts) on the workstation<br />
Verify that TCP/IP is working correctly. In particular make sure the name formed<br />
from .. can be used to<br />
reach the server. For details on verifying TCP/IP see “Verifying the TCP/IP<br />
installation” on page 37.<br />
Firewall implications<br />
You might experience problems when configuring a TCP62 connection through a<br />
firewall.<br />
For the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> to function correctly your firewall needs to be<br />
configured to permit UDP packets on the TCP62 port, which by default is set to<br />
397; see “TCP62 port” on page 77.<br />
KeepAlive packets<br />
When using <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, with the TCP62 protocol, KeepAlive<br />
packets can be sent to the <strong>CICS</strong> server to check its availability.<br />
Next steps<br />
SNA configuration<br />
KeepAlive packets are enabled by default.<br />
You can enable or disable the sending of KeepAlive packets using the Remote node<br />
inactivity poll interval (s) setting in the Configuration Tool; see “Remote node<br />
inactivity poll interval (s)” on page 78.<br />
Changing this inactivity poll value alters how frequently the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> sends KeepAlive packets. A high value reduces network traffic, but the<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> takes longer to detect that a connection has been lost.<br />
With a lower value lost connections are detected quickly, at the cost of more<br />
network traffic.<br />
1. Use the Configuration Tool to create a server definition using the TCP62<br />
protocol; see “The Configuration Tool interface” on page 50.<br />
2. Configure the server definition (see “TCP62 settings” on page 74).<br />
To set up communication over SNA, define the following in your SNA<br />
communications product:<br />
Chapter 4. Setting up communication with <strong>CICS</strong> servers 41
v The local node characteristics that are common to all SNA users at the<br />
workstation<br />
v A local logical unit (LU) for the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
v A partner logical unit for each <strong>CICS</strong> server with which the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> will communicate<br />
v One or more modes to specify sets of session properties that are used in binding<br />
SNA sessions<br />
v A transaction program (TP) for the CRSR transaction. You need this if:<br />
– The <strong>CICS</strong> servers support terminal emulation, <strong>and</strong><br />
– You require automatic transaction initiation (ATI) against the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> terminals.<br />
Note: The terms used to describe these definitions vary with the product used to<br />
provide support. The terms used above are the ones used by <strong>IBM</strong><br />
Communications Server.<br />
SNA links to the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> support data synchronization levels<br />
(sync levels) 0 <strong>and</strong> 1.<br />
Configuring for the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
To run the transport, install <strong>and</strong> configure a Server, such as <strong>IBM</strong> Communications<br />
Server. You need to make entries on VTAM, <strong>CICS</strong>, Communications Server, <strong>and</strong> the<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>. Table 3 shows the entries that you need to make.<br />
Table 3. Matching definitions for SNA<br />
VTAM <strong>CICS</strong><br />
<strong>Transaction</strong><br />
Server<br />
<strong>IBM</strong><br />
Communications<br />
Server for AIX<br />
NETID — First part of fully<br />
qualified LU name<br />
in Partner LU<br />
PU — Control Point alias<br />
in Node Definition<br />
LU Netname LU Name/LU alias<br />
in independent LU<br />
Type 6.2<br />
XID — Last five digits of<br />
Node identifier in<br />
Node Definition<br />
Token Ring<br />
destination<br />
address<br />
Ethernet<br />
port address<br />
Enterprise<br />
Extender IP<br />
address<br />
— Adjacent node MAC<br />
address in Link<br />
Station<br />
ctg.ini Example<br />
— ABC3XYZ4<br />
— IYAMR021<br />
Local LU name IYAMT210<br />
— 05d316fc<br />
— 400045121088<br />
— MAC address 020070000428<br />
— Communication end<br />
point<br />
APPL APPLID Second part of fully<br />
qualified LU name<br />
in Partner LU<br />
192.113.36.200<br />
— IYCQST34<br />
LogMode Modename Name in Mode Mode name LU62PS<br />
42 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
— — — Partner LU name IYCQST34
|<br />
Note:<br />
1. The NETID is the VTAM network name. It is defined for your VTAM<br />
network in the VTAM start options.<br />
2. The PU is the name of the AIX physical unit (PU). It is named in the<br />
VTAM switched major node.<br />
3. The LU is the independent LU6.2 used by the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
It must also be defined to VTAM in a switched Major Node.<br />
4. The XID (or node ID) is configured in the VTAM switched major node<br />
using IDBLK <strong>and</strong> IDNUM. It is used in the XID exchange to activate the<br />
link station.<br />
5. For <strong>IBM</strong> Communications Server, Token Ring, Ethernet <strong>and</strong> Enterprise<br />
Extender are all valid communication link station types. Choose one or<br />
more as required. For more details about link station configuration refer<br />
to the Communications Server Task Guides.<br />
6. The APPL is is the <strong>CICS</strong> APPLID <strong>and</strong> also the VTAM APPL. It is defined<br />
in the VTAM application major node used by the <strong>CICS</strong> region.<br />
7. The LogMode is the mode group used to control LU6.2 session<br />
properties. It must be defined in a VTAM logon mode table, which must<br />
be named on the VTAM APPL definition.<br />
8. The Host system control point name is the CP for the PU of the VTAM<br />
front end processor.<br />
More information on connecting the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> to <strong>CICS</strong><br />
<strong>Transaction</strong> Server for z/OS is in <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> V5 - The WebSphere<br />
Connector for <strong>CICS</strong>, SG24-6133.<br />
Configuring Communications Server for <strong>Linux</strong><br />
Communications Server for <strong>Linux</strong> requires various environment variables to be<br />
defined. Refer to the README file supplied with the server <strong>and</strong> ensure that all<br />
variables are correctly set, including LD_PRELOAD. Do not set the LD_PRELOAD<br />
variable globally.<br />
To ensure that messages can be written to error logs, the user who starts the Client<br />
daemon process must be a member of the ’sna’ group. Read the man page for<br />
ld.so for information about security issues associated with LD variables.<br />
Configuring SNA Communications product<br />
To enable ATI against Communications Server client terminals, define the<br />
transaction program CRSR on the Server. Follow the instructions in the<br />
<strong>Administration</strong> Guide. To define the transaction program using X-Window System:<br />
1. Start the administration application, xsnaadmin.<br />
2. Select Services—>APPC—> <strong>Transaction</strong> Programs.<br />
3. Select TP invocation.<br />
4. Click Add or, on <strong>Linux</strong>, New.<br />
5. Enter CRSR as the Application TP.<br />
6. Indicate Parameters are for invocation on any LU Queue incoming allocates<br />
<strong>and</strong> enter the path to the executable as: /usr/bin/cclclnt<br />
7. Set Arguments to CRSR<br />
8. Set Userid to root <strong>and</strong> Group to system.<br />
Chapter 4. Setting up communication with <strong>CICS</strong> servers 43
|<br />
|<br />
|<br />
|<br />
9. Close the TP definition window.<br />
10. In the Local LU advanced parameters, ensure that the Attach routing<br />
computer host name is entered.<br />
11. On the remote API client, ensure that invoked_tps = YES is set in the<br />
sna_clnt.net configuration file.<br />
Defining SNA connections on <strong>CICS</strong> <strong>Transaction</strong> Server for<br />
z/OS<br />
To define SNA connections from <strong>CICS</strong> do the following:<br />
1. Specify the SIT parameter ISC=YES<br />
2. Install CSD groups DFHCLNT <strong>and</strong> DFHISC<br />
3. Create <strong>and</strong> install <strong>CICS</strong> connection <strong>and</strong> sessions definitions, as described later<br />
in this information<br />
<strong>CICS</strong> connection definition<br />
This defines the location of the remote system, <strong>and</strong> the parameters of the<br />
connection to it. Use CEDA to set the following:<br />
ACcessmsmethod<br />
Set this to Vtam.<br />
PRotocol<br />
Set this to Appc.<br />
Singlesess<br />
Set this to No.<br />
AUtoconnect<br />
This specifies whether <strong>CICS</strong> is to bind sessions (drive CNOS) when the<br />
connection is installed. Set this to Yes.<br />
ATtachsec<br />
This defines the settings for SNA LU6.2 conversation level security. Set it to<br />
one of the following:<br />
v Verify — to flow a user ID <strong>and</strong> password from the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong>.<br />
v LOCAL — if you do not want to flow a user ID <strong>and</strong> password.<br />
Netname<br />
Set this to the LU name of the partner LU6.2<br />
Note: If you change <strong>and</strong> reinstall the <strong>CICS</strong> connection definition, you must stop<br />
<strong>and</strong> restart the connection.<br />
<strong>CICS</strong> sessions definition<br />
For each <strong>CICS</strong> connection definition, define one or more sessions definitions to<br />
define the SNA mode groups to be used within that connection.<br />
Connection<br />
Set this to the name of the associated connection definition.<br />
MOdename<br />
Specifies the mode group as defined in a VTAM LOGMODE. The modename<br />
must be unique among the sessions definitions that relate to one connection<br />
definition.<br />
Protocol<br />
Set this to APPC.<br />
44 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Data conversion<br />
MAximum<br />
Specifies the maximum number of sessions that are to be supported. The first<br />
value is the maximum number of sessions that can be supported. The second<br />
value specifies the number of contention-winner sessions (<strong>CICS</strong>-owned<br />
sessions). These values are negotiated during change number of sessions<br />
(CNOS) flows, when the sessions are actually bound; the negotiated values<br />
depend on the settings specified in the partner SNA node.<br />
Set the first value to be at least as big as the MAXREQUESTS parameter in the<br />
ctg.ini file, to prevent this becoming a bottleneck to throughput. Set the second<br />
value to 001, to ensure that START requests are shipped serially from the<br />
server to the client.<br />
Autoconnect<br />
This determines whether the sessions for this mode group will be bound when<br />
the connection is installed. Set it to one of the following:<br />
v Yes — to bind only contention-winner sessions<br />
v All — to bind all sessions<br />
<strong>CICS</strong> connection autoinstall<br />
Autoinstall of connections is particularly useful when dealing with many similar<br />
connections, or when you are unsure of the LU names (netnames) to be used. This<br />
will be the case if you are using dynamic LUs with TCP62 connections from the<br />
Client daemon. To configure autoinstall of connection definitions, do the following:<br />
1. Update the default autoinstall program from DFHZATDX to DFHZATDY, by<br />
specifying the SIT parameter AIEXIT=DFHZATDY. Alternatively, write your<br />
own autoinstall user-replaceable module based on the samples provided.<br />
2. Configure model definitions. The supplied DFHZATDY autoinstall program<br />
uses the template CBPS. This is supplied in DFHAI62 group; copy it to your<br />
own group, <strong>and</strong> modify it accordingly. The parameters in the connection<br />
definition template are the same as for a static definition (see “<strong>CICS</strong> connection<br />
definition” on page 44), except that the netname is not needed.<br />
The parameters for the sessions definition are the same as those listed in “<strong>CICS</strong><br />
sessions definition” on page 44, except that the Connection parameter should<br />
refer to the CBPS connection definition.<br />
If you use the supplied connection autoinstall program (DFHZATDY), the<br />
connection name generated is based on the last four characters of the Netname. To<br />
change this, create your own user-replaceable module from the sample provided in<br />
<strong>CICS</strong>TS22.<strong>CICS</strong>.SDFHSAMP.<br />
The ECI <strong>and</strong> EPI allow non-<strong>CICS</strong> applications running in a client system to access<br />
<strong>CICS</strong> facilities <strong>and</strong> data managed by a <strong>CICS</strong> server system. Character data might<br />
need to be converted as it is passed between client <strong>and</strong> server; for example data is<br />
encoded in ASCII on a <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> system <strong>and</strong> in EBCDIC on a<br />
<strong>CICS</strong> mainframe server system. Data conversion is performed by the server<br />
system. For more information on this see Appendix A, “Data conversion when<br />
using the Client daemon <strong>and</strong> a <strong>CICS</strong> server,” on page 193.<br />
Chapter 4. Setting up communication with <strong>CICS</strong> servers 45
Configuring message queues<br />
In <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> systems, the Client daemon communicates internally using<br />
message queues. In systems other than AIX, the default configuration settings for<br />
these queues are too small to allow for large client data flows (such as 3270 maps<br />
or user COMMAREAs). Some symptoms of this problem are:<br />
v An ECI program gives return code -3 (ECI_ERR_NO_<strong>CICS</strong>)<br />
v A cicsterm locks when a large map is sent to it<br />
v A large number of concurrent ECI requests significantly degrades performance<br />
It is recommend that you change the configuration settings of the message queues<br />
to allow for large client data flows.<br />
The way that you do this depends on your operating system:<br />
v “Message queues on HP-UX”<br />
v “Message queues on <strong>Linux</strong>”<br />
v “Message queues on Solaris” on page 47<br />
Message queues on HP-UX<br />
The following settings are recommended:<br />
msgssz 32 Message Segment Size<br />
msgmnb 65535 Max Number of Bytes on Message Queue<br />
msgmax 65535 Message Max Size (bytes)<br />
msgseg 16384 Number of Segments Available for Messages<br />
Set these values by using the SAM utility:<br />
1. Type sam at the comm<strong>and</strong> prompt.<br />
2. Select Kernel Configuration —> Configurable Parameters.<br />
This displays a list of kernel parameters that you can change.<br />
3. Select a parameter, either by clicking on it with the mouse or by moving the<br />
cursor to it <strong>and</strong> pressing the enter key.<br />
4. Select Actions —> Modify configurable parameter.<br />
5. Enter the new value for the parameter in the Formula/Value field, <strong>and</strong> then<br />
select OK.<br />
If the value you entered is not valid, SAM displays a window explaining the<br />
error.<br />
6. When you have made all of the required changes, select Actions —> Process<br />
New Kernel.<br />
SAM displays a window asking for confirmation; select Yes.<br />
SAM then compiles the kernel <strong>and</strong> displays a window asking if you want to<br />
replace the old kernel before restarting the system. You must restart the system for<br />
the changes to take effect.<br />
Message queues on <strong>Linux</strong><br />
You are recommended to place the following settings in file /etc/sysctl.conf:<br />
kernel.msgmni=128 #Max # of msg queue identifiers<br />
kernel.msgmnb=163840 #Size of message queue<br />
kernel.msgmax=40960 #Max size of a message<br />
v On Red Hat, the new settings are used after you restart the computer.<br />
v On SuSE, issue the comm<strong>and</strong> chkconfig boot.sysctl on, <strong>and</strong> then reboot.<br />
46 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
v To check that the new settings have been applied, issue the comm<strong>and</strong> sysctl -a.<br />
The MSGMNI variable determines the maximum number of message queue<br />
identifiers system wide. This is typically set to 128 which is sufficient for the<br />
normal number of concurrent requests expected to be processed.<br />
Message queues on Solaris<br />
The following settings are recommended:<br />
set msgsys:msginfo_msgmax = 65535 Maximum size of System V message.<br />
set msgsys:msginfo_msgmnb = 65535 Maximum number of bytes that can be on any<br />
one message queue.<br />
set msgsys:msginfo_msgssz = 32 Specifies size of chunks system uses to<br />
manage space for message buffers.<br />
Obsolete since the Solaris 8 release.<br />
set msgsys:msginfo_msgseg = 16384 Number of msginfo_msgssz segments the system<br />
uses as a pool for available message memory.<br />
Total memory available for messages is<br />
msginfo_msgseg * msginfo_msgssz.<br />
Obsolete since the Solaris 8 release.<br />
set semsys:seminfo_semmni = 4096 Maximum number of semaphore identifiers.<br />
set msgsys:msginfo_msgtql = 10000 The maximum number of queue entries that<br />
can be in the system at the same time.<br />
A low value can adversely affect<br />
system performance, or cause the<br />
client to freeze. <strong>IBM</strong> recommends that<br />
you set this value to the maximum (10000),<br />
or at least double the maximum number of<br />
concurrent requests. Stress load your<br />
system, <strong>and</strong> then use the ipcs -qa comm<strong>and</strong><br />
to determine the setting.<br />
Set these values by changing the entries in the /etc/system file. See Solaris system<br />
notes for information on changing this file.<br />
Chapter 4. Setting up communication with <strong>CICS</strong> servers 47
48 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Chapter 5. Configuration<br />
This information describes how to configure your <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
Related concepts<br />
Chapter 15, “Statistics introduction,” on page 185<br />
This information introduces the statistics that are available from the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>.<br />
Related information<br />
“Sample configuration documents” on page 211<br />
“Redbooks” on page 211<br />
Chapter 4, “Setting up communication with <strong>CICS</strong> servers,” on page 37<br />
Before you start to configure your system<br />
This section covers some of the things you need to do before running the<br />
Configuration Tool. In particular, make sure that communication links with your<br />
<strong>CICS</strong> servers are correctly set up; see Chapter 4, “Setting up communication with<br />
<strong>CICS</strong> servers,” on page 37.<br />
Gather information<br />
Have the following information available:<br />
v The protocol you will use to connect to the <strong>CICS</strong> server (TCP/IP, TCP62, SNA)<br />
v The host name or IP address of the server<br />
v The port number at the server to which the Client daemon should connect<br />
v The protocols that you will use with the <strong>Gateway</strong> (TCP, SSL)<br />
See Table 2 on page 39, <strong>and</strong> Table 3 on page 42, for information on matching<br />
definitions for TCP62 <strong>and</strong> SNA.<br />
Configure your programming environment<br />
This section applies if you are running the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> remotely.<br />
The Java Virtual Machine (JVM) uses the CLASSPATH environment variable to<br />
find classes, <strong>and</strong> zip or jar archives containing classes. To allow the JVM to access<br />
class files, you must specify the full path of directories containing class files or<br />
archives.<br />
To compile <strong>and</strong> run Java applications for use with the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>,<br />
add the full path of the following to the CLASSPATH environment variable:<br />
v ctgclient.jar<br />
v ctgserver.jar (if you are using a local <strong>Gateway</strong>)<br />
These archives are in the /classes subdirectory.<br />
Recommended Java options for the Solaris JVM<br />
You are recommended to use the -XX:+UseLWPSynchronization Java option with<br />
Java Client applications.<br />
Also ensure that /usr/lib/lwp appears before /usr/lib in the LD_LIBRARY_PATH<br />
variable.<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 49
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Using the Configuration Tool<br />
If you do not set these options, calls to the Java<strong>Gateway</strong>.open() method might hang<br />
when either the TCP/IP or the SSL protocol is used. See your Solaris<br />
documentation for more details.<br />
Use the Configuration Tool to configure the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
To use the Configuration Tool remotely, export the display using the comm<strong>and</strong>s<br />
described in “Using X-Window System from a remote system” on page 34. To start<br />
the Configuration Tool, enter the ctgcfg comm<strong>and</strong>.<br />
Configuration file<br />
Configuration details are stored by default in the ctg.ini file in the<br />
/bin subdirectory. You are recommended to use the Configuration<br />
Tool to update this file.<br />
You can specify a different location for the configuration file, <strong>and</strong> optionally<br />
change its name, by setting the <strong>CICS</strong>CLI environment variable. If this variable is<br />
set, at startup the Configuration Tool loads the file referenced by <strong>CICS</strong>CLI. If the<br />
Configuration Tool fails to find the configuration file, it creates a file that includes<br />
a partial definition for a new server named A_Server. This file must be edited <strong>and</strong><br />
saved before use. The tool does not automatically create a directory if the directory<br />
referenced by <strong>CICS</strong>CLI does not exist.<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> log indicates the name <strong>and</strong> location of the INI file.<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> will not run if a configuration file is not found.<br />
Running the Configuration Tool for a different operating<br />
system<br />
Proceed as follows:<br />
1. Install the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> on the workstation on which you want to<br />
run the Configuration Tool.<br />
2. To edit an existing configuration, copy ctg.ini to the /bin<br />
subdirectory on the workstation, using FTP in ASCII mode.<br />
3. Issue the following comm<strong>and</strong> to display help about the Configuration Tool:<br />
ctgcfg -?<br />
4. Issue the following comm<strong>and</strong>:<br />
ctgcfg -PLAT OSCODE<br />
where OSCODE represents the operating system that the Configuration Tool<br />
should emulate, <strong>and</strong> is one of the values returned by the comm<strong>and</strong> that you<br />
issued at step 3.<br />
5. Make the required entries <strong>and</strong> click Save. This creates or updates the ctg.ini<br />
file.<br />
6. Use FTP in ASCII mode to transfer the file to your system.<br />
The Configuration Tool interface<br />
The screen has these input areas (described separately below):<br />
1. Menu bar<br />
2. Toolbar<br />
50 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Figure 9. The Configuration Tool<br />
3. Navigation panel<br />
4. Settings panel<br />
A fifth area, the status bar, shows which configuration file <strong>and</strong> operating system<br />
you are using. The status bar is display only.<br />
Note: Screen captures later in this chapter show the Configuration Tool running<br />
for the Windows operating system. On your platform, the Configuration<br />
Tool might look slightly different.<br />
Navigation panel<br />
The navigation panel (see Figure 9) allows you to navigate through all of the<br />
settings in your configuration. The tree has the following root nodes:<br />
<strong>Gateway</strong> daemon<br />
Contains a subnode for each protocol that the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
can use.<br />
Client daemon<br />
Contains a subnode for each of your server definitions.<br />
Chapter 5. Configuration 51
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Menu bar<br />
The menu bar contains the File, Edit, Tools, Settings, <strong>and</strong> Help menus.<br />
The File menu has the following options:<br />
New Creates a new configuration.<br />
Open Opens an existing configuration.<br />
Save Saves the current configuration. By default, the file name is ctg.ini, <strong>and</strong><br />
saved to the /bin subdirectory.<br />
Save As<br />
Allows you to override the default path <strong>and</strong> name of the configuration file.<br />
Exit Exits the Configuration Tool. If you have made any alterations you are<br />
asked whether you want to save the configuration.<br />
The Edit menu has Cut, Copy <strong>and</strong> Paste options, which perform the st<strong>and</strong>ard text<br />
functions.<br />
The Options menu has the following options:<br />
Trace Settings<br />
Displays the Trace Settings dialog.<br />
New Server<br />
Defines a new server named A_Server, that uses the TCP protocol.<br />
Delete Server<br />
Deletes a server node from the navigation panel.<br />
The Settings menu has these options:<br />
Color Changes the background color on panels <strong>and</strong> fields. If you change the<br />
color, all fields (except check boxes <strong>and</strong> radio buttons) take on the same<br />
background color as the main panel.<br />
Font Changes the typeface, size, style <strong>and</strong> color of text. You can also change the<br />
color of warning text.<br />
Save on exit<br />
If this menu option is selected, your choices are stored in CTGCFG.INI, for<br />
use in future sessions. A copy of CTGCFG.INI is created for each user in<br />
the user’s home directory (~/.ctg).<br />
Note:<br />
1. The file is not deleted if the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is<br />
uninstalled. It remains on the system unless manually deleted,<br />
<strong>and</strong> will be reused if the product is reinstalled.<br />
2. To restore the default settings, close the Configuration Tool,<br />
delete file CTGCFG.INI, <strong>and</strong> then restart the Configuration Tool.<br />
3. When you close the Configuration Tool, a message is displayed if<br />
file CTGCFG.INI cannot be written—even if you have deselected<br />
the Save on exit menu option. Click OK to clear the message<br />
<strong>and</strong> close the Configuration Tool.<br />
The Help menu has the following options:<br />
52 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Context Help<br />
Displays online help information according to the current screen context,<br />
for example, for a particular configuration setting.<br />
Contents<br />
Displays the contents list for online help.<br />
Keys Help<br />
Displays information on keyboard alternatives, <strong>and</strong> other information to<br />
help users with a disability to use the software. See also “Accessibility<br />
features for <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>” on page 215.<br />
Index Displays a subject index for online help.<br />
About Displays the version number <strong>and</strong> other information about the<br />
Configuration Tool.<br />
Toolbar<br />
The toolbar provides some of the functionality available from the menu bar in a set<br />
of icons. These icons have hover help, so that when you place the cursor over them,<br />
a text box describing the option appears.<br />
Settings panels<br />
When you select nodes in the navigation panel, the relevant settings panel is<br />
displayed. The settings in these panels correspond to parameters in the ctg.ini file.<br />
On each settings panel there is an Undo Changes button that allows you to undo<br />
changes you have made.<br />
Configuring <strong>Gateway</strong> daemon settings<br />
To display the <strong>Gateway</strong> daemon settings panel, select the <strong>Gateway</strong> node in the tree<br />
structure. The settings map to the parameters in the <strong>Gateway</strong> section of the ctg.ini<br />
file.<br />
Using the Configuration Tool, you can provide preset values for any parameter<br />
that can be specified using a <strong>Gateway</strong> comm<strong>and</strong> line option.<br />
If a parameter that has been defined using the Configuration Tool is specified via<br />
the associated comm<strong>and</strong> line option when the <strong>Gateway</strong> is started, the comm<strong>and</strong><br />
line setting takes precedence.<br />
<strong>Gateway</strong> daemon settings<br />
Select the <strong>Gateway</strong> daemon node to work with the general settings for the<br />
<strong>Gateway</strong> daemon. The panel has these tabs:<br />
Resources<br />
Logging<br />
See Figure 9 on page 51 for the screen layout.<br />
Initial number of Connection Manager threads: Enter a number in the range 1<br />
through 1 000 000, to specify the initial number of ConnectionManager threads.<br />
Set this to the normal number of Java<strong>Gateway</strong> objects opened by all connected<br />
Java clients. The default is 1. You might need to set this to less than the supported<br />
maximum value due to constraints on memory or other system resources. If you<br />
enter a value outside the permitted range, the Configuration Tool warns you. If the<br />
value entered is too low, it substitutes the minimum. If the value entered is too<br />
high, it substitutes the maximum. If a non-numeric value is present in the<br />
configuration file, it substitutes the minimum value.<br />
Chapter 5. Configuration 53
You can override this setting with the ctgstart -initconnect=number comm<strong>and</strong>.<br />
For details of the corresponding entry in the configuration file, see initconnect<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Maximum number of Connection Manager threads: Enter a number in the range<br />
1 through 1 000 000, to specify the maximum number of ConnectionManager<br />
threads. The default is 100. You might need to set this to less than the supported<br />
maximum value due to constraints on memory or other system resources. If you<br />
enter a value outside the permitted range, the Configuration Tool warns you. If the<br />
value entered is too low, it substitutes the minimum. If the value entered is too<br />
high, it substitutes the maximum. If a non-numeric value is present in the<br />
configuration file, it substitutes the minimum value.<br />
This limits the maximum number of Java<strong>Gateway</strong> objects opened by all connected<br />
Java Client applications. Set this to the maximum number of Java<strong>Gateway</strong> objects<br />
that could be open at any one time from all the remotely-connected Java Client<br />
applications.<br />
If you select the Unrestricted check box, no limits are applied to the number of<br />
ConnectionManager threads.<br />
You can override this setting with the ctgstart -maxconnect=number comm<strong>and</strong>.<br />
For information on threading limits, see “The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> threading<br />
model” on page 113.<br />
For details of the corresponding entry in the configuration file, see maxconnect<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Initial number of Worker threads: Enter a number in the range 1 through<br />
1 000 000, to specify the initial number of worker threads. The default is 1. You<br />
might need to set this to less than the supported maximum value due to<br />
constraints on memory or other system resources. If you enter a value outside the<br />
permitted range, the Configuration Tool warns you. If the value entered is too low,<br />
it substitutes the minimum. If the value entered is too high, it substitutes the<br />
maximum. If a non-numeric value is present in the configuration file, it substitutes<br />
the minimum value.<br />
Set this to the normal number of concurrent requests expected to be processed<br />
concurrently by the <strong>Gateway</strong> daemon.<br />
You can override this setting with the ctgstart -initworker=number comm<strong>and</strong>.<br />
For details of the corresponding entry in the configuration file, see initworker<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Maximum number of Worker threads: Enter a number in the range 1 through<br />
1 000 000, to specify the maximum number of worker threads. The default is 100.<br />
You might need to set this to less than the supported maximum value due to<br />
constraints on memory or other system resources. If you enter a value outside the<br />
permitted range, the Configuration Tool warns you. If the value entered is too low,<br />
it substitutes the minimum. If the value entered is too high, it substitutes the<br />
maximum. If a non-numeric value is present in the configuration file, it substitutes<br />
the minimum value.<br />
54 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
This limits the maximum number of parallel ECI, ESI <strong>and</strong> EPI requests that the<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> can process.<br />
Set it to be less than or equal to maxconnect.<br />
If you select the Unrestricted check box, no limits are applied to the number of<br />
worker threads.<br />
You can override this setting with the ctgstart -maxworker=number comm<strong>and</strong>.<br />
For information on threading limits, see “The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> threading<br />
model” on page 113.<br />
For details of the corresponding entry in the configuration file, see maxworker<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Enable reading input from console: Select this check box to enable the reading of<br />
input from the console. The field is enabled by default.<br />
See also the -quiet comm<strong>and</strong> line option (“Starting the <strong>Gateway</strong> daemon with<br />
preset options” on page 123).<br />
For details of the corresponding entry in the configuration file, see noinput<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Let Java Clients obtain generic ECI replies: Select this check box if you want<br />
Java Client applications to be able to obtain generic ECI replies from the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>.<br />
Generic replies are those obtained using the Call_Type: ECI_GET_REPLY or<br />
ECI_GET_REPLY_WAIT. Specific replies are those obtained using the Call_Type:<br />
ECI_GET_SPECIFIC_REPLY or ECI_GET_SPECIFIC_REPLY_WAIT. This setting<br />
does not apply to local <strong>Gateway</strong>s. The default is that generic replies are not<br />
enabled; enabling generic replies is deprecated.<br />
For details of the corresponding entry in the configuration file, see ecigenericreplies<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Validate Units of Work: Select this check box if you want the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> to validate logical units of work (LUWs). This ensures that a LUW ID can<br />
be used only on the Java<strong>Gateway</strong> connection to which it was allocated. If you clear<br />
this check box, you disable validation:<br />
v LUWs can be accessed by any connection to the same remote <strong>Gateway</strong>.<br />
v The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> cannot clean up used LUWs when a connection<br />
is closed or breaks.<br />
The default is that LUW validation is enabled; disabling validation is deprecated.<br />
For details of the corresponding entry in the configuration file, see uowvalidation<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Validate message qualifiers: Select this check box if you want the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> to validate message qualifiers. This ensures that a message<br />
qualifier ID can be used only on the Java<strong>Gateway</strong> connection to which it was<br />
Chapter 5. Configuration 55
allocated. A message qualifier that has been assigned on an asynchronous call<br />
cannot be used by any connection using the same remote <strong>Gateway</strong> until the reply<br />
has been received.<br />
If you clear this check box, you disable validation:<br />
v ECI asynchronous calls tagged with a message qualifier on one connection can<br />
have a call of the GET_SPECIFIC_REPLY type made from another connection to<br />
the same remote gateway.<br />
v A message qualifier can be used on an asynchronous call even if a reply with<br />
the same message qualifier is still outst<strong>and</strong>ing in the remote <strong>Gateway</strong>.<br />
v The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> cannot clean up used message qualifiers when a<br />
connection is closed or breaks. In some circumstances logical units of work<br />
(LUWs) will also not be cleaned up: because the <strong>Gateway</strong> cannot clean up the<br />
message qualifier, it cannot determine if the LUW is still active.<br />
The default is that message qualifier validation is enabled; disabling validation is<br />
deprecated.<br />
For details of the corresponding entry in the configuration file, see<br />
msgqualvalidation (“ctg.ini: GATEWAY section” on page 203).<br />
Timeout for in-progress requests to complete (ms): Enter a number in the range<br />
0 through 1 000 000, to specify the value in milliseconds. The default timeout is<br />
10 000 milliseconds. If you enter a value outside the permitted range, the<br />
Configuration Tool warns you. If the value entered is too low, it substitutes the<br />
minimum. If the value entered is too high, it substitutes the maximum. If a<br />
non-numeric value is present in the configuration file, it substitutes the minimum<br />
value.<br />
When a Java Client application disconnects from the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>,<br />
the <strong>Gateway</strong> might still be processing requests on behalf of that program.<br />
1. The ConnectionManager that was managing requests on behalf of the Java<br />
Client application waits for outst<strong>and</strong>ing requests to complete for up to the<br />
timeout period. If this field is set to zero, the Connection Manager moves<br />
immediately to step 2.<br />
2. After the timeout has expired, the ConnectionManager closes the protocol<br />
h<strong>and</strong>ler <strong>and</strong> returns any worker threads without in-progress requests to the<br />
pool.<br />
3. When all in-progress requests have completed, the ConnectionManager returns<br />
itself to the pool for reuse.<br />
For details of the corresponding entry in the configuration file, see closetimeout<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Worker thread available timeout (ms): Enter a number in the range 0 through<br />
1 000 000, to specify the value in milliseconds. If you enter a value outside the<br />
permitted range, the Configuration Tool warns you. If the value entered is too low,<br />
it substitutes the minimum. If the value entered is too high, it substitutes the<br />
maximum. If a non-numeric value is present in the configuration file, it substitutes<br />
the minimum value.<br />
When a ConnectionManager accepts a request, it must allocate a worker thread to<br />
execute that request. If a worker thread does not become available within the<br />
56 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
timeout period, an error message is sent rejecting that request <strong>and</strong> the request is<br />
not executed. The default timeout is set to 10 000 milliseconds, but you can enter a<br />
value to override that default.<br />
If you set this value to zero, the request is rejected unless a worker thread is<br />
immediately available.<br />
For details of the corresponding entry in the configuration file, see workertimeout<br />
(“ctg.ini: GATEWAY section” on page 203.)<br />
Port for local administration: Enter a value in the range 1 through 65 535, to<br />
specify the port number on which to listen for administration requests. The default<br />
is 2810. If you enter a value outside the permitted range, the Configuration Tool<br />
warns you. If the value entered is too low, it substitutes the minimum. If the value<br />
entered is too high, it substitutes the maximum. If a non-numeric value is present<br />
in the configuration file, it substitutes the minimum value.<br />
You can override this setting with the ctgstart -adminport=number comm<strong>and</strong>.<br />
For details of the corresponding entry in the configuration file, see adminport<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Statistics API port:<br />
The Statistics API port allows the <strong>Gateway</strong> daemon to h<strong>and</strong>le incoming requests<br />
for the Statistics API.<br />
Enter a value in the range 1 through 65 535, to specify the port number on which<br />
to listen for Statistics API requests. The default is 2980. If you enter a value outside<br />
the permitted range, the Configuration Tool warns you. If the value entered is too<br />
low, it substitutes the minimum. If the value entered is too high, it substitutes the<br />
maximum. If a non-numeric value is present in the configuration file, it substitutes<br />
the minimum value.<br />
The port is not available by default. If you clear the Disabled check box, the<br />
Statistics API port field is available <strong>and</strong> the <strong>Gateway</strong> daemon listens for incoming<br />
requests on the specified port.<br />
You can override this setting with the ctgstart -statsport=number comm<strong>and</strong>.<br />
For details of the corresponding entry in the configuration file, see statsport<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
If the Configuration Tool loads a configuration file without a statsport parameter,<br />
the Disabled check box is selected. An incorrect statsport parameter in ctg.ini sets<br />
the port to 1.<br />
Display TCP/IP hostnames: Select this check box to enable the display of TCP/IP<br />
host names in messages.<br />
This option allows you to choose how TCP/IP addresses are displayed in<br />
messages. By default, <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> displays TCP/IP addresses in<br />
messages in numeric form. If you enable this option, <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
uses the Domain Name System (DNS) to convert numeric TCP/IP addresses to<br />
symbolic TCP/IP host names in messages. This makes the messages easier to read.<br />
Chapter 5. Configuration 57
Note: Selecting this option might cause severe performance reduction on some<br />
systems.<br />
For details of the corresponding entry in the configuration file, see nonames<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Log Java Client connections <strong>and</strong> disconnections: Select this check box if you<br />
want <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> to write a message to the log each time that a Java<br />
Client application connects to, or disconnects from, the <strong>Gateway</strong> daemon. The<br />
default is for these messages not to be written.<br />
For details of the corresponding entry in the configuration file, see<br />
connectionlogging (“ctg.ini: GATEWAY section” on page 203).<br />
Error <strong>and</strong> warning log destination: Select the destination for error <strong>and</strong> warning<br />
messages output by the <strong>Gateway</strong> daemon. The Console option sends output to<br />
stderr.<br />
For details of the corresponding entry in the configuration file, see log@error.dest<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Error log file name: Enter the name of the log file to be used for error <strong>and</strong><br />
warning messages. The file name cannot contain the % (percent) character. Use<br />
either a forward slash (/) character, or double back slash (\\) characters, as a<br />
separator in the path name on all platforms. For example:<br />
/logs/mylogs.txt<br />
\\logs\\mylogs.txt<br />
For details of the corresponding entry in the configuration file, see<br />
log@error.parameters (“ctg.ini: GATEWAY section” on page 203).<br />
Error log maximum size (KB): Enter a value in the range 0 through 2 097 151, to<br />
specify the maximum size in kilobytes of the log file. A value of 0 means that no<br />
limit is placed on the file size. The default value is 0. If you enter a value outside<br />
the permitted range, the Configuration Tool warns you. If the value entered is too<br />
low, it substitutes the minimum. If the value entered is too high, it substitutes the<br />
maximum. If a non-numeric value is present in the configuration file, it substitutes<br />
the minimum value.<br />
For details of the corresponding entry in the configuration file, see<br />
log@error.parameters (“ctg.ini: GATEWAY section” on page 203).<br />
Maximum number of archived error log files: Enter a value in the range 1<br />
through 9999, to specify the maximum number of archived log files that are<br />
maintained. The default value is 1. If you enter a value outside the permitted<br />
range, the Configuration Tool warns you. If the value entered is too low, it<br />
substitutes the minimum. If the value entered is too high, it substitutes the<br />
maximum. If a non-numeric value is present in the configuration file, it substitutes<br />
the minimum value. Any entry in this field is ignored if the “Error log maximum<br />
size (KB)” field has a value of 0. A value greater than 1 means that the log files<br />
will be rotated when the currently active log file reaches or exceeds the filesize<br />
limit. The file name of the currently active log file is suffixed by ’.0’ <strong>and</strong> the<br />
rotation process closes this file. The log file with the file name that has a suffix of<br />
’.maxfiles-1’, is then erased, if it exists <strong>and</strong> all the other log files are renamed by<br />
adding one to the suffix. Finally, a new log file with suffix ’.0’ is opened as the<br />
58 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
new active log file. For example, if you set “Error log file name” on page 58 to<br />
ctg.log, <strong>and</strong> the Maximum number of archived information log files field to 4, at<br />
most the following files will be created:<br />
ctg.log.3 This is the oldest log file.<br />
ctg.log.2<br />
ctg.log.1<br />
ctg.log.0 This is the log file currently being written to.<br />
When ctg.log.0 becomes full it is closed. ctg.log.3 is erased. ctg.log.0 becomes<br />
ctg.log.1, ctg.log.1 becomes ctg.log.2, ctg.log.2 becomes ctg.log.3, <strong>and</strong> a new log file<br />
ctg.log.0 is opened as the currently active log file. In other words the smaller the<br />
file name suffix the newer the log file.<br />
For details of the corresponding entry in the configuration file, see<br />
log@error.parameters (“ctg.ini: GATEWAY section” on page 203).<br />
Use the same settings for error <strong>and</strong> information logs: Select this check box if you<br />
want the information log to be output to the same destination as the error <strong>and</strong><br />
warning log.<br />
Information log destination: Select the destination for information messages<br />
output by the <strong>Gateway</strong> daemon. The Console option sends output to stdout.<br />
For details of the corresponding entry in the configuration file, see log@info.dest<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Information log file name: Enter the name of the log file to be used for<br />
information messages. The file name cannot contain the % (percent) character. Use<br />
either a forward slash (/) character, or double back slash (\\) characters, as a<br />
separator in the path name on all platforms. For example:<br />
/logs/mylogs.txt<br />
\\logs\\mylogs.txt<br />
For details of the corresponding entry in the configuration file, see<br />
log@info.parameters (“ctg.ini: GATEWAY section” on page 203).<br />
Information log maximum size (KB): Enter a value in the range 0 through<br />
2 097 151, to specify the maximum size in kilobytes of the log file. A value of 0<br />
means that no limit is placed on the file size. The default value is 0. If you enter a<br />
value outside the permitted range, the Configuration Tool warns you. If the value<br />
entered is too low, it substitutes the minimum. If the value entered is too high, it<br />
substitutes the maximum. If a non-numeric value is present in the configuration<br />
file, it substitutes the minimum value.<br />
For details of the corresponding entry in the configuration file, see<br />
log@info.parameters (“ctg.ini: GATEWAY section” on page 203).<br />
Maximum number of archived information log files: Enter a value in the range<br />
1 through 9999, to specify the maximum number of archived log files that are<br />
maintained. The default value is 1. If you enter a value outside the permitted<br />
range, the Configuration Tool warns you. If the value entered is too low, it<br />
substitutes the minimum. If the value entered is too high, it substitutes the<br />
maximum. If a non-numeric value is present in the configuration file, it substitutes<br />
the minimum value. Any entry in this field is ignored if the “Information log<br />
maximum size (KB)” field has a value of 0. A value greater than 1 results in the file<br />
name of the log file being suffixed by sequence numbers until the number of<br />
archived files specified in maxfiles have been created. For example, if you set<br />
Chapter 5. Configuration 59
Figure 10. TCP settings<br />
“Information log file name” on page 59 to ctg.log, <strong>and</strong> the Maximum number of<br />
archived information log files field to 4, at most the following files will be created:<br />
ctg.log.3 This is the oldest log file.<br />
ctg.log.2<br />
ctg.log.1<br />
ctg.log.0 This is the log file currently being written to.<br />
In other words the smaller the filename suffix the newer the log file.<br />
For details of the corresponding entry in the configuration file, see<br />
log@info.parameters (“ctg.ini: GATEWAY section” on page 203).<br />
TCP protocol settings<br />
Select the TCP subnode to display the settings for TCP:<br />
Enable protocol h<strong>and</strong>ler: Select this check box to configure the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> for use with this protocol.<br />
Bind Address: The protocol h<strong>and</strong>ler can be bound to an individual IP address,<br />
which is entered here. Enter an IP address or a host name. If you enter a host<br />
name, it is resolved on startup.<br />
To bind the protocol to all addresses, leave the field blank.<br />
60 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
The default behavior is to bind all addresses.<br />
The IP address can be in IPv6 format, for example<br />
3ffe:307:8:0:260:97ff:fe40:efab.<br />
Port: Enter a number in the range 1 through 65 535 to specify the TCP/IP port<br />
number. If you enter a value outside the permitted range, the Configuration Tool<br />
warns you. If the value entered is too low, it substitutes the minimum. If the value<br />
entered is too high, it substitutes the maximum. If a non-numeric value is present<br />
in the configuration file, it substitutes the minimum value.<br />
The default port for TCP/IP is 2006.<br />
You can override this setting with the ctgstart -port=number comm<strong>and</strong>.<br />
For details of the corresponding entry in the configuration file, see port (“ctg.ini:<br />
GATEWAY section” on page 203).<br />
Connection timeout (ms): Enter a number in the range 0 through 65 536, to<br />
specify the value in milliseconds. If you enter a value outside the permitted range,<br />
the Configuration Tool warns you. If the value entered is too low, it substitutes the<br />
minimum. If the value entered is too high, it substitutes the maximum. If a<br />
non-numeric value is present in the configuration file, it substitutes the minimum<br />
value.<br />
When a new connection has been accepted, this value specifies how long the<br />
protocol h<strong>and</strong>ler waits for a ConnectionManager thread to become available. If a<br />
ConnectionManager thread does not become available within this time, the<br />
connection is refused. If this value is set to zero, a connection is refused if a<br />
ConnectionManager is not immediately available.<br />
For details of the corresponding entry in the configuration file, see connecttimeout<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Idle timeout (ms): Enter a value in milliseconds, between 0 <strong>and</strong> 9 999 999. If you<br />
enter a value outside the permitted range, the Configuration Tool warns you. If the<br />
value entered is too low, it substitutes the minimum. If the value entered is too<br />
high, it substitutes the maximum. If a non-numeric value is present in the<br />
configuration file, it substitutes the minimum value.<br />
This setting specifies how long a connection is allowed to remain dormant. The<br />
idle timeout period is counted from when a request was last flowed down the<br />
connection. When the idle timeout has expired, the Java Client application is<br />
disconnected, although if work is still in progress on behalf of the connection, it<br />
might be left connected, depending on the setting of the “Drop working<br />
connections” on page 62 field. If the Idle timeout (ms) field is not set, or is set to<br />
zero, idle connections will not be disconnected.<br />
Cleanup processing will only result after a timeout if the server has support for<br />
this function installed.<br />
For details of the corresponding entry in the configuration file, see idletimeout<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Ping time frequency (ms): Enter a number in the range 0 through 65 536, to<br />
specify the value in milliseconds. If you enter a value outside the permitted range,<br />
Chapter 5. Configuration 61
the Configuration Tool warns you. If the value entered is too low, it substitutes the<br />
minimum. If the value entered is too high, it substitutes the maximum. If a<br />
non-numeric value is present in the configuration file, it substitutes the minimum<br />
value.<br />
This value specifies how often a ping message is sent by the <strong>Gateway</strong> to an<br />
attached client to check that client is still active. If a reply has not been received by<br />
the time the next ping message is due to be sent, the connection is disconnected.<br />
Again, if work is still in progress on behalf of the connection it might (depending<br />
on the drop working connections value setting) be left connected. If this value is<br />
not set, or is set to zero, ping messages are not sent.<br />
For details of the corresponding entry in the configuration file, see pingfrequency<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Drop working connections: Select this check box to specify that a connection can<br />
be disconnected, due to an idle timeout or a PING/PONG failure even if work is<br />
still in progress on behalf of this connection.<br />
For details of the corresponding entry in the configuration file, see “ctg.ini:<br />
GATEWAY section” on page 203 (dropworking).<br />
SO_LINGER setting: Enter a number in the range 0 through 65 536, to specify<br />
the SO_LINGER setting for any socket used by this h<strong>and</strong>ler. The SO_LINGER<br />
setting is a delay value in seconds for closing a socket. If this value is not entered,<br />
or is set to zero, SO_LINGER is disabled for any sockets used by this protocol<br />
h<strong>and</strong>ler. If you enter a value outside the permitted range, the Configuration Tool<br />
warns you. If the value entered is too low, it substitutes the minimum. If the value<br />
entered is too high, it substitutes the maximum. If a non-numeric value is present<br />
in the configuration file, it substitutes the minimum value.<br />
If SO_LINGER is enabled, <strong>and</strong> data transmission has not finished, a call to close<br />
the socket blocks the calling program until the data is transmitted or until the<br />
connection times out. If SO_LINGER is disabled, a call to close the socket returns<br />
without blocking the caller <strong>and</strong> TCP/IP still tries to send the data. Normally this<br />
transfer is successful, but it cannot be guaranteed, because TCP/IP repeats the<br />
Send request for only a specified period of time.<br />
For details of the corresponding entry in the configuration file, see solinger<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Require Java Clients to use security classes: Select this check box if you want<br />
your <strong>Gateway</strong> to accept only connections that use security classes.<br />
When a Java Client application connects to the <strong>Gateway</strong>, it can specify a pair of<br />
security classes for use on the connection. However, by default a <strong>Gateway</strong> also<br />
accepts connections from programs that do not specify this pair of security classes.<br />
For more information on <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> security exits, see “Security<br />
exits” on page 10.<br />
For details of the corresponding entry in the configuration file, see requiresecurity<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
SSL protocol settings<br />
62 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Figure 11. SSL settings<br />
Select the SSL subnode to display the settings for SSL. These settings can be added<br />
manually to the configuration file as explained in “SSL protocol” on page 205. The<br />
settings are the same as for TCP except that the default port is 8050 <strong>and</strong> SSL also<br />
has the following settings:<br />
Use client authentication: Select this check box to enable client authentication for<br />
the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>. The default is that client authentication is disabled.<br />
When client authentication is enabled, any connection attempted to the ssl: h<strong>and</strong>ler<br />
requires the client to present its own Client Certificate (also known as a digital ID).<br />
For information on how to obtain Client Certificates for the clients, see “Using<br />
externally signed certificates under JSSE” on page 100.<br />
For details of the corresponding entry in the configuration file, see clientauth<br />
(“ctg.ini: GATEWAY section” on page 203.)<br />
Key ring file: Enter the server key ring name.<br />
Give either the full path name, or the relative path name of the file. Use either a<br />
forward slash (/) character, or double back slash (\\) characters, as a separator in<br />
the path name on all operating systems. For example:<br />
Chapter 5. Configuration 63
|<br />
|<br />
|<br />
|<br />
/mykeys/jsse/keystore.jks<br />
\\mykeys\\jsse\\keystore.jks<br />
The server key ring consists of a valid x.509 certificate that identifies this server to<br />
connecting clients. This key ring is generated using the SSL tools supplied with<br />
this product.<br />
For details of the corresponding entry in the configuration file, see keyring<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Key ring password: Enter the password that you specified for the server key ring.<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> writes the password to the configuration file in a form<br />
that prevents a casual observer from easily reading it.<br />
For details of the corresponding entry in the configuration file, see keyringpw<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Use only these ciphers: Enter a valid cipher suite in the entry field. The entry<br />
must match exactly the name of the cipher suite to be used. Click Add to add the<br />
cipher to the list of ciphers, below the entry field. Click Remove to remove all<br />
selected entries in the ciphers list. See the documentation supplied with your Java<br />
runtime environment for valid cipher suites, or proceed as follows:<br />
1. Remove any entries from the Use only these ciphers list.<br />
2. Save the configuration file.<br />
3. Run ctgstart.<br />
If the SSL protocol is correctly configured, <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> displays a<br />
list of valid ciphersuites that Java Client applications can use to connect to the<br />
<strong>CICS</strong> TG.<br />
If there are entries in the Use only these ciphers list, a Java Client application can<br />
connect to the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> only by using the cipher suites listed. If<br />
the Java Client application does not support any of the cipher suites listed, it<br />
cannot connect.<br />
If there are no entries in the list, a Java Client application can connect using any<br />
available cipher suite.<br />
Use of the ciphersuites=128bitonly parameter is deprecated. If you use the<br />
Configuration Tool to open a configuration file that contains this entry, the entry is<br />
replaced by these cipher suites:<br />
TLS_RSA_WITH_RC4_128_MD5<br />
TLS_RSA_WITH_RC4_128_SHA<br />
TLS_DHE_DSS_WITH_RC4_128_SHA<br />
Cipher suites entered as TLS_ will be converted to SSL_ when the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> starts. The actual protocol used can be found by checking the<br />
log or trace when a client connects.<br />
For details of the corresponding entry in the configuration file, see ciphersuites<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Configuring Client daemon settings<br />
64 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Figure 12. Client settings<br />
Select the Client node to display the Client Configuration panel. The settings map<br />
to the parameters in the CLIENT section of the ctg.ini file. The panel has these<br />
tabs:<br />
Resources<br />
Logging<br />
Default Server<br />
Select the default server from the drop-down list.<br />
Application ID<br />
Enter up to 8 characters, or leave this field with the default value of *.<br />
This value specifies the applid of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> workstation in the<br />
form in which it will be autoinstalled as a system at the <strong>CICS</strong> server. The name<br />
must be unique within the <strong>CICS</strong> server system. The value of * automatically<br />
generates a name that is guaranteed to be unique.<br />
If the client is to be autoinstalled on more than one <strong>CICS</strong> server <strong>and</strong> you enter a<br />
specific name for the applid, that name must be unique with respect to all servers<br />
to which it is connected. If the name is not unique, attempts to connect to a server<br />
might be rejected because another client has already been installed using the same<br />
name. If a name of * is used, the client will be known by a different unique name<br />
at each server.<br />
Chapter 5. Configuration 65
If the client is to communicate with a given server over SNA, this applid might be<br />
overridden at the time the client is installed at the server by the Local LU name for<br />
the client.<br />
Maximum buffer size<br />
Enter a number of kilobytes, in the range 4 through 32. The default is 32 KB. If<br />
you enter a value outside the permitted range, the Configuration Tool warns you.<br />
If the value entered is too low, it substitutes the minimum. If the value entered is<br />
too high, it substitutes the maximum. If a non-numeric value is present in the<br />
configuration file, it substitutes the minimum value.<br />
This value specifies the size of the transmission buffers in which application or<br />
terminal data will flow. The value should be large enough to cater for the largest<br />
possible COMMAREA or terminal input/output area (TIOA) to be used. The<br />
maximum COMMAREA size might be less than the Maximum buffer size, because<br />
certain protocols have an overhead of 512 bytes.<br />
Leave this setting at the default unless the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is running<br />
on a machine that is short of memory.<br />
For details of the corresponding entry in the configuration file, see<br />
MAXBUFFERSIZE (“ctg.ini: CLIENT section” on page 206).<br />
Terminal exit<br />
Enter a character string of between 1 <strong>and</strong> 4 characters. The default is EXIT.<br />
The string, when entered at a terminal emulator at any time <strong>and</strong> place where a<br />
transaction name can be entered, causes the terminal emulator to terminate. The<br />
string must not contain any blank characters.<br />
The string is case-sensitive. If a terminal emulator has uppercase translation in its<br />
<strong>CICS</strong> terminal definition, enter this string in uppercase.<br />
For details of the corresponding entry in the configuration file, see<br />
TERMINALEXIT (“ctg.ini: CLIENT section” on page 206).<br />
Maximum servers<br />
Enter a value in the range 1 through 256. The default is 10. If you enter a value<br />
outside the permitted range, the Configuration Tool warns you. If the value<br />
entered is too low, it substitutes the minimum. If the value entered is too high, it<br />
substitutes the maximum. If a non-numeric value is present in the configuration<br />
file, it substitutes the minimum value.<br />
This value specifies the maximum number of servers that can be accessed<br />
concurrently from the client.<br />
For details of the corresponding entry in the configuration file, see MAXSERVERS<br />
(“ctg.ini: CLIENT section” on page 206).<br />
Maximum requests<br />
Enter a value in the range 1 through 10 000. The default is 256. If you enter a<br />
value outside the permitted range, the Configuration Tool warns you. If the value<br />
entered is too low, it substitutes the minimum. If the value entered is too high, it<br />
substitutes the maximum. If a non-numeric value is present in the configuration<br />
file, it substitutes the minimum value.<br />
66 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
This value specifies the maximum number of concurrent items that might be<br />
executing on the Client daemon, where an item is one of:<br />
v A request to install or uninstall a terminal emulator<br />
v A request to install or uninstall an EPI terminal<br />
v A transaction invoked by a terminal<br />
v An ECI unit of work<br />
v An ESI unit of work<br />
It is used to detect runaway conditions where an application could, in error,<br />
submit an excessive number of requests to a server. The actual limit might be less<br />
than this setting if other operating system limits (for example, memory constraint<br />
or communication sessions), come into effect.<br />
For details of the corresponding entry in the configuration file, see<br />
MAXREQUESTS (“ctg.ini: CLIENT section” on page 206).<br />
Print comm<strong>and</strong><br />
Enter a character string, from 1 to 256 characters long.<br />
The specified string is a comm<strong>and</strong> specific to the operating system under which<br />
the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is running. When a request to print is received, the<br />
Client daemon generates a temporary print file with a unique name.<br />
The parameter string is appended with the temporary file name, <strong>and</strong> the resultant<br />
comm<strong>and</strong> executed. This allows, for example, print requests to be copied to a file,<br />
directed to a local printer, formatted for inclusion into documentation, <strong>and</strong> so on.<br />
It is the responsibility of the Print comm<strong>and</strong> to delete the temporary print file after<br />
it has finished processing it.<br />
Use a shell script with the Print comm<strong>and</strong> (for example, lpr) followed by the<br />
comm<strong>and</strong> to delete (rm).<br />
See also the Print file description for more information.<br />
For details of the corresponding entry in the configuration file, see<br />
PRINTCOMMAND (“ctg.ini: CLIENT section” on page 206).<br />
Print file<br />
Enter a character string, 1 to 256 characters long.<br />
This option applies only if you make no entry in the Print comm<strong>and</strong> setting.<br />
The specified string identifies a file to which output from print requests received at<br />
the Client daemon is directed. Each print request is appended to the end of the<br />
current file.<br />
This setting acts only as a default. The terminal <strong>and</strong> print emulators provide<br />
options to override this value.<br />
For details of the corresponding entry in the configuration file, see PRINTFILE<br />
(“ctg.ini: CLIENT section” on page 206).<br />
Chapter 5. Configuration 67
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Code page identifier override<br />
Enter a value indicating a Coded Character Set Identifier (CCSID) to override your<br />
local code page identifier.<br />
Use this setting if your platform has been updated for euro support, <strong>and</strong> the <strong>CICS</strong><br />
Server has euro support. For example, for Latin-1 countries, use a CCSID value of<br />
858 to indicate that the code page 850 includes euro support. For code page 1252,<br />
specify a CCSID value of 5348.<br />
Note:<br />
1. Regardless of the value in the Code page identifier override setting,<br />
cicsterm always displays characters based on the local code page of the<br />
workstation.<br />
2. If you use the CCSID to change the code page identifier, data that is<br />
already stored on the server might be modified when retrieved by the<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, if it includes characters for which the code<br />
points produce different characters.<br />
3. AIX operating system: On AIX 4.3.2 <strong>and</strong> above, support for Ja_JP locale<br />
uses CCSID=943. If the <strong>CICS</strong> Server does not support this CCSID, enter a<br />
code page identifier override of 932, or add the statement ’CCSID=932’<br />
to the Client Section of the configuration file ctg.ini.<br />
For details of the corresponding entry in the configuration file, see CCSID (“ctg.ini:<br />
CLIENT section” on page 206).<br />
Server retry interval<br />
Enter a number between 1 <strong>and</strong> 3600, to specify the time in seconds between<br />
attempts by the Client daemon to reconnect to a server. The default is 60 seconds.<br />
When the Client daemon becomes aware that a server to which it was connected is<br />
no longer active, it attempts to reconnect to the server 1 second after it becomes<br />
inactive. If it fails it keeps trying, at the interval specified here.<br />
For details of the corresponding entry in the configuration file, see<br />
SRVRETRYINTERVAL (“ctg.ini: CLIENT section” on page 206).<br />
Log terminal installations <strong>and</strong> deinstallations<br />
Select this check box to log server connection <strong>and</strong> disconnection events.<br />
For details of the corresponding entry in the configuration file, see<br />
TERMINSTLOGGING (“ctg.ini: CLIENT section” on page 206).<br />
Error <strong>and</strong> warning log file<br />
Enter the name of the log file to be used for problem diagnosis.<br />
If not specified, the log file name defaults to cicscli.log in the /var/cicscli<br />
subdirectory.<br />
For details of the corresponding entry in the configuration file, see LOGFILE<br />
(“ctg.ini: CLIENT section” on page 206).<br />
Use the same file for information messages<br />
Clear this check box to send information messages to a separate log.<br />
68 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
By default, information messages are logged to the “Error <strong>and</strong> warning log file” on<br />
page 68; clear the “Use the same file for information messages” on page 68 check<br />
box to enable the “Information log file” field.<br />
This field has no corresponding entry in the configuration file.<br />
Information log file<br />
Enter the name of the file to which information messages will be logged.<br />
By default, information messages are logged to the “Error <strong>and</strong> warning log file” on<br />
page 68; clear the “Use the same file for information messages” on page 68 field,<br />
<strong>and</strong> then complete this field, to change the destination. If you do not specify a<br />
path to the file, the log is created in the following directory:<br />
/var/cicscli<br />
For details of the corresponding entry in the configuration file, see LOGFILEINFO<br />
(“ctg.ini: CLIENT section” on page 206).<br />
Changing settings for Client daemon logging<br />
This information describes how to specify a destination for error <strong>and</strong> other<br />
messages from the Client daemon.<br />
By default error, warning, <strong>and</strong> informational messages are output to the “Error <strong>and</strong><br />
warning log file” on page 68. Terminal installations <strong>and</strong> deinstallations are not<br />
logged by default. Take the steps below to change the settings.<br />
1. Launch the Configuration Tool <strong>and</strong> navigate to the Logging tab of the Client<br />
daemon node.<br />
2. Complete the fields on the tab as appropriate. You can choose to:<br />
v Log terminal installations <strong>and</strong> deinstallations.<br />
v Change the name of the Error <strong>and</strong> warning log file from the default<br />
cicscli.log.<br />
v Specify a different log for information messages.<br />
3. Save the configuration file.<br />
Related tasks<br />
“Viewing the information log”<br />
This information describes how to view messages that have been output to the<br />
information log.<br />
Related information<br />
“Using the Configuration Tool” on page 50<br />
Viewing the information log<br />
This information describes how to view messages that have been output to the<br />
information log.<br />
1. Determine the location of the information log file. By default, information<br />
messages are output to the “Error <strong>and</strong> warning log file” on page 68, but the<br />
destination can be changed through the “Information log file” field in the<br />
Configuration Tool.<br />
2. View the file using any st<strong>and</strong>ard text editor.<br />
Related tasks<br />
“Changing settings for Client daemon logging”<br />
This information describes how to specify a destination for error <strong>and</strong> other<br />
messages from the Client daemon.<br />
Chapter 5. Configuration 69
Figure 13. Server settings<br />
Configuring Server settings<br />
Select a server in the navigation panel to display the Server connection panel. The<br />
settings map to the parameters in a Server section of the ctg.ini file.<br />
Multiple identical server definitions are not permitted in the configuration file of<br />
the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>. The combination of fields that identify a server, <strong>and</strong><br />
must therefore be unique is as follows:<br />
Protocol<br />
Fields in ctg.ini<br />
TCP/IP<br />
Hostname or IP address <strong>and</strong> Port.<br />
SNA Partner LU name, Local LU name <strong>and</strong> Mode name.<br />
TCP62 Partner LU name, Local LU name <strong>and</strong> Mode name.<br />
This ensures that every connection that the <strong>CICS</strong> region <strong>and</strong> the network protocol<br />
see is represented by a unique server definition in the configuration file. If you<br />
have existing Client applications that use different server names to send requests<br />
70 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
to the same <strong>CICS</strong> region, you need to write a user exit to redirect requests. This is<br />
demonstrated in sample user exits ecix2.c <strong>and</strong> epix2.c; see /<br />
samples/samples.txt.<br />
Server name<br />
Enter a name of between 1 <strong>and</strong> 8 characters. This provides a name that is<br />
independent of the communications protocol for the server, local to the Client<br />
daemon.<br />
Any requests to access the server from ECI, EPI, ESI, or terminal emulators should<br />
use this name.<br />
For details of the corresponding entry in the configuration file, see SECTION<br />
SERVER (“ctg.ini: SERVER section” on page 207).<br />
Description<br />
Enter a description for the server of between 1 <strong>and</strong> 60 characters. This description<br />
is optional.<br />
This description is returned on EPI or ECI list systems calls.<br />
For details of the corresponding entry in the configuration file, see DESCRIPTION<br />
(“ctg.ini: SERVER section” on page 207).<br />
Initial transaction<br />
Enter a transaction identifier of between 1 <strong>and</strong> 128 characters.<br />
This string is case-sensitive <strong>and</strong> identifies the initial transaction (<strong>and</strong> any<br />
parameters) to be run when the terminal emulator connects to the server. If you do<br />
not enter anything, no initial transaction is run. The first four characters, or the<br />
characters before the first blank in the string are taken as the transaction. The<br />
remaining data is passed to the transaction on its invocation.<br />
Ensure that the transaction does not require terminal input.<br />
For details of the corresponding entry in the configuration file, see<br />
INITIALTRANSID (“ctg.ini: SERVER section” on page 207).<br />
Model terminal definition<br />
Enter a string of between 1 <strong>and</strong> 16 characters.<br />
The string is case-sensitive <strong>and</strong> specifies the name of a model terminal definition at<br />
the server, identifying the characteristics of terminals to be autoinstalled from the<br />
client. If the model cannot be located at the server, or you do not enter anything, a<br />
default terminal definition is used. This default is server-specific.<br />
The interpretation of the Model terminal definition setting is server-specific. For<br />
example, for a TXSeries for AIX server, the value is 1 to 16 characters, <strong>and</strong> is the<br />
DevType for a <strong>CICS</strong> terminal definition entry to be used as the model.<br />
For details of the corresponding entry in the configuration file, see MODELTERM<br />
(“ctg.ini: SERVER section” on page 207).<br />
Chapter 5. Configuration 71
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Use upper case security<br />
Select this check box to specify that the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> converts to<br />
uppercase any user ID or password from an ECI application or from a user<br />
prompt. This setting is disabled by default.<br />
For details of the corresponding entry in the configuration file, see<br />
UPPERCASESECURITY (“ctg.ini: SERVER section” on page 207).<br />
Network protocol<br />
Select the protocol to be used for the server connection from the list:<br />
v TCP/IP<br />
v TCP62<br />
v SNA<br />
The protocol settings on the panel change according to the protocol you select.<br />
Server idle timeout (mins)<br />
Enter an integer in the range 1 through 1080, to specify in minutes the period of<br />
inactivity after which the connection between the Client daemon <strong>and</strong> the <strong>CICS</strong><br />
server is closed. A value of 0 means that no timeout is applied. The default value<br />
is 0.<br />
The field is available if one of the following network protocols is selected:<br />
v TCP/IP<br />
v SNA<br />
The Server idle timeout (mins) period is counted from when the number of<br />
outst<strong>and</strong>ing conversations (units of work) on the connection is zero. The<br />
connection is automatically reestablished when a Client application sends the next<br />
ECI, EPI or ESI request.<br />
When a server connection times out, the Client daemon behaves as if the cicscli<br />
-x= comm<strong>and</strong> had been issued. In particular, any value specified in<br />
the “Server retry interval” on page 68 configuration field is ignored, <strong>and</strong> no<br />
attempt is made to reestablish the connection. The “Server retry interval” on page<br />
68 setting is re-enabled if the connection is reestablished.<br />
For details of the corresponding entry in the configuration file, see<br />
SRVIDLETIMEOUT (ctg.ini: SERVER section `sectionserver). If the network<br />
protocol for the server in question is not supported for this field, the Client<br />
daemon ignores any entry in the configuration file for the Server idle timeout<br />
(mins) field.<br />
Related information<br />
“Shutting down the Client daemon normally” on page 134<br />
TCP/IP settings<br />
Hostname or IP address: Enter the character or numeric TCP/IP identifier for the<br />
host on which the <strong>CICS</strong> server is running. For example, cicssrv2.company.com<br />
(host name) or 192.113.36.200 (IP Address).<br />
Host names are mapped to IP addresses either by the name server or in the hosts<br />
system file. It is better to use a host name in case the IP address changes.<br />
The hosts system file is in the /etc directory.<br />
72 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
For details of the corresponding entry in the configuration file, see NETNAME<br />
(“ctg.ini: SERVER section” on page 207).<br />
Port: Enter a numeric value in the range 0 through 65 535 defining the port<br />
number at the server to which the Client daemon should connect. The default<br />
value is 0. If you enter a value outside the permitted range, the Configuration Tool<br />
warns you. If the value entered is too low, it substitutes the minimum. If the value<br />
entered is too high, it substitutes the maximum. If a non-numeric value is present<br />
in the configuration file, it substitutes the minimum value.<br />
A value of 0 indicates that the services system file should be used to locate the<br />
port number for the <strong>CICS</strong> service using the TCP protocol.<br />
The services system file is in the /etc directory.<br />
If no entry can be located in the services system file, a value of 1435 is assumed.<br />
This is the port assigned to the Client daemon in the TCP/IP architecture.<br />
For details of the corresponding entry in the configuration file, see PORT (“ctg.ini:<br />
SERVER section” on page 207).<br />
Connection timeout: Enter a value in the range 0 through 3600, specifying the<br />
maximum time in seconds that establishing a connection is allowed to take; the<br />
default value of 0 means that no limit is set by the Client daemon. If you enter a<br />
value outside the permitted range, the Configuration Tool warns you. If the value<br />
entered is too low, it substitutes the minimum. If the value entered is too high, it<br />
substitutes the maximum. If a non-numeric value is present in the configuration<br />
file, it substitutes the minimum value.<br />
A timeout occurs if connection establishment takes longer than the specified time.<br />
The TCP/IP socket is closed <strong>and</strong> the return code passed back to the client<br />
application is either ECI_ERR_NO_<strong>CICS</strong> or <strong>CICS</strong>_EPI_ERR_FAILED.<br />
Cleanup processing happens after a timeout only if the server has support for this<br />
function installed.<br />
For details of the corresponding entry in the configuration file, see<br />
CONNECTTIMEOUT (“ctg.ini: SERVER section” on page 207).<br />
Send TCP/IP KeepAlive packets: Select this check box if you want TCP/IP to<br />
periodically send keepalive messages to the server to check the connection. The<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> uses the interval specified by your operating system.<br />
For details of the corresponding entry in the configuration file, see<br />
TCPKEEPALIVE (“ctg.ini: SERVER section” on page 207).<br />
SNA settings<br />
Note: Use the Configuration Tool to configure SNA on the AIX, <strong>Linux</strong> <strong>and</strong> Solaris<br />
operating systems.<br />
Use LU alias names: Select this check box to use LU alias names.<br />
LU names are always aliases on <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> operating systems. This setting is<br />
ignored but treated as if it is set.<br />
Chapter 5. Configuration 73
Partner LU name: Enter the LU name of the server as it is known to the APPC<br />
configuration at the Client daemon.<br />
Enter an alias name of eight characters or less.<br />
Local LU name: Enter the name of a local LU to be used when connecting to the<br />
server. The same LU can be used for all server connections.<br />
Enter an alias name of eight-characters or less.<br />
For details of the corresponding entry in the configuration file, see<br />
LOCALLUNAME (“ctg.ini: SERVER section” on page 207).<br />
Mode name: Enter between 1 <strong>and</strong> 8 characters specifying the mode name to be<br />
used when connecting to the server.<br />
Enter * if you want the mode name to be filled with spaces.<br />
TCP62 settings<br />
Hosts file: When configuring a TCP62 <strong>CICS</strong> server, unless you are using a<br />
TCP/IP domain name server you must also update the local hosts file. The path to<br />
the file is:<br />
/etc/hosts<br />
The file maps IP addresses to host names. Keep each entry on a separate line.<br />
Entries are in this form:<br />
192.113.36.200 <strong>CICS</strong>A.NYEBO.myplace.ibm.com<br />
Each element of the entry is explained below:<br />
192.113.36.200<br />
The IP address of the <strong>CICS</strong> system. It must start in column one, <strong>and</strong> be<br />
separated from the rest of the entry by at least one space.<br />
<strong>CICS</strong>A.NYEBO<br />
The Partner LU name, in reverse order. In the example above, NYEBO.<strong>CICS</strong>A is<br />
the Partner LU name, as entered in the Configuration tool.<br />
myplace.ibm.com<br />
The Anynet domain name suffix.<br />
Partner LU name: Enter the fully-qualified LU name of the <strong>CICS</strong> region as it is<br />
known in VTAM. This is the applid of the <strong>CICS</strong> region preceded by the SNA<br />
network name, for example ABC3XYZ4.PQRS1234.<br />
For details of the corresponding entry in the configuration file, see NETNAME <strong>and</strong><br />
NETNAME (“ctg.ini: SERVER section” on page 207.)<br />
Local LU name or template: Enter a real LU name or a template for the name of<br />
a local LU to be used when connecting to the <strong>CICS</strong> server.<br />
A template contains replacement characters, that is, asterisks (*), <strong>and</strong> is used to<br />
generate an LU name dynamically. For example, a template of CTS8BC** indicates<br />
that a name must be dynamically generated to replace the two asterisks. An<br />
algorithm based on the template, IP address mask, <strong>and</strong> the workstation IP address,<br />
is used to create a unique Local LU name of, for example, CTS8BC38.<br />
74 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
With dynamic name generation for the Local LU name, you can use the same<br />
configuration on all <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> machines because different Local<br />
LU names are generated on the basis of the IP address of the client machine.<br />
Therefore, you do not have to define multiple LUs within VTAM.<br />
For each asterisk the algorithm uses 5 bits from the IP address. The <strong>CICS</strong><br />
connection autoinstall program (DFHZATDY) uses the last four characters of the<br />
LU name to generate the connection name, which has to be unique within the<br />
<strong>CICS</strong> region. Follow these rules to ensure that the dynamically generated TCP62<br />
LU names, <strong>and</strong> the <strong>CICS</strong> connection names are unique:<br />
v Set the IP address mask for LU name template (optional) field to be equal to<br />
the TCP/IP subnet mask. The subnet is the mask that is applied to an IP address<br />
to determine which bits in an IP address are to be used for local addresses (that<br />
is, addresses on the local subnet) <strong>and</strong> which bits are to be used for the network<br />
address (that is, on the wider network). A subnet mask of 255.255.254.0 (or in<br />
binary 11111111.11111111.11111110.00000000) has 8 bits free in the fourth byte (0)<br />
<strong>and</strong> 1 bit free in the third byte (254), giving a total of 9 free bits. There are 2 9<br />
or<br />
512 unique network addresses available in this subnet.<br />
v Set the Local LU name or template field to have four or less trailing asterisks.<br />
Table 4 shows how many asterisks to include to accommodate all the unique IP<br />
addresses in your subnet.<br />
Table 4. Values required to generate unique LU names<br />
Number of free bits in the<br />
IP address mask<br />
Number of asterisks needed Maximum number of<br />
unique names<br />
16-20 4 (XXXX****) 1 048 576<br />
11-15 3 (XXXXX***) 32 768<br />
6-10 2 (XXXXXX**) 1024<br />
1-5 1 (XXXXXXX*) 32<br />
There are 32 different values that the algorithm can use for each asterisk.<br />
Generating 32 different values requires 5 unique bits (2 5<br />
=32). This means that up<br />
to 5 bits are used for each asterisk, starting from the right. Based upon this fact,<br />
Table 4 helps you determine the minimum number of asterisks to use in your<br />
template name to guarantee generated LU names will be unique within your<br />
subnet.<br />
For example, a subnet mask of 255.255.254.0 has 9 bits free for local network<br />
addresses, <strong>and</strong> therefore a possible 2 9<br />
(512) unique IP address in the subnet. Two<br />
asterisks can accommodate up to 2 10<br />
combinations (1024); more than enough to<br />
cover the 512 unique IP addresses in the subnet.<br />
To use a template, also configure <strong>CICS</strong> <strong>and</strong> VTAM as follows:<br />
<strong>CICS</strong> Set APPC CONNECTION to autoinstall<br />
VTAM<br />
Enable dynamic partner LUs (set DYNLU=YES)<br />
For details of the corresponding entry in the configuration file, see<br />
LOCALLUNAME (“ctg.ini: SERVER section” on page 207).<br />
IP address mask for LU name template (optional):<br />
Chapter 5. Configuration 75
If you are using dynamic LU names, set this to the hexadecimal version of your IP<br />
subnet mask. To determine your IP subnet mask, issue a comm<strong>and</strong> like the<br />
following:<br />
ifconfig<br />
See the description of Local LU name or template for more information. This<br />
parameter is ignored if Local LU name is not a template. The default is 00000000.<br />
For details of the corresponding entry in the configuration file, see<br />
LUIPADDRESSMASK (“ctg.ini: SERVER section” on page 207).<br />
Mode name: Enter between 1 <strong>and</strong> 8 characters specifying the mode name to be<br />
used when connecting to the server.<br />
Enter * if you want the mode name to default to TCP62.<br />
Use the Maximum logical SNA sessions, Maximum SNA RU size, <strong>and</strong> SNA<br />
pacing size settings in the Advanced TCP62 section to define the mode values<br />
specified for the Mode name on your <strong>CICS</strong> server.<br />
For details of the corresponding entry in the configuration file, see the<br />
MODENAME <strong>and</strong> MODENAME entries in “ctg.ini: SERVER section” on page 207<br />
Common TCP62 settings<br />
Fully qualified CP name or template: Enter a fully-qualified CP name, or a<br />
template for the fully-qualified CP name, of the node to be started.<br />
If you enter a template, you must fill in the IP address mask for CP name<br />
(optional) field.<br />
A template contains replacement characters, that is, asterisks (*), <strong>and</strong> is used to<br />
generate a CP name dynamically. For example, a template of US<strong>IBM</strong>JKA.CP62****<br />
indicates that a name must be dynamically generated to replace the four asterisks.<br />
An algorithm based on the template, IP address mask <strong>and</strong> the workstation IP<br />
address, is used to create a unique CP name of, for example,<br />
US<strong>IBM</strong>JKA.CP62AH38.<br />
With dynamic name generation for the CP name, you can use the same<br />
configuration on all <strong>CICS</strong> Client machines because different CP names are<br />
generated on the basis of the IP address of the client machine. Therefore, you do<br />
not have to define multiple CPs to VTAM.<br />
If several hundred clients are to use dynamic CP name generation, you should<br />
have more template replacement characters in your template, for example,<br />
US<strong>IBM</strong>JKA.CP******.<br />
The net ID part (the first part) of the template must not contain any template<br />
replacement characters.<br />
For details of the corresponding entry in the configuration file, see CPNAME<br />
(“ctg.ini: CLIENT section” on page 206).<br />
76 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
IP address mask for CP name (optional): Enter an IP address mask with the<br />
most significant byte first. This must be a hexadecimal number, for example,<br />
FFFF8080.<br />
This address mask is used in dynamic CP name generation. See the description of<br />
Fully qualified CP name or template for more information.<br />
This parameter is ignored if Fully qualified CP name or template is not a<br />
template. The default is 00000000.<br />
For details of the corresponding entry in the configuration file, see<br />
CPIPADDRESSMASK (“ctg.ini: CLIENT section” on page 206).<br />
AnyNet domain name suffix: Enter the AnyNet domain name suffix. This<br />
parameter is used with the partner (Partner LU name) to determine the IP address<br />
of the host associated with that LU.<br />
For example, if the domain name suffix is sna.ibm.com <strong>and</strong> the partner LU name is<br />
NETID.LUA, a gethostbyname call is issued for host name LUA.NETID.sna.ibm.com to<br />
obtain the IP address of the node that has the LU name NETID.LUA.<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> uses the AnyNet domain name suffix, in<br />
conjunction with the fully qualified Partner LU name, to resolve the IP address of<br />
each connected server. The AnyNet domain name suffix can be an arbitrary value<br />
if the local hosts file is used to resolve host names. However, if you use a DNS<br />
server to look up host names, the combination of the AnyNet domain name suffix<br />
<strong>and</strong> the SNA network name must correspond to a real IP domain, so that the host<br />
name (corresponding to the Partner LU name) can be found in the DNS server.<br />
A configuration file can contain only one value for the AnyNet domain name<br />
suffix. To connect to more than one <strong>CICS</strong> region from the same <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> over TCP62, define a server for each <strong>CICS</strong> region, using a common<br />
AnyNet domain name suffix, <strong>and</strong> unique values for the Partner LU name. Make an<br />
entry for each server in the local hosts file, mapping the server’s IP address to the<br />
host name. See “Hosts file” on page 74 for information on how IP addresses map<br />
to host names.<br />
For details of the corresponding entry in the configuration file, see<br />
DOMAINNAMESUFFIX (“ctg.ini: CLIENT section” on page 206).<br />
TCP62 port: Enter a number in the range 0 through 65 535 , to set the port<br />
number on the server to which the Client daemon connects. The default value is 0.<br />
This means that the Client daemon uses port 397, the default port for the TCP/IP<br />
service MPTN. If you enter a value outside the permitted range, the Configuration<br />
Tool warns you. If the value entered is too low, it substitutes the minimum. If the<br />
value entered is too high, it substitutes the maximum. If a non-numeric value is<br />
present in the configuration file, it substitutes the minimum value.<br />
On <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> operating systems, only a root user can access ports in the<br />
range 1 to 1023. This means that if <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is started by a user<br />
who has not logged in as root, it cannot use the default port for TCP62. To use<br />
TCP62 from a user other than root, set TCP62 port to a value outside the range 1 to<br />
1023.<br />
The port number is the port number that AnyNet is configured to use.<br />
Chapter 5. Configuration 77
For details of the corresponding entry in the configuration file, see TCP62PORT<br />
(“ctg.ini: SERVER section” on page 207).<br />
Remote node inactivity poll interval (s): Enter a number in the range 0 through<br />
65 535 to specify the time that the Client daemon waits before polling inactive<br />
connections. The default value is 60 seconds. A value of 0 turns off polling. If you<br />
enter a value outside the permitted range, the Configuration Tool warns you. If the<br />
value entered is too low, it substitutes the minimum. If the value entered is too<br />
high, it substitutes the maximum. If a non-numeric value is present in the<br />
configuration file, it substitutes the minimum value.<br />
The Client daemon polls inactive connections by sending MPTN KeepAlive<br />
datagrams by User Datagram Protocol (UDP) to the <strong>CICS</strong> server. If you run a<br />
firewall, configure it to allow UDP packets. If the Client daemon receives no<br />
response after it has sent several datagrams, it closes the connection with <strong>CICS</strong>. For<br />
more information on MPTN KeepAlives, see an Anynet publication such as Anynet:<br />
Guide to SNA over TCPIP, SC31-8578-00.<br />
For details of the corresponding entry in the configuration file, see<br />
REMOTENODEINACTIVITYPOLLINTERVAL (“ctg.ini: CLIENT section” on page<br />
206).<br />
Advanced TCP62 settings<br />
Maximum logical SNA sessions: Enter a value in the range 1 through 255. The<br />
default value is 8. If you enter a value outside the permitted range, the<br />
Configuration Tool warns you. If the value entered is too low, it substitutes the<br />
minimum. If the value entered is too high, it substitutes the maximum. If a<br />
non-numeric value is present in the configuration file, it substitutes the minimum<br />
value.<br />
This parameter defines the maximum number of SNA sessions for the configured<br />
TCP62 mode. The number of concurrent requests to a configured <strong>CICS</strong> server is<br />
limited by the SNA session limits in the TCP62 Mode. The SNA session limits in<br />
the Mode are negotiated during the CNOS exchange between the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> <strong>and</strong> the <strong>CICS</strong> server when the TCP62 connection is started.<br />
For details of the corresponding entry in the configuration file, see<br />
SNASESSIONLIMIT (“ctg.ini: SERVER section” on page 207).<br />
Maximum SNA RU size: Enter a value in the range 256 through 4096. The<br />
default value is 1024; for large COMMAREAs consider increasing it to the<br />
maximum. If you enter a value outside the permitted range, the Configuration Tool<br />
warns you. If the value entered is too low, it substitutes the minimum. If the value<br />
entered is too high, it substitutes the maximum. If a non-numeric value is present<br />
in the configuration file, it substitutes the minimum value.<br />
This parameter specifies the maximum size of the request or response units sent<br />
over sessions.<br />
For details of the corresponding entry in the configuration file, see<br />
SNAMAXRUSIZE (“ctg.ini: SERVER section” on page 207)<br />
SNA pacing size: Enter a value in the range 0 through 63. You are recommended<br />
to use the default value of 8. If you enter a value outside the permitted range, the<br />
Configuration Tool warns you. If the value entered is too low, it substitutes the<br />
78 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
minimum. If the value entered is too high, it substitutes the maximum. If a<br />
non-numeric value is present in the configuration file, it substitutes the minimum<br />
value.<br />
This parameter specifies how many request units can be sent before receiving a<br />
pacing response.<br />
For details of the corresponding entry in the configuration file, see<br />
SNAPACINGSIZE (“ctg.ini: SERVER section” on page 207).<br />
Trace settings<br />
To configure the trace settings, select the Trace Settings option from the Tools<br />
menu.<br />
Trace Settings<br />
Select check boxes to specify the <strong>Gateway</strong> daemon <strong>and</strong> Client daemon components<br />
that will be traced when tracing is turned on.<br />
Enable <strong>Gateway</strong> daemon trace <strong>and</strong> select all Client trace components<br />
Enable <strong>Gateway</strong> daemon trace <strong>and</strong> select all Client daemon components.<br />
Client API level 1<br />
The client API layer (level 1).<br />
Client API level 2<br />
The client API layer (level 1 <strong>and</strong> 2).<br />
<strong>CICS</strong>CLI comm<strong>and</strong> line<br />
The cicscli comm<strong>and</strong> interface.<br />
<strong>CICS</strong>TERM <strong>and</strong> <strong>CICS</strong>PRINT<br />
cicsterm <strong>and</strong> cicsprnt emulators.<br />
CPP classes<br />
The C++ class libraries.<br />
Client daemon<br />
The Client daemon.<br />
Transport layer<br />
Interprocess communication.<br />
Enable <strong>Gateway</strong> daemon trace on startup<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
Protocol drivers level 1<br />
Protocol drivers (for example, TCP). This traces data sent <strong>and</strong> received <strong>and</strong><br />
provides supplementary information about failures.<br />
Protocol drivers level 2<br />
This traces internal flows through the protocol drivers <strong>and</strong> interactions<br />
with other software components. It is currently only supported by the<br />
CCLTCP62 protocol driver.<br />
You can also use the -m parameter of the cicscli comm<strong>and</strong> to specify trace<br />
components (excluding the <strong>Gateway</strong> daemon). This overrides any settings in the<br />
configuration file. For more information about the cicscli comm<strong>and</strong>, see “The cicscli<br />
comm<strong>and</strong>” on page 133.<br />
If you enable tracing without specifying the components in either the cicscli<br />
comm<strong>and</strong> or in ctg.ini, a default set of components is traced:<br />
Chapter 5. Configuration 79
v Protocol drivers<br />
v The Client daemon<br />
v Client API level 1<br />
Selecting any of the check boxes in the Configuration Tool overrides the default set<br />
of components.<br />
For details of the corresponding entry in the configuration file, see trace (“ctg.ini:<br />
GATEWAY section” on page 203) <strong>and</strong> TRACE (“ctg.ini: CLIENT section” on page<br />
206).<br />
<strong>Gateway</strong> trace file<br />
Enter the path name of a trace file to which <strong>Gateway</strong> trace messages will be<br />
written, if tracing is enabled. If you do not complete this field, the trace is written<br />
to stderr. If you specify a name without a path, trace messages are written to the<br />
following directory:<br />
/bin<br />
No trace will be written if the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> does not have permission<br />
to write to the file you specify.<br />
You can also specify a trace file using the tfile option on the ctgstart comm<strong>and</strong>.<br />
The trace file is overwritten (not appended to) each time the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> starts.<br />
Performance: Turning on the <strong>Gateway</strong> trace has a significant impact on<br />
performance. It is not recommended that <strong>Gateway</strong> trace is enabled<br />
in a production environment.<br />
For details of the corresponding entry in the configuration file, see tfile (“ctg.ini:<br />
GATEWAY section” on page 203).<br />
<strong>Gateway</strong> trace file wrap size (KB)<br />
Enter a value in the range 0 through 1 000 000.<br />
This value specifies the size in kilobytes to which the gateway trace file will grow.<br />
Once the file reaches this size, subsequent trace entries continue to be written from<br />
the beginning of the file.<br />
v The default value of 0 disables wrapping.<br />
v If you enter a value in the range 1 through 39, the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
uses a value of 40 instead, to guarantee an adequate minimum trace size.<br />
For details of the corresponding entry in the configuration file, see tfilesize<br />
(“ctg.ini: GATEWAY section” on page 203).<br />
Client trace file<br />
Enter the path name of a trace file to which Client trace messages will be written,<br />
if tracing is enabled.<br />
You do not have to enter an extension for the file name, because a file of type .BIN<br />
is always generated (or .WRP if the trace file wraps).<br />
If no path is specified, the trace is written as follows:<br />
80 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
var/cicscli/cicscli.bin<br />
To minimize any performance impact, the trace file is written out in binary format.<br />
To read it, convert the file to ASCII using the cicsftrc comm<strong>and</strong>.<br />
For more information about tracing, see “Tracing” on page 155.<br />
For details of the corresponding entry in the configuration file, see TRACEFILE<br />
(“ctg.ini: CLIENT section” on page 206).<br />
Client trace file wrap size (KB)<br />
Enter a value in the range 0 through 2 000 000.<br />
If you use the memory mapped tracing option (cicscli -b), the size of the trace files<br />
is determined by this field, which specifies the total amount of space in KB<br />
reserved for trace data files. Subsequent trace entries will continue to be written<br />
from the beginning of the file. Client trace file wrap size (KB) must be greater<br />
than 0 if memory mapped tracing is to be used; the default value of 0 disables<br />
wrapping. If its value is between 1 <strong>and</strong> 99, a value of 100 is used instead to<br />
guarantee an adequate minimum trace size.<br />
For details of the corresponding entry in the configuration file, see<br />
MAXWRAPSIZE (“ctg.ini: CLIENT section” on page 206).<br />
Help on starting JNI trace<br />
Use one of the following methods to enable JNI trace:<br />
v Set the following environment variables before you start the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong>:<br />
CTG_JNI_TRACE<br />
Use this environment variable to set the name of the JNI trace file. This<br />
environment variable only defines the name of the JNI trace file; it does not<br />
enable trace. JNI trace is output as plain text, <strong>and</strong> there is no requirement to<br />
use a particular extension for the file name.<br />
CTG_JNI_TRACE_ON<br />
Set this environment variable to YES (case-insensitive) to enable JNI trace<br />
when the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is started.<br />
v While the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is running, use the system administration<br />
functions. See “Administering your system” on page 126 for details of how to<br />
enable JNI trace dynamically.<br />
If the previous methods are not suitable, use one of the following methods:<br />
v For Java Client applications running in local mode, use Java to launch your<br />
application <strong>and</strong> set the system property gateway.T.setJNITFile, as shown in the<br />
following example:<br />
java -Dgateway.T.setJNITFile=filename application<br />
where<br />
– filename is the name of the file to which trace output is to be sent<br />
– application is the application to launch<br />
v When you start the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, issue the comm<strong>and</strong><br />
ctgstart -j-Dgateway.T.setJNITFile=filename<br />
Chapter 5. Configuration 81
where filename is the name of the file to which trace output is to be sent. If you<br />
do not specify a full path to the file, the location is /bin.<br />
You cannot enable JNI trace through the Configuration Tool.<br />
Applying your changes to the system<br />
You must restart the Client daemon <strong>and</strong> the <strong>Gateway</strong> daemon for any changes to<br />
the configuration file to take effect.<br />
J2EE setup <strong>and</strong> configuration<br />
This topic discusses the administration of <strong>CICS</strong> J2EE resource adapters. The <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> supplies the following, in the /deployable<br />
directory:<br />
v An adapter for ECI (cicseci.rar)<br />
v An adapter for EPI (cicsepi.rar)<br />
<strong>Transaction</strong> management models<br />
cicseci.rar<br />
This resource adapter provides Local<strong>Transaction</strong> support when deployed on<br />
any supported J2EE application server. Local transactions are not supported<br />
when using WebSphere Application Server for z/OS with <strong>CICS</strong> TG on z/OS in<br />
local mode, as the resource adapter provides global transaction support in<br />
conjunction with MVS RRS.<br />
cicseciXA.rar<br />
This provides both XA<strong>Transaction</strong> <strong>and</strong> Local<strong>Transaction</strong> support when<br />
deployed on any supported J2EE application server connecting to a remote<br />
<strong>CICS</strong> TG for z/OS. It also provides global transaction support when using<br />
WebSphere Application Server for z/OS with a <strong>CICS</strong> TG on z/OS in local<br />
mode.<br />
In order to provide for different transactional qualities of service for J2EE<br />
applications, it is possible to deploy both <strong>CICS</strong> resource adapters into the same<br />
J2EE application server. When multiple resource adapters are used in the same<br />
J2EE application server, they must all be at the same version.<br />
Deploying <strong>CICS</strong> resource adapters<br />
Before you can use a J2EE resource adapter in a server runtime environment you<br />
must set its deployment parameters. In a managed environment you set these<br />
when you deploy the resource adapter to your server. For instructions on how to<br />
do this consult your server’s documentation. For information about nonmanaged<br />
environments, see <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming Guide.<br />
<strong>CICS</strong> resource adapters are provided in st<strong>and</strong>ard resource adapter modules ready<br />
for deployment into a J2EE server environment. They can be packaged in J2EE<br />
applications along with other components such as Enterprise Beans, <strong>and</strong> used to<br />
create larger, more complex systems.<br />
Deployment parameters for the ECI resource adapters<br />
This section describes the available deployment parameters for the ECI resource<br />
adapters, <strong>and</strong> their effect on the final deployed resource adapter. The tools used to<br />
82 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
configure these parameters are server-specific. The default value is shown where<br />
appropriate. If a parameter is required this is indicated, otherwise the parameter is<br />
optional.<br />
ConnectionURL<br />
The URL of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> with which the resource<br />
adapter will communicate. The URL takes the form protocol://address.<br />
This parameter is required; these protocols are supported:<br />
tcp<br />
ssl<br />
local<br />
So, for example, you might specify a URL of tcp://ctg.business.com For<br />
the local protocol simply specify local:.<br />
PortNumber<br />
The port on which the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is running. The default<br />
value is 2006. This parameter is not relevant if you are using the local<br />
protocol.<br />
ServerName<br />
The name of the <strong>CICS</strong> server to connect to for all interactions through this<br />
resource adapter. If this parameter is left blank the default server will be<br />
used (see “Default Server” on page 65). This name is defined in the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> configuration file. To use multiple servers within an<br />
environment you must deploy several Connection Factories, each with a<br />
different ServerName attribute. Each Connection Factory can use the same<br />
Resource Adapter.<br />
SocketConnectTimeout<br />
The maximum time in milliseconds that a Java Client application will try<br />
to open a socket connection to a remote <strong>Gateway</strong> daemon. The default<br />
value 0 means no timeout is applied. The timeout is ignored for attempts<br />
to connect to a local <strong>Gateway</strong>.<br />
TranName<br />
The name of the <strong>CICS</strong> <strong>Transaction</strong> under which you want all programs<br />
started by the resource adapter to run. The called program runs under a<br />
mirror transaction, but is linked to under the tranName transaction name.<br />
This name is available to the called program for querying the transaction<br />
ID.<br />
Setting the tranName in the ECIInteractionSpec overrides the value as set<br />
at deployment (or on the ManagedConnectionFactory, if nonmanaged).<br />
The TranName is equivalent to eci_transid. It does not affect the<br />
transaction under which the mirror program runs, but it can be seen in the<br />
exec interface block (EIB). When this option is used the remote program<br />
runs under the default mirror transaction id CSMI, but the EIBTRNID field<br />
contains the eci_transid value.<br />
TPNName<br />
The name of the <strong>CICS</strong> TPN <strong>Transaction</strong> under which you want all<br />
programs started by the resource adapter to run. TPNName takes<br />
precedence if both TranName <strong>and</strong> TPNName are specified. If the<br />
TPNName is set on the ECIInteractionSpec, this overrides any values set at<br />
deployment time (or on the ManagedConnectionFactory, if nonmanaged).<br />
The TPNName is equivalent to eci_tpn; it specifies a transaction under<br />
which the <strong>CICS</strong> mirror program will run. This option is like the TRANSID<br />
Chapter 5. Configuration 83
option in an EXEC <strong>CICS</strong> LINK comm<strong>and</strong>. A transaction definition in <strong>CICS</strong><br />
for this TRANSID must point to the DFHMIRS program.<br />
UserName<br />
The <strong>CICS</strong> user ID to be used if no other security credentials are available.<br />
See the J2EE section in the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming Guide for<br />
more information.<br />
A LogonLogoff class is required if:<br />
v The requested terminal is sign-on capable, or<br />
v The <strong>CICS</strong> Server does not support sign-on capable terminals (for<br />
example, <strong>CICS</strong> <strong>Transaction</strong> Server for iSeries)<br />
Password<br />
The password for the <strong>CICS</strong> user ID defined above.<br />
ClientSecurity<br />
The fully-qualified name of the ClientSecurity class to use in each<br />
interaction with <strong>CICS</strong>. This parameter is optional; if no value is given, no<br />
ClientSecurity class is used. For more information on what ClientSecurity<br />
classes are used for, <strong>and</strong> how to write them, see <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
security classes in the Java chapter of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
Programming Guide.<br />
ServerSecurity<br />
The fully-qualified name of the ServerSecurity class to use in each<br />
interaction with <strong>CICS</strong>. This parameter is optional; if no value is given, no<br />
ServerSecurity class is used. For more information on what ServerSecurity<br />
classes are used for, <strong>and</strong> how to write them, see <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
security classes in the Java chapter of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
Programming Guide.<br />
KeyRingClass<br />
The fully-qualified name of the SSL key ring to use. This applies only<br />
when using the SSL protocol.<br />
KeyRingPassword<br />
The password for the key ring defined in KeyRingClass. Because it is<br />
linked to KeyRingClass, it is also optional, <strong>and</strong> applies only to the SSL<br />
protocol.<br />
TraceLevel<br />
The level of trace to be output by the resource adapter. For more details on<br />
trace levels <strong>and</strong> tracing see “Tracing” on page 87.<br />
As well as these user-definable properties, the ECI resource adapters have a set of<br />
predefined attributes that each deployed resource adapter will inherit. These<br />
properties are defined in the J2EE/CA specification <strong>and</strong> are as follows:<br />
<strong>Transaction</strong> Support<br />
The cicseci resource adapter’s transactional support is defined as<br />
Local<strong>Transaction</strong>.<br />
Re-Authentication Support<br />
The ECI resource adapters support re-authentication. This is the ability to<br />
change the security credentials when a connection is requested from the<br />
server <strong>and</strong> an already existing one is allocated without having to<br />
disconnect <strong>and</strong> reconnect to the EIS. This improves performance.<br />
84 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Deployment parameters for the EPI resource adapter<br />
The EPI resource adapter has the following deployment parameters. The tools used<br />
to configure these parameters are server-specific. The default value is shown where<br />
appropriate. If a parameter is required this is indicated, otherwise the parameter is<br />
optional.<br />
ConnectionURL<br />
The URL of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> with which the resource<br />
adapter will communicate. The URL takes the form protocol://address.<br />
This parameter is required; these protocols are supported:<br />
tcp<br />
ssl<br />
local<br />
So, for example, you might specify a URL of tcp://ctg.business.com For<br />
the local protocol simply specify local:.<br />
PortNumber<br />
The port on which the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is running. The default<br />
value is 2006. This parameter is not relevant if you are using the local<br />
protocol.<br />
ServerName<br />
The name of the <strong>CICS</strong> server to connect to for all interactions through this<br />
resource adapter. If this parameter is left blank the default server will be<br />
used (see “Default Server” on page 65). This name is defined in the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> configuration file. To use multiple servers within an<br />
environment you must deploy several Connection Factories, each with a<br />
different ServerName attribute. Each Connection Factory can use the same<br />
Resource Adapter.<br />
SocketConnectTimeout<br />
The maximum time in milliseconds that a Java Client application will try<br />
to open a socket connection to a remote <strong>Gateway</strong> daemon. The default<br />
value 0 means no timeout is applied. The timeout is ignored for attempts<br />
to connect to a local <strong>Gateway</strong>.<br />
UserName<br />
The <strong>CICS</strong> user ID to be used if no other security credentials are available.<br />
See the J2EE section in the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming Guide for<br />
more information.<br />
A LogonLogoff class is required if:<br />
v The requested terminal is sign-on capable, or<br />
v The <strong>CICS</strong> Server does not support sign-on capable terminals (for<br />
example, <strong>CICS</strong> <strong>Transaction</strong> Server for iSeries)<br />
Password<br />
The password for the <strong>CICS</strong> user ID defined above.<br />
ClientSecurity<br />
The fully-qualified name of the ClientSecurity class to use in each<br />
interaction with <strong>CICS</strong>. This parameter is optional; if no value is given, no<br />
ClientSecurity class is used. For more information on what ClientSecurity<br />
classes are used for, <strong>and</strong> how to write them, see <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
security classes in the Java chapter of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
Programming Guide.<br />
ServerSecurity<br />
The fully-qualified name of the ServerSecurity class to use in each<br />
Chapter 5. Configuration 85
interaction with <strong>CICS</strong>. This parameter is optional; if no value is given, no<br />
ServerSecurity class is used. For more information on what ServerSecurity<br />
classes are used for, <strong>and</strong> how to write them, see <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
security classes in the Java chapter of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
Programming Guide.<br />
KeyRingClass<br />
The fully-qualified name of the SSL key ring to use. This applies only<br />
when using the SSL protocol.<br />
KeyRingPassword<br />
The password for the key ring defined in KeyRingClass. Because it is<br />
linked to KeyRingClass, it is also optional, <strong>and</strong> applies only to the SSL<br />
protocol.<br />
SignonType<br />
The EPI resource adapter allows you to define whether the <strong>CICS</strong> terminals<br />
used by the resource adapter are sign-on capable. Enter one of the<br />
following:<br />
0 Sign-on capable terminal (default)<br />
1 Sign-on incapable terminal<br />
For information about sign-on capability, see “Sign-on capable <strong>and</strong> sign-on<br />
incapable terminals” on page 109.<br />
Encoding<br />
The Java Encoding to use when creating 3270 data streams. The encoding<br />
will be converted to the appropriate CCSID. See the appendix in the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>: Programming Reference for a list of supported<br />
encodings. Ensure that your <strong>CICS</strong> Server supports the CCSID for the given<br />
encoding.<br />
LogonLogoffClass<br />
The fully-qualified name of the Java Class that provides the logic to log on<br />
to a <strong>CICS</strong> Server using sign-on transactions. This property is m<strong>and</strong>atory for<br />
sign-on capable terminals <strong>and</strong> for <strong>CICS</strong> servers that do not support sign-on<br />
capability (such as <strong>CICS</strong> <strong>Transaction</strong> Server for iSeries). See <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>: Programming Guide for information about LogonLogoff<br />
classes.<br />
DeviceType<br />
The Terminal Model type, as defined in <strong>CICS</strong>, to be used by this resource<br />
adapter.<br />
ReadTimeout<br />
The maximum time a <strong>CICS</strong> server waits for a response from a user or J2EE<br />
component when taking part in a conversational transaction. Acceptable<br />
values for this parameter are:<br />
0 No timeout.<br />
1– 3600<br />
Time in seconds.<br />
InstallTimeout<br />
The timeout value for terminal installation on <strong>CICS</strong>. The acceptable values<br />
for this parameter are as follows:<br />
0 No timeout.<br />
86 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
1– 3600<br />
Time in seconds.<br />
TraceLevel<br />
The level of trace to be output by the resource adapter. For more details on<br />
trace levels <strong>and</strong> tracing see “Tracing.”<br />
As well as these user-definable properties, the EPI resource adapter has a set of<br />
predefined attributes that each deployed resource adapter will inherit. These<br />
properties are defined in the J2EE/CA specification <strong>and</strong> are as follows:<br />
<strong>Transaction</strong> Support<br />
The EPI resource adapter is nontransactional. It can be used within<br />
transactional contexts, but does not react to commit or rollback requests.<br />
Re-Authentication Support<br />
The EPI resource adapter supports re-authentication. This is the ability to<br />
change the security credentials when a connection is requested from the<br />
server <strong>and</strong> an already existing one is allocated, without having to<br />
disconnect <strong>and</strong> reconnect to the EIS. This improves performance. A<br />
LogonLogoff class is required if the terminal requested is SignonCapable,<br />
or if the <strong>CICS</strong> Server does not support sign-on capable terminals (such as<br />
<strong>CICS</strong> <strong>Transaction</strong> Server for iSeries).<br />
Tracing<br />
To help you in problem determination with any J2EE resource adapter applications<br />
that use the <strong>CICS</strong> resource adapters, a detailed tracing function is provided in both<br />
the ECI <strong>and</strong> EPI resource adapters. The <strong>CICS</strong> resource adapters support four levels<br />
of trace:<br />
0 No trace messages<br />
1 Exception tracing only (default level)<br />
2 Exception <strong>and</strong> method entry/exit trace messages<br />
3 Exception, method entry/exit <strong>and</strong> debug trace messages<br />
To provide more control over tracing, these system properties are available:<br />
com.ibm.connector2.cics.tracelevel<br />
This allows you to override the deployed trace level for the resource<br />
adapters without having to redeploy or deploy another <strong>CICS</strong> resource<br />
adapter.<br />
com.ibm.connector2.cics.dumpoffset<br />
The offset into a byte array that a hex dump will start at.<br />
com.ibm.connector2.cics.dumplength<br />
The maximum length of data displayed in a hex dump.<br />
com.ibm.connector2.cics.outputerr<br />
Declaring this directive sends trace output to st<strong>and</strong>ard error, if no other<br />
trace location has been specified either by the J2EE server, or by the<br />
application developer working in a nonmanaged environment. In other<br />
circumstances the provided logwriter takes precedence.<br />
These are JVM System properties that can be passed to the JVM on startup. The<br />
com.ibm.connector2.cics.tracelevel option is equivalent to the managed<br />
environment property ″tracelevel″ which is set as a custom property on the<br />
connection factory.<br />
Chapter 5. Configuration 87
The ConnectionManager used by your environment controls the location to which<br />
trace is output. In a managed environment an option should be provided to allow<br />
you to set the path of the file that will be used for storing trace. Depending on<br />
how your environment allocates ConnectionManagers to resource adapters this file<br />
might contain messages from other resource adapters using the same<br />
ConnectionManager.<br />
When you deploy the <strong>CICS</strong> resource adapters into your environment, security<br />
restrictions are set up to allow access to the local file system for the purpose of<br />
writing trace files. The permissions used restrict access to this path:<br />
${user.home}${file.separator}<strong>IBM</strong>${file.separator}CTG${file.separator}-<br />
This might map to:<br />
/home/ctguser/<strong>IBM</strong>/CTG/-<br />
Therefore, when setting the name <strong>and</strong> path of the trace file in your J2EE<br />
environment, use a location below this directory structure to store your trace.<br />
Otherwise the resource adapters will not have security permissions to write to the<br />
file.<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> logging facility<br />
This section discusses how to configure log messages. Log messages can be routed<br />
to either the console or a file, through one of two log streams, the information log<br />
<strong>and</strong> the error log. Each log stream can have its own end point <strong>and</strong> is therefore<br />
configured separately. You can do the following actions:<br />
v Specify whether information <strong>and</strong> error messages should be logged to the<br />
console, or to a file.<br />
v Specify the name of the files to which messages are logged.<br />
v Specify how many archived logged files to keep.<br />
Setting up the environment for <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
logging<br />
Use the Configuration Tool to set the following fields:<br />
If you set the maximum size field for a log, also set the number of archived logs to<br />
keep field to be greater than 1. Do not set a maximum file size <strong>and</strong> set the number<br />
of archived logs to 1. This results in error message CTG8143E being issued <strong>and</strong> all<br />
messages being re-directed to the console. No log file is created.<br />
Error log<br />
Action Set this field<br />
Set the destination for error<br />
messages (file or console)<br />
“Error <strong>and</strong> warning log destination” on page 58<br />
Set the file name for error messages “Error log file name” on page 58<br />
Set the maximum size of error log<br />
files<br />
Set the number of archived error<br />
logs to keep<br />
88 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
“Error log maximum size (KB)” on page 58<br />
“Maximum number of archived error log files” on<br />
page 58
Information log<br />
Action Set this field<br />
Set the destination for information<br />
messages (file or console)<br />
Set the file name for information<br />
messages<br />
Set the maximum size of<br />
information log files<br />
Set the number of archived<br />
information logs to keep<br />
Sample configuration <strong>and</strong> mapping files<br />
“Information log destination” on page 59<br />
“Information log file name” on page 59<br />
“Information log maximum size (KB)” on page 59<br />
“Maximum number of archived information log files”<br />
on page 59<br />
The following files are supplied in the /bin subdirectory:<br />
ctgsamp.ini<br />
A sample configuration file. (The default configuration file name is ctg.ini.)<br />
cicskey.ini<br />
The keyboard mapping file.<br />
cicskeysamp.ini<br />
A sample keyboard mapping file.<br />
cicscol.ini<br />
The color mapping file.<br />
cicscolsamp.ini<br />
A sample color mapping file.<br />
It is recommended that you create your own customized versions of these files<br />
with different names, because installing service updates might overwrite the files<br />
<strong>and</strong> cause any customization to be lost.<br />
Reference your customized files through the following environment variables:<br />
File Environment variable<br />
configuration file<br />
<strong>CICS</strong>CLI<br />
keyboard mapping file<br />
<strong>CICS</strong>KEY<br />
color mapping file<br />
<strong>CICS</strong>COL<br />
Keyboard mapping for cicsterm<br />
The keyboard mapping for terminal emulator operation is defined in a keyboard<br />
mapping file. A sample key mapping file is supplied with your <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong>; see “Sample configuration <strong>and</strong> mapping files” for details. It is<br />
recommended that you create your own customized mapping file.<br />
The keyboard mapping file can be specified by:<br />
v The -k option of the cicsterm comm<strong>and</strong>, which identifies a keyboard mapping<br />
file with a particular terminal (see “cicsterm comm<strong>and</strong> reference” on page 145).<br />
Chapter 5. Configuration 89
v The <strong>CICS</strong>KEY environment variable. For example:<br />
export <strong>CICS</strong>KEY=/var/cicscli/mykeys.ini<br />
If you do not specify otherwise, a file name of cicskey.ini in the /bin<br />
subdirectory is assumed.<br />
You can change the keyboard mapping file at any time, although changes do not<br />
take effect until the next time the terminal emulator is started.<br />
Keyboard mapping file syntax<br />
This section describes the syntax of the keyboard mapping file. A statement must<br />
be provided for each key that is needed, because there are no default assignments<br />
(except for the alphabetic <strong>and</strong> numeric keys). There is no case sensitivity. Each<br />
binding must be on a separate line, <strong>and</strong> of the following form:<br />
BIND 3270function [modifier+] key [;comment|#comment]<br />
For example, to map the 3270 function EraseEof to the Ctrl+Delete keys pressed<br />
together the binding is as follows:<br />
bind EraseEof Ctrl+Delete ;erase to end of field<br />
The keyboard mapping file<br />
In the mapping file, 3270function can be any one of the following:<br />
backspace pa1 pf1 pf13<br />
backtab pa2 pf2 pf14<br />
clear pa3 pf3 pf15<br />
cursordown pf4 pf16<br />
cursorleft printscreen pf5 pf17<br />
cursorright reset pf6 pf18<br />
cursorselect tab pf7 pf19<br />
cursorup pf8 pf20<br />
delete ignore pf9 pf21<br />
enter pf10 pf22<br />
eraseeof pf11 pf23<br />
eraseinput pf12 pf24<br />
home<br />
insert<br />
newline<br />
Ctrl<br />
Shift<br />
The value of ignore is provided to permit unwanted control keys on the keyboard<br />
to be ignored. (Unexpected glyphs are not generated.)<br />
The Modifier can be either:<br />
The Key can be any one of the keys shown in Table 5, (but some combinations of<br />
modifier+key are not supported — see “Key combinations” on page 91):<br />
Table 5. Keys that you can map<br />
Group Keys<br />
Escape key Escape<br />
Function keys f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12<br />
Numeric keys 0 1 2 3 4 5 6 7 8 9<br />
90 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Table 5. Keys that you can map (continued)<br />
Group Keys<br />
Alphabetic keys a b c d e f g h i j k l m<br />
n o p q r s t u v w x y z<br />
Tab key Tab<br />
Movement keys newline backspace<br />
insert home pageup<br />
delete end pagedown<br />
up left down right<br />
Keypad keys keypad/ keypad* keypad-<br />
keypad7 keypad8 keypad9<br />
keypad4 keypad5 keypad6 keypad+<br />
keypad1 keypad2 keypad3<br />
keypad0 keypad. keypadenter<br />
Note: For the Client daemon, the Ctrl/Act, Print Screen, Scroll Lock <strong>and</strong> Pause<br />
keys are not available. The 3270 function Clear is assigned to the Esc key by<br />
default.<br />
Key combinations<br />
The following combinations of modifier <strong>and</strong> key can be mapped:<br />
No modifier<br />
All keys available for mapping.<br />
Ctrl modifier<br />
Only function keys, movement keys, alphabetic keys, tab key, <strong>and</strong> keypad<br />
keys can be mapped.<br />
Shift modifier<br />
Only function keys, numeric keys, tab key, <strong>and</strong> alphabetic keys can be<br />
mapped.<br />
Customizing the screen colors for cicsterm<br />
Screen colors <strong>and</strong> attributes are defined in a color mapping file. A sample is<br />
provided for you to tailor; see “Sample configuration <strong>and</strong> mapping files” on page<br />
89 for details. It is recommended that you create your own customized mapping<br />
file.<br />
The color mapping file can be identified by either of these methods:<br />
v The -c option of the cicsterm comm<strong>and</strong>, which identifies a color mapping file<br />
with a particular server (see “Customizing the screen colors for cicsterm”).<br />
v The <strong>CICS</strong>COL environment variable: For example:<br />
export <strong>CICS</strong>COL=/var/cicscli/mycols.ini<br />
If you do not specify otherwise, a file name of cicscol.ini in the /bin<br />
subdirectory is assumed.<br />
A color mapping file provides alternative representations in hardware<br />
environments where it is not possible exactly to replicate 3270 screen attributes, for<br />
example, blinking or underscore. The color mapping file therefore defines how<br />
3270 screen attributes are emulated on the client hardware.<br />
Chapter 5. Configuration 91
If the color mapping file specifies a mapping for an attribute, this mapping is used<br />
even if the hardware upon which the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is running<br />
actually supports the screen attribute.<br />
If an application requests a 3270 field to be displayed with, for example,<br />
underscore, <strong>and</strong> no emulation setting has been specified, <strong>and</strong> the hardware cannot<br />
display underscore, the field is displayed without any highlighting at all.<br />
The color mapping file is optional. However, for most hardware environments a<br />
mapping file is required if blinking or underscore support is required by the<br />
emulator.<br />
You can change the color mapping file at any time, although changes do not take<br />
effect until the next time the terminal emulator is started.<br />
Color mapping syntax<br />
The syntax of the color mapping file is as follows. Each binding must be on a<br />
separate line, in this form:<br />
BIND 3270attrib fg_color [/bg_color] [;comment|#comment]<br />
The file is not case-sensitive.<br />
The color mapping file<br />
In the color mapping file, 3270attrib can be any one of the following:<br />
normal_protected intensified_protected<br />
normal_unprotected intensified_unprotected<br />
default blinking_default underscored_default<br />
blue blinking_blue underscored_blue<br />
green blinking_green underscored_green<br />
cyan blinking_cyan underscored_cyan<br />
red blinking_red underscored_red<br />
magenta blinking_magenta underscored_magenta<br />
white blinking_white underscored_white<br />
yellow blinking_yellow underscored_yellow<br />
default_highlight<br />
operator_information_area<br />
black light_gray<br />
blue light_blue<br />
brown yellow<br />
cyan light_cyan<br />
green light_green<br />
magenta light_magenta<br />
red light_red<br />
gray white<br />
Each of fg_color <strong>and</strong> bg_color (foreground color <strong>and</strong> background color) can be any<br />
one of the following:<br />
If bg_color is omitted, a default value of black is taken.<br />
92 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Preparing to use local <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> support<br />
Before you can run an application that uses the local <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
support, ensure that you have a correctly configured environment where <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> binaries can be found.<br />
v The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> .class files need to be available. Set your<br />
CLASSPATH environment variable to include the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>’s<br />
ctgserver.jar <strong>and</strong> ctgclient.jar archives.<br />
v On <strong>Linux</strong> <strong>and</strong> Solaris, set your LD_LIBRARY_PATH environment variable to<br />
include the /bin subdirectory so that your application can find<br />
libctgjni.so.<br />
v On HP-UX set your SHLIB_PATH environment variable to include the<br />
/bin subdirectory so that your application can find libctgjni.sl.<br />
v On AIX, use a shell comm<strong>and</strong> like the following to add the /bin<br />
subdirectory to your LIBPATH:<br />
export LIBPATH=/bin:${LIBPATH}<br />
This is so that your application can find file libctgjni.so.<br />
To run the application: use the JDK java comm<strong>and</strong> with suitable options. On<br />
platforms other than HP-UX <strong>and</strong> Solaris: Add the following parameter as an<br />
argument to the Java process:<br />
-Xjni:arrayCacheMax=32768<br />
Checking your configuration<br />
This increases the initial size of the array cache for JNI calls, <strong>and</strong> is required for<br />
improved performance.<br />
After you have configured your system, check that it is configured correctly.<br />
1. Start the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
2. Run one of the sample programs supplied. See file samples.txt, in the<br />
/bin subdirectory, for details, including compilation instructions<br />
<strong>and</strong> information on compiler considerations.<br />
Related information<br />
“Starting the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>” on page 121<br />
Chapter 5. Configuration 93
94 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Chapter 6. Network Security<br />
This information describes how to set up <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> to use the<br />
network security protocol SSL.<br />
Java Secure Socket Extension (JSSE)<br />
JSSE is the only supported implementation of the SSL protocol. If a previous<br />
version of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> was configured to use SSLight or<br />
SystemSSL, you must take steps to migrate the associated resources to a JSSE<br />
configuration. Resources required by for JSSE are certificates stored in either a<br />
KeyStore file (.jks) or RACF ® .<br />
Migrating to JSSE<br />
JSSE is provided as part of the Java Runtime Environment. To avoid possible<br />
conflicts between the different versions of iKeyMan used in SSLight <strong>and</strong> JSSE, you<br />
are recommended to perform all migration actions before you move to JSSE.<br />
The general process for migrating to JSSE is as follows:<br />
v Create new key ring files <strong>and</strong> use them instead of existing key rings.<br />
v Change existing security exits that implement the SSLightServerSecurity<br />
interface to implement the JSSEServerSecurity interface.<br />
v Change existing security exits that implement the SystemSSLServerSecurity<br />
interface to implement the JSSEServerSecurity interface.<br />
Migrating keys <strong>and</strong> certificates<br />
When you are creating a new JSSE application or migrating from another SSL<br />
utility to JSSE, one of the first things to consider is the keys <strong>and</strong> certificates that<br />
will be used in the application. Do you already have keys <strong>and</strong> certificates stored<br />
outside a Java KeyStore, in SSLight classes, for example? If so, you need to decide<br />
whether to migrate them to make them available to JSSE <strong>and</strong> other Java<br />
components <strong>and</strong> applications.<br />
If you must migrate your keys <strong>and</strong> certificates from an existing provider, here are<br />
some guidelines for two different conditions:<br />
v “Migrating certificates without private keys”<br />
v “Migrating certificates with private keys” on page 96<br />
Migrating certificates without private keys<br />
A certificate authority or CA certificate does not contain a private key. The two<br />
most common ways to move a CA certificate are Base64 ASCII <strong>and</strong> DER encoding<br />
formats. You can export Base64 ASCII <strong>and</strong> DER encoded certificates from most<br />
local databases, such as SSLight classes, to a file. Then you import them into a Java<br />
KeyStore. (You can also export these certificates from a Java KeyStore <strong>and</strong> import<br />
them into another database, if necessary, for other applications.)<br />
The following steps show how to export a certificate from SSLight to an existing<br />
JSSE keystore (.JKS file) using the iKeyMan utility:<br />
1. From the menu select Key Database File -> Open<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 95
2. Select the Key database type, File Name <strong>and</strong> Location for the certificate store<br />
to be converted.<br />
3. Enter the key database password when prompted.<br />
4. Select the certificate you want to export.<br />
5. Click Export/Import.<br />
6. Select Export Key as the action type.<br />
7. Ensure JKS is selected as the certificate format.<br />
8. Complete the File Name <strong>and</strong> Location fields to point to the existing JKS file.<br />
9. Click Yes when asked if you want to update the existing file.<br />
10. Enter the password to open the database into which you are importing the<br />
certificate.<br />
The status bar tells you that the certificate has been exported.<br />
Migrating certificates with private keys<br />
In addition to migrating a CA certificate, you might also need to migrate an end<br />
user certificate — a certificate with a private key — to a JSSE KeyStore. A common<br />
<strong>and</strong> secure st<strong>and</strong>ard used to move end user certificates from one place to another<br />
is the PKCS#12 format. For the example keytool comm<strong>and</strong> in Figure 14, export<br />
your certificates using ASCII Base64 encoding. PKCS#12 certificate files are<br />
supported by SystemSSL, SSLight, JSSE, RACF, <strong>and</strong> other environments. Be aware<br />
that PKCS#12 files can be encoded using different versions of the specification, <strong>and</strong><br />
these versions might not always be compatible.<br />
The steps to export a certificate <strong>and</strong> key to a PKCS#12 file using iKeyMan are<br />
similar to those at “Migrating certificates without private keys” on page 95. After a<br />
PKCS#12 file has been obtained, Figure 14 shows how to import the certificate to a<br />
Java KeyStore.<br />
Figure 14. Importing a certificate <strong>and</strong> private key from a PKCS#12 file to a Java KeyStore<br />
keytool -import -pkcs12 -file file -alias name -keypass password -storetype jks<br />
-storepass password -keystore keystore -rfc<br />
Maintaining your digital certificates for JSSE<br />
For certificate management you can use the graphical iKeyMan tool, or the<br />
comm<strong>and</strong> line keytool, which is included with the SDK. iKeyMan is available only<br />
with <strong>IBM</strong> SDKs; keytool is available with all SDKs.<br />
You can use these tools to:<br />
v Request <strong>and</strong> receive a digital certificate from a Certificate Authority (CA).<br />
v Generate self-signed certificates.<br />
v Add certificates to your key ring files.<br />
v Change your key ring password.<br />
v Set a private key as the default.<br />
v Delete a key.<br />
v Export a key by copying it to a file.<br />
v Import a key from an exported copy <strong>and</strong> add it to a key ring.<br />
To run the iKeyMan tool:<br />
Run the ikeyman comm<strong>and</strong> in the bin directory of your Java Runtime<br />
Environment.<br />
96 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
To run the keytool tool:<br />
From the comm<strong>and</strong> line, issue keytool with the parameters required to<br />
perform the task.<br />
Related information<br />
“Using keytool for certificate management” on page 100<br />
Using iKeyMan to manage self-signed certificates under JSSE<br />
JSSE provides a way for you to “self-sign” your certificates. You establish yourself<br />
as your own certificate authority <strong>and</strong> generate the X.509 digital certificates for the<br />
server (<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>) <strong>and</strong> client (browser) side. The following<br />
sections describe how to configure an SSL server <strong>and</strong> SSL clients using iKeyMan.<br />
Configuring your SSL server <strong>and</strong> clients involves:<br />
1. Creating key rings<br />
2. Creating digital certificates<br />
3. Exporting <strong>and</strong> importing the certificates<br />
Related information<br />
“Using keytool for certificate management” on page 100<br />
Configuring your SSL server<br />
This section describes the configuration process using the iKeyMan tool, for a<br />
comm<strong>and</strong> line equivalent see “Configuring your SSL server” on page 101.<br />
1. Create a server key ring<br />
The server key ring contains your Server Certificate, with its associated<br />
private-key, <strong>and</strong> a number of signer certificates. The Server Certificate is a<br />
digital certificate that SSL uses to identify the server to connecting clients.<br />
a. Start iKeyMan.<br />
b. Select Key Database File —> New.<br />
c. From Key Database Type, select JKS.<br />
d. In File name type a name for your key ring, such as MyServerkey ring.jks.<br />
e. In Location, type a suitable location to store your server key ring.<br />
f. Select OK.<br />
g. Type a password for the key ring file.<br />
iKeyMan gives you an indication of the “strength” of your password. <strong>IBM</strong><br />
recommends that you use a mixture of letters <strong>and</strong> numbers for your<br />
password; this makes the password more resistant to “brute force”<br />
dictionary attacks.<br />
h. Select OK.<br />
The generated file MyServerkey ring.jks contains, by default, a selection of<br />
popular signer certificates as follows:<br />
VeriSign Class 3 Public Primary Certificate Authority<br />
VeriSign Class 2 Public Primary Certificate Authority<br />
VeriSign Class 1 Public Primary Certificate Authority<br />
RSA Secure Server Certificate Authority<br />
Thawte Personal Basic CA<br />
VeriSign Test CA Root Certificate<br />
Thawte Personal Premium CA<br />
Thawte Premium Server CA<br />
Thawte Server CA<br />
Thawte Personal Freemail CA<br />
Chapter 6. Network Security 97
The VeriSign Class 1 through 3 Public Primary Certificate Authority signer<br />
certificates enable the server to verify clients with VeriSign Client Certificates.<br />
2. Create a Server Certificate<br />
Now you are ready to create the self-signed Server Certificate <strong>and</strong> store it along<br />
with its private key in your server key ring:<br />
a. In iKeyMan, select Personal Certificates from the pull-down menu below<br />
the Key database content label.<br />
b. Select New Self-Signed...<br />
c. Complete the certificate request. Some fields are optional, but you must fill<br />
in at least the following (examples are shown):<br />
Key Label<br />
exampleServerCert<br />
Version<br />
select X509 V3<br />
Key Size<br />
select 1024<br />
Common Name<br />
This defaults to the name of the machine you are using<br />
Organization<br />
The name of your organization<br />
Country<br />
Select a two character ID from the list<br />
Validity Period<br />
The default is 365 days<br />
d. Select OK.<br />
iKeyMan generates a public/private key pair.<br />
e. The self-signed Server Certificate appears in the Personal Certificates<br />
window. The certificate has the name you typed in the Key Label field, in<br />
this example exampleServerCert.<br />
f. With exampleServerCert highlighted, select View/Edit.<br />
Notice that the information in the issued to (certificate requester) textbox is<br />
the same as that in the issued by (signer) textbox. To establish SSL<br />
connections with a server presenting this certificate, the client must trust the<br />
signer. To do this the client key repository must contain the signer certificate<br />
of the server presenting exampleServerCert.<br />
3. Export the server’s signer certificate<br />
a. With exampleServerCert highlighted, select Extract Certificate...<br />
b. In the Data type pull-down menu, select Base64-encoded ASCII.<br />
c. Type the name <strong>and</strong> location of the text file containing your Server<br />
Certificate data. Our example uses exampleServercert.arm<br />
d. Select OK.<br />
Store the exported certificate in a safe place. Import it into any client repository<br />
that needs to communicate with this SSL server.<br />
Configuring your SSL clients<br />
This section describes the configuration process using the iKeyMan tool, for a<br />
comm<strong>and</strong> line equivalent see “Configuring your SSL clients” on page 103.<br />
1. Create a client key ring<br />
98 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
A client key ring contains as a minimum, the signer certificate of the SSL server,<br />
<strong>and</strong> a client x.509 certificate, if client authentication is required. The process for<br />
creating a client key ring is similar to that for a server:<br />
a. Start iKeyMan<br />
b. Select Key Database File —> New<br />
c. From Key Database Type, select JKS<br />
d. In File name type a name for your key ring, such as MyClientkey ring.jks<br />
e. In Location, type a suitable location to store your client key ring<br />
f. Select OK<br />
g. Type a password for the key ring file.<br />
h. Select OK<br />
Like the server key ring, the client key ring contains a default selection of<br />
popular signer certificates.<br />
2. Import the server’s signer certificate<br />
a. In iKeyMan select Add<br />
b. Locate the stored Server Base64-encoded ASCII certificate file. In our<br />
example, this is exampleServercert.arm.<br />
c. Select OK.<br />
d. Give this signer certificate a unique label, for example, My Self-Signed Server<br />
Authority.<br />
e. Select OK.<br />
This new signer certificate is added to the list of default signers.<br />
3. Create a Client Certificate<br />
Note: If the SSL h<strong>and</strong>ler used by the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is configured<br />
to support only server authentication, skip step 3 because the client key<br />
ring needs to contain only the signer certificate of the Server, which you<br />
have just imported. You can use the generated MyClientkey ring.jks file<br />
with <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>’s SSL protocol, which is configured to<br />
support server authentication.<br />
Client authentication requires the client key ring also to contain a self-signed<br />
Certificate that is used to identify the connecting client.<br />
a. In iKeyMan, select Personal Certificates from the pull-down menu below<br />
the Key database content label.<br />
b. Select New Self-Signed...<br />
c. Complete the certificate request. Some fields are optional, but you must fill<br />
in at least the following (examples are shown):<br />
Key Label<br />
exampleClientCert<br />
Version<br />
Select X509 V3<br />
Key Size<br />
Select 1024<br />
Common Name<br />
This defaults to the name of the machine you are using<br />
Organization<br />
The name of your organization<br />
Chapter 6. Network Security 99
Country<br />
Select a two character ID from the list<br />
Validity Period<br />
The default is 365 days<br />
d. Select OK.<br />
iKeyMan generates a public/private key pair.<br />
e. The self-signed Client Certificate appears in the Personal Certificates<br />
window. The certificate has the name you typed in the Key Label field, in<br />
this example exampleClientCert.<br />
4. Export the client’s signer certificate<br />
a. With exampleClientCert highlighted, select Extract Certificate...<br />
b. In the Data type pull-down, select Base64-encoded ASCII<br />
c. Type the name <strong>and</strong> location of the text file containing your Server<br />
Certificate data. Our example uses exampleClientcert.arm<br />
d. Select OK.<br />
Store the exported certificate in a safe place. It must be imported into any<br />
server repository that needs to communicate with this SSL client.<br />
Migrating old self-signed certificates (Solaris <strong>and</strong> AIX operating<br />
systems only)<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> Version 3.0 supported only self-signed certificates, <strong>and</strong><br />
not externally signed certificates. You can use your old self-signed certificates by<br />
importing the key ring files, created with Version 3.0, using the iKeyMan tool.<br />
Restricting access to the server key ring<br />
The contents of the server key ring are encrypted <strong>and</strong> protected by a password.<br />
However you should observe the following points:<br />
v Ensure that the key ring files have appropriate security access permissions<br />
v Restrict access, where applicable, to the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> machine<br />
v Do not share certificates among servers.<br />
v Do not allow servers to share a private key, particularly if they are running on<br />
different machines.<br />
v Never send a private key to someone else.<br />
Using externally signed certificates under JSSE<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> can act as an SSL server, with the ability to authenticate<br />
SSL clients <strong>and</strong> accept externally signed certificates from Certification Authorities<br />
(CAs) such as VeriSign. Configuring an SSL server <strong>and</strong> SSL clients using iKeyMan<br />
for use with externally signed certificates is similar to the process for self-signed<br />
certificates. This is described in “Using iKeyMan to manage self-signed certificates<br />
under JSSE” on page 97.<br />
Using keytool for certificate management<br />
The keytool application, provided with the SDK, is an accessible alternative to<br />
iKeyMan. This information describes using the keytool comm<strong>and</strong> line application<br />
to manage self-signed certificates. In the production environment you might choose<br />
to use externally signed certificates, which are managed in a similar way.<br />
100 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Using keytool to manage self-signed certificates under JSSE<br />
Configuring your SSL server:<br />
1. Create a server key ring <strong>and</strong> create a server certificate.<br />
Issue the following comm<strong>and</strong> to create both the KeyStore <strong>and</strong> certificate:<br />
keytool -genkey -alias aliasname -keysize numericvalue -dname distname<br />
-keystore location -keypass password -storepass password<br />
-keyalg algorithm<br />
The options are:<br />
-genkey<br />
Generates a key pair <strong>and</strong> wraps the public key into a self-signed<br />
certificate.<br />
-alias aliasname<br />
Defines the alias name that identifies the store containing the<br />
self-signed certificate <strong>and</strong> private key.<br />
-keysize numericvalue<br />
Defines the size of the key.<br />
-dname distname<br />
Specifies the X.500 distinguished name to be associated with the alias.<br />
This is used as the issuer <strong>and</strong> subject fields of the self-signed certificate.<br />
The distinguished name consists of a number of fields separated by<br />
commas in the following format:<br />
"cn=strvalue1,o=strvalue2,ou=strvalue3,<br />
l=strvalue4,s=strvalue5,c=strvalue6"<br />
Each strvalue is a string value. The meaning of the abbreviations is as<br />
follows:<br />
v cn = common name<br />
v o = organization<br />
v ou = organization unit<br />
v l = city/locality<br />
v s = state/province<br />
v c = country name<br />
Figure 15 shows an example of an X.500 distinguished name.<br />
"cn=someserver.hursley.ibm.com,o=<strong>IBM</strong>,ou=<strong>IBM</strong>GB,<br />
l=Winchester,s=Hants,c=GB"<br />
Figure 15. An X.500 distinguished name<br />
-keystore location<br />
The key ring file location. For example: ktserverss.jks<br />
-keypass password<br />
The password used to protect the private key. Set this to the same value<br />
as the -storepass password, to enable the <strong>CICS</strong> TG to establish a<br />
connection over SSL.<br />
-storepass password<br />
The password used to protect the integrity of the key ring. Set this to<br />
the same value as the -keypass password, to enable the <strong>CICS</strong> TG to<br />
establish a connection over SSL.<br />
Chapter 6. Network Security 101
-keyalg algorithm<br />
The algorithm to be used to generate the key pair.<br />
Figure 16 shows an example of this comm<strong>and</strong>:<br />
keytool -genkey -alias exampleServerCert -keysize 1024<br />
-dname "cn=vmware2.hursley.ibm.com,o=<strong>IBM</strong>,ou=<strong>IBM</strong>GB,l=Winchester,s=Hants,c=GB"<br />
-keystore ktserverss.jks -keypass default -storepass default<br />
-keyalg RSA<br />
Figure 16. Using the keytool comm<strong>and</strong> to create a key ring containing a single self-signed certificate<br />
2. View the newly created certificate<br />
If desired, issue a comm<strong>and</strong> like the following to view all certificates in the key<br />
ring, including the one you just created:<br />
keytool -list -keystore storename -storepass password -v<br />
Where the options are:<br />
-list List the contents of the key ring.<br />
-keystore storename<br />
The name of the key ring containing the certificates you want to view.<br />
-storepass password<br />
The password needed to access the key ring.<br />
-v Show details of the certificates in the key ring.<br />
Figure 17 shows an example of the keytool comm<strong>and</strong> to view certificates:<br />
keytool -list -keystore ktserverss.jks -storepass default -v<br />
Figure 17. Using the keytool comm<strong>and</strong> to view certificates<br />
3. Export the server’s signer certificate<br />
The next step is to export the signer certificate <strong>and</strong> store it in a safe place. This<br />
can then be imported into the repository of any client that needs to connect to<br />
this SSL server. The certificate is exported by using the following instance of<br />
the keytool comm<strong>and</strong>:<br />
keytool -export -alias aliasname -keystore location<br />
-storepass password -file filename -rfc<br />
Where the options are:<br />
-export<br />
Export a certificate.<br />
-alias aliasname<br />
Name of the key (in the key ring) to export.<br />
-keystore location<br />
The key ring location.<br />
-storepass password<br />
The password used to protect the integrity of the key ring.<br />
-file filename<br />
The name of the file to export the certificate to.<br />
-rfc Export the certificate in RFC format (Base64 encoded ASCII).<br />
102 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Figure 18 shows an example of the keytool comm<strong>and</strong> to export a signer<br />
certificate.<br />
keytool -export -alias exampleServerCert -keystore ktserverss.jks -storepass default<br />
-file exampleServerCertKT.arm -rfc<br />
Figure 18. Using the keytool comm<strong>and</strong> to export the signer certificate<br />
4. Transfer the server certificate to the client<br />
If you use FTP to transfer the file, ensure that your FTP client is in binary<br />
mode.<br />
Configuring your SSL clients: If your server does not use client authentication<br />
complete only step Create a client key ring <strong>and</strong> import the server’s signer<br />
certificate. Otherwise complete all steps.<br />
1. Create a client key ring <strong>and</strong> import the server’s signer certificate.<br />
Issuing the following comm<strong>and</strong> to create the key ring <strong>and</strong> import the<br />
certificate:<br />
keytool -import -alias aliasname -file certfile -keystore keystorefile<br />
-storepass password -noprompt<br />
Where the options are:<br />
-import<br />
Import a certificate.<br />
-alias aliasname<br />
The name under which the certificate is to be stored.<br />
-file certfile<br />
The file that contains the certificate.<br />
-keystore keystorefile<br />
The key ring into which the certificate is to be imported.<br />
-storepass password<br />
The password used to protect the integrity of the key ring.<br />
-noprompt<br />
Removes the need to confirm that the certificate should be imported.<br />
Figure 19 shows an example of this comm<strong>and</strong>:<br />
keytool -import -alias exampleServer -file exampleServerCertKT.arm -keystore clientStore.jks<br />
-storepass default -noprompt<br />
Figure 19. Using the keytool comm<strong>and</strong> to create a key ring containing the server’s signer certificate<br />
2. Create a self-signed certificate in the client key ring<br />
To create a new keystore containing a self-signed certificate use the following<br />
instance of the keytool comm<strong>and</strong>:<br />
keytool -genkey -alias aliasname -keysize numericvalue -dname distname<br />
-keystore location -keypass password -storepass password<br />
-keyalg algorithm<br />
The options are:<br />
-genkey<br />
Generates a key pair <strong>and</strong> wraps the public key into a self-signed<br />
certificate.<br />
Chapter 6. Network Security 103
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
-alias aliasname<br />
Defines the alias name that identifies the store containing the<br />
self-signed certificate <strong>and</strong> private key.<br />
-keysize numericvalue<br />
Defines the size of the key.<br />
-dname distname<br />
Specifies the X.500 distinguished name to be associated with the alias.<br />
This is used as the issuer <strong>and</strong> subject fields of the self-signed certificate.<br />
The distinguished name consists of a number of fields separated by<br />
commas in the following format:<br />
"cn=strvalue1,o=strvalue2,ou=strvalue3,<br />
l=strvalue4,s=strvalue5,c=strvalue6"<br />
Each strvalue is a string value. The meaning of the abbreviations is as<br />
follows:<br />
v cn = common name<br />
v o = organization<br />
v ou = organization unit<br />
v l = city/locality<br />
v s = state/province<br />
v c = country name<br />
Figure 20 shows an example of an X.500 distinguished name.<br />
"cn=someserver.hursley.ibm.com,o=<strong>IBM</strong>,ou=<strong>IBM</strong>GB,<br />
l=Winchester,s=Hants,c=GB"<br />
Figure 20. An X.500 distinguished name<br />
-keystore location<br />
The key ring file location. For example: ktserverss.jks<br />
-keypass password<br />
The password used to protect the private key. Set this to the same value<br />
as the -storepass password, to enable the <strong>CICS</strong> TG to establish a<br />
connection over SSL.<br />
-storepass password<br />
The password used to protect the integrity of the key ring. Set this to<br />
the same value as the -keypass password, to enable the <strong>CICS</strong> TG to<br />
establish a connection over SSL.<br />
-keyalg algorithm<br />
The algorithm to be used to generate the key pair.<br />
An example of this comm<strong>and</strong> is shown in Figure 21:<br />
keytool -genkey -alias exampleClientCert -keysize 1024<br />
-dname "cn=John Doe,o=<strong>IBM</strong>,ou=<strong>IBM</strong>GB,l=Winchester,s=Hants,c=GB"<br />
-keystore clientStore.jks -keypass default -storepass default<br />
-keyalg RSA<br />
Figure 21. Using the keytool comm<strong>and</strong> to create a key ring containing a single self-signed certificate<br />
3. Export the client’s signer certificate<br />
This certificate must be imported into the keystores of all servers that the SSL<br />
client needs to connect to. To export the certificate use the following instance of<br />
the keytool comm<strong>and</strong>:<br />
104 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Transport Layer Security<br />
keytool -export -alias aliasname -keystore location<br />
-storepass password -file filename -rfc<br />
Where the options are:<br />
-export<br />
Export a certificate.<br />
-alias aliasname<br />
Name of the key (in the key ring) to export.<br />
-keystore location<br />
The key ring location.<br />
-storepass password<br />
The password used to protect the integrity of the key ring.<br />
-file filename<br />
The name of the file to export the certificate to.<br />
-rfc Export the certificate in RFC format (Base64 encoded ASCII).<br />
Figure 22 shows an example instance of the keytool comm<strong>and</strong> to export a<br />
signer certificate.<br />
keytool -export -alias exampleClientCert -keystore clientStore.jks -storepass default<br />
-file exampleClientCertKT.arm -rfc<br />
Figure 22. Using the keytool comm<strong>and</strong> to export the signer certificate<br />
4. Transfer the server certificate to the client<br />
If you use FTP to transfer the file, ensure that your FTP client is in binary<br />
mode. For details on importing the certificate, see step Create a client key ring<br />
<strong>and</strong> import the server’s signer certificate.<br />
5. Import the client signer certificate into the server’s key ring file<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> supports the Transport Layer Security (TLS)<br />
protocol.<br />
Secure connections between a Java client <strong>and</strong> the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> <strong>and</strong><br />
supported through JSSE, which provides support for two network security<br />
protocols:<br />
v Secure Sockets Layer (SSL) 3.0 protocol.<br />
v Transport Layer Security (TLS) 1.0 protocol. This is the latest industry-st<strong>and</strong>ard<br />
SSL protocol <strong>and</strong> is based on SSL 3.0. The TLS 1.0 specification is documented in<br />
RFC2246 <strong>and</strong> is available on the Internet at www.rfc-editor.org/rfcsearch.html.<br />
Within this documentation, all references to SSL should be understood as including<br />
TLS. No special configuration or migration steps are required to use TLS.<br />
Information on configuring the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> to use secure protocols<br />
is provided in Chapter 6, “Network Security,” on page 95.<br />
Any connections that require encryption automatically use the TLS protocol, unless<br />
the client specifically requests SSL 3.0 or 2.0.<br />
Chapter 6. Network Security 105
Configuring <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> for SSL<br />
You enable the SSL protocol through the Configuration Tool; see “Configuring<br />
<strong>Gateway</strong> daemon settings” on page 53. When you enable the protocol, by default,<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> listens for SSL requests on port 8050.<br />
If you are using J2EE, consider giving the permissions described in the ″Using a<br />
Java 2 Security Manager″ section of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming<br />
Guide:<br />
v If your J2EE application server requires Java 2 Security permissions<br />
v Or if you have enabled Java 2 Security permissions on your server<br />
This will allow the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> to access your Key Stores.<br />
SSL configuration settings<br />
The following configuration settings are specific to the SSL protocol:<br />
“Key ring file” on page 63<br />
Specifies the name of the server key ring.<br />
“Key ring password” on page 64<br />
Specifies the password used to read the encrypted server key ring.<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> writes the password to the configuration file in<br />
a form that prevents a casual observer from easily reading it.<br />
“Use client authentication” on page 63<br />
Enables client authentication. The default is that only server authentication<br />
is enabled.<br />
Using the SSL protocol<br />
You use the SSL protocol in a similar way to the TCP protocol. To make a<br />
connection to <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, your client application flows a request<br />
using the appropriate URL. For example, use a URL like:<br />
ssl://trans<strong>Gateway</strong>Machine:8050<br />
For more information on the design <strong>and</strong> implementation of client-side programs,<br />
see the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming Guide, <strong>and</strong> the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> programming interface HTML pages.<br />
106 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Chapter 7. Client security<br />
Client security overview<br />
Default connection settings<br />
This information describes how to provide a user ID <strong>and</strong> password when<br />
connecting to a <strong>CICS</strong> server.<br />
<strong>CICS</strong> servers might require the Client daemon to supply a user ID <strong>and</strong> password<br />
before they permit the following:<br />
v A client connection<br />
v Terminals to be installed<br />
v <strong>Transaction</strong>s to be run<br />
This depends on the server <strong>and</strong> protocol security settings. The user ID <strong>and</strong><br />
password are sent to the server of the transaction attach request for each<br />
conversation. A user ID <strong>and</strong> password are also required when a sign-on transaction<br />
is invoked on a sign-on capable terminal. In this instance, the user ID <strong>and</strong><br />
password are flowed to the server as part of the 3270 data stream.<br />
User IDs <strong>and</strong> passwords must not contain DBCS characters.<br />
If no user ID is passed by a <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> user application, <strong>and</strong> no<br />
default is set by the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, the transaction is run using the<br />
mainframe <strong>CICS</strong> server’s default user ID <strong>and</strong> password if the Usedfltuser<br />
parameter on the <strong>CICS</strong> server connection definition is set to Yes. If this parameter<br />
is set to No, security is enforced by the host <strong>CICS</strong> server <strong>and</strong> a user ID <strong>and</strong><br />
password will need to be supplied. In each case, transactions execute in the server<br />
with the authorities assigned to the user ID authenticated.<br />
Because the Client daemon has no security manager, it does not support user ID<br />
authentication. Configure your <strong>CICS</strong> server client connections so that incoming<br />
attach requests must specify a user ID <strong>and</strong> password. For mainframe servers,<br />
specify AttachSec = Verify in the <strong>CICS</strong> connection definition. AttachSec =<br />
Identify, which indicates that a user ID, but not password, is required, is not<br />
supported for client connections.<br />
The Client daemon maintains a default user ID <strong>and</strong> password for each server<br />
connection, which can be set by any of the following methods:<br />
v <strong>CICS</strong>CLI security comm<strong>and</strong>s:<br />
cicscli -c=servername -u=userid -p=password<br />
The servername parameter can also be specified with the -s option.<br />
v From C use the ESI function <strong>CICS</strong>_SetDefaultSecurity. This call is not available<br />
from the Java APIs.<br />
v From C++, use the makeSecurityDefault method of the CclConn or<br />
CclTerminal class.<br />
These default values are used when required on all subsequent transaction requests<br />
for that server, provided that no values have been passed on the ECI request itself,<br />
or have been set for the specific EPI terminal against which the transaction will<br />
run.<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 107
ECI security<br />
EPI terminal security<br />
Note: If the Client daemon is running in an environment where it survives user<br />
logoff, the default user ID <strong>and</strong> password values entered by the current user<br />
are retained even when that user logs off, <strong>and</strong> are subsequently reused as<br />
required.<br />
An application can provide a user ID <strong>and</strong> password on an ECI request; these<br />
values override any default values set for the server connection.<br />
C programs<br />
Set eci_userid <strong>and</strong> eci_password or eci_userid2 <strong>and</strong> eci_password2 in the ECI<br />
parameter block.<br />
C++ programs<br />
Set the userid <strong>and</strong> password parameters when constructing a server connection<br />
object - CclConn.<br />
COM programs<br />
Set the userid <strong>and</strong> password via the Details method on the Connect object.<br />
Java Client applications<br />
Set the userid <strong>and</strong> password parameters when constructing an ECIRequest<br />
object.<br />
The Client daemon also maintains a user ID <strong>and</strong> password for each installed<br />
terminal. These values override any default values set for the server connection. .<br />
Terminal security is normally required only if using sign-on incapable terminals.<br />
Changing the user ID <strong>and</strong> password<br />
The user ID <strong>and</strong> password may be changed at any time, as follows:<br />
v C programs:<br />
Set UserId <strong>and</strong> Password in the <strong>CICS</strong>_EpiAttributes_t structure on a<br />
<strong>CICS</strong>_EpiAddExTerminal call. Or, use the EPI function <strong>CICS</strong>_EpiSetSecurity.<br />
This call would typically be used to change the terminal security settings if, for<br />
example, the user’s password had expired.<br />
v C++ programs:<br />
Set the userid <strong>and</strong> password parameters when constructing a CclTerminal class<br />
object. Or, use the alterSecurity method of the CclTerminal class.<br />
v Java Client applications:<br />
– EPI Request Classes<br />
Set the userid <strong>and</strong> password parameters when constructing an EPIRequest<br />
object via the addTerminal or addTerminalAsync method. Or, use the<br />
alterSecurity method of the EPIRequest class.<br />
– EPI Support Classes<br />
Create a Terminal object using the default Constructor, then use setUserid<br />
<strong>and</strong> setPassword to set security, or create a Terminal object using the<br />
extended Constructor.<br />
108 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Password expiry management<br />
For <strong>CICS</strong> clients, the management of expired passwords can be h<strong>and</strong>led by the ESI<br />
functions <strong>CICS</strong>_ChangePassword <strong>and</strong> <strong>CICS</strong>_VerifyPassword.<br />
The ESI functions can be used only with <strong>CICS</strong> servers that support password<br />
expiry management (PEM). See “Supported software” on page 19 for information<br />
on supported servers. Refer to the documentation for your <strong>CICS</strong> server for<br />
information on PEM support.<br />
To use PEM, the Client daemon must be connected to the <strong>CICS</strong> server over TCP62<br />
or SNA. An External Security Manager such as Resource Access Control Facility<br />
(RACF), must also be available to the <strong>CICS</strong> server. ESI calls can be included within<br />
your ECI or EPI application. Only <strong>CICS</strong> servers returned by the<br />
<strong>CICS</strong>_EciListSystems <strong>and</strong> <strong>CICS</strong>_EpiListSystems functions are valid.<br />
Sign-on capable <strong>and</strong> sign-on incapable terminals<br />
Sign-on capable terminals allow sign-on transactions, either <strong>CICS</strong>-supplied (CESN)<br />
or user-written, to be run, whereas sign-on incapable terminals do not allow these<br />
transactions to be run.<br />
If a terminal resource is installed as sign-on capable, the application or user is<br />
responsible for starting a sign-on transaction; the user ID <strong>and</strong> password, once<br />
entered, are embedded in the 3270 data. If the terminal resource is installed as<br />
sign-on incapable, the user ID <strong>and</strong> password are authenticated for each<br />
transaction started for the terminal resource.<br />
Specifying the sign-on capability of a terminal<br />
Prior to Version 3.1.0 of Clients <strong>and</strong> <strong>Gateway</strong>s, whether a terminal was sign-on<br />
capable or not depended upon the server implementation. Client terminals<br />
installed on distributed <strong>CICS</strong> servers were sign-on capable; terminals installed on<br />
mainframe <strong>CICS</strong> <strong>and</strong> <strong>CICS</strong> <strong>Transaction</strong> Server for iSeries servers were sign-on<br />
incapable.<br />
In Version 3.1.0, extended EPI function was introduced to allow the sign-on<br />
capability of a terminal to be specified by one of the following methods.<br />
v C programs:<br />
Use <strong>CICS</strong>_EpiAddExTerminal <strong>and</strong> set the sign-on capability parameter in the<br />
<strong>CICS</strong>_EpiAttributes_t structure.<br />
v C++ programs:<br />
Set the sign-on capability parameter when constructing a CclTerminal class<br />
object.<br />
v Java Client applications:<br />
– EPI Request Classes<br />
Set the sign-on capability parameter when constructing an EPIRequest object<br />
via the addTerminal or addTerminalAsync method.<br />
– EPI Support Classes<br />
Create a Terminal object using the default Constructor, then use<br />
setSignonCapability, or create a Terminal object using the extended<br />
Constructor. If a terminal is in disconnected state (ie has been disconnected,<br />
or never connected) calling setSignonCapability allows you to change the<br />
sign-on capability for the terminal <strong>and</strong> changes the terminal type to extended.<br />
Chapter 7. Client security 109
When you connect, you connect an extended terminal with that sign-on<br />
capability. Setting the sign-on capability while a terminal is connected does<br />
not alter the connected setting; the setting is stored.<br />
The sign-on capability of the installed terminal is returned in the terminal<br />
attributes. This will be set to SIGNON_UNKNOWN if the server does not return a<br />
sign-on capability parameter in the terminal install (CTIN) response.<br />
To use any of the extended EPI functionality, ensure that you have applied the<br />
relevant server APAR; see “<strong>CICS</strong> server PTF requirements” on page 24.<br />
Mainframe <strong>CICS</strong> servers<br />
These servers support both sign-on capable <strong>and</strong> incapable terminals, provided that<br />
they are at the prerequisite maintenance level. A terminal install request that does<br />
not specify any sign-on capability, for example from <strong>CICS</strong>_EpiAddTerminal,<br />
results in a sign-on incapable terminal being installed.<br />
For sign-on capable terminals:<br />
v Use the <strong>CICS</strong>_EpiAddExTerminal call specifying a SignonCapability of<br />
<strong>CICS</strong>_EPI_SIGNON_CAPABLE.<br />
v You do not need to set the userid <strong>and</strong> password fields on the<br />
<strong>CICS</strong>_EpiAddExTerminal call or use <strong>CICS</strong>_EpiSetSecurity, provided that you<br />
specify UseDfltUser = Yes in the <strong>CICS</strong> connection definition on the server.<br />
v A userid <strong>and</strong> password entered through a sign-on transaction are flowed to the<br />
server as part of the 3270 data stream <strong>and</strong> they will therefore appear in a client<br />
trace.<br />
Specify UseDfltUser = Yes in the <strong>CICS</strong> CONNECTION definition, or ensure that<br />
the system administrator sets a default connection userid <strong>and</strong> password for the<br />
client. Otherwise, the add terminal request might fail with an<br />
EPI_ERR_SECURITY return code. The default user ID must have sufficient<br />
privileges to allow the CTIN transaction to run.<br />
v Before the user has signed on, transactions run under the default userid for the<br />
<strong>CICS</strong> server. After sign-on, transactions run under the signed-on userid.<br />
For sign-on incapable terminals without terminal security:<br />
v Use the <strong>CICS</strong>_EpiAddTerminal call<br />
v A connection userid <strong>and</strong> password are required regardless of the setting of the<br />
UseDfltUser in the <strong>CICS</strong> connection definition on the server.<br />
v <strong>Transaction</strong>s run under the userid specified in the corresponding FMH attach<br />
request.<br />
For sign-on incapable terminals with terminal security:<br />
v Use the EpiAddExTerminal call specifying a SignonCapability of<br />
<strong>CICS</strong>_EPI_SIGNON_INCAPABLE.<br />
v Set the userid <strong>and</strong> password fields on the <strong>CICS</strong>_EpiAddExTerminal call.<br />
v Specify UseDfltUser = No in the <strong>CICS</strong> connection definition on the server to<br />
enforce security.<br />
v Use <strong>CICS</strong>_EpiSetSecurity in conjunction with <strong>CICS</strong>_VerifyPassword <strong>and</strong><br />
<strong>CICS</strong>_ChangePassword to change the security settings for an existing terminal.<br />
v The userid <strong>and</strong> password are flowed to the server in the FMH of the attach<br />
request <strong>and</strong> will not appear in a client trace.<br />
v <strong>Transaction</strong>s will run under the userid specified in the corresponding FMH<br />
attach request.<br />
110 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
To use one of the APIs that does not support the extended EPI functionality, use<br />
CRTE through a middle tier system to get sign-on capable terminal-like<br />
functionality.<br />
<strong>CICS</strong> <strong>Transaction</strong> Server for iSeries servers<br />
These servers do not support the sign-on capability parameter in a terminal install<br />
(CTIN) request. A terminal install request always results in a sign-on incapable<br />
terminal being installed.<br />
Chapter 7. Client security 111
112 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Chapter 8. Performance<br />
This information helps you to:<br />
v Underst<strong>and</strong> the factors that affect <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> performance<br />
v Achieve the best performance from your system<br />
Related tasks<br />
“Displaying statistics” on page 187<br />
Use ctgadmin to display statistical information about the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong>.<br />
Related reference<br />
Assessing system performance<br />
“List of statistics” on page 189<br />
This information describes the statistics that are available from the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>.<br />
To assess the overall performance of your system you need to underst<strong>and</strong> how all<br />
system components, including <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, affect performance.<br />
These system components might include:<br />
v Browser<br />
v Routers <strong>and</strong> firewalls<br />
v Web application server or J2EE application server<br />
v <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
v <strong>CICS</strong> server<br />
The information you collect to assess performance should include:<br />
v Processor loading<br />
v Data transfer rates<br />
v Response times<br />
Response times are particularly useful indicators. They help you to underst<strong>and</strong><br />
which system components most affect performance.<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> threading model<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> provides a multithreaded model for h<strong>and</strong>ling network<br />
connections, <strong>and</strong> for assigning threads for requests from, <strong>and</strong> replies to, Java Client<br />
applications. The threading model uses the following objects:<br />
ConnectionManagers<br />
Workers<br />
A ConnectionManager manages all the connections from a particular Java<br />
Client application. When it receives a request, it allocates a worker thread<br />
from a pool of available worker threads to execute the request.<br />
A Worker is the object that actually executes a request from a Java Client<br />
application. Each Worker object has its own thread, which is activated<br />
when there is some work to do. When a worker thread has finished<br />
processing it returns to the pool of available worker threads.<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 113
You can set both the initial <strong>and</strong> maximum sizes of the resource pools for these<br />
objects; see “Configuring <strong>Gateway</strong> daemon settings” on page 53 for information on<br />
setting configuration parameters. You can also specify these limits when you start<br />
the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>; see “Starting the <strong>Gateway</strong> daemon with<br />
user-specified options” on page 123.<br />
Table 6 shows thread limits that should be considered when setting the number of<br />
Connection Manager <strong>and</strong> worker threads on the various operating systems:<br />
Table 6. Thread limits<br />
Operating<br />
system<br />
System-wide limit of<br />
the maximum number<br />
of threads<br />
AIX 262 143 32 768<br />
HP-UX No limit (30 000 kernel<br />
threads)<br />
<strong>Linux</strong> Equal to the maximum<br />
number of processes<br />
Solaris No limit No limit<br />
Process limit of the number of threads<br />
30 000 (refer to the max_thread_proc parameter<br />
under Configurable Kernel Parameters in the<br />
SAM utility)<br />
1024 (refer to your <strong>Linux</strong> Threads<br />
documentation for more information)<br />
For more information on the way Java allocates memory for threads, refer to<br />
“Performance issues” in the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming Guide.<br />
The threading model is illustrated in the following figure:<br />
Figure 23. <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> threading model for TCP/IP <strong>and</strong> SSL. These protocols have a persistent socket.<br />
Related tasks<br />
“Displaying statistics” on page 187<br />
Use ctgadmin to display statistical information about the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong>.<br />
Related reference<br />
114 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
“List of statistics” on page 189<br />
This information describes the statistics that are available from the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>.<br />
Tuning your configuration parameters<br />
The default values that have been chosen for configuration <strong>and</strong> tuning aim to give<br />
a compromise between:<br />
v Limiting the system resources used by <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> after it has<br />
started<br />
v Giving the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> the flexibility to h<strong>and</strong>le increases in<br />
workload<br />
The following factors affect performance; you might need to alter the default<br />
configuration to suit your system environment:<br />
Connection Manager threads<br />
v If the value specified for Initial number of Connection Manager<br />
threads is too high, your system will waste resources managing the<br />
threads that are not needed. See “Initial number of Connection Manager<br />
threads” on page 53 for more information.<br />
v If the value for Maximum number of Connection Manager threads is<br />
too low to meet all requests from applications, each new request that<br />
requires a Connection Manager thread must wait for a thread to become<br />
available. If the waiting time exceeds the value specified in the<br />
Connection timeout parameter, the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> refuses<br />
the connection. See “Maximum number of Connection Manager threads”<br />
on page 54 for more information.<br />
The design of your applications determines the number of Connection<br />
Manager threads you need. Incoming connections to <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> could be from a servlet, with each copy of the servlet issuing its<br />
own ECI requests, but sharing a single Connection Manager thread.<br />
Alternatively, the application could create a pool of connections, <strong>and</strong> ECI<br />
requests could be issued onto any connection from the pool.<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> creates a new Connection Manager thread, <strong>and</strong><br />
TCP/IP connection, each time a Java client side application creates a new<br />
Java<strong>Gateway</strong> object. This means that system performance is better if your<br />
applications issue many ECI requests using the same Java<strong>Gateway</strong> object,<br />
<strong>and</strong> from within the same thread, than if they create a new Java<strong>Gateway</strong><br />
object for each request.<br />
Flowing multiple requests through the same Java<strong>Gateway</strong> object also<br />
reduces the system resources required to create, <strong>and</strong> to destroy,<br />
Java<strong>Gateway</strong> objects.<br />
Worker threads<br />
Worker threads h<strong>and</strong>le outbound connections between <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> <strong>and</strong> your <strong>CICS</strong> server. The design of your applications, <strong>and</strong> the<br />
workload that you need to support, affects the number of Worker threads<br />
you need: the longer your <strong>CICS</strong> transactions remain in process, the more<br />
Worker threads you need to maintain a given transaction rate.<br />
v If the value specified for Initial number of Worker threads is too high,<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> uses resources to manage threads that it does<br />
not need.<br />
Chapter 8. Performance 115
|<br />
Java considerations<br />
v If the value is too low, <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> uses resources to<br />
search for available Worker threads.<br />
See “Initial number of Worker threads” on page 54 for more information<br />
about the Initial number of Worker threads setting.<br />
When using ECI to call the same <strong>CICS</strong> program, you can estimate the<br />
number of Worker threads you need to support a given workload by<br />
multiplying the following values:<br />
v The number of transactions per second passing through <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong><br />
v The average transaction response time through <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> in seconds<br />
Communication protocols<br />
Your choice of protocol depends on the nature of your client applications.<br />
Display TCP/IP hostnames<br />
Selecting this option might cause severe performance reduction on some<br />
systems. See “Display TCP/IP hostnames” on page 57.<br />
Timeout values<br />
It is unlikely that you can improve performance by changing the default<br />
timeout values. However, you might need to change them for particular<br />
applications. Refer to “Configuring <strong>Gateway</strong> daemon settings” on page 53<br />
for more information on these configuration parameters.<br />
Connection logging<br />
The <strong>Gateway</strong> configuration setting, Log Java Client connections <strong>and</strong><br />
disconnections, controls whether or not <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> writes<br />
a message each time that a client application program connects to, or<br />
disconnects from, the <strong>Gateway</strong> daemon. The default is for these messages<br />
not to be written. Selecting this setting can significantly reduce<br />
performance, especially in a system where client application programs<br />
connect <strong>and</strong> disconnect frequently. See “Log Java Client connections <strong>and</strong><br />
disconnections” on page 58.<br />
Related tasks<br />
“Displaying statistics” on page 187<br />
Use ctgadmin to display statistical information about the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong>.<br />
Related reference<br />
“List of statistics” on page 189<br />
This information describes the statistics that are available from the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>.<br />
Maximum Java heap size<br />
If your system requires large numbers of Connection Manager threads you<br />
might need to increase the heap size to improve performance; but see<br />
“java.lang.OutOfMemory exception” on page 159 for information on<br />
potential problems if the heap size is too large. How you set the heap size<br />
depends on your JVM. Refer to the documentation for your JVM for more<br />
information.<br />
Just-In-Time (JIT) compiler<br />
Use the java -version comm<strong>and</strong> to find whether or not the JIT is enabled; it<br />
116 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
Other system factors<br />
is enabled by default. Immediately after a <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> has<br />
started, performance might be relatively slow because of JIT overheads.<br />
Refer to your JVM documentation for information on JIT techniques.<br />
Java<strong>Gateway</strong> objects<br />
Performance is better if you flow multiple requests using the same<br />
Java<strong>Gateway</strong> object than if you create a new Java<strong>Gateway</strong> object with each<br />
request. Each time you create, <strong>and</strong> destroy, a new Java<strong>Gateway</strong> object you<br />
use additional system resources for:<br />
v Creation <strong>and</strong> destruction of the object itself<br />
v Creation <strong>and</strong> destruction of any associated sockets<br />
v Garbage collection<br />
ECI COMMAREA size<br />
The size of the ECI COMMAREA has a large effect on performance. If you<br />
make the COMMAREA larger, you need more system resources to process<br />
it, <strong>and</strong> your response times are longer. Refer to <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>:<br />
Programming Guide for information on how to specify COMMAREA<br />
parameters in ECI requests.<br />
The setCommareaOutboundLength method, which is part of the<br />
ECIRequest object, is particularly important to performance. The amount<br />
of data that an application sends in the COMMAREA flow to <strong>CICS</strong> might<br />
be small, <strong>and</strong> the amount of data expected from <strong>CICS</strong> in return might be<br />
unknown. To improve performance significantly, <strong>and</strong> reduce network<br />
loading:<br />
v Use the setCommareaOutboundLength method to ensure that you send<br />
only the required data in the outbound flow to <strong>CICS</strong>, <strong>and</strong> not the full<br />
Commarea_Length.<br />
<strong>CICS</strong> removes any null data from the COMMAREA in the return flow,<br />
<strong>and</strong> the Client daemon automatically pads out the nulls <strong>and</strong> returns the<br />
full COMMAREA to the application.<br />
v Use the getInboundDataLength method to show the amount of non-null<br />
data returned.<br />
v You can use either the setCommareaInbound method or null stripping.<br />
Use setCommareaInbound when the size of inbound data is known in<br />
advance. See <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming Guide for more<br />
details about when to use these options.<br />
<strong>CICS</strong> server transactions<br />
The design of your <strong>CICS</strong> server transactions affects the performance of<br />
your system. The response time through the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
might increase if your transactions:<br />
v Need to wait for shared resources, for example data sets or applications,<br />
to become available<br />
v Make remote links to other <strong>CICS</strong> systems<br />
v Are unnecessarily complex<br />
Refer to the performance <strong>and</strong> tuning documentation for your <strong>CICS</strong> server<br />
system for information on how to get the best performance.<br />
Synchronous or asynchronous ECI calls<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> has to do less processing to h<strong>and</strong>le a<br />
synchronous ECI call than to h<strong>and</strong>le an equivalent asynchronous call. Also,<br />
Chapter 8. Performance 117
Tracing <strong>and</strong> performance<br />
synchronous ECI calls create fewer network flows than asynchronous calls.<br />
This means that synchronous ECI calls give better performance than<br />
asynchronous calls.<br />
Extended logical units of work<br />
Take care when extending a logical unit of work across multiple program<br />
link calls that might span a long time period (for example, user thinking<br />
time). The logical unit of work holds various locks, <strong>and</strong> other <strong>CICS</strong><br />
resources, on the server. This might cause delays to other users who are<br />
waiting for the same locks <strong>and</strong> resources.<br />
Also, each logical unit of work occupies one <strong>CICS</strong> non-facility task for the<br />
duration of its execution. This means that you must define enough free<br />
tasks in the <strong>CICS</strong> server to service the maximum expected number of<br />
concurrent calls.<br />
Refer to <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming Guide for more information.<br />
Tracing the Client or the <strong>Gateway</strong> daemon reduces performance significantly. Client<br />
trace means all the components of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> that go to the<br />
Client trace file. Where possible, try to measure response times, without using<br />
tracing, through the different parts of your system, to find where delays are<br />
happening. For example, you could measure response times at the user application,<br />
or through the facilities provided by <strong>CICS</strong> <strong>and</strong> WebSphere Application Server.<br />
The Client trace provides a greater level of control than is currently available for<br />
<strong>Gateway</strong> trace. If you need to trace the Client, take the following steps to lessen<br />
the impact on performance:<br />
v Use memory mapped trace whenever possible; see “Memory mapped tracing”<br />
on page 163. This should be suitable in most cases, unless it was not possible to<br />
flush the buffers, for example.<br />
v Start by specifying the API.2, CCL <strong>and</strong> DRV.1 components. If this does not<br />
isolate the problem, include extra components as necessary.<br />
<strong>IBM</strong> does not recommend the use of the full <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> trace to<br />
monitor performance in a production environment.<br />
Performance monitoring tools<br />
The following performance monitoring tools are available on the AIX operating<br />
system. Similar tools are available on other <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> operating system:<br />
vmstat<br />
Gives statistics about virtual memory, disks, traps, <strong>and</strong> processor activity.<br />
Use it to determine system loading.<br />
iostat Gives processor statistics <strong>and</strong> I/O statistics for tty, disks, <strong>and</strong> CD-ROM<br />
drives.<br />
sar (system activity report)<br />
Collects, reports, or saves system activity information.<br />
netstat<br />
Shows network status.<br />
118 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
<strong>IBM</strong> Performance Toolbox<br />
Provides some useful performance tools that are integrated into a graphical<br />
user interface. Versions are available for the Solaris <strong>and</strong> HP-UX operating<br />
systems.<br />
Refer also to the performance <strong>and</strong> tuning documentation for WebSphere, SNA,<br />
TCP/IP, <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS, <strong>and</strong> TXSeries, <strong>and</strong> the documentation<br />
supplied with your operating system.<br />
Chapter 8. Performance 119
120 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Chapter 9. Operating the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
This information discusses how to operate the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> product,<br />
including the <strong>Gateway</strong> daemon <strong>and</strong> the Client daemon.<br />
Starting the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
You do not need to explicitly start the Client daemon. Start the <strong>Gateway</strong> daemon<br />
by issuing the ctgstart comm<strong>and</strong>. The Client daemon starts automatically when<br />
the first request is flowed. See “Starting the <strong>Gateway</strong> daemon” on page 123 for<br />
information on the ctgstart comm<strong>and</strong>.<br />
Stopping the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
Stop the daemons in this order:<br />
Changing the system time<br />
1. <strong>Gateway</strong> daemon. See “Stopping the <strong>Gateway</strong> daemon” on page 125 for details.<br />
2. Client daemon. See “The cicscli comm<strong>and</strong>” on page 133 for details.<br />
Shutting down the Client daemon while the <strong>Gateway</strong> daemon is still running is<br />
not supported. If the Client daemon is shut down while the <strong>Gateway</strong> daemon is<br />
still running, Client applications fail with ECI_ERR_SYSTEM_ERROR or<br />
<strong>CICS</strong>_EPI_ERR_FAILED errors, <strong>and</strong> the Client daemon is not automatically<br />
restarted. The same issue applies if the Client daemon is shut down when a long<br />
running user application is still running. To resolve the situation, shut down <strong>and</strong><br />
restart the <strong>Gateway</strong> daemon.<br />
Do not change the system time while the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is running.<br />
This can give unpredictable results, <strong>and</strong> is not supported.<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 121
122 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Chapter 10. Operating the <strong>Gateway</strong> daemon<br />
Starting the <strong>Gateway</strong> daemon<br />
This information describes how to operate the <strong>Gateway</strong> daemon of <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>.<br />
This information describes how to start the <strong>Gateway</strong> daemon.<br />
Starting the <strong>Gateway</strong> daemon with preset options<br />
To start the <strong>Gateway</strong> daemon with the options specified in ctg.ini, type ctgstart at<br />
the comm<strong>and</strong> prompt <strong>and</strong> press Enter.<br />
The <strong>Gateway</strong> daemon will not start without a valid ctg.ini file.<br />
A console session starts, <strong>and</strong> messages are displayed showing the values being<br />
used for TCP/IP.<br />
Starting the <strong>Gateway</strong> daemon with user-specified options<br />
To override the startup defaults type ctgstart at the comm<strong>and</strong> line, followed by the<br />
start-up options that you require, <strong>and</strong> press Enter.<br />
The user-definable options on the start comm<strong>and</strong> are:<br />
-port=port_number<br />
-initconnect=number<br />
-maxconnect=number<br />
-initworker=number<br />
-maxworker=number<br />
-trace<br />
-quiet<br />
-tfile=pathname<br />
-x<br />
-tfilesize=number<br />
-truncationsize=number<br />
-dnsnames<br />
-dumpoffset=number<br />
-stack<br />
-adminport=number<br />
-jargument<br />
where:<br />
-port=number<br />
Specifies the TCP/IP port number on which the <strong>Gateway</strong> daemon will listen.<br />
-initconnect=number<br />
Specifies an initial number of ConnectionManager threads. See “Tuning your<br />
configuration parameters” on page 115 for performance information.<br />
-maxconnect=number<br />
Specifies a maximum number of ConnectionManager threads. If you set this<br />
value to -1, no limits are applied to the number of ConnectionManager threads.<br />
See “Tuning your configuration parameters” on page 115 for performance<br />
information.<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 123
-initworker=number<br />
Specifies an initial number of worker threads. See “Tuning your configuration<br />
parameters” on page 115 for performance information.<br />
-maxworker=number<br />
Specifies a maximum number of worker threads. If you set this value to -1, no<br />
limits are applied to the number of ConnectionManager threads. See “Tuning<br />
your configuration parameters” on page 115 for performance information.<br />
-trace<br />
Enables st<strong>and</strong>ard tracing (see “Tracing” on page 155). By default, the trace<br />
output shows only the first 128 bytes of any data blocks (for example the<br />
COMMAREA, or network flows). Other useful information, including the<br />
value of the CLASSPATH variable, <strong>and</strong> the code page, is shown at the top of<br />
the trace output.<br />
Trace output is written to stderr, unless you use the -tfile option, or have used<br />
the Configuration Tool to define a default trace destination. No trace is written<br />
if the <strong>Gateway</strong> daemon does not have permission to write to the specified file.<br />
Each time the <strong>Gateway</strong> daemon is started with trace enabled, the trace file is<br />
overwritten with the new trace.<br />
-quiet<br />
Disables the reading of input from the console, <strong>and</strong> disables writing to stdout.<br />
-tfile=pathname<br />
If tracing is enabled, trace output is written to the file specified in pathname.<br />
This overrides the default destination for trace output (see the -trace option).<br />
-x Enables full debug tracing (see “Tracing” on page 155). By default, the trace<br />
output shows the whole of any data blocks (for example the COMMAREA, or<br />
network flows). It also displays more information about the internal <strong>Gateway</strong><br />
daemon processing than the st<strong>and</strong>ard trace. See the -trace <strong>and</strong> -tfile options for<br />
information on the destination for trace output.<br />
Debug tracing significantly decreases performance.<br />
-tfilesize=number<br />
Specifies the maximum size, in kilobytes, of the trace output file.<br />
-truncationsize=number<br />
The value number specifies the maximum size of any data blocks that are<br />
shown in the trace. You can use this option with either the -trace or -x options<br />
to override the default size. Any positive integer is valid. If you specify a value<br />
of 0, no data blocks are shown in the trace.<br />
-dnsnames<br />
Enables the display of symbolic TCP/IP host names in messages. See “Display<br />
TCP/IP hostnames” on page 57 for more information.<br />
-dumpoffset=number<br />
The value number specifies the offset from which displays of any data blocks<br />
start. If the offset is greater than the total length of data to be displayed, an<br />
offset of 0 is used.<br />
-stack<br />
Enables Java exception stack tracing (see “Tracing” on page 155). Java<br />
exceptions are traced, including those expected during normal operation.<br />
Expected exceptions include:<br />
v An IOException resulting from a Java Client application ending, or<br />
disconnecting from a network protocol.<br />
124 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
v An InterruptedException resulting from a <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
protocol h<strong>and</strong>ler timeout, such as the idle timeout, or a ping timeout.<br />
No other trace output is created. See the -trace <strong>and</strong> -tfile options for<br />
information on the destination for trace output.<br />
-adminport=number<br />
Specify the port used to communicate with the <strong>Gateway</strong> daemon when<br />
controlling the <strong>Gateway</strong> daemon through the ctgadmin comm<strong>and</strong>.<br />
-j Pass an argument to the JVM. For example, -j-D= sets a JVM<br />
system property. See the JVM comm<strong>and</strong> line interpreter help for guidance in<br />
using this option.<br />
A console session starts, <strong>and</strong> messages are displayed showing the values being<br />
used for TCP/IP.<br />
To get help on the startup options, enter:<br />
ctgstart -?<br />
Stopping the <strong>Gateway</strong> daemon<br />
There are two types of shutdown: normal <strong>and</strong> immediate.<br />
Normal shutdown<br />
In a normal shutdown, the <strong>Gateway</strong> daemon waits for work in progress to<br />
complete. During this time, new work is not allowed to start. Once work<br />
has completed the <strong>Gateway</strong> daemon shuts down.<br />
Immediate shutdown<br />
Any outst<strong>and</strong>ing work is terminated abruptly. Existing connections are<br />
broken; requests for new connections are refused. The <strong>Gateway</strong> daemon<br />
shuts down.<br />
You can perform an immediate shutdown if a normal shutdown is taking too long.<br />
You cannot request a normal shutdown after you have issued the comm<strong>and</strong> for an<br />
immediate shutdown.<br />
To shut down the <strong>Gateway</strong> daemon:<br />
v Use the ctgadmin comm<strong>and</strong>. The comm<strong>and</strong> is described at “Shutting down the<br />
<strong>Gateway</strong> daemon” on page 127.<br />
v If you did not start the <strong>Gateway</strong> daemon with the -quiet option, you can stop it<br />
by typing the correct character <strong>and</strong> pressing the Enter key in the console session.<br />
Accepted characters are as follows:<br />
Normal shutdown<br />
Q or -<br />
Immediate shutdown<br />
I<br />
Using Ctrl+C to stop the <strong>Gateway</strong> daemon is not supported.<br />
If you have problems stopping the <strong>Gateway</strong> daemon, see “Problems shutting down<br />
the <strong>Gateway</strong> daemon” on page 161.<br />
Chapter 10. Operating the <strong>Gateway</strong> daemon 125
|<br />
|<br />
|<br />
|<br />
|<br />
Running the <strong>Gateway</strong> daemon in the background<br />
Using a SysV-compliant initialization process script, /bin/ctgd, you<br />
can run the <strong>Gateway</strong> daemon as a background process. You can:<br />
v Define the user <strong>and</strong> group that the <strong>Gateway</strong> daemon will run as.<br />
v Specify the location of ctg.ini.<br />
v Start the <strong>Gateway</strong> daemon with parameters.<br />
v Start <strong>and</strong> stop the <strong>Gateway</strong> daemon when the system starts <strong>and</strong> stops.<br />
v Specify the TCP port on which the <strong>Gateway</strong> daemon listens for local<br />
administration requests. The default port is 2810. The ctgd script does not use<br />
the port specified in ctg.ini.<br />
The comm<strong>and</strong> takes start <strong>and</strong> stop parameters, <strong>and</strong> can be called during the<br />
startup <strong>and</strong> shutdown processes of your operating system.<br />
To run the <strong>Gateway</strong> daemon as a background task, take the following steps:<br />
1. Create a valid /bin/ctgd.conf file. The recommended way is to<br />
copy /bin/ctgdsamp.conf <strong>and</strong> edit the copy. You are advised to<br />
specify the user <strong>and</strong> group which will run the <strong>Gateway</strong> daemon. The sample<br />
file contains instructions on how to produce a valid configuration file.<br />
If you need to change the location of ctgd.conf, export environment variable<br />
$CTGDCONF by issuing a comm<strong>and</strong> like the following:<br />
export CTGDCONF=/opt/<strong>IBM</strong>/cicstg/bin/ctgd.conf<br />
2. To start the <strong>Gateway</strong> daemon as a background process, issue this comm<strong>and</strong>:<br />
ctgd start<br />
3. To stop a <strong>Gateway</strong> daemon that is running as a background process, issue this<br />
comm<strong>and</strong>:<br />
ctgd stop<br />
Administering your system<br />
This stops the <strong>Gateway</strong> daemon immediately.<br />
4. If you want the <strong>Gateway</strong> daemon to start <strong>and</strong> stop with the operating system,<br />
place a symbolic link to /bin/ctgd in the appropriate directory,<br />
or edit /etc/inittab. See the documentation supplied with your operating<br />
system for more details.<br />
Administering your system<br />
You can perform the following administrative functions without having to restart<br />
the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> for them to take effect:<br />
v Set the <strong>Gateway</strong> trace<br />
v Set JNI trace<br />
v Query the current trace settings<br />
v Stop the <strong>Gateway</strong> daemon<br />
v Display statistical information about the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
v Obtain a Java heap dump, a system dump, or a Java dump from a running <strong>IBM</strong><br />
JVM.<br />
v Obtain dumps containing information about the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
configuration, <strong>and</strong> the current JVM.<br />
126 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Use the ctgadmin comm<strong>and</strong>, followed by appropriate options, to administer your<br />
system. Options are not case sensitive; those in brackets are optional.<br />
You can run the ctgadmin comm<strong>and</strong> from a script, <strong>and</strong> check the results<br />
programmatically. See <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming Guide for details of<br />
return codes used by the ctgadmin comm<strong>and</strong>.<br />
Setting the <strong>Gateway</strong> trace<br />
At the comm<strong>and</strong> line, issue the following comm<strong>and</strong>:<br />
ctgadmin -a trace [-tfile path]<br />
[-tfilesize number] [-tlevel number]<br />
[[-truncationsize number][-dumpoffset number]|-fulldatadump]<br />
See “<strong>Administration</strong> options” for an explanation of options.<br />
Setting the JNI trace<br />
At the comm<strong>and</strong> line, issue the following comm<strong>and</strong>:<br />
ctgadmin -a trace [-jnifile path] [-jnilevel number]<br />
See “<strong>Administration</strong> options” for an explanation of options.<br />
Setting <strong>Gateway</strong> <strong>and</strong> JNI trace<br />
At the comm<strong>and</strong> line, issue the following comm<strong>and</strong>:<br />
ctgadmin -a trace [-tfile path]<br />
[-tfilesize number] [-tlevel number]<br />
[[-truncationsize number][-dumpoffset number]|-fulldatadump]<br />
[-jnifile path] [-jnilevel number]<br />
See “<strong>Administration</strong> options” for an explanation of options.<br />
Querying trace settings<br />
At the comm<strong>and</strong> line, issue the following comm<strong>and</strong>:<br />
ctgadmin -a trace<br />
See “<strong>Administration</strong> options” for an explanation of options.<br />
Shutting down the <strong>Gateway</strong> daemon<br />
At the comm<strong>and</strong> line, issue the following comm<strong>and</strong>:<br />
ctgadmin -a shut [-immediate]<br />
Getting help<br />
At the comm<strong>and</strong> line, issue the following comm<strong>and</strong>:<br />
ctgadmin -?<br />
To get help on a particular action, issue a comm<strong>and</strong> like the following:<br />
ctgadmin -a action -?<br />
<strong>Administration</strong> options<br />
The following options are available:<br />
Chapter 10. Operating the <strong>Gateway</strong> daemon 127
Shutdown options<br />
This option is available for use with the ctgadmin -a shut comm<strong>and</strong>.<br />
To get help on these options, issue the following comm<strong>and</strong>:<br />
ctgadmin -a shut -?<br />
Option Short form Comments<br />
-immediate -imm Specifies that the <strong>Gateway</strong> daemon<br />
should shut down immediately. If you<br />
do not specify this option, a normal<br />
shutdown is performed.<br />
Trace options<br />
These options are available for use with the ctgadmin -a trace comm<strong>and</strong>.<br />
To get help on these options, issue the following comm<strong>and</strong>:<br />
ctgadmin -a trace -?<br />
Option Short form Comments<br />
-dumpoffset -of Specifies the offset from which displays<br />
of any data blocks start, for example<br />
512. If the offset is greater than the<br />
total length of data to be displayed, an<br />
offset of 0 is used. This option applies<br />
only to the <strong>Gateway</strong> trace, not JNI<br />
trace.<br />
You cannot use this together with the<br />
fulldatadump option.<br />
-fulldatadump -fd Sets the dumpoffset to 0 <strong>and</strong> ignores<br />
any value specified in truncationsize.<br />
This option applies only to the<br />
<strong>Gateway</strong> trace, not JNI trace.<br />
-jnifile -jf Specifies the name of the output file for<br />
JNI tracing. You must specify a value<br />
for this option. If you do not, an error<br />
is displayed. JNI trace is output as<br />
plain text, <strong>and</strong> there is no requirement<br />
to use a particular extension for the file<br />
name.<br />
-jnilevel -jl<br />
0 Off. No trace information is<br />
output.<br />
1 On.<br />
-tfilesize -ts Specifies the maximum size, in<br />
kilobytes, of the <strong>Gateway</strong> trace output<br />
file, for example 50000.<br />
-tfile -tf Specifies the output file for <strong>Gateway</strong><br />
tracing, for example ./tracefile.trc. If<br />
you do not specify a value for this<br />
option, trace output is sent to the<br />
console.<br />
128 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Option Short form Comments<br />
-tlevel -tl Specifies the <strong>Gateway</strong> trace level.<br />
Permitted values are:<br />
0 Off. No trace information is<br />
output.<br />
1 Exception tracing. Only<br />
exceptions are traced. This is<br />
equivalent to ctgstart -stack;<br />
see “Starting the <strong>Gateway</strong><br />
daemon with user-specified<br />
options” on page 123.<br />
2 Trace exceptions, <strong>and</strong> entry<br />
<strong>and</strong> exit of methods.<br />
3 Trace exceptions, some<br />
internals, <strong>and</strong> entry <strong>and</strong> exit of<br />
methods (equivalent to<br />
ctgstart -trace).<br />
4 Full debug tracing (all trace<br />
points, equivalent to ctgstart<br />
-x).<br />
-truncationsize -tr Specifies the byte at which to stop the<br />
hex dump, for example 2000. It defines<br />
the end point, not the number of bytes<br />
to display. So if on a dump of size 40<br />
you set the dumpoffset to 11, <strong>and</strong> the<br />
truncationsize to 25, you will see 15<br />
bytes (from 11 to 25).<br />
You cannot use this together with the<br />
fulldatadump option. This option<br />
applies only to the <strong>Gateway</strong> trace, not<br />
JNI trace.<br />
Statistical options<br />
These options are available for use with the ctgadmin -a stats comm<strong>and</strong>.<br />
To get help on these options, issue the following comm<strong>and</strong>:<br />
ctgadmin -a stats -?<br />
Option Short form Comments<br />
-getstats -gs Lists all available statistics.<br />
-getstats=query string -gs=query string Lists statistics for the IDs specified in<br />
query string.<br />
-resourcegroups -rg Lists available resource group IDs<br />
-statids -si Lists available statistical IDs<br />
-statids=resource group ID -si=resource group ID Lists available statistical IDs for the<br />
specified resource group, or list of<br />
resource groups.<br />
Related tasks<br />
“Displaying statistics” on page 187<br />
Use ctgadmin to display statistical information about the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong>.<br />
Chapter 10. Operating the <strong>Gateway</strong> daemon 129
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Dump options<br />
Dump options are available for use with the ctgadmin -a dump comm<strong>and</strong>.<br />
To get help on these options, issue the following comm<strong>and</strong>:<br />
ctgadmin -a dump -?<br />
Dumps contain diagnostic information that can be used when investigating system<br />
problems.<br />
If the <strong>IBM</strong> JVM is used, a subset of the options can be used to provide JVM<br />
dumps. The <strong>IBM</strong> JVM can produce a Java heap dump, a Java dump, or a Java<br />
system dump. These are produced by a running JVM, <strong>and</strong> can be requested during<br />
normal operation of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>. The dumps contain diagnostic<br />
information that can be used when investigating system problems.<br />
For further information on <strong>IBM</strong> JVM dumps, see the <strong>IBM</strong> Java Diagnostic Guide at<br />
http://www-128.ibm.com/developerworks/java/jdk/diagnosis/.<br />
Dump file location<br />
The dumps write information to a location chosen from the first available option in<br />
the following list:<br />
1. The location specified by the <strong>IBM</strong>_JAVACOREDIR environment variable, if set.<br />
2. The current working directory of the JVM processes, if permitted.<br />
3. The location specified by the TMPDIR environment variable, if set.<br />
4. The /tmp directory.<br />
5. If the dump cannot be written to any of the previous locations, it is sent to<br />
STDERR.<br />
Parameters<br />
There are no short forms of the parameter names.<br />
Parameter Comments<br />
-jvm Generates a dump containing current JVM memory<br />
usage.<br />
-jvmstack Generates a dump containing only the Java call stack.<br />
-ctginfo Generates a dump containing information about the<br />
configuration of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
-heap (<strong>IBM</strong> JVM only.) Generates a Java heap dump to the<br />
default location. The dump file has a file name of the<br />
form heapdump.YYYYMMDD.HHMMSS..phd<br />
-java (<strong>IBM</strong> JVM only.) Generates a Java dump to the default<br />
location. The dump file has a file name of the form<br />
javacore.YYYYMMDD.HHMMSS..phd<br />
-system (<strong>IBM</strong> JVM only.) Generates a Java system dump to the<br />
default location. The dump file has a file name of the<br />
form core.YYYYMMDD.HHMMSS..phd<br />
130 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Responses<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> daemon responds to a dump request with a<br />
message to the console.<br />
<strong>IBM</strong> JVM dump responses<br />
Messages from the JVM contain the name of the dump, <strong>and</strong> indicate whether the<br />
dump was successful. The JVM messages are sent to the <strong>Gateway</strong> error log.<br />
Possible responses to the dump request are as follows:<br />
The <strong>Gateway</strong> daemon successfully processed the dump request<br />
The dump request completed successfully.<br />
Null response received from the <strong>Gateway</strong> daemon during the dump request<br />
The <strong>Gateway</strong> daemon received the dump request, but returned an invalid<br />
or null response.<br />
The dump type is unsupported in the remote JVM<br />
The remote JVM does not support the requested dump type.<br />
An invalid response was returned from the <strong>Gateway</strong> daemon during the dump<br />
request<br />
The <strong>Gateway</strong> daemon received the dump request, but the response<br />
returned was invalid.<br />
The <strong>Gateway</strong> daemon encountered a serious error while processing the dump<br />
type The <strong>Gateway</strong> daemon received the dump request, but an error was<br />
detected.<br />
Other options<br />
This option is available for use with the ctgadmin -a comm<strong>and</strong>.<br />
Option Short form Comments<br />
-dbg [filename] N/A Use this option when requested by your service<br />
organization.<br />
Chapter 10. Operating the <strong>Gateway</strong> daemon 131
132 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
Chapter 11. Operating the Client daemon<br />
The cicscli comm<strong>and</strong><br />
This information describes how to operate the Client daemon.<br />
The cicscli comm<strong>and</strong> is used to start <strong>and</strong> shut down the Client daemon, check the<br />
availability of servers, <strong>and</strong> set other options.<br />
The Client daemon starts automatically when you invoke any of the client<br />
functions such as EPI, ECI, or 3270 terminal emulation; you do not need to<br />
explicitly start the Client daemon, but you must to use the cicscli comm<strong>and</strong> to shut<br />
it down. Stopping the <strong>Gateway</strong> daemon does not shut down the Client daemon.<br />
The following table shows the functions that you can perform with the cicscli<br />
comm<strong>and</strong>, <strong>and</strong> the options associated with each function:<br />
Function Options<br />
Start the Client daemon, <strong>and</strong> start communication with <strong>CICS</strong> servers -s<br />
Shut down the Client daemon -i or -x<br />
Restart the Client daemon -j or -y<br />
Create autostart parameters for the Client daemon -r<br />
Start client tracing -d<br />
Use memory mapped tracing -b<br />
Stop client tracing -o<br />
Specify the client components to be traced -m<br />
Set up security -c, -u, <strong>and</strong> -p<br />
List connected <strong>CICS</strong> servers -l<br />
Disable all output messages -q<br />
Wait for confirmation before completion -w<br />
Display information about the version <strong>and</strong> build level of the Client<br />
daemon<br />
The following sections provide examples of using the cicscli comm<strong>and</strong>. Full details<br />
of the comm<strong>and</strong> syntax are in “cicscli comm<strong>and</strong> reference” on page 137.<br />
Starting the Client daemon<br />
To start the Client daemon, enter:<br />
cicscli -s<br />
To start the Client daemon <strong>and</strong> start communication with a <strong>CICS</strong> server, enter:<br />
cicscli -s=servername<br />
where servername is the name of a <strong>CICS</strong> server.<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 133<br />
-v
Starting connections with additional servers<br />
To start a connection to a <strong>CICS</strong> server when the Client daemon is already running,<br />
enter:<br />
cicscli -s=servername<br />
where servername is the name of a <strong>CICS</strong> server.<br />
Note: If you change <strong>and</strong> reinstall the <strong>CICS</strong> connection definition, you must stop<br />
<strong>and</strong> restart the connection.<br />
Shutting down the Client daemon normally<br />
To shut down the Client daemon for all connected servers, after all outst<strong>and</strong>ing<br />
units of work have completed, enter:<br />
cicscli -x<br />
To shut down the session with a particular server, enter:<br />
cicscli -x=servername<br />
where servername is the name of a <strong>CICS</strong> server. This stops only the session with the<br />
named server; it does not shut down the Client daemon or connections to other<br />
servers.<br />
Shutting down the Client daemon immediately<br />
To shut down the Client daemon for all connected servers, without completing<br />
outst<strong>and</strong>ing units of work, enter:<br />
cicscli -i<br />
To shut down the session with a particular server, enter:<br />
cicscli -i=servername<br />
where servername is the name of a <strong>CICS</strong> server. This stops only the session with the<br />
named server; it does not shut down the Client daemon or connections to other<br />
servers.<br />
If the Client daemon does not shut down completely, this might be because the<br />
Client daemon process, cclclnt, remains active. To stop this process, enter the<br />
comm<strong>and</strong><br />
kill -2 pid<br />
where pid is the numeric process id of cclclnt.<br />
Do not use the kill -9 comm<strong>and</strong> as this stops a process without allowing its<br />
resources to be released; those resources remain active until you restart the system.<br />
Restarting the Client daemon normally<br />
To shut down the Client daemon for all connected servers, after all outst<strong>and</strong>ing<br />
units of work have completed, <strong>and</strong> then start it again, enter:<br />
cicscli -y<br />
cicscli -y is equivalent to cicscli -x followed by cicscli -s. This does not<br />
re-establish server connections or trace settings.<br />
134 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Restarting the Client daemon immediately<br />
To shut down the Client daemon for all connected servers, without completing<br />
outst<strong>and</strong>ing units of work, <strong>and</strong> then start it again, enter:<br />
cicscli -j<br />
cicscli -j is equivalent to cicscli -i followed by cicscli -s. This does not<br />
re-establish server connections or trace settings.<br />
Starting client tracing<br />
To start tracing the Client daemon, enter:<br />
cicscli -d<br />
To trace the Client daemon from the startup sequence, enter the -s <strong>and</strong> -d options<br />
together:<br />
cicscli -d -s<br />
The Client daemon writes trace entries to the cicscli.bin file in the /var/cicscli<br />
subdirectory. New trace entries overwrite any existing entries in the trace file. If<br />
required, make a backup copy of the old trace file before you start tracing.<br />
Performance while tracing is on can be improved by using memory mapped tracing.<br />
With memory mapped tracing, data is stored initially in memory, <strong>and</strong> flushed to<br />
disk by the operating system’s paging mechanism. For more information, see<br />
“Memory mapped tracing” on page 163. For important security information, see<br />
“Security considerations for trace <strong>and</strong> log files” on page 136.<br />
To use memory mapped tracing, do the following:<br />
1. Turn on wrapping trace by setting the Client trace file wrap size (KB) field in<br />
the Configuration Tool to a value greater than 0; see “Client trace file wrap size<br />
(KB)” on page 81 for details of the field setting.<br />
2. When you turn on tracing, specify the -b option as well as the other options,<br />
for example:<br />
cicscli -d -b<br />
or<br />
cicscli -d -m=component_list -b<br />
Use the cicsftrc utility to format the trace file; see “Formatting the binary trace file”<br />
on page 164.<br />
Specifying the trace components<br />
To specify which client components to trace, enter, for example:<br />
cicscli -m=TRN,API.2<br />
For information on which components you can trace, see “cicscli comm<strong>and</strong><br />
reference” on page 137.<br />
Stopping client tracing<br />
To stop tracing the Client daemon, enter:<br />
cicscli -o<br />
Trace stops automatically if you enter the cicscli -x comm<strong>and</strong>.<br />
Chapter 11. Operating the Client daemon 135
Security considerations for trace <strong>and</strong> log files<br />
The Client daemon restricts access to the client trace <strong>and</strong> log files. By default, these<br />
are normal files, not links, called cicscli.bin, <strong>and</strong> cicscli.log, in the /var/cicscli<br />
subdirectory. You can specify names for these files using the Configuration Tool.<br />
The trace file<br />
Normally, the file permissions on cicscli.bin allow only the owner, <strong>and</strong> group to<br />
write to the file, <strong>and</strong> only the owner to read it. However, a user who has write<br />
access to the /var/cicscli subdirectory can delete cicscli.bin regardless of the file<br />
permissions.<br />
If however you use the -b option (see “Starting client tracing” on page 135), every<br />
process is given read access to the trace files.<br />
If you do not want unauthorized users to have access to the cicscli.bin file, do not<br />
give them write access to the /var/cicscli subdirectory. For example, a comm<strong>and</strong><br />
such as:<br />
chmod 755 /var/cicscli<br />
allows users to see files in /var/cicscli subdirectory but not to create, delete, or<br />
move them.<br />
The Client daemon prevents you from starting tracing if an unauthorized user has<br />
deleted <strong>and</strong> recreated cicscli.bin.<br />
Security <strong>and</strong> the error <strong>and</strong> warning log file<br />
The file permissions on cicscli.log allow only the owner (root) <strong>and</strong> group to read<br />
<strong>and</strong> write the file.<br />
To improve security further:<br />
v Set the permissions on the /var/cicscli subdirectory to restrict general access<br />
chmod 0711 /var/cicscli<br />
This means users cannot even see which files are in this directory.<br />
v Allow ECI <strong>and</strong> EPI programs, <strong>and</strong> terminals, to start the Client daemon, but<br />
allow only the root user to perform all other client administration. To do this,<br />
restrict access to the /cicscli binary file, <strong>and</strong> allow general read<br />
<strong>and</strong> execute access to the /var/cicscli subdirectory.<br />
Setting up security for the Client daemon<br />
You can use the following comm<strong>and</strong>s after first starting the Client daemon.<br />
To set a user ID to use when accessing server servername, enter:<br />
cicscli -c=servername -u=userid<br />
where userid is the user ID <strong>and</strong> servername is the server name. (You are prompted<br />
for the password.)<br />
To set a password to use when accessing server servername, enter:<br />
cicscli -c=servername -p=password<br />
where servername is the name of the server <strong>and</strong> password is the password.<br />
You can enter the -u <strong>and</strong> -p options together.<br />
136 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
You can also specify the security parameters when you start the Client daemon or<br />
make a connection to a server:<br />
cicscli -s=servername -u=userid -p=password<br />
Displaying information about the version of the Client daemon<br />
To display information about the version <strong>and</strong> build level of your Client daemon,<br />
enter the comm<strong>and</strong><br />
cicscli -v<br />
Listing the connected servers<br />
To list all the servers being used by the Client daemon, <strong>and</strong> their status, enter:<br />
cicscli -l<br />
Disabling the display of messages from the Client daemon<br />
To disable the display of all messages produced by the comm<strong>and</strong>, enter, for<br />
example:<br />
cicscli -s -q<br />
Destination for error messages<br />
By default, the Client daemon sends error messages to the log file cicscli.log in the<br />
/var/cicscli subdirectory.<br />
On AIX, you can redirect these messages to another target device or file by using<br />
the swcons comm<strong>and</strong>. You cannot use the -e option to send messages to the<br />
console.<br />
Displaying comm<strong>and</strong> options for the Client daemon<br />
To display the options of the cicscli comm<strong>and</strong>, enter:<br />
cicscli -?<br />
cicscli comm<strong>and</strong> reference<br />
All client control comm<strong>and</strong>s have options identified by a leading dash (-).<br />
v On <strong>Linux</strong> <strong>and</strong> Solaris platforms you can replace the dash by a forward slash (/)<br />
for all options.<br />
v On AIX <strong>and</strong> HP-UX platforms you can replace the dash by a forward slash (/)<br />
for all options except the ? option, where you must use a dash sign.<br />
All options of the form -x=variable may contain spaces in the variable part, if it is<br />
enclosed in double quotes. Double quotes within variables must be entered as \" ,<br />
that is with a backslash preceding the double quote.<br />
cicscli [[-s[=servername]]|[-x[=servername]]|[-i[=servername]]|[-j]|[-y] ]<br />
[-l]<br />
[[-d[=nnn] [-b] [-m[=components]]]|-o]<br />
[-n|-e]<br />
[-c=servername [-u[=userid]] [-p[=password]]]<br />
[-w|-q]<br />
[-v]<br />
[-y|-j]<br />
The options are:<br />
-b Uses memory mapped trace. This improves performance significantly<br />
compared with st<strong>and</strong>ard file I/O, but has implications for security. This<br />
Chapter 11. Operating the Client daemon 137
option is valid only if specified when tracing is switched on, <strong>and</strong> requires<br />
wrapping trace to be enabled. See “Starting client tracing” on page 135 for<br />
more details.<br />
-c=servername<br />
Identifies the name of the server to which security information in the form<br />
of a user ID <strong>and</strong> password is to be associated. Some <strong>CICS</strong> servers require<br />
the user to provide security information to the server before interacting<br />
with the server. The Client daemon prompts the user at the workstation for<br />
a user ID <strong>and</strong> password, unless you provide them by using the -u <strong>and</strong> -p<br />
options.<br />
-d=[nnn]<br />
Starts debug tracing for the Client daemon. If tracing is required while the<br />
Client daemon is starting up, this option may be specified along with the<br />
-s option.<br />
nnn is the maximum size of data areas to be traced in bytes. The range is 1<br />
through 32 767 bytes, <strong>and</strong> the default value is 512 bytes. If you are<br />
producing a trace for your support organization, you are recommended to<br />
set -d to at least 1000 to ensure that all relevant data is included.<br />
The Client daemon writes trace entries to the cicscli.bin file in the<br />
/var/cicscli subdirectory. New trace entries overwrite any existing entries<br />
in the trace file. If required, make a backup copy of the old trace file before<br />
you start tracing.<br />
Use the cicsftrc utility to format the trace file. The resulting file, cicscli.trc,<br />
is an ASCII file that you can read with a text editor. For more information<br />
see “Formatting the binary trace file” on page 164.<br />
-e Enables the display of Client daemon error <strong>and</strong> security messages in<br />
pop-up windows. This option has no effect on <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> operating<br />
systems; pop-up messages are written to the error log.<br />
-i Shuts down the Client daemon immediately. The Client daemon does not<br />
wait for outst<strong>and</strong>ing units of work to complete. Stopping the Client<br />
daemon in this way can result in a loss of data at connected servers. To<br />
stop the Client daemon normally, use the -x option.<br />
-j Shuts down the Client daemon immediately <strong>and</strong> then restarts it.<br />
A restart involves shutting down the Client daemon, waiting for it to shut<br />
down, <strong>and</strong> then starting it again. cicscli -j is equivalent to cicscli -i followed<br />
by cicscli -s. Server connections are not re-established when the Client<br />
daemon is restarted.<br />
The Client daemon does not wait for units of work to complete. This might<br />
result in loss of data. To restart the Client daemon normally, use the -y<br />
option.<br />
-l Displays a list of all connected servers. For each server, the netname of the<br />
server as it is known to the Client daemon is also displayed, as well as the<br />
state of the connection to the server <strong>and</strong> the connection protocol.<br />
-m=[components]<br />
Specifies a comma-separated list of identifiers for components that will be<br />
traced when tracing starts. You can specify any of the following<br />
components:<br />
138 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
ALL All components. Use it if performance allows, <strong>and</strong> consider using
the binary formatting tool to filter information. See “Formatting the<br />
binary trace file” on page 164 for details.<br />
API.1 The client API layer (level 1). This traces the boundary between the<br />
Client application <strong>and</strong> the Client daemon.<br />
API.2 The client API layer (level 1 <strong>and</strong> 2). This gives level 1 plus<br />
additional parameter tracing.<br />
API Synonymous with API.1.<br />
CCL The Client daemon.<br />
CPP The C++ class libraries.<br />
CLI The cicscli comm<strong>and</strong> interface.<br />
DEF The default components, that is the API, CCL, <strong>and</strong> DRV.1<br />
components.<br />
DRV Synonymous with DRV.1.<br />
DRV.1 Protocol driver tracing level 1. This traces data sent <strong>and</strong> received<br />
<strong>and</strong> provides supplementary information about failures.<br />
DRV.2 Protocol driver tracing level 2. This traces internal flows through<br />
the protocol drivers <strong>and</strong> interactions with other software<br />
components. It is currently supported only by the CCLTCP62<br />
protocol driver.<br />
EMU cicsterm <strong>and</strong> cicsprnt emulators.<br />
TRN The TRN component traces the internal interprocess transport<br />
between Client processes. Use it if entries in the Client log refer to<br />
functions such as FaarqGetMsg, FaarqPutMsg, or FaarqStart. TRN<br />
is the most verbose tracing component.<br />
v If you are not sure whether a problem is inside the Client daemon, <strong>and</strong><br />
you want to minimize the impact on performance, specify the DRV.1 <strong>and</strong><br />
API components. You can also specify these components to help to<br />
determine which product is causing the system to lock up.<br />
v Specify the API <strong>and</strong> CCL components if you believe that the problem is<br />
within the Client daemon.<br />
v If you want to diagnose an application error, <strong>and</strong> are not interested in<br />
the Client daemon, specify only the API.2 <strong>and</strong> CPP tracepoints. The trace<br />
contains less information, <strong>and</strong> is easier to underst<strong>and</strong>.<br />
The -m option does not start tracing in the Client daemon; it simply<br />
specifies the components to trace. You cannot use -m while the Client<br />
daemon is not running, so in this case you must specify the -s option as<br />
well. Consider using wrapping trace (-b) for improved performance:<br />
cicscli -m=component_list -b<br />
If you specify -m with no parameters, a list of the possible component<br />
identifiers is displayed, with an ’x’ beside each component that it is<br />
currently enabled for tracing.<br />
You can also specify settings for trace components using the Configuration<br />
Tool (see “Trace settings” on page 79 in the Configuration chapter for<br />
details). Any component tracing specified using cicscli overrides that<br />
specified using the Configuration Tool. If component tracing is not<br />
specified either by the cicscli comm<strong>and</strong> or by using the Configuration Tool,<br />
Chapter 11. Operating the Client daemon 139
a default set of components is traced, namely: DRV.1, CCL, <strong>and</strong> API. Any<br />
component tracing specified using the Configuration Tool overrides the<br />
default set of components.<br />
Note that the cicscli -d=nnn comm<strong>and</strong> is used to set the maximum size of<br />
the data areas to be traced. The trace data might be truncated if you set<br />
nnn lower than the size of data expected.<br />
-n Disables the display of Client daemon error <strong>and</strong> security messages in<br />
pop-up windows. This option has no effect on <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> operating<br />
systems; pop-up messages are written to the error log.<br />
-o Stops tracing if it is already active.<br />
-p=password<br />
Sets the current password to be used when accessing the server specified<br />
by the -c option. This password is used if the server requires a password<br />
(<strong>and</strong> user ID) before running transactions on the client’s behalf.<br />
For ECI applications, any user ID <strong>and</strong> password specified in the ECI<br />
parameter block override values set by the cicscli comm<strong>and</strong>.<br />
Specifying -p or -p= (that is, no password is specified) resets the associated<br />
password to a null value.<br />
-q Disables the display of all messages produced by the cicscli comm<strong>and</strong>.<br />
-s Starts the Client daemon. No attempt is made to initiate communication<br />
with a server unless -s=servername is specified. In this case, the Client<br />
daemon also connects to the server using information specified in the<br />
configuration file. The servername must correspond to an entry in the<br />
configuration file.<br />
-u=userid<br />
Sets the current user ID to be used when accessing the server specified by<br />
the -c option. This user ID is used if the server requires a user ID (<strong>and</strong><br />
password) before running transactions for the Client daemon.<br />
If you do not provide the -p option, you are prompted for the password.<br />
For ECI applications, any user ID <strong>and</strong> password specified in the ECI<br />
parameter block override values set by the cicscli comm<strong>and</strong>.<br />
Specifying -u or -u= (that is, no user ID is specified) resets the associated<br />
user ID to a null value.<br />
-v Displays information about the version <strong>and</strong> build level of the Client<br />
daemon.<br />
-w Prompts the user, before the comm<strong>and</strong> completes, to press the Enter key, to<br />
confirm that information <strong>and</strong> error messages output to the screen have<br />
been read.<br />
-x Shuts down the Client daemon normally. If -x=servername is specified, the<br />
connection to the server is terminated when all outst<strong>and</strong>ing units of work<br />
on the specified server have completed. If other server connections are<br />
active, these remain unchanged.<br />
If -x is specified without a server name, the Client daemon waits for all<br />
outst<strong>and</strong>ing units of work to complete, terminates all connections to<br />
servers, <strong>and</strong> ends the control process. Using -x or -x=servername is the<br />
preferred way of stopping the Client daemon.<br />
-y Restarts the Client daemon normally.<br />
140 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Changing the system time<br />
A restart involves shutting down the Client daemon, waiting for it to shut<br />
down, <strong>and</strong> then starting it up again. cicscli -y is equivalent to cicscli -x<br />
followed by cicscli -s. Server connections are not reestablished when the<br />
Client daemon is restarted.<br />
Using -y is the preferred way of restarting the Client daemon.<br />
-? Causes the comm<strong>and</strong> syntax to be displayed.<br />
Do not change the system time while the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is running.<br />
This can give unpredictable results, <strong>and</strong> is not supported.<br />
Chapter 11. Operating the Client daemon 141
142 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Chapter 12. Terminal Emulation<br />
This information describes how to use the cicsterm <strong>and</strong> cicsprnt programs.<br />
Summary of Terminal Emulation comm<strong>and</strong>s<br />
The cicsterm comm<strong>and</strong><br />
cicsterm<br />
This comm<strong>and</strong> starts a terminal emulation session with particular options.<br />
cicsprnt<br />
This comm<strong>and</strong> starts a printer terminal session with particular options.<br />
The cicsterm comm<strong>and</strong> controls 3270 terminal emulation. You can start emulator<br />
sessions, specify terminal emulator characteristics, <strong>and</strong> the names of the keyboard<br />
mapping <strong>and</strong> color mapping files.<br />
You can have multiple terminal emulation sessions running simultaneously.<br />
The Client daemon does not support 3270 field outlining for the cicsterm<br />
comm<strong>and</strong>.<br />
Window resizing is not supported. If you resize the window in which cicsterm is<br />
running the display becomes distorted.<br />
The <strong>CICS</strong> <strong>Transaction</strong> Server interprets cicsterm as a remote terminal. The<br />
execution diagnostic facilities CEDF <strong>and</strong> CEDX have some restrictions on remote<br />
terminals. Refer to your <strong>CICS</strong> <strong>Transaction</strong> Server documentation for details.<br />
Using cicsterm<br />
The following table shows the functions that you can perform with the cicsterm<br />
comm<strong>and</strong>, <strong>and</strong> the parameters associated with each function:<br />
Function Parameters<br />
Start a 3270 terminal emulator -s <strong>and</strong> -r<br />
Specify the initial transaction -t<br />
Specify the name of the keyboard mapping file -k<br />
Specify the name of the color mapping file -c<br />
Define the 3270 terminal emulator characteristics -n <strong>and</strong> -m<br />
Specify a terminal emulator that is sign-on incapable -a<br />
Determine the print file processing -p<br />
Specify a file to which print files are appended -f<br />
Wait for confirmation before completing -w<br />
Inhibit all output messages -q<br />
Issue a single cicsterm comm<strong>and</strong>, with all the parameters you require, as shown in<br />
the following example:<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 143
cicsterm -s=<strong>CICS</strong>TSW -t=CESN -k=mykeys.ini -c=mycols.ini<br />
-n=cicsv123 -f=clprint.txt -q<br />
In this example:<br />
-s=<strong>CICS</strong>TSW<br />
A 3270 terminal emulator is started for the server <strong>CICS</strong>TSW.<br />
-t=CESN<br />
The initial transaction is CESN.<br />
-k=mykeys.ini<br />
The keyboard mapping file is mykeys.ini.<br />
-c=mycols.ini<br />
The color mapping file is mycols.ini.<br />
-n=cicsv123<br />
The 3270 terminal emulator characteristics are defined by the terminal<br />
definition cicsv123.<br />
-f=clprint.txt<br />
The print file will be appended to the file clprint.txt.<br />
-q The display of messages output by the comm<strong>and</strong> is disabled.<br />
All cicsterm parameters are optional. If you enter the cicsterm comm<strong>and</strong> without<br />
any parameters, defaults are taken from the configuration file. Full details of the<br />
parameters are given in “cicsterm comm<strong>and</strong> reference” on page 145.<br />
Stopping a terminal emulator<br />
To stop a terminal emulator, enter the string specified by the Terminal exit<br />
configuration setting from an empty terminal screen, <strong>and</strong> then press Enter. The<br />
default string is EXIT<br />
cicsterm <strong>and</strong> user exits<br />
You can use cicsterm to drive EPI user exits.<br />
The EPI user exits, <strong>and</strong> how cicsterm can use them, are described in <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>: Programming Guide.<br />
cicsterm <strong>and</strong> RETURN TRANSID IMMEDIATE<br />
When an application running from a cicsterm session issues either of the<br />
comm<strong>and</strong>s:<br />
EXEC <strong>CICS</strong> RETURN TRANSID(name) IMMEDIATE<br />
EXEC <strong>CICS</strong> RETURN TRANSID(name) IMMEDIATE INPUTMESSAGE(data-area)<br />
the transaction named in the TRANSID option starts immediately without any user<br />
input. When the INPUTMESSAGE option is specified, the contents of the data-area<br />
are passed to the new transaction, <strong>and</strong> the screen is not updated with the data-area<br />
contents.<br />
Issuing these EXEC <strong>CICS</strong> comm<strong>and</strong>s from cicsterm does not result in the<br />
StartTranExit or ReplyExit user exits being driven. See <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>:<br />
Programming Guide for more information.<br />
144 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Using clients for X-Window System<br />
There are some known problems with certain clients for X-Window System (such<br />
as Exceed). These include corruption of the text on the title bar of the window that<br />
you are trying to display, for example, with the Configuration Tool. In some cases<br />
the title bar might be missing. The problems are with the client used, not the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>.<br />
There are two ways to solve this problem:<br />
1. Start a window manager before launching the Configuration Tool.<br />
The window manager HWM is shipped with Exceed.<br />
2. Alter the Exceed configuration:<br />
a. Launch Xconfig<br />
b. Select screen definition<br />
c. Set the Window Manger to native<br />
d. Make sure Use Native WM for Embedded Clients is checked<br />
If you use this second way you cannot run any other window manager.<br />
Keyboard mapping in cicsterm<br />
Keyboard mapping in cicsterm is governed by the terminal type that you are<br />
using. Many terminal types do not support all of the function keys that can be<br />
used in a <strong>CICS</strong> application. If cicsterm does not recognize some of the key<br />
mappings defined by the /bin/cicskey.ini file, try using a different<br />
terminal type. For example, on AIX systems use aixterm in preference to xterm.<br />
cicsterm comm<strong>and</strong> reference<br />
The dash (-) may be replaced with the forward slash (/) character as follows:<br />
v On <strong>Linux</strong> <strong>and</strong> Solaris platforms you can replace the dash by a forward slash (/)<br />
for all parameters.<br />
v On AIX <strong>and</strong> HP-UX platforms you can replace the dash by a forward slash (/)<br />
for all parameters except the ? parameter, where you must use a dash sign.<br />
cicsterm [-s[=servername]|-r[=servername]]<br />
[-t=[initialtransid]]<br />
[-k=keyfile]<br />
[-c[=colorfile]]<br />
[-m[=modelname]]<br />
[-a]<br />
[-n=netname]<br />
[-p=printcmd|-f=printfile]<br />
[-q|-w]<br />
[-?]<br />
The options are:<br />
-a Specifies that the terminal emulator is not sign-on capable. By default,<br />
cicsterm creates terminal emulators that are sign-on capable.<br />
For more information on sign-on capability, see <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>:<br />
Programming Guide.<br />
-c=colorfile<br />
Identifies the name of a color mapping file to be used with the emulator;<br />
see “Customizing the screen colors for cicsterm” on page 91 for more<br />
details. If you omit this parameter, the environment variable <strong>CICS</strong>COL is<br />
Chapter 12. Terminal Emulation 145
assumed to identify the color mapping file. If <strong>CICS</strong>COL is not defined, a<br />
file name of cicscol.ini in the /bin subdirectory is assumed.<br />
If the parameter is specified as -c=, that is, the color mapping file name is<br />
omitted, the emulator runs without any color definitions.<br />
-f=printfile<br />
Specifies the name of a file to which the output of print requests is<br />
appended. If you do not specify a full path, printfile is created in the<br />
/bin directory. If the name of the file contains embedded<br />
blanks, it must be surrounded by double quotes (“). Any double quotes<br />
within the name of the file must be entered as backslash double quote (\“).<br />
If neither the -f or -p parameters is specified, the Print comm<strong>and</strong> or Print<br />
file configuration settings define the comm<strong>and</strong>, file, or default action to<br />
take with print requests.<br />
-k=keyfile<br />
Identifies the name of a keyboard mapping file to be used with the<br />
emulator; see “Keyboard mapping for cicsterm” on page 89 for more<br />
details. If this parameter is omitted, the environment variable <strong>CICS</strong>KEY is<br />
assumed to identify the key mapping file. If <strong>CICS</strong>KEY is not defined, a file<br />
name of cicskey.ini in the /bin subdirectory is assumed.<br />
-m=modelname<br />
Specifies the name of a Model terminal definition, as known at the server<br />
to which the emulator is to connect, to be used to define the terminal<br />
characteristics. If neither this parameter nor -n=netname is specified, any<br />
Model terminal definition value from the configuration file is used. If no<br />
Model terminal definition value has been specified in the configuration file,<br />
the server’s default terminal definition is assumed.<br />
If the parameter is specified as -m= (that is, the modelname is omitted),<br />
any Model terminal definition value specified in the configuration file is<br />
ignored, <strong>and</strong> the server’s default terminal definition is assumed.<br />
This option is case-sensitive.<br />
-n=netname<br />
Specifies the name of a particular terminal definition at the server that this<br />
emulator is to be installed as. The precise interpretation of netname varies<br />
between servers.<br />
This option is case-sensitive.<br />
-p=printcmd<br />
Specifies an operating system comm<strong>and</strong> used to process the temporary<br />
print file generated when print requests are received by the terminal<br />
emulator. If the comm<strong>and</strong> contains embedded blanks, enclose it in double<br />
quotes (“). Any double quotes within the comm<strong>and</strong> must be entered as<br />
backslash double quote (\“).<br />
146 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
The temporary print file is post-processed by appending the file name to<br />
the comm<strong>and</strong>, <strong>and</strong> executing the resultant comm<strong>and</strong>. Thus print output<br />
may simply be copied to a local printer, copied into a permanent file,<br />
processed further for inclusion into a document, <strong>and</strong> so on. If the<br />
temporary file is to be processed by a print comm<strong>and</strong>, the comm<strong>and</strong> is<br />
responsible for deleting the temporary file.<br />
If neither the -f or -p parameters is specified, the Print comm<strong>and</strong> or Print<br />
file configuration settings define the comm<strong>and</strong>, file, or default action to<br />
take with print requests.
The cicsprnt comm<strong>and</strong><br />
-q Disables the display of all messages output by the comm<strong>and</strong>.<br />
-s=servername or -r=servername<br />
Specifies the name of the server that the terminal emulator is to be<br />
connected to. This server name must correspond to an entry in the<br />
configuration file.<br />
You can specify -s, or -r, but not both. If neither parameter is specified, the<br />
first server entry in the configuration file is used.<br />
If the parameter is specified as -s or -r (that is, no server name is<br />
provided), <strong>and</strong> the configuration file identifies more than one potential<br />
server to which the Client daemon can connect, the user is prompted to<br />
select from a list of available servers. These prompts are generated even if<br />
messages have been disabled (the -q parameter is specified).<br />
If there is only one potential server identified in the configuration file, that<br />
server is used <strong>and</strong> the user is not prompted.<br />
-t=initialtransid<br />
Identifies the initial transaction to be invoked for this terminal. If this<br />
option is omitted, any initial transaction specified in the configuration file<br />
is run. The string can be up to 128 characters long, specifying both a<br />
transaction name, <strong>and</strong> parameters to be passed to the transaction. The<br />
transaction name is the first four characters or the characters up to the first<br />
blank in the string. The rest of the string is the parameter data.<br />
If the parameter is specified as -t= (that is, the initialtransid is omitted),<br />
any initial transaction specified in the configuration file is ignored.<br />
This option is case-sensitive.<br />
Ensure that transaction that you specify here does not require terminal<br />
input to complete.<br />
-w Prompts the user to press the Enter key, to confirm that messages output to<br />
the screen (both informational <strong>and</strong> error) have been read, before the<br />
comm<strong>and</strong> completes.<br />
-? Causes the parameter syntax to be listed; any other options specified are<br />
ignored.<br />
The cicsprnt comm<strong>and</strong> controls 3270 printer terminal emulation.<br />
An application running on a server can direct output to a printer in one of the<br />
following ways:<br />
v An application running from a terminal can initiate printing by sending a map<br />
or data with the PRINT indicator set.<br />
v A user can start a 3270 Print Terminal Emulator, at a client, using the cicsprnt<br />
comm<strong>and</strong>. A 3270 Print Terminal Emulator must be started for a netname or<br />
model terminal definition predefined in the server’s terminal tables. Output is<br />
directed to such a device by starting a transaction against the printer device.<br />
v At client workstations you can use the PrintScreen key, as defined by the<br />
keyboard mapping file. However, any lines that contain only null characters are<br />
not printed. For a ‘blank’ line to be printed, it must contain at least one space<br />
character.<br />
Chapter 12. Terminal Emulation 147
|<br />
Using cicsprnt<br />
The following table shows the functions that you can perform with the cicsprnt<br />
comm<strong>and</strong>, <strong>and</strong> the parameters associated with each function:<br />
Function Parameters<br />
Start a 3270 print terminal emulator. -s <strong>and</strong> -r<br />
Specify the initial transaction. -t<br />
Define the 3270 printer terminal emulator characteristics. -n <strong>and</strong> -m<br />
Determine the print file processing. -p<br />
Specify a file to which print files are appended. The default location is<br />
/bin.<br />
Wait for confirmation before completing. -w<br />
Inhibit all output messages. -q<br />
Issue one print job per transaction. -j<br />
Display help -?<br />
Issue the cicsprnt comm<strong>and</strong> once with all the parameters you require, as shown in<br />
this example:<br />
cicsprnt -s=<strong>CICS</strong>TSW -n=P123 -t=XPRT -f=clprint.txt -q<br />
In this example:<br />
-s=<strong>CICS</strong>TSW<br />
A 3270 print terminal emulator is started for the server <strong>CICS</strong>TSW.<br />
-n=P123<br />
The 3270 print terminal emulator characteristics are defined by the terminal<br />
definition P123<br />
-t=XPRT<br />
The initial transaction is XPRT.<br />
-f=clprint.txt<br />
The print file to which print requests are appended is clprint.txt, in the<br />
default location (/bin).<br />
-q The display of messages output by the comm<strong>and</strong> is disabled.<br />
You must specify at least one of these parameters:<br />
-n=netname<br />
-m=modelname<br />
All other parameters are optional, <strong>and</strong> defaults are taken from the configuration<br />
file. Full details of the parameters are given in “cicsprnt comm<strong>and</strong> reference” on<br />
page 149.<br />
If the system running the Client daemon supports DBCS, it is assumed that the<br />
printer attached to the processor also supports DBCS. Conversely, if the system<br />
does not support DBCS, the Client daemon will not send DBCS data to the printer.<br />
cicsprnt <strong>and</strong> user exits<br />
You can use cicsprnt to drive EPI user exits.<br />
148 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
-f
The EPI user exits, <strong>and</strong> how cicsprnt can use them, are described in <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>: Programming Guide.<br />
cicsprnt <strong>and</strong> RETURN TRANSID IMMEDIATE<br />
Unlike cicsterm, cicsprnt does not support these comm<strong>and</strong>s:<br />
cicsprnt comm<strong>and</strong> reference<br />
EXEC <strong>CICS</strong> RETURN TRANSID(name) IMMEDIATE<br />
EXEC <strong>CICS</strong> RETURN TRANSID(name) IMMEDIATE INPUTMESSAGE(data-area)<br />
For more information, refer to “cicsterm <strong>and</strong> RETURN TRANSID IMMEDIATE” on<br />
page 144.<br />
The dash (-) may be replaced with the forward slash (/) character as follows:<br />
v On <strong>Linux</strong> <strong>and</strong> Solaris platforms you can replace the dash by a forward slash (/)<br />
for all parameters.<br />
v On AIX <strong>and</strong> HP-UX platforms you can replace the dash by a forward slash (/)<br />
for all parameters except the ? parameter, where you must use a dash sign.<br />
cicsprnt -m=modelname|-n=netname<br />
[-s[=servername]|-r[=servername]]<br />
[-t=[initialtransid]]<br />
[-p=printcmd|-f=printfile]<br />
[-q|-w]<br />
[-j]<br />
[-?]<br />
The options are:<br />
-f=printfile<br />
Specifies the name of a file to which the output of print requests is<br />
appended. If you do not specify a full path, printfile is created in the<br />
/bin directory. If the name of the file contains embedded<br />
blanks, it must be surrounded by double quotes (“). Any double quotes<br />
within the name of the file must be entered as backslash double quote (\“).<br />
If neither of the -f or -p parameters is provided, the Print comm<strong>and</strong> or<br />
Print file setting in the configuration file defines the comm<strong>and</strong>, file, or<br />
default action to take with print requests.<br />
-j Specifies that cicsprnt should concatenate all EXEC <strong>CICS</strong> SEND PRINT<br />
comm<strong>and</strong>s issued on a server transaction into a single print job. This print<br />
job is issued when the transaction terminates. Otherwise cicsprnt will<br />
generate a separate print job for every EXEC <strong>CICS</strong> SEND PRINT comm<strong>and</strong><br />
issued for a server transaction.<br />
-m=modelname<br />
Specifies the name of a model terminal definition, as known at the server<br />
to which the 3270 Print Terminal emulator is to connect, to be used to<br />
define the terminal characteristics. If this parameter is not specified, any<br />
Model terminal definition value from the configuration file is used. If no<br />
Model terminal definition value has been specified in the configuration file,<br />
the server’s default terminal definition is assumed.<br />
You must specify either the -m or the -n option, or both.<br />
This option is case-sensitive<br />
-n=netname<br />
Specifies the name of a particular terminal definition at the server that this<br />
Chapter 12. Terminal Emulation 149
3270 Print Terminal emulator is to be installed as. The precise<br />
interpretation of netname varies between servers. For example, on TXSeries<br />
for AIX it is a netname.<br />
You must specify either the -m or the -n option, or both.<br />
This option is case-sensitive.<br />
-p=printcmd<br />
Specifies a comm<strong>and</strong> used to process the temporary print file generated<br />
when print requests are received by the terminal emulator.<br />
If the comm<strong>and</strong> contains embedded blanks, the comm<strong>and</strong> must be<br />
surrounded by double quotes (“). Any double quotes within the comm<strong>and</strong><br />
must be entered as backslash double quote (\“).<br />
If neither of the -f or -p parameters is specified, the Print comm<strong>and</strong> or<br />
Print file setting in the configuration file defines the comm<strong>and</strong>, file, or<br />
default action to take with print requests.<br />
The temporary print file is post-processed by appending the file name to<br />
the comm<strong>and</strong>, <strong>and</strong> executing the resultant comm<strong>and</strong>. Thus print output<br />
may simply be copied to a local printer, copied into a permanent file,<br />
processed further for inclusion into a document, <strong>and</strong> so on. If the<br />
temporary file is to be processed by a print comm<strong>and</strong>, the comm<strong>and</strong> is<br />
responsible for deleting the temporary file.<br />
-q Disables the display of all messages output by the comm<strong>and</strong>.<br />
-s=servername or -r=servername<br />
Specifies the name of the server that the printer is to be connected to. This<br />
servername must correspond to an entry in the configuration file. You can<br />
specify -s, or -r, but not both.<br />
If neither parameter is specified, the first server entry in the configuration<br />
file is used.<br />
If the parameter is specified as -s or -r (that is, no servername is provided)<br />
then, if the configuration file identifies more than one potential server to<br />
which the Client daemon can connect, the user is prompted to select from<br />
a list of available servers. These prompts are generated even if the -q<br />
parameter is specified.<br />
If there is only one potential server identified in the configuration file that<br />
server is used <strong>and</strong> the user is not prompted.<br />
-t=initialtransid<br />
Identifies the initial transaction to be invoked for this printer. If this option<br />
is omitted, any initial transaction specified in the configuration file is run.<br />
The string may be up to 128 characters long, specifying both a transaction<br />
name, <strong>and</strong> parameters to be passed to the transaction. The transaction<br />
name is the first four characters or the characters up to the first blank in<br />
the string. The rest of the string is the parameter data.<br />
If the parameter is specified as -t= (that is, the initialtransid is omitted),<br />
any initial transaction specified in the configuration file is ignored.<br />
Note: Be careful that transactions that you specify either here or in the<br />
configuration file do not require terminal input to complete.<br />
This option is case-sensitive.<br />
150 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
-w Prompts the user, before the comm<strong>and</strong> completes, to press the Enter key, to<br />
confirm that messages output to the screen (both informational <strong>and</strong> error)<br />
have been read.<br />
-? Causes the parameter syntax to be listed; any other options specified are<br />
ignored.<br />
Chapter 12. Terminal Emulation 151
152 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
Chapter 13. Problem determination <strong>and</strong> problem solving<br />
Most problems in a <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> system are caused by one of the<br />
following:<br />
v User errors<br />
v Programming errors<br />
v Configuration errors<br />
Problem determination: preliminary checks<br />
Before investigating a problem, check whether there is an obvious cause:<br />
v Has the system run successfully before now?<br />
v Have you made any changes to the configuration of the system or added new<br />
features or programs?<br />
v Is your CLASSPATH environment variable set correctly?<br />
The CLASSPATH is displayed at the top of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> trace<br />
output.<br />
v Is the environment configured correctly?<br />
v Can the Client daemon connect to the <strong>CICS</strong> server?<br />
Use the comm<strong>and</strong>:<br />
cicscli -s=servername<br />
followed by the comm<strong>and</strong>:<br />
cicscli -l<br />
If the connection is good, this comm<strong>and</strong> returns the name of the server that you<br />
specified in servername.<br />
v Are there any messages explaining the failure?<br />
v Are there any Java exceptions?<br />
v Does the problem occur only at certain times?<br />
v Can you re-create the failure?<br />
v Do any of the available statistics help to explain the failure?<br />
Related concepts<br />
Chapter 15, “Statistics introduction,” on page 185<br />
This information introduces the statistics that are available from the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>.<br />
Related information<br />
“Configure your programming environment” on page 49<br />
For information on setting CLASSPATH<br />
“Starting the <strong>Gateway</strong> daemon with user-specified options” on page 123<br />
For information on starting the <strong>Gateway</strong> daemon with tracing enabled.<br />
“Messages” on page 155<br />
“Java exceptions” on page 159<br />
“java.lang.OutOfMemory exception” on page 159<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 153
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
What to do next<br />
If you think the problem is with the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, see “Diagnosing<br />
common problems: <strong>Gateway</strong> daemon” on page 157, or “Diagnosing common<br />
problems: Client daemon” on page 168 as appropriate. Here you will find<br />
information on diagnosing common configuration <strong>and</strong> other errors, as well as<br />
advice on the documentation you need to collect in specific situations.<br />
See “Program support” on page 177 for information on how to contact <strong>IBM</strong>. See<br />
“Documenting problems” on page 178 for the information that you will be asked<br />
to provide.<br />
If you think the problem is in another product, follow the problem determination<br />
procedures provided with that product. For <strong>CICS</strong> servers, see the <strong>CICS</strong> Problem<br />
Determination Guide.<br />
Problems installing the product<br />
This information describes problems that you might meet when installing or<br />
uninstalling the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
A message indicates that the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is<br />
running<br />
You might see this message when migrating from an earlier version, or when<br />
installing the product. Check the following components, <strong>and</strong> stop them as<br />
necessary:<br />
<strong>Gateway</strong> daemon<br />
This can be seen in the process list as a Java process running the CTGLaunch<br />
class. See “Stopping the <strong>Gateway</strong> daemon” on page 125.<br />
Client daemon<br />
This can be seen in the process list as cclclnt. See “The cicscli comm<strong>and</strong>” on<br />
page 133 for information on stopping the Client daemon.<br />
Configuration Tool<br />
Close the Configuration Tool.<br />
Installation fails with a ServiceException message<br />
Symptoms<br />
The following message is seen during installation:<br />
>WARNING: could not write using log service: ServiceException:<br />
(error code = 200; message = "/tmp/cicstgInstall.log<br />
(Permission denied)";<br />
severity = 0; exception = >[java.io.FileNotFoundException:<br />
/tmp/cicstgInstall.log (Permission denied)])<br />
Cause A log file from a previous installation of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
was created by the root user ID. The current installation is being attempted<br />
by a non-root user ID that cannot update the log file; this causes the<br />
installation to fail.<br />
Solution<br />
Only root can install the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>. Change to the root<br />
user ID <strong>and</strong> rerun the installation.<br />
154 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Silent installation fails<br />
If a silent installation does not work correctly, it might not send an error to the<br />
console that produced the problem. Appending -is:log to the<br />
installer comm<strong>and</strong> causes details of any errors to be output to a file. For example,<br />
to install silently using response file responseFile, <strong>and</strong> log errors to logFile, enter<br />
the following comm<strong>and</strong>:<br />
installer -options "responseFile" -silent -is:log logFile.txt<br />
Problems with the <strong>Gateway</strong> daemon<br />
Messages<br />
The <strong>Gateway</strong> daemon writes log messages to st<strong>and</strong>ard output (stdout) or to<br />
st<strong>and</strong>ard error (stderr). If <strong>Gateway</strong> daemon tracing is enabled, it also writes log<br />
messages to the trace output file.<br />
Messages have the format:<br />
CTGnnnnt: <br />
where nnnn is a number, <strong>and</strong> t is one of:<br />
I for information messages, written to st<strong>and</strong>ard output<br />
E for error messages, written to st<strong>and</strong>ard error<br />
W for warning messages, written to st<strong>and</strong>ard error<br />
To redirect all <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> messages to st<strong>and</strong>ard error, <strong>and</strong> send<br />
st<strong>and</strong>ard error to a file called outputfile, use a comm<strong>and</strong> like the following:<br />
ctgstart 2>outputfile >&2<br />
Refer to the documentation for your operating system for more information on<br />
redirecting output.<br />
See <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Messages for an explanation of all <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> error <strong>and</strong> warning messages.<br />
Tracing<br />
There are three main levels of <strong>Gateway</strong> daemon <strong>and</strong> application tracing:<br />
Stack tracing<br />
Trace entries are written only when a Java exception occurs. They can help<br />
to determine the source of the exception. Use this when it is important to<br />
maintain performance. See Figure 24 on page 156.<br />
St<strong>and</strong>ard tracing<br />
Java exceptions <strong>and</strong> the main <strong>Gateway</strong> daemon functions <strong>and</strong> events are<br />
traced. By default, the <strong>Gateway</strong> daemon displays only the first 128 bytes of<br />
any data blocks (for example the COMMAREA, or network flows) in the<br />
trace.<br />
Debug tracing<br />
Java exceptions <strong>and</strong> the main <strong>Gateway</strong> daemon functions <strong>and</strong> events are<br />
traced in greater detail than with stack or st<strong>and</strong>ard tracing. By default, the<br />
<strong>Gateway</strong> daemon fully outputs any data blocks in the trace. Use this only<br />
when performance is not important or if st<strong>and</strong>ard tracing did not give<br />
enough information to solve the problem.<br />
Chapter 13. Problem determination <strong>and</strong> problem solving 155
10:38:12:262: main:S-C: java.io.IOException<br />
10:38:12:263: main:S-C: at com.ibm.gskssl.SSLSocketImpl.socketCreate(Native Method)<br />
10:38:12:264: main:S-C: at com.ibm.gskssl.SSLSocketImpl.create(SSLSocketImpl.java:133)<br />
10:38:12:265: main:S-C: at com.ibm.gskssl.SSLServerSocket.(SSLServerSocket.java:109)<br />
10:38:12:265: main:S-C: at com.ibm.gskssl.SSLServerSocket.(SSLServerSocket.java:73)<br />
10:38:12:266: main:S-C: at com.ibm.ctg.server.GskSslH<strong>and</strong>ler.initialize(GskSslH<strong>and</strong>ler.java:487)<br />
10:38:12:266: main:S-C: at com.ibm.ctg.server.JGate.main(JGate.java:941)<br />
Figure 24. Sample Java stack trace.<br />
<strong>Gateway</strong> daemon tracing<br />
You can start tracing in the <strong>Gateway</strong> daemon process, or in the user application<br />
that makes calls to the <strong>Gateway</strong> daemon (see“Tracing Java Client applications” for<br />
more information). The following explains how to start tracing in the <strong>Gateway</strong><br />
daemon process.<br />
Use options on the ctgstart comm<strong>and</strong> to enable <strong>and</strong> control tracing in the <strong>Gateway</strong><br />
daemon. For example, to enable the st<strong>and</strong>ard trace, use this comm<strong>and</strong> when<br />
starting the <strong>Gateway</strong> daemon:<br />
ctgstart -trace<br />
To enable the debug trace, use this comm<strong>and</strong>:<br />
ctgstart -x<br />
You can use the Configuration Tool to define a default destination for trace output.<br />
Otherwise, trace output is written to stderr. You can override the default<br />
destination for trace output by using the ctgstart -tfile option. For example, the<br />
comm<strong>and</strong>:<br />
ctgstart -x -tfile pathname<br />
starts the <strong>Gateway</strong> daemon with debug tracing enabled <strong>and</strong> writes the trace output<br />
to the file specified by pathname.<br />
For more information on starting the <strong>Gateway</strong> daemon with trace options, see<br />
“Starting the <strong>Gateway</strong> daemon” on page 123.<br />
For more information on performance considerations, see Chapter 8,<br />
“Performance,” on page 113.<br />
Performance considerations: Tracing, especially debug tracing, decreases<br />
performance. The following changes were made in <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
version 4.0 to reduce the effect of tracing on performance:<br />
v Trace output is not written to stderr if you used the -tfile option to specify a<br />
trace output file.<br />
v Only the first line of any data block in the trace output is time-stamped.<br />
v The -truncationsize <strong>and</strong> -dumpoffset options allow you to limit the size of any<br />
data blocks that are written in the trace.<br />
v The -tfilesize option allows you to limit the size of the trace output file.<br />
Tracing Java Client applications<br />
You can enable tracing in the application in two ways. Either use a Java directive<br />
when you start the JVM, or add calls to the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> tracing API.<br />
Use the -D option on the java comm<strong>and</strong> to specify Java directives. The tracing API<br />
156 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
comprises several static methods in the T class of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
See ″Tracing in Java client programs″ in the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming<br />
Guide book for further information.<br />
JNI tracing<br />
Use one of the following methods to enable JNI trace:<br />
v Set the following environment variables before you start the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong>:<br />
CTG_JNI_TRACE<br />
Use this environment variable to set the name of the JNI trace file. This<br />
environment variable only defines the name of the JNI trace file; it does not<br />
enable trace. JNI trace is output as plain text, <strong>and</strong> there is no requirement to<br />
use a particular extension for the file name.<br />
CTG_JNI_TRACE_ON<br />
Set this environment variable to YES (case-insensitive) to enable JNI trace<br />
when the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is started.<br />
v While the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is running, use the system administration<br />
functions. See “Administering your system” on page 126 for details of how to<br />
enable JNI trace dynamically.<br />
If the previous methods are not suitable, use one of the following methods:<br />
v For Java Client applications running in local mode, use Java to launch your<br />
application <strong>and</strong> set the system property gateway.T.setJNITFile, as shown in the<br />
following example:<br />
java -Dgateway.T.setJNITFile=filename application<br />
where<br />
– filename is the name of the file to which trace output is to be sent<br />
– application is the application to launch<br />
v When you start the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, issue the comm<strong>and</strong><br />
ctgstart -j-Dgateway.T.setJNITFile=filename<br />
where filename is the name of the file to which trace output is to be sent. If you<br />
do not specify a full path to the file, the location is /bin.<br />
You cannot enable JNI trace through the Configuration Tool.<br />
J2EE Tracing<br />
Refer to “Tracing” on page 87 for information on using the tracing function<br />
provided with the ECI <strong>and</strong> EPI resource adapters.<br />
Diagnosing common problems: <strong>Gateway</strong> daemon<br />
Problems starting the <strong>Gateway</strong> daemon<br />
<strong>Gateway</strong> daemon fails to start with Unrecognized option:<br />
-Xjni:arrayCacheMax=32768 message<br />
This message indicates that an unsupported level of Java is being used. See<br />
“Supported software” on page 19 for details of supported levels.<br />
Code page problems<br />
A <strong>Gateway</strong> daemon trace shows the code page in which the JVM is running. It is<br />
displayed in the System Properties section at the top of the trace. Refer to<br />
Chapter 13. Problem determination <strong>and</strong> problem solving 157
Appendix A, “Data conversion when using the Client daemon <strong>and</strong> a <strong>CICS</strong> server,”<br />
on page 193 for information on finding the code page that the Client has sent to<br />
the server.<br />
If a process locks<br />
To determine where the lock is happening, enable tracing in the application, in the<br />
<strong>Gateway</strong> daemon, <strong>and</strong> in the Client daemon. See “Tracing” on page 155 for<br />
information on tracing the <strong>Gateway</strong> daemon <strong>and</strong> the application. See “Tracing” on<br />
page 162 for information on tracing the Client daemon, <strong>and</strong> “Diagnosing common<br />
problems: Client daemon” on page 168 for information on how to determine<br />
whether the lock is in the Client daemon or the server. If the lock is in the<br />
<strong>Gateway</strong> daemon, contact your <strong>IBM</strong> support organization <strong>and</strong> provide them with<br />
the <strong>Gateway</strong> daemon trace.<br />
See “The Client daemon stops responding” on page 171, for information on what<br />
to do if the Client daemon is not responding.<br />
AIX: On some Java Virtual Machine (JVM)s you can force Java to write a stack<br />
dump showing the states of the current threads. For example, on <strong>IBM</strong> Java SDK<br />
you can send a SIGQUIT (-3) signal to a Java process to make it write a stack<br />
dump to stderr. This shows the states of the current threads. Do not do this on a<br />
working production system but only on a system which is completely locked.<br />
<strong>Linux</strong>: The <strong>Linux</strong> threading model uses a separate process for each thread. When<br />
a terminal-based application is sent a terminal interrupt signal, for example when a<br />
user types CTRL+C, each process receives this signal. This means that each thread<br />
tries to stop at the same time. Sometimes the <strong>Linux</strong> threading model cannot h<strong>and</strong>le<br />
this, <strong>and</strong> one or more threads, or processes, hangs.<br />
To remove them, issue the comm<strong>and</strong><br />
kill -9 <br />
where is the ID of the process that has hung.<br />
SSL problems<br />
In general: Enable stack tracing in the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>. This will show<br />
you what was happening when the exception occurred. It will also give you<br />
information about the configuration, such as the value of the CLASSPATH<br />
environment variable. If this does not give you enough information to diagnose the<br />
problem, obtain a st<strong>and</strong>ard trace <strong>and</strong> contact your <strong>IBM</strong> support organization.<br />
JSSE:<br />
Application receives an ″access denied″ exception: A message like the following is<br />
received by the application:<br />
java.io.IOException: CTG6651E: Unable to connect to the <strong>Gateway</strong>.<br />
[address = killerb2b, port = 8050]<br />
[java.security.AccessControlException: access denied<br />
(java.io.FilePermission \jssekeys\testclient.jks read)]<br />
This happens if your application does not have permission to read from the file<br />
system containing the keystore. See Using ECI, EPI, <strong>and</strong> ESI with a Java 2 Security<br />
Manager, in <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming Guide, for more information.<br />
158 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Java exceptions<br />
If the application or the <strong>Gateway</strong> daemon does not h<strong>and</strong>le an exception, then the<br />
Java Virtual Machine (JVM) will write a Java stack dump. The destination for the<br />
dump output depends on your JVM implementation; check your Java<br />
documentation for more information.<br />
Disable the Just-In-Time (JIT) compiler to increase the information written to the<br />
Java stack dump. This information might include the line of Java source code<br />
where the exception happened. How you disable the JIT compiler depends on your<br />
JVM implementation; check your Java documentation for more information.<br />
Figure 25 shows a sample Java stack dump taken with the JIT compiler disabled.<br />
Exception in thread "main" java.lang.OutOfMemoryError<br />
at java.lang.Thread.start(Native Method)<br />
at com.ibm.ctg.server.ThreadManager.createObject(ThreadManager.java:345)<br />
at com.ibm.ctg.server.ThreadManager.(ThreadManager.java:131)<br />
at com.ibm.ctg.server.ManagedResources.(ManagedResources.java:106)<br />
at com.ibm.ctg.server.JGate.main(JGate.java:895)<br />
Figure 25. Sample Java stack dump<br />
If the <strong>Gateway</strong> daemon h<strong>and</strong>les an exception, a Java stack dump is written only if<br />
tracing is enabled. Try to re-create the problem with tracing enabled. This should<br />
help to show you what was happening before the exception occurred. See<br />
“Tracing” on page 155 for more information on tracing.<br />
Using a browser <strong>and</strong> <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> on the same workstation: If<br />
you intend to use a browser <strong>and</strong> <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> on the same<br />
workstation, remove ctgclient.jar <strong>and</strong> ctgserver.jar from the CLASSPATH setting. If<br />
you do not remove them, you are likely to receive the following error when<br />
running applications:<br />
ERROR: java.io.IOException:<br />
CTG6664E: Unable to load relevant class to support the tcp protocol<br />
The reason for the error is that Java searches the CLASSPATH environment<br />
variable before downloading classes across the network. If the required class is<br />
local, Java attempts to use it. However, using class files from the local file system<br />
breaks Java application security rules; therefore an exception is raised.<br />
Java security exceptions<br />
A message like the following is issued when using the ECI or EPI interfaces in a<br />
Java 2 Security Manager environment:<br />
java.security.AccessControlException: access denied<br />
(java.util.PropertyPermission * read,write)<br />
This might mean that your application program is trying to perform a task that is<br />
protected by the Security Manager. Refer to ″Using ECI <strong>and</strong> EPI with a Java 2<br />
Security Manager″, in <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming Guide, for information<br />
on security permissions required by programs running in this environment.<br />
java.lang.OutOfMemory exception<br />
If this happens after the <strong>Gateway</strong> daemon has been running for a long time, then it<br />
could be caused by a memory leak. If it happens only when the <strong>Gateway</strong> daemon<br />
is heavily loaded, then there might be too many threads active for the available<br />
Java Virtual Machine (JVM) memory.<br />
Chapter 13. Problem determination <strong>and</strong> problem solving 159
On z/OS, <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> operating systems the amount of memory available to<br />
each process might be limited. See your operating system documentation for more<br />
information.<br />
Memory leak: Run a memory usage monitor against the <strong>Gateway</strong> daemon<br />
process. If there is a memory leak, the amount of memory used by the <strong>Gateway</strong><br />
daemon increases over time. Make sure that all user applications that connect to<br />
the <strong>Gateway</strong> daemon close the Java<strong>Gateway</strong>() connection object when they have<br />
finished using it. If this does not resolve the problem, run the <strong>Gateway</strong> daemon<br />
debug trace <strong>and</strong> contact your <strong>IBM</strong> support organization. You can use the ctgstart<br />
-tfilesize option to limit the size of the trace output file. You can also use the<br />
ctgstart -truncationsize option to reduce to zero the size of any data blocks that<br />
will be displayed in the trace. This will reduce the effect on performance.<br />
Threading considerations: You can estimate the amount of virtual memory that is<br />
required by the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> as follows. Add together:<br />
v the number of Connection Manager threads<br />
v the number of Worker threads<br />
v the number of different protocol h<strong>and</strong>lers defined <strong>and</strong> in use<br />
Then multiply this total by the size of the Java stack <strong>and</strong> native stack allocated to<br />
each thread by the JVM. Next, add to this value the maximum heap size defined<br />
for the JVM <strong>and</strong> the memory footprint required by the <strong>Gateway</strong> daemon. The<br />
memory footprint can be assumed to be approximately 50MB.<br />
You can set the maximum number of Connection Manager threads <strong>and</strong> Worker<br />
threads in the configuration of your <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>. See “<strong>Gateway</strong><br />
daemon settings” on page 53 for more information.<br />
The way that Java allocates memory depends on your JVM implementation. Most<br />
JVMs allow you to do the following:<br />
v Set the maximum amount of heap memory available to the JVM by using the<br />
-Xmx option. The default heap size specified by the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is<br />
128MB.<br />
v Set the amount of memory that Java allocates to each thread by using the -Xmso<br />
<strong>and</strong> -Xss options. The maximum size of the Java stack <strong>and</strong> the native stack is the<br />
sum of these two values. When using the <strong>IBM</strong> Runtime Environment, Java 2<br />
Technology Edition, Version 5, the default values for the -Xmso <strong>and</strong> -Xss options<br />
are 256KB, on most platforms. You should not change the Java stack <strong>and</strong> native<br />
stack sizes from their default values.<br />
For more information on thread limits see “The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
threading model” on page 113. For more information on Java memory allocation<br />
<strong>and</strong> JVM stack sizes, refer to the <strong>IBM</strong> Developer Kit <strong>and</strong> Runtime Environment,<br />
Java 2 Technology Edition, Version 5 Diagnostics Guide.<br />
Related tasks<br />
“Displaying statistics” on page 187<br />
Use ctgadmin to display statistical information about the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong>.<br />
Related reference<br />
“List of statistics” on page 189<br />
This information describes the statistics that are available from the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>.<br />
160 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
JVM <strong>and</strong> system dumps<br />
JVM <strong>and</strong> system dumps provide detailed information about the internal status of<br />
an <strong>IBM</strong> JVM, <strong>and</strong> the configuration of a running <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
JVM dumps provide a snapshot of a running system. System dumps provide<br />
information about the configuration or status of the system.<br />
Related reference<br />
“Dump options” on page 130<br />
Dump options are available for use with the ctgadmin -a dump comm<strong>and</strong>.<br />
Problems shutting down the <strong>Gateway</strong> daemon<br />
A normal shutdown has two stages:<br />
1. Initiating shutdown. In this stage the <strong>Gateway</strong> daemon waits until one of the<br />
following conditions is met:<br />
v All work has finished.<br />
v All Java Client applications are disconnected from the <strong>Gateway</strong> daemon.<br />
2. Completing shutdown. The <strong>Gateway</strong> daemon stops.<br />
New work is not allowed to start, <strong>and</strong> Java Client applications may not connect to<br />
the <strong>Gateway</strong> daemon during a normal shutdown.<br />
The following requests are accepted during stage 1 of a normal shutdown:<br />
API Activity<br />
ECI A Java Client application tries to flow an ECI request (SYNC or ASYNC)<br />
which continues a logical unit of work.<br />
ECI A Java Client application tries to flow an ECI Request (SYNC or ASYNC)<br />
which commits or backs out a logical unit of work.<br />
ECI A Java Client application tries to get a reply or wait for a reply.<br />
EPI A Java Client application tries to flow a reply to a conversational transaction.<br />
EPI A Java Client application tries to flow a request to disconnect or purge a<br />
terminal.<br />
EPI A Java Client application tries to flow a request to get event.<br />
All other requests, or attempts to open a new connection are rejected, <strong>and</strong> an<br />
IOException is thrown.<br />
Determining what might have blocked a normal shutdown: The following API<br />
calls do not stop a normal shutdown:<br />
API Description<br />
ECI Call type is ECI_GET_REPLY_WAIT<br />
ECI Call type is ECI_GET_SPECIFIC_REPLY_WAIT<br />
EPI Call type is EPI_GET_EVENT <strong>and</strong> waitState is EPI_WAIT (eg<br />
EPIRequest.getEvent call with 2nd parameter set to EPI_WAIT will setup<br />
the request object to wait for events.)<br />
Any other ECI or EPI call that is waiting to finish will prevent the <strong>Gateway</strong><br />
daemon from quiescing.<br />
Chapter 13. Problem determination <strong>and</strong> problem solving 161
Problems with the Client daemon<br />
Messages<br />
There are two types of message in the Client daemon:<br />
1. Messages displayed to the user<br />
2. Errors written to the Client daemon error log <strong>and</strong> trace file<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Messages book explains all error <strong>and</strong> warning<br />
messages.<br />
Error log messages<br />
Any errors on the client workstation that are not caused by incorrect use of the<br />
API are written to the Client daemon error log.<br />
The log file is named in the configuration file. The default name is cicscli.log. The<br />
log file is written to the /var/cicscli directory.<br />
Help information for all messages is provided in two ASCII text files in the<br />
/bin subdirectory. You can view these using any st<strong>and</strong>ard text editor:<br />
cclmsg.hlp<br />
Help for the end user messages, in the language you chose at installation<br />
time.<br />
ccllog.hlp<br />
Help for the trace <strong>and</strong> log messages. This is provided in English only.<br />
Errors resulting from incorrect use of the APIs simply result in error return codes<br />
to the application. It is the responsibility of the application to notify the end user<br />
of the error <strong>and</strong> provide guidance on corrective actions.<br />
Messages from the Client daemon process<br />
Pop-up messages are not displayed on <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> systems; they are written<br />
to the error log instead.<br />
Tracing<br />
Client daemon tracing is a useful problem determination tool for communication<br />
problems. You can use the trace functions to collect detailed information on the<br />
execution of a certain function or transaction. A trace can show how the execution<br />
of a particular activity is affected by, for example, the execution of other tasks in a<br />
<strong>CICS</strong> system. Each trace entry has a time stamp, which provides information on<br />
the time taken to perform certain activities.<br />
To learn how to turn tracing on, see “Starting client tracing” on page 135.<br />
For information on specifying the components of the Client daemon to be traced,<br />
see the cicscli -m comm<strong>and</strong>.<br />
The output from the trace function is a binary trace file called, by default,<br />
cicscli.bin in the /var/cicscli subdirectory. You can specify a different name for this<br />
file, using the Configuration Tool. However, you cannot change the .BIN extension.<br />
Using the Client trace file wrap size (KB) configuration setting, you can specify<br />
that the binary trace file should wrap into a second trace file, <strong>and</strong> you can also<br />
specify the maximum size of these files.<br />
162 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
To read the trace, run the cicsftrc utility to convert the binary file or files into a text<br />
file. This text file is called cicscli.trc by default. The default trace files are:<br />
cicscli.bin<br />
The binary trace file produced by running the Client daemon trace.<br />
cicscli.wrp<br />
The second binary trace file if wrapping of client trace is enabled.<br />
cicscli.trc<br />
The name of the text trace file produced when the binary trace file is<br />
converted to a text file using the cicsftrc utility.<br />
cicscli.bak<br />
The backup file of the binary trace file. A backup file is produced from any<br />
existing .BIN file when you turn tracing on.<br />
cicscli.bbk<br />
The backup of the first binary trace file if memory mapped tracing is<br />
enabled.<br />
cicscli.wbkn<br />
The backup of subsequent binary trace files, if memory mapped tracing is<br />
enabled, where n is the number of the original .WRP file.<br />
See “Formatting the binary trace file” on page 164 for information on the trace<br />
conversion utility.<br />
Wrapping the Client daemon trace<br />
You can control the size of the binary trace file by specifying that it wraps into a<br />
second trace file. Use the Client trace file wrap size (KB) configuration setting to<br />
turn on wrapping trace; specify the maximum size of the wrapping trace (in<br />
kilobytes). If this value is 0 (the default), wrapping trace is not turned on.<br />
When wrapping trace is turned on with st<strong>and</strong>ard I/O tracing, two files (called<br />
cicscli.bin <strong>and</strong> cicscli.wrp) are used. Each file can be up to half the size of the<br />
Client trace file wrap size (KB) value.<br />
Memory mapped tracing<br />
If you enable wrapping trace, you can use the -b switch when you issue the<br />
cicscli comm<strong>and</strong> to turn tracing on. This specifies that memory mapped trace<br />
files should be used.<br />
With memory mapped tracing, the operating system’s paging mechanism is used<br />
to swap data between memory <strong>and</strong> the trace file. This improves performance<br />
significantly when compared to st<strong>and</strong>ard file I/O, because the trace file is opened<br />
<strong>and</strong> written to less frequently. Because the operating system is responsible for<br />
flushing data to disk, data is not normally lost if an application terminates<br />
unexpectedly. However, if the operating system itself fails, data can be lost, <strong>and</strong> the<br />
trace file can be corrupted. If you are diagnosing problems where the server fails<br />
<strong>and</strong> needs to be restarted, use st<strong>and</strong>ard I/O tracing instead of memory mapped<br />
tracing.<br />
If you use memory mapped tracing, the size of the trace files is limited to 10 MB,<br />
<strong>and</strong> in addition to cicscli.bin <strong>and</strong> cicscli.wrp, you might see a series of files of the<br />
form cicscli.wrp1, cicscli.wrp2...cicscli.wrpn, where n is the number of files needed<br />
to hold the total amount of trace data specified in the Client trace file wrap size<br />
(KB) field of the Configuration Tool; see “Client trace file wrap size (KB)” on page<br />
81 for the maximum amount of data that can be specified. The trace formatter<br />
Chapter 13. Problem determination <strong>and</strong> problem solving 163
finds all files in the sequence when you format the binary files. Memory mapped<br />
tracing uses up to 10 MB of virtual storage.<br />
See “Starting client tracing” on page 135 for details of how to issue the comm<strong>and</strong>,<br />
<strong>and</strong> “Security considerations for trace <strong>and</strong> log files” on page 136 for important<br />
information on security.<br />
Formatting the binary trace file<br />
If you are using memory mapped tracing, note that data is not always written to<br />
disk immediately. As a consequence, turn tracing off before you format the binary<br />
trace file, to ensure that all data is flushed to disk.<br />
You use the Binary Trace Formatter utility cicsftrc to convert the binary trace file<br />
cicscli.bin to ASCII text. The utility has the following parameters:<br />
-m=list of components<br />
Specifies that only trace points from the listed components are written to the<br />
text file. The components you can specify are the same as for cicscli -m; see the<br />
cicscli -m comm<strong>and</strong>. If -m is not specified, all trace points in the binary trace<br />
are written to the text file.<br />
-w[=filename]<br />
Indicates that there are two or more binary trace files to format <strong>and</strong> then<br />
concatenate (that is, the binary files were created with a wrapping trace). If no<br />
file name is specified with the -w parameter, cicsftrc assumes that the name of<br />
the second trace file is cicscli.wrp.<br />
-n Indents entry <strong>and</strong> exit points in the test trace file to make it more readable. By<br />
default, indentation is turned off.<br />
-d Specifies detailed trace formatting. If you are using EPI calls, cicsterm or<br />
<strong>CICS</strong>PRINT, an approximation of the screen layout will be included in the<br />
trace. If you are using a TCP62 driver, -d also provides formatted output of the<br />
MPTN <strong>and</strong> SNA data flows.<br />
-i=filename<br />
Specifies the name of the input (binary) trace file, which is cicscli.bin by<br />
default.<br />
-o=filename<br />
Specifies the name of the output (text) trace file. If no -o parameter is specified,<br />
the name of the text trace file is assumed to be cicscli.trc.<br />
-f Overwrite any existing files.<br />
-s Do summary trace formatting. Summary trace formatting is controlled by a<br />
template file (cclsumtr.txt), which is read in at initialization time. It formats key<br />
trace points, <strong>and</strong> shows for example the flow of user API calls, the progress of<br />
calls through the Client daemon, <strong>and</strong> network flows to the server. For the most<br />
detailed results, specify the API.2 component when you define the components<br />
to be traced. Summary tracing provides an overview; use it as requested by<br />
your <strong>IBM</strong> support organization.<br />
Note: Versions of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> earlier than 5.0.1 cannot format<br />
binary trace files produced by this version.<br />
Figure 26 on page 165 shows an example summary trace.<br />
164 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
-->Sample of API summary trace taken with API.2 <strong>and</strong> DRV options.<br />
[Process ,Thread ] Time API Summary CCLCLNT Summary Comms Summary<br />
=============================================================================================================<br />
...<br />
...<br />
...<br />
[000000bf,0000017c] 12:08:32.190 --->[7315] CCL3310 ECI Call type ECI_SYNC, UOW=0<br />
[00000089,000000a4] 12:08:32.290 -S->[4410] CCL4411 TCP/IP (to STEMPLAR) send data: Length=89<br />
[00000089,00000063] 12:08:32.400 [4410] CCL4411 TCP/IP (to STEMPLAR) send data: Length=94<br />
[00000089,000000a4] 12:08:32.541 -S->[4410] CCL4411 TCP/IP (to STEMPLAR) send data: Length=94<br />
[00000089,000000a4] 12:08:32.541 -S->[4410] CCL4411 TCP/IP (to STEMPLAR) send data: Length=94<br />
[00000089,000000a4] 12:08:32.551 -S->[4410] CCL4411 TCP/IP (to STEMPLAR) send data: Length=94<br />
[00000089,00000168] 12:08:32.581
Comm<strong>and</strong> = Erase/Write, so clearing main screen<br />
Comm<strong>and</strong>2 = Read Modified<br />
WCC = 0x32 ( Free Kbd,80 char)<br />
Set Buffer Address to (1,2)<br />
Insert Cursor @ (1,2)<br />
Set Buffer Address to (1,1)<br />
Start Field Extended (Unprotected,Alphanumeric,Display,not-pen-detectable,Foreground Colour Green)<br />
Data : ’ ’<br />
Insert Cursor @ (1,3)<br />
Set Buffer Address to (2,1)<br />
Data : ’User ’<br />
.....<br />
.....<br />
.....<br />
.....<br />
Set Buffer Address to (24,49)<br />
Start Field Extended (Autoskip (Prot+Num),Display,not-pen-detectable,Foreground Colour Turquoise)<br />
Data : ’9’<br />
Set Buffer Address to (24,51)<br />
Start Field Extended (Unprotected,Alphanumeric,Intense,pen-detectable,Foreground Colour Red)<br />
Data : ’Messages ’<br />
1 2 3 4 5 6 7 8<br />
12345678901234567890123456789012345678901234567890123456789012345678901234567890<br />
>+----------------------------------------------------------------------------------+<br />
01| - |<br />
02| uSTATUS. . :uEnter one of the following: |<br />
03| u |<br />
04| uABend EXtract READPrev WAit |<br />
05| uADdress FEpi READQ WRITE |<br />
06| uALlocate FOrmattime RECeive WRITEQ |<br />
07| uASKtime FREE RELease Xctl |<br />
08| uASSign FREEMain RESetbr |<br />
09| uBif Getmain RETRieve |<br />
10| uCAncel H<strong>and</strong>le RETUrn |<br />
11| uCHange IGnore REWrite |<br />
12| uCONNect INquire SENd |<br />
13| uCONVerse ISsue SET |<br />
14| uDELAy LInk SIGNOFf |<br />
15| uDELETE LOad SIGNON |<br />
16| uDELETEQ PErform START |<br />
17| uDEQ POP STARTBr |<br />
18| uDUmp POSt SUspend |<br />
19| uENDbr PUsh SYncpoint |<br />
20| uENQ READ Unlock |<br />
21| uENTer READNext Verify |<br />
22| u |<br />
23| uPFu1-Help u2-HEX u3-End u4-EIB u5-Variables |<br />
24| u6-User u9-Messages |<br />
+----------------------------------------------------------------------------------+<br />
| 1BþC000 STEMPLAR |<br />
+----------------------------------------------------------------------------------+<br />
12345678901234567890123456789012345678901234567890123456789012345678901234567890<br />
1 2 3 4 5 6 7 8<br />
Figure 27. Screen capture from a formatted trace file<br />
The formatter lists the comm<strong>and</strong>s which built the screen, <strong>and</strong> shows an<br />
approximation of the screen.<br />
Format of trace entries<br />
The entries in the Client daemon trace file have the following format:<br />
time [process id,thread id] [number] component trace message<br />
data<br />
where:<br />
time<br />
The time the entry was written, to millisecond accuracy.<br />
[process id, thread id]<br />
Process id is a unique number that the operating system uses to identify a<br />
process. Thread id is a unique number that the operating system uses to<br />
identify a thread within a particular process.<br />
166 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
[number]<br />
A number that uniquely identifies the particular trace entry. This helps your<br />
support organization in the diagnosis of serious problems.<br />
[component]<br />
The component of the product to which this entry applies.<br />
trace message<br />
The trace message number <strong>and</strong> text.<br />
data<br />
Some trace entries include a dump of key data blocks in addition to the trace<br />
message.<br />
Sample Client daemon trace: Figure 28 shows the trace information recorded<br />
during the successful connection of a Client daemon to a <strong>CICS</strong> server using the<br />
TCP/IP protocol. The trace was generated using the comm<strong>and</strong>s:<br />
cicscli -s=cicstcp -dcicscli<br />
-o<br />
17:03:57.580 [0000080c,00000908] [1007] TRC:CCL1042 *** <strong>CICS</strong> Client for Windows v7 Service Level 00 - service trace started ***<br />
17:03:57.590 [0000080c,00000908] [2183] CCL:CCL2048 Maximum trace data size set to 512<br />
17:03:57.600 [0000080c,00000908] [2114] CCL:CCL2142 GetNextTimeout timeout is 0 seconds<br />
17:03:58.612 [0000080c,00000908] [2030] CCL:CCL2106 Comms Event : LINK-UP<br />
17:03:58.622 [0000080c,00000908] [2019] DRV:CCL2055 Connection with server established (linkID=1)<br />
17:03:58.622 [0000080c,00000908] [2035] CCL:CCL2109 Send server TCS data<br />
17:03:58.632 [0000080c,00000908] [3214] CCL:CCL3251 Comms Allocate request (LinkId=1, Tran=’CCIN’)<br />
17:03:58.632 [0000080c,00000908] [3217] CCL:CCL3238 Comms Allocate completed (LinkId=1, ConvId=1, Rc=0)<br />
17:03:58.632 [0000080c,00000908] [2127] CCL:CCL2143 CommsBegin - OK<br />
17:03:58.632 [0000080c,00000908] [3100] CCL:CCL3113 CCIN install request: ApplId=’* ’, Code page=819<br />
...<br />
...<br />
...<br />
17:04:00.625 [0000080c,00000908] [3102] CCL:CCL3114 CCIN install response: ApplId=’@0Z8AAAA’, Code page=8859-1, Rc=0<br />
17:04:00.625 [0000080c,00000908] [3241] CCL:CCL3255 Comms Complete request (ConvId=1)<br />
17:04:00.635 [0000080c,00000908] [3244] CCL:CCL3246 Comms Complete completed (ConvId=1, Rc=0)<br />
17:04:00.635 [0000080c,00000908] [3218] CCL:CCL3252 Comms Deallocate request (ConvId=1)<br />
17:04:00.645 [0000080c,00000908] [3221] CCL:CCL3239 Comms Deallocate completed (ConvId=1, Reason=0, Rc=0)<br />
17:04:00.645 [0000080c,00000908] [2042] CCL:CCL2114 Processed TCS Reply - Server connected<br />
17:04:00.645 [0000080c,00000908] [2114] CCL:CCL2142 GetNextTimeout timeout is 0 seconds<br />
17:04:00.655 [0000080c,00000908] [2114] CCL:CCL2142 GetNextTimeout timeout is 0 seconds<br />
17:04:00.664 [0000080c,00000908] [1004] TRC:CCL1043 *** Service trace ended ***<br />
Figure 28. Sample Client daemon trace<br />
Message ID<br />
Explanation<br />
CCL1042<br />
Start of trace message. Each time a trace is started, a backup of the old<br />
trace file is created, <strong>and</strong> the trace file is overwritten. You can delete the file<br />
when required. Check the time stamp to ensure that you are reading the<br />
correct trace.<br />
CCL2048<br />
Maximum trace data size is at the default size of 512 bytes. You can<br />
modify this size by specifying the size value in the start comm<strong>and</strong> for the<br />
client trace; see the cicscli -d comm<strong>and</strong>.<br />
CCL3251<br />
The client sends a CCIN transaction to the server to install its connection<br />
definition on the server.<br />
CCL3238<br />
A conversation ID has been successfully allocated. If more than one<br />
conversation is active, use the conversation ID to distinguish between<br />
them.<br />
Chapter 13. Problem determination <strong>and</strong> problem solving 167
CCL3113<br />
The client sends a CCIN transaction to the server with Appl ID set to * to<br />
install its application. The Appl ID is specified in the configuration file as<br />
Client=*. This requests the server to dynamically generate an Appl ID that<br />
is unique within the <strong>CICS</strong> server system.<br />
CCL3114<br />
This shows the dynamically generated Appl ID.<br />
CCL1043<br />
End of trace message.<br />
Figure 29 shows trace information recorded when we tried to connect to a <strong>CICS</strong><br />
server over TCP/IP using an invalid port number. The port number specified in<br />
the configuration file file was not defined in the services file of the server. Hence,<br />
the connection could not be established.<br />
16:16:41.562 [0000093c,000008ec] [1007] TRC:CCL1042 *** <strong>CICS</strong> Client for Windows v6 Service Level 00 - service trace started ***<br />
16:16:41.572 [0000093c,000008ec] [2183] CCL:CCL2048 Maximum trace data size set to 512<br />
16:16:41.582 [0000093c,000008ec] [2114] CCL:CCL2142 GetNextTimeout timeout is 0 seconds<br />
16:16:41.612 [0000093c,000008ec] [2114] CCL:CCL2142 GetNextTimeout timeout is -1 seconds<br />
16:16:41.622 [0000093c,000008ec] [3207] CCL:CCL3249 Comms Open request (Server=<strong>CICS</strong>TCP, Driver=CCL<strong>IBM</strong>IP)<br />
16:16:41.622 [0000093c,000008ec] [4408] DRV:CCL4413 CCL4413 TCP/IP (to <strong>CICS</strong>TCP) address=192.113.36.200, port=1089, socket=3<br />
16:16:41.622 [0000093c,000008ec] [3210] CCL:CCL3236 Comms Open completed (Server=<strong>CICS</strong>TCP, LinkId=1, Rc=0)<br />
16:16:41.633 [0000093c,000008ec] [2114] CCL:CCL2142 GetNextTimeout timeout is 3660 seconds<br />
16:16:41.633 [0000093c,000008ec] [1004] TRC:CCL1043 ***Service trace ended ***<br />
Figure 29. Client daemon trace: using an invalid port number<br />
Message ID<br />
Explanation<br />
CCL4413<br />
Shows the port number used for this connection request.<br />
You must check your definitions in the SIT on the server, the configuration file on<br />
the workstation, <strong>and</strong> the services file for the port number specified.<br />
You must provide a valid port number or use the default value.<br />
Diagnosing common problems: Client daemon<br />
This section provides information to help you solve some common problems with<br />
the Client daemon. The problems are discussed under the following headings:<br />
v “Starting clients <strong>and</strong> terminals”<br />
v “TCP/IP communication problems” on page 169<br />
v “APPC communication problems” on page 170.<br />
v “TCP62 communication problems” on page 170<br />
v “Traps” on page 171<br />
v “The Client daemon stops responding” on page 171<br />
v “<strong>CICS</strong> server problem determination” on page 173<br />
v “Communication problem determination” on page 174<br />
For information on error messages, refer to <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Messages.<br />
Starting clients <strong>and</strong> terminals<br />
The following are solutions to problems that can occur when starting clients <strong>and</strong><br />
terminals:<br />
A cicsterm request has gone to the wrong server<br />
168 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
If you do not specify the -s=servername option on the cicsterm comm<strong>and</strong>, the Client<br />
daemon sends a cicsterm request to either of:<br />
v the default server<br />
v the first server listed in the configuration file, even if it is not yet activated.<br />
The servername should be as specified in the configuration file.<br />
Problems loading protocol drivers<br />
The message ″Cannot load protocol driver″ in the cicscli.log file means that you are<br />
trying to use a protocol driver that does not exist. Check your configuration file<br />
file to make sure that the driver name is correct, <strong>and</strong> is supported in this release.<br />
The Client daemon can connect to the server, but cicsterm cannot<br />
In other words, cicscli -s=servername connects successfully, but cicsterm<br />
-s=servername does not. Check the following:<br />
v Is the CTIN transaction defined on the server?<br />
v Does cicsterm-a successfully install a terminal that is not sign-on capable?<br />
cicsterm attempts to install a sign-on capable terminal by default. If the -a option<br />
works, the server probably does not support sign-on capable terminals.<br />
<strong>CICS</strong> servers require APAR fixes to support terminal sign-on capability; see<br />
“Supported software” on page 19. Refer to the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
README file for the latest details <strong>and</strong> check the PTFs for the <strong>CICS</strong> servers.<br />
See “APARs <strong>and</strong> fixes” on page 180 for general information about APARs.<br />
An XTERM session stops working after the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
is upgraded<br />
The problem is caused because some files might have changed location between<br />
versions. The solution is to open a new XTERM window.<br />
TCP/IP communication problems<br />
The following are solutions to problems that can occur when communicating over<br />
TCP/IP:<br />
Message CCL4404 TCP/IP (to ’<strong>CICS</strong>TCP’) unable to resolve name: RC=2<br />
The <strong>CICS</strong> server, in this example <strong>CICS</strong>TCP, could not be resolved by the TCP/IP<br />
protocol driver. Ensure that your domain name server <strong>and</strong> router address<br />
information is correct, <strong>and</strong> that any names <strong>and</strong> IP addresses in the TCP/IP<br />
etc/hosts file are correct.<br />
Use the TCP/IP ping or nslookup comm<strong>and</strong>s to see if TCP/IP can resolve the<br />
hostname.<br />
CCIN not recognized, CTIN not recognized<br />
The CCIN transaction installs your Client daemon definition on the <strong>CICS</strong> server.<br />
The CTIN transaction installs your client terminal definition on the <strong>CICS</strong> server.<br />
These transactions must be available on the <strong>CICS</strong> server if it supports the EPI,<br />
because the EPI implies <strong>CICS</strong> 3270 terminal emulation <strong>and</strong> <strong>CICS</strong> 3270 printer<br />
Chapter 13. Problem determination <strong>and</strong> problem solving 169
|<br />
|<br />
|<br />
emulation. For information on which <strong>CICS</strong> servers support EPI <strong>and</strong> hence <strong>CICS</strong><br />
3270 emulation, see Table 1 on page 25. You can ignore these messages if your<br />
<strong>CICS</strong> server does not support the EPI.<br />
A cicsterm comm<strong>and</strong> for a mainframe <strong>CICS</strong> server failed<br />
cicsterm <strong>and</strong> cicsprnt use <strong>CICS</strong> 3270 emulation. Some mainframe <strong>CICS</strong> servers do<br />
not support <strong>CICS</strong> 3270 emulation. For information on which <strong>CICS</strong> servers support<br />
<strong>CICS</strong> 3270 emulation, see Table 1 on page 25.<br />
APPC communication problems<br />
The following are solutions to problems that can occur when communicating over<br />
APPC:<br />
Error message CCL4678E received<br />
<strong>Linux</strong> generates this message if environment variable LD_PRELOAD is not<br />
defined. Refer to “Configuring Communications Server for <strong>Linux</strong>” on page 43 for<br />
configuration details. For security reasons LD_ variables are not inherited by the<br />
root user.<br />
SNA error log: The SNA error log can help your support organization to<br />
diagnose problems. In a default installation, the log is located as follows:<br />
AIX: /var/sna/sna.err<br />
<strong>Linux</strong> on zSeries: /var/opt/ibm/sna/sna.err<br />
<strong>Linux</strong> on POWER: /var/opt/ibm/sna/sna.err<br />
<strong>Linux</strong> on Intel: /var/opt/ibm/sna/sna.err<br />
Solaris: /var/opt/sna/sna.err<br />
The user who starts the Client daemon should be a member of the sna group,<br />
otherwise the Client daemon cannot write to the SNA error log; in this situation<br />
the Communications Server for <strong>Linux</strong> on zSeries writes a message to<br />
/var/log/warn.<br />
TCP62 communication problems<br />
CCL5820 TCP62: Attempt to open server ’server1’ which is a<br />
duplicate of ’server2’<br />
Multiple identical server definitions are not permitted in the configuration file of<br />
the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>. The combination of fields that identify a server, <strong>and</strong><br />
must therefore be unique is as follows:<br />
Protocol<br />
Fields in ctg.ini<br />
TCP/IP<br />
Hostname or IP address <strong>and</strong> Port.<br />
SNA Partner LU name, Local LU name <strong>and</strong> Mode name.<br />
TCP62 Partner LU name, Local LU name <strong>and</strong> Mode name.<br />
This ensures that every connection that the <strong>CICS</strong> region <strong>and</strong> the network protocol<br />
see is represented by a unique server definition in the configuration file. If you<br />
have existing Client applications that use different server names to send requests<br />
170 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
to the same <strong>CICS</strong> region, you need to write a user exit to redirect requests. This is<br />
demonstrated in sample user exits ecix2.c <strong>and</strong> epix2.c; see /<br />
samples/samples.txt.<br />
An open, idle connection drops after several minutes.<br />
If a cicsterm is open, this will be seen as a ’server down’ message flashing up on<br />
the screen, which disappears when the server is reconnected <strong>and</strong> the terminal<br />
reinstalled. This might be because UDP packets are not being sent. If a firewall is<br />
present, check that it is correctly configured to allow UDP packets; see “Firewall<br />
implications” on page 41 for more information.<br />
Traps<br />
dbx <strong>and</strong> dbg<br />
If the Client daemon, or a user application terminates unexpectedly, it may<br />
produce a core dump. You can get stack traces by attaching dbx (dbg on <strong>Linux</strong><br />
operating systems) to the core dump. The procedure is similar to attaching dbx<br />
to a running process—see dbx tool for details. Consult the documentation<br />
supplied with your operating system for full details.<br />
When you attach dbx to the core dump you might get errors saying that the<br />
data is truncated. If so, check the following:<br />
v That there is enough space in the file system for the core dump<br />
v That user ID settings do not limit the size of the core dump<br />
The Client daemon stops responding<br />
This section discusses what to do if you think the Client daemon has stopped<br />
responding, for example because:<br />
v API, ECI <strong>and</strong> EPI calls do not complete, or<br />
v cicsterm hangs<br />
Check that your <strong>CICS</strong> <strong>Transaction</strong> Server is working correctly, for example by<br />
looking at the <strong>CICS</strong> log. Insufficient storage on the <strong>CICS</strong> region may cause <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> to hang.<br />
To test whether <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> has stopped responding, issue cicscli -l<br />
from the comm<strong>and</strong> line. If the call hangs then <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> is not<br />
responding. See “If a process locks” on page 158, for information on what to do if<br />
the <strong>Gateway</strong> daemon is not responding.<br />
Try to reproduce the problem with tracing turned on. Take a client trace with as<br />
many components as possible active. As a minimum you need the API, DRV <strong>and</strong><br />
CCL tracepoints; add TRN if possible. (Use wrapping trace if you do not want the<br />
trace file to get too large; see “Tracing” on page 155.) The summary trace shows<br />
whether the client or user application has stopped responding, <strong>and</strong> gives an<br />
indication as to whether the problem is in the client or server.<br />
If you can reproduce the problem, have details of how to reproduce it available for<br />
your support organization. If you cannot reproduce the problem, have available<br />
details of the circumstances that led up to the hang, for example:<br />
v Does it hang only when the system is under heavy load?<br />
v Does it hang only when there are many concurrent users?<br />
v Does it hang only under a particular configuration, or after a known sequence of<br />
events?<br />
Chapter 13. Problem determination <strong>and</strong> problem solving 171
All <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> systems<br />
Run ps -ef <strong>and</strong> ipcs -qa on the system, piping the output to a file. This lists<br />
the following:<br />
v Processes on the system<br />
v All <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> IPC queues<br />
v Amount of data in the queues<br />
v Owner of the queues<br />
This information is useful because the client uses IPC queues for internal<br />
communication.<br />
Check also that your message queues are correctly configured; see<br />
“Configuring message queues” on page 46.<br />
AIX operating system<br />
Use the System Management Interface Tool (SMIT) to take an operating system<br />
trace of the failure.<br />
Use the syscalls event set <strong>and</strong> ipcs related trace options. Format it to show<br />
pids, tids, current system calls, <strong>and</strong> elapsed time options. Consider increasing<br />
the buffer file settings.<br />
dbx tool<br />
You can attach the dbx tool to a process that has locked, to find out what<br />
the process is doing. (Check that dbx is installed on your system, <strong>and</strong> that<br />
you have authority to connect to a process.) This example shows how to<br />
attach dbx to the Client daemon cclclnt. You can adapt the example to<br />
find out why a user application has locked.<br />
Important: Attaching dbx to a process sometimes causes the process to<br />
lock or terminate. Use it only if you are sure the process has<br />
locked.<br />
Type the following comm<strong>and</strong> to find out the process id (pid):<br />
ps -ef | grep cclclnt<br />
Information about the process is displayed:<br />
root 26864 27348 3 11:06:51 pts/2 0:00 grep cclclnt<br />
bartfast 28266 1 0 11:06:46 pts/0 0:00 cclclnt<br />
Using the information provided by the ps comm<strong>and</strong>, type this to attach<br />
dbx to the process:<br />
dbx -a 28266 ./cclclnt<br />
You should now see something like this:<br />
172 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
Waiting to attach to process 28266 ...<br />
Successfully attached to cclclnt.<br />
Type ’help’ for help.<br />
reading symbolic information ...warning: no source compiled with -g<br />
stopped in _pthread_ksleep at 0xd0139164 ($t2)<br />
0xd0139164 (_pthread_ksleep+0x9c) 80410014 lwz r2,0x14(r1)<br />
To get a stack back trace of the current thread, issue the where comm<strong>and</strong>:
_pthread_ksleep(??, ??, ??, ??, ??) at 0xd0139164<br />
_pthread_event_wait(??) at 0xd01395c0<br />
_cond_wait_local(??, ??, ??) at 0xd0135494<br />
_cond_wait(??, ??, ??) at 0xd0135998<br />
pthread_cond_timedwait(??, ??, ??) at 0xd0136368<br />
OsEventTimedWait() at 0xd00a78b4<br />
.() at 0x100005b8<br />
_pthread_body(??) at 0xd012f358<br />
To list all threads in the cclclnt process, type thread :<br />
thread state-k wchan state-u k-tid mode held scope function<br />
$t1 wait 0xc0000100 running 21793 k no sys<br />
>$t2 run blocked 32425 k no sys _pthread_ksleep<br />
To make thread 1 the current thread, type thread current 1.<br />
To get a stack back trace of thread 1, type where. The screen looks like this:<br />
.() at 0x1000c784<br />
.() at 0x10000ae0<br />
.() at 0x10000ae0<br />
.() at 0x100003f4<br />
To close dbx, type quit.<br />
Solaris<br />
Run truss against the hung process; see the operating system documentation<br />
for relevant parameters. Specify options to follow forked calls, trace arguments<br />
to system calls, <strong>and</strong> show the environment strings to operating system calls.<br />
Ensure that the /etc/system file allows sufficient queue entries; see<br />
“Configuring message queues” on page 46. If the value is too low, the client<br />
may freeze while waiting for a queue entry to become available.<br />
Solaris system notes:<br />
1. Whenever you change the /etc/system file, you must<br />
restart your system for the changes to take effect.<br />
2. Changes to your system may not work if your<br />
workstation has less than 32MB of memory; the<br />
recommended minimum is 64MB.<br />
<strong>CICS</strong> server problem determination<br />
The most important facilities for problem determination on <strong>CICS</strong> servers are:<br />
v Traces<br />
– auxiliary<br />
– internal<br />
v Dumps<br />
v <strong>CICS</strong> message logs<br />
v Statistics information<br />
v Monitoring information<br />
v Execution diagnostic facility (EDF)<br />
v <strong>CICS</strong>-supplied transactions, CEBR <strong>and</strong> CECI<br />
v Independent software vendor (ISV) tools<br />
Chapter 13. Problem determination <strong>and</strong> problem solving 173
Information about these facilities is given in the Problem Determination books for<br />
the individual products (see “<strong>CICS</strong> <strong>Transaction</strong> Server publications” on page 212).<br />
You may need to contact the server system administrator for more information, for<br />
example, about a <strong>CICS</strong> server error log.<br />
The following shows the error message prefixes for <strong>CICS</strong> products:<br />
CCL <strong>CICS</strong> Universal Client<br />
CTG <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
DFH <strong>CICS</strong> on <strong>CICS</strong> on System/390 ®<br />
<strong>and</strong> z/OS<br />
ERZ <strong>CICS</strong> <strong>Transaction</strong> Server for Windows, <strong>and</strong> TXSeries<br />
AEG <strong>CICS</strong> <strong>Transaction</strong> Server for iSeries.<br />
CPMI tasks lock in <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS: If a CPMI (or equivalent<br />
mirror transaction) task locks in your <strong>CICS</strong> region, it is possibly because you have<br />
reached the MAXTASKS limit of your <strong>CICS</strong> region. This prevents the mirror<br />
program from sending data back to the Client daemon, which appears to hang.<br />
The problem typically occurs when <strong>CICS</strong> has a high number of concurrent<br />
transactions. A solution is to put the mirror transaction in a TranClass that has a<br />
MAXACTIVE lower than the MAXTASKS of your <strong>CICS</strong> region. All new requests to<br />
the <strong>CICS</strong> region are queued, <strong>and</strong> <strong>CICS</strong> can continue to process current requests.<br />
The value you specify for MAXACTIVE depends on your installation, <strong>and</strong> other<br />
tasks running in the region.<br />
Communication problem determination<br />
Even a small telecommunications network is a very complex system in which all<br />
components depend on one another. If one component fails <strong>and</strong> presents incorrect<br />
information to the other components, the latter may fail even more severely than<br />
the former. Sometimes the failure may be considerably delayed, <strong>and</strong> the error<br />
indicator may be lost before the error is detected. Thus, it is sometimes difficult to<br />
analyze a problem in the communication part of a system.<br />
The Client daemon generates various messages associated with the use of the<br />
supported communication protocols <strong>and</strong> the associated products. Refer to <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>: Messages for a list of these messages <strong>and</strong> their explanations.<br />
The communication products themselves generate error messages. For details of<br />
these, <strong>and</strong> information on troubleshooting, you should refer to the documentation<br />
for the communication product. The following sections summarize useful<br />
comm<strong>and</strong>s <strong>and</strong> utilities for problem determination.<br />
TCP/IP-providing products: TCP/IP provides the following diagnostic tools:<br />
arp Displays <strong>and</strong> modifies the IP-to-Ethernet or token ring physical address<br />
translation tables used by address resolution protocol (ARP).<br />
hostname<br />
Displays the host name of your workstation.<br />
ifconfig<br />
Displays all current TCP/IP network configuration values. This is helpful if<br />
you have to find out if an IP interface is active. The <strong>Linux</strong> equivalent of<br />
IPCONFIG.<br />
ipconfig<br />
Displays all current TCP/IP network configuration values. This is helpful if<br />
you have to find out if an IP interface is active.<br />
174 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
netstat<br />
Displays protocol statistics <strong>and</strong> current TCP/IP network connections. This<br />
helps you obtain information about your own IP interfaces, for example, to<br />
list IP addresses <strong>and</strong> TCP/IP routing tables in use at your workstation.<br />
nslookup<br />
Displays information from Domain Name System (DNS) name servers.<br />
ping Verifies connections to a remote computer or computers.<br />
traceroute<br />
Traces the TCP/IP path to a requested destination. It is useful for<br />
determining whether there is a problem with one of the intermediate<br />
nodes.<br />
For more information on these utilities, refer to the online help for TCP/IP.<br />
APPC-providing products: This section describes problem determination in<br />
products involved in APPC communication.<br />
VTAM Buffer Trace: You can use VTAM buffer tracing to record the flow of data<br />
between logical units in the <strong>CICS</strong> environment. The trace entries include the<br />
netname of the terminal (logical unit) to which they relate. For details on VTAM<br />
buffer tracing <strong>and</strong> other VTAM problem determination functions, see the<br />
appropriate book in the VTAM library.<br />
The APING utility: In an APPC environment, you can use the APING utility to test<br />
a connection. APING exchanges data packets with a partner computer over APPC<br />
<strong>and</strong> times how long the data transfer takes. It can be used to get a first estimate of<br />
the session setup time between two computers <strong>and</strong> the throughput <strong>and</strong> turnaround<br />
time on that APPC session. You can use APING to determine whether a session<br />
can be set up between two computers <strong>and</strong> to display extensive error information if<br />
session allocation fails. APING consists of two transaction programs: APING,<br />
which runs on the client side, <strong>and</strong> APINGD, which runs on the server side.<br />
Checking client <strong>and</strong> host configuration: If the SNA product on the Client daemon<br />
machine, <strong>and</strong> the host are both correctly configured, you should be able to activate<br />
the connection between them. Follow the steps below to activate the connection;<br />
you do not need to start the client first.<br />
1. Start the node on the SNA product on the Client daemon machine.<br />
2. Use the CEMT transaction to acquire the connection. Type CEMT I CON. The<br />
screen will look similar to this:<br />
I CON<br />
STATUS: RESULTS - OVERTYPE TO MODIFY<br />
Con(SIMD) Net(PYKS88BA) Ins Rel Vta Appc<br />
Con(SYSB) Net(IYCKZCCV) Ins Rel Vta Appc<br />
SYSID=SYSA APPLID=IYCKZCCU<br />
RESPONSE: NORMAL TIME: 12.25.04 DATE: 03.01.01<br />
PF 1 HELP 3 END 5 VAR 7 SBH 8 SFH 9 MSG 10 SB 11 SF<br />
3. Overtype Rel with ACQ, to acquire the connection.<br />
If you cannot acquire the connection, SNA is wrongly configured on the product or<br />
the host.<br />
Chapter 13. Problem determination <strong>and</strong> problem solving 175
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
<strong>IBM</strong> Communications Server for AIX <strong>and</strong> <strong>Linux</strong>: <strong>IBM</strong> Communications Server<br />
writes a log file as follows:<br />
AIX systems<br />
/var/sna/sna.err<br />
<strong>Linux</strong> on zSeries systems<br />
/var/opt/ibm/sna/sna.err<br />
<strong>Linux</strong> on POWER systems<br />
/var/opt/ibm/sna/sna.err<br />
<strong>Linux</strong> on Intel systems<br />
/var/opt/ibm/sna/sna.err<br />
The <strong>IBM</strong> support organization needs the file if you have SNA errors that you<br />
cannot resolve. For information about sense codes, use the following management<br />
comm<strong>and</strong>:<br />
sna -getsense sensecode<br />
Mirror transaction does not time out<br />
The default ECI mirror transaction (CPMI or CSMI) uses a PROFILE of<br />
DFH<strong>CICS</strong>A. This profile has an RTIMOUT value of NO. This means that if an ECI<br />
request is suspended in <strong>CICS</strong> during an extended unit of work, the mirror<br />
transaction never times out. To enable timeout in these situations:<br />
1. Define a new mirror transaction with SPURGE=YES, <strong>and</strong> which specifies a<br />
PROFILE containing an RTIMOUT value other than NO.<br />
2. Specify this new mirror transaction as the Transid in the ECIRequest using a<br />
call type of ECI_SYNC_TPN.<br />
In these situations, if no response is received from the client after the timeout<br />
period has elapsed, <strong>CICS</strong> purges the mirror transaction <strong>and</strong> rolls back the<br />
associated unit of work.<br />
Problems with Client applications<br />
On <strong>Linux</strong> systems, your application might fail to start with a message like the<br />
following:<br />
relocation error: ./ecib1: undefined symbol:<br />
__6CclBufPCcQ26CclBuf12DataAreaType<br />
This can occur with C++ applications compiled with GNU C/C++ compiler (gcc)<br />
2.96. This compiler is not supported; recompile your application with a supported<br />
compiler listed at “Supported software” on page 19.<br />
Telnet clients<br />
If you run the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> over Telnet, certain Telnet clients can<br />
cause problems with the display. For example, your Telnet session might truncate<br />
message lines over a certain length. This is usually a problem with the Telnet client<br />
that you are using, or the terminal type that you are emulating. Currently there is<br />
no solution to this problem.<br />
176 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Problems running the Configuration Tool<br />
Program support<br />
If the Configuration Tool does not display all characters correctly, check the console<br />
where <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> was invoked. If the operating system has issued<br />
warning messages about fonts, check that all fonts needed for code page for the<br />
current locale have been installed. Refer to the documentation supplied with your<br />
operating system <strong>and</strong> JRE for information on which font packages are required for<br />
which locales.<br />
If you need to contact your <strong>IBM</strong> support organization, first refer to the Service <strong>and</strong><br />
Support card supplied with the product for details of the support available to you,<br />
or visit our Web site at: www.ibm.com/software/cics/ctg <strong>and</strong> follow the Support<br />
link.<br />
This section provides guidance on reporting problems, detailing the information<br />
you should collect to assist your support organization. It also explains how the<br />
problem is h<strong>and</strong>led through to resolution <strong>and</strong> the provision of a fix.<br />
Reporting problems<br />
Before reporting your problem to the support organization try to ensure that the<br />
error is actually occurring within your <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> system, even if<br />
you are unsure whether the problem is due to the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> itself.<br />
In practice, many errors reported to support organizations turn out to be user<br />
errors, or they cannot be reproduced, indicating just how difficult it can be to<br />
determine the precise cause of a problem. User errors are mainly caused by faults<br />
in application programs or by errors in setting up systems.<br />
The ability of the support organization to resolve your problem quickly depends<br />
on the quality of the information you provide to them. For this reason it is good<br />
practice to collect <strong>and</strong> organize problem data before making the initial contact.<br />
Summarize your problem <strong>and</strong> the documentation/information you collect on a<br />
problem reporting sheet. This sheet provides a valuable summary to the support<br />
organization, <strong>and</strong> a copy will be useful for your own records.<br />
Level-1 support<br />
If this is your first contact regarding this problem a unique incident number will<br />
be assigned. A Problem Management Record (PMR) is opened on the RETAIN ®<br />
database system, where all activity associated with your problem is recorded. The<br />
PMR remains “open” until it is solved.<br />
Make a note of the incident number on your copy of the problem reporting sheet.<br />
You will be expected to quote the incident number in all future correspondence<br />
relating to this problem.<br />
Your initial communication with the support organization is through a Level-1<br />
representative, who uses the keywords that you have provided to search the<br />
RETAIN database for problems with similar symptoms. If your problem is found<br />
to be one already known to the support organization, <strong>and</strong> a fix has been devised<br />
for it, you will be advised of the availability of corrective service software that you<br />
can install to overcome the problem, as described in “Obtaining the fix” on page<br />
180. If the RETAIN search is unsuccessful, the problem is passed on to a Level-2<br />
Chapter 13. Problem determination <strong>and</strong> problem solving 177
epresentative who will contact you for more information about your problem, to<br />
start a more detailed investigation of the cause.<br />
Level-2 support<br />
Let the Level-2 representative know if any of the following events occurred before<br />
the problem appeared:<br />
1. Changes in level of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, compiler or associated<br />
licensed programs<br />
2. Corrective service software <strong>and</strong> fixes applied to workstation software<br />
3. Problem Tracking Fixes (PTFs) applied to other associated products<br />
4. Additional features used<br />
5. Application programs changed<br />
6. Unusual operator action.<br />
At this stage you may be asked to supply more details or documentation. If this<br />
happens, the PMR is updated to show any documentation you have submitted.<br />
Based on the information you supply, the investigation then carried out can<br />
determine whether the cause of your problem is new to the support organization,<br />
or is already known.<br />
If the problem is a valid new one, an APAR may be raised, to be dealt with by the<br />
<strong>CICS</strong> service team, as described in “APARs <strong>and</strong> fixes” on page 180. If, however,<br />
the problem is already known, <strong>and</strong> a fix has been developed, you can obtain it as<br />
described in “Obtaining the fix” on page 180.<br />
Documenting problems<br />
In a communication environment, where many clients may be connected to several<br />
servers, you must obtain information from both the client <strong>and</strong> the server sides.<br />
To facilitate problem determination, try to reduce your environment to only one<br />
client workstation <strong>and</strong> one server to narrow down the range of possibilities that<br />
may cause the error.<br />
Listed below are the types of information most likely to be needed by the support<br />
organization. The list is not exhaustive; it covers the most commonly requested<br />
information.<br />
v The version of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, including details of any service<br />
releases applied.<br />
v The utility or programming language that gives the problem, for example:<br />
– ECI, EPI, ESI<br />
– C, C++<br />
– Java<br />
For languages, include the version.<br />
v The network protocols being used.<br />
v The end-to-end configuration, <strong>and</strong> product stacks at each step of the way, for<br />
example, WebSphere Application Server async ECIRequest class over SSL to<br />
ctgstart on Solaris up using TCP62 to <strong>CICS</strong> <strong>Transaction</strong> Server 2.2.<br />
v The operating system on which the problem occurs. If the Client application <strong>and</strong><br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> are on different operating systems, provide details of<br />
both. Details of the <strong>CICS</strong> server are also useful.<br />
178 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
v A minimum recreate scenario, if possible.<br />
v Details of any log messages at the time the problem occurred.<br />
v A short description of the problem in terms of <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> calls,<br />
including why you think it is a problem with the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>. For<br />
example, a specific API call hangs <strong>and</strong> never returns, or an unexpected return<br />
code on a specific API call.<br />
Locating <strong>and</strong> compiling information<br />
The advice listed below will help you compile the information required. If you are<br />
in any doubt about how to gather any of the items listed above, wait until you can<br />
seek advice from your support organization.<br />
v Try to establish which program in your system seems to be the cause of the<br />
problem. As you are reading this book, it is likely that you already believe the<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> to be the problem source.<br />
You also need to provide the version <strong>and</strong> release number of the product, for<br />
example Version 7.0, together with the number of any PTF or other fix applied,<br />
for example UNnnnnn (where nnnnn is a valid PTF number).<br />
v You should find details of your compiler level on the product media labels or<br />
the associated documentation. Alternatively, check the panel displayed on the<br />
screen at compile time.<br />
v Give the problem a severity level. Severity levels have the following meanings:<br />
– Severity level 1 indicates that you are unable to use a program, resulting in a<br />
critical condition that needs immediate attention.<br />
– Severity level 2 indicates that you are able to use the program, but that<br />
operation is severely restricted.<br />
– Severity level 3 indicates that you are able to use the program, with limited<br />
functions, but the problem is not critical to your overall operation.<br />
– Severity level 4 indicates that you are able to use the program with the<br />
problem causing negligible hindrance.<br />
v Also, try to classify the error <strong>and</strong> give a brief description of the problem. Include<br />
keywords associated with the problem, such as ABEND, WAIT, LOOP,<br />
PERFORMANCE, INCORROUT, <strong>and</strong> MESSAGE, corresponding to the problem<br />
classification types used in the RETAIN database. Strings containing other<br />
keywords are also useful. These are not predefined, <strong>and</strong> might include such<br />
items as a message or message number, an abend code, any parameters known<br />
to be associated with the problem, or, for example, STARTUP, INITIALIZATION,<br />
or TRANSIENT DATA.<br />
v Finally, you should include your address, relevant contact names, <strong>and</strong> details of<br />
the other products at your installation.<br />
Keep a copy of the problem reporting sheet which summarizes all the information<br />
relevant to the problem, together with any available documentation such as<br />
dumps, traces <strong>and</strong> output from programs, translators, <strong>and</strong> compilers.<br />
Submitting the documentation<br />
If you are asked to provide documentation, it will help the support organization<br />
during their investigation if you adhere to the following rules when preparing it:<br />
v Provide as much information as possible in softcopy format.<br />
v Write any notes <strong>and</strong> documents in English.<br />
v If you are asked to supply any additional trace output, provide an unformatted<br />
binary version, rather than the viewable output from the formatter.<br />
Chapter 13. Problem determination <strong>and</strong> problem solving 179
v If you upload files to a mainframe system, do so in binary rather than ASCII<br />
format.<br />
APARs <strong>and</strong> fixes<br />
After a reported problem is confirmed as being both new <strong>and</strong> valid, an authorized<br />
program analysis report (APAR) is raised from the Problem Management Record<br />
(PMR) <strong>and</strong> becomes a permanent record describing your error, <strong>and</strong> its solution. An<br />
APAR is the means of reporting to the appropriate product service team any<br />
problems you find with an <strong>IBM</strong> program.<br />
The APAR process<br />
The first step in the APAR process is that a Level-2 representative from the support<br />
organization enters an APAR containing a description of your problem into the<br />
RETAIN system. If you have a means of getting round the problem, details of this<br />
are entered as well. Your name is also entered, so that your support organization<br />
knows who to contact if the service team need to ask anything further about the<br />
APAR documentation.<br />
At this stage, you are given an APAR number. This number is always associated<br />
with the APAR <strong>and</strong> its resolution <strong>and</strong>, if a code change is required, is associated<br />
with the fix as well.<br />
The service team may ask for additional backup documentation, normally via the<br />
Level-2 representative. The specific documentation required will vary from<br />
problem to problem, <strong>and</strong> depends on what information has already been supplied<br />
during the PMR stage.<br />
During the investigation, you can ask your support organization at any time about<br />
how your APAR is progressing, particularly if it is a problem of high severity.<br />
Obtaining the fix<br />
When the service team has found a fix for your problem, you may be asked to test<br />
it on your system. If so, you may be sent a Program Temporary Fix (PTF) in the<br />
form of individual replacement modules. This is normally done through the<br />
Level-2 organization <strong>and</strong> feedback from your testing will be requested.<br />
Each PTF may contain several APAR fixes. If an individual APAR fix within a PTF<br />
is found to be in error, it may still be advisable to apply the PTF, to obtain the<br />
other APAR fixes.<br />
In time, formal corrective service software is made available, which you can order<br />
through your support organization. Traditionally, corrective service software has<br />
been supplied on Corrective Service Diskettes (CSD) ordered by CSD number. It<br />
may now be supplied on CD-ROM or via the Internet.<br />
Fixes for <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> are available from the <strong>CICS</strong> Support web page<br />
at:<br />
www.ibm.com/software/ts/cics/support/<br />
180 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Chapter 14. Migration<br />
Migrating to Version 7<br />
This information deals with issues that can arise when you move from an earlier<br />
version of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, or a product related to the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>.<br />
This topic describes any special action you need to take if migrating from an<br />
earlier version of the product.<br />
Installation location<br />
If you are upgrading from Version 5 or Version 6, the product is installed into your<br />
existing directory structure, replacing the older version.<br />
Terminal Servlet<br />
The Terminal Servlet is no longer supported; use instead a <strong>CICS</strong> 3270 bridge<br />
solution, or an <strong>IBM</strong> Host Integration solution.<br />
Support for mixed case passwords<br />
<strong>CICS</strong> <strong>Transaction</strong> Server for z/OS version 2.2 <strong>and</strong> higher supports mixed-case<br />
passwords. To use mixed-case passwords, ensure that the “Use upper case<br />
security” on page 72 field in the Configuration Tool is cleared.<br />
Removal of configuration setting sotimeout<br />
The sotimeout setting in the configuration file was deprecated at V6.0 of the <strong>CICS</strong><br />
TG, <strong>and</strong> is now not supported. If your configuration file contains an entry for<br />
sotimeout, the <strong>Gateway</strong> daemon issues a warning message, <strong>and</strong> continues to start.<br />
To suppress the message in future, remove any reference to sotimeout from the<br />
configuration file. Open the configuration file in the Configuration Tool <strong>and</strong> then<br />
save it.<br />
Information log<br />
Some Client information messages are now logged. You can configure a separate<br />
log for information messages; see “Changing settings for Client daemon logging”<br />
on page 69.<br />
Migration considerations at Version 6<br />
This information applies if you are migrating from Version 5 to Version 7.0.<br />
HTTP <strong>and</strong> HTTPS protocols<br />
Support for the HTTP <strong>and</strong> HTTPS protocols was removed in version 6. Use one of<br />
these protocols instead:<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 181
Protocol Comments<br />
TCP Use this in place of HTTP. See “TCP protocol settings” on page 60<br />
for configuration details.<br />
SSL Use this in place of HTTPS. See “SSL protocol settings” on page 62<br />
for configuration details.<br />
Supported ECI <strong>and</strong> EPI versions<br />
Applications can be built only with the following ECI <strong>and</strong> EPI versions:<br />
ECI_VERSION_1A<br />
<strong>CICS</strong>_EPI_VERSION_200<br />
Existing applications built with the following versions are still supported at run<br />
time:<br />
<strong>CICS</strong>_EPI_VERSION_100<br />
<strong>CICS</strong>_EPI_VERSION_101<br />
ECI_VERSION_1<br />
Recompiling these applications will give a compiler error.<br />
Configuration file: change of default name<br />
The default configuration file is ctg.ini. In versions of the product before version 6<br />
it was CTG.INI. The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> accepts either ctg.ini or CTG.INI. If<br />
both files are present the lowercase version is used; take one of the following steps:<br />
v Specify the configuration file to be used; see “Using the Configuration Tool” on<br />
page 50 for information on how to do this.<br />
v Delete file CTG.INI.<br />
If you have specified the configuration file, for example by setting the <strong>CICS</strong>CLI<br />
environment variable, the exact file name specified is used.<br />
User exits: change of file name<br />
The user exits are now lower case:<br />
Old name New name<br />
<strong>CICS</strong>EPIX cicsepix<br />
<strong>CICS</strong>EPIX cicsepix<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> first looks for a lower case exit, <strong>and</strong> then for an<br />
upper case exit. If the objects are not found, no exit processing occurs.<br />
<strong>Linux</strong> C++ applications<br />
Recompile any applications that have been compiled with GNU C/C++ compiler<br />
(gcc) 2.96 with a supported compiler; see “Supported software” on page 19 for<br />
supported compilers.<br />
Deprecated features<br />
The following features are deprecated:<br />
v Disabling the validation of units of work (Configuration Tool field “Validate<br />
Units of Work” on page 55.)<br />
182 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
v Disabling the validation of message qualifiers (Configuration Tool field<br />
“Validate message qualifiers” on page 55.)<br />
v Allowing Java Client applications to obtain generic replies (Configuration Tool<br />
field “Let Java Clients obtain generic ECI replies” on page 55.)<br />
v The H<strong>and</strong>ler wakeup timeout (ms) field in the Configuration Tool. This setting<br />
has been made redundant by the shutdown comm<strong>and</strong>s introduced with Version<br />
6. A value of 0 in the configuration file is changed to 1000 by the <strong>Gateway</strong><br />
daemon; all other values are maintained for backwards compatibility. The field<br />
has been removed from the Configuration Tool, <strong>and</strong> the Configuration Tool<br />
ignores this setting if it is present in the configuration file.<br />
Migration: support for resource adapters<br />
The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> supports communication with <strong>CICS</strong> TG resource<br />
adapters of the same level, or an earlier level. For example:<br />
v Using <strong>CICS</strong> TG V6.1 with resource adapters from V6.1, V6.0, <strong>and</strong> V5 is<br />
supported.<br />
v Using <strong>CICS</strong> TG V6.0 with V6.1 resource adapters is not supported.<br />
Do not mix the levels of <strong>CICS</strong> TG resource adapters deployed on a WebSphere<br />
Application Server node. For example, do not deploy a resource adapter from <strong>CICS</strong><br />
TG V6.1 to a node that has a V6.0 ECI or EPI resource adapter deployed. The<br />
resource adapter version is shown in file ra.xml, in the resource adapter.<br />
Migrating from <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> Version 4 <strong>and</strong> earlier<br />
Migration from Version 4 <strong>and</strong> earlier is not supported. Uninstall the earlier version<br />
before installing this version. The directory to which the product is installed will<br />
change; see “Installation path” on page viii for details.<br />
Chapter 14. Migration 183
184 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Chapter 15. Statistics introduction<br />
This information introduces the statistics that are available from the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>.<br />
Statistics can help with problem determination <strong>and</strong> capacity planning, <strong>and</strong> make it<br />
possible to gain a snapshot of the current activity within the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong>. The collection of statistics has an insignificant impact on performance,<br />
<strong>and</strong> statistics are always available.<br />
v Statistics can be collected by ctgadmin or the statistical API.<br />
v Statistics apply only to the <strong>Gateway</strong> daemon that they were collected from.<br />
v Statistical data is based on Java Client applications that run in remote mode; no<br />
data is collected from applications that run in local mode.<br />
Statistical resource groups<br />
Which statistics do I need?<br />
Every statistic belongs to a resource group. A resource group is a logical grouping of<br />
resources such as connection managers. It defines an area for which statistical data<br />
can be associated <strong>and</strong> retrieved.<br />
This topic classifies statistics into different categories, according to how they are<br />
most likely to be used. Some statistics appear in more than one category.<br />
Statistics for tuning <strong>and</strong> capacity planning<br />
These are some key statistics to look at when analyzing the performance of the<br />
<strong>CICS</strong> TG.<br />
It is recommended that a set of statistics is captured when the <strong>CICS</strong> TG is<br />
operating under a number of different operating conditions in order to best<br />
appreciate any changes that may subsequently take place <strong>and</strong> affect the<br />
performance of the system.<br />
CM_CALLOC<br />
The current number of connection manager threads allocated to Java clients.<br />
CM_CCURR<br />
The current number of connection manager threads created. If this value is<br />
greater than the configuration parameter initconnect, it signifies the peak<br />
number of remote clients connected at any one time. This value will not exceed<br />
the maximum number of connection managers defined in CM_SMAX.<br />
CM_CWAITING<br />
The current number of connection managers waiting for a worker thread to<br />
become available. This statistic shows the number of requests that are queuing<br />
in the <strong>Gateway</strong> daemon. It should usually be low or zero in a well-tuned<br />
<strong>Gateway</strong> daemon. If it is higher than expected, consider increasing the<br />
maxworker configuration parameter.<br />
CM_LTIMEOUTS<br />
The number of times that the <strong>Gateway</strong> daemon failed to allocate a connection<br />
manager to a Java client application. This statistic shows the number of<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 185
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
incoming connection requests that have been refused. It should usually be low<br />
or zero in a well-tuned <strong>Gateway</strong> daemon. If it is high, consider increasing the<br />
connecttimeout or maxconnect configuration parameters.<br />
CM_SMAX<br />
The maximum number of connection manager threads that can possibly be<br />
created <strong>and</strong> allocated by the <strong>Gateway</strong> daemon. It is defined by the<br />
configuration file parameter maxconnect. This value limits the number of Java<br />
clients that can be connected at any one time.<br />
WT_CALLOC<br />
The current number of worker threads that are being used by connection<br />
managers. Another way of viewing this is the number of worker threads<br />
processing requests. If this value is close to WT_SMAX, consider increasing the<br />
maxworker configuration parameter.<br />
WT_CCURR<br />
The current number of worker threads created. If this value is greater than the<br />
configuration parameter initworker, it signifies the peak number of parallel<br />
requests that have been in process at any one time. This value will not exceed<br />
the maximum number of worker threads defined in WT_SMAX.<br />
WT_LTIMEOUTS<br />
The number of times the <strong>Gateway</strong> daemon failed to allocate a worker thread to<br />
a connection manager. This number signifies that requests are timing out<br />
whilst queueing in the <strong>Gateway</strong> daemon. It should usually be low or zero in a<br />
well-tuned <strong>Gateway</strong> daemon. If it is higher than expected, consider increasing<br />
the maxworker or workertimeout configuration parameters.<br />
WT_SMAX<br />
The maximum number of parallel requests that the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
can process. It is defined by the configuration parameter maxworker.<br />
Statistics to diagnose system problems<br />
These are some key statistics to look at when diagnosing system problems.<br />
CM_LTIMEOUTS<br />
The number of times that the <strong>Gateway</strong> daemon failed to allocate a connection<br />
manager to a Java client application.<br />
WT_LTIMEOUTS<br />
The number of times the <strong>Gateway</strong> daemon failed to allocate a worker thread to<br />
a connection manager.<br />
Statistics on resource usage<br />
These are some key statistics to look at when considering the resources used by<br />
your system.<br />
CM_CALLOC<br />
The current number of connection manager threads allocated to Java clients.<br />
CM_CCURR<br />
The current number of connection manager threads created. If this value is<br />
greater than the configuration parameter initconnect, it signifies the peak<br />
number of remote clients connected at any one time. This value will not exceed<br />
the maximum number of connection managers defined in CM_SMAX.<br />
WT_CALLOC<br />
The current number of worker threads that are being used by connection<br />
186 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
managers. Another way of viewing this is the number of worker threads<br />
processing requests. If this value is close to WT_SMAX, consider increasing the<br />
maxworker configuration parameter.<br />
WT_CCURR<br />
The current number of worker threads created. If this value is greater than the<br />
configuration parameter initworker, it signifies the peak number of parallel<br />
requests that have been in process at any one time. This value will not exceed<br />
the maximum number of worker threads defined in WT_SMAX.<br />
Statistics for throughput analysis<br />
These are some key statistics to look at when considering transaction throughput<br />
through the <strong>Gateway</strong> daemon.<br />
GD_LALLREQ<br />
The number of API calls (ECI, EPI, ESI), <strong>and</strong> XA requests that have been<br />
processed. Failed <strong>and</strong> successful requests are included. Administrative requests<br />
<strong>and</strong> h<strong>and</strong>shakes are excluded.<br />
GD_LLUWTXNC<br />
The number of extended LUW based transactions that were committed. This<br />
statistic returns information about one-phase-commit transactions.<br />
GD_LLUWTXNR<br />
The number of extended LUW based transactions that were rolled back. This<br />
statistic returns information about one-phase-commit transactions.<br />
GD_LRUNTIME<br />
The length of time in seconds since the <strong>Gateway</strong> daemon successfully<br />
initialized.<br />
GD_LSYNCTXN<br />
The number of synconreturn-based transactions (synconreturn ECI requests)<br />
that were successfully completed.<br />
Setting up your system for statistics<br />
Displaying statistics<br />
This information describes how to configure your system to deal with requests for<br />
statistics.<br />
Run the Configuration Tool <strong>and</strong> navigate to the Resources tab of the <strong>Gateway</strong><br />
daemon node.<br />
1. Clear the Disabled check box.<br />
2. Optional: enter a value in the Statistics API port if the default setting is not<br />
suitable.<br />
3. Save the configuration file <strong>and</strong> then stop <strong>and</strong> restart the <strong>Gateway</strong> daemon.<br />
Related reference<br />
“Statistics API port” on page 57<br />
The Statistics API port allows the <strong>Gateway</strong> daemon to h<strong>and</strong>le incoming<br />
requests for the Statistics API.<br />
Use ctgadmin to display statistical information about the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong>.<br />
Chapter 15. Statistics introduction 187
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Use the statistical options listed at “Statistical options” on page 129 to display<br />
statistical information. Do not combine options.<br />
Enter a comm<strong>and</strong> like the following at the comm<strong>and</strong> line:<br />
ctgadmin -a stats options<br />
For example, to display all available statistics about the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>,<br />
enter the following comm<strong>and</strong>:<br />
ctgadmin -a stats -gs<br />
The comm<strong>and</strong> is not case-sensitive.<br />
Related reference<br />
“Statistical options” on page 129<br />
These options are available for use with the ctgadmin -a stats comm<strong>and</strong>.<br />
Displaying all available statistics<br />
Use ctgadmin together with the -gs option, to display all available statistical<br />
information about the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
Use the -gs option with no parameters, to display all available statistics.<br />
Enter the following comm<strong>and</strong>:<br />
ctgadmin -a stats -gs<br />
Selecting the statistics to display<br />
Use ctgadmin, together with the -gs option followed by a list of IDs, to display<br />
statistics for one or more statistical IDs <strong>and</strong> resource groups.<br />
Use the -gs option, followed by a list IDs for the statistics or resource groups.<br />
Separate each item in the list by a colon (:).<br />
For example, to display information about the worker thread resource group, the<br />
maximum number of connection managers, <strong>and</strong> the <strong>Gateway</strong> daemon resource<br />
group, enter the following comm<strong>and</strong>:<br />
ctgadmin -a stats -gs wt:cm_smax:gd<br />
Listing available resource groups<br />
Use ctgadmin, together with the -rg parameter, to list available resource groups.<br />
Use the -rg parameter, with no other options.<br />
To list available resource groups, enter the following comm<strong>and</strong>:<br />
ctgadmin -a stats -rg<br />
Listing all available statistical IDs<br />
Use ctgadmin, together with the -si parameter, to list available statistical IDs.<br />
To list all available statistical IDs, enter the following comm<strong>and</strong>:<br />
188 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
ctgadmin -a stats -si<br />
Listing statistical IDs for selected resource groups<br />
Use ctgadmin, together with the -si parameter followed by a list IDs, to list<br />
available statistical IDs.<br />
To list statistical IDs for one or more resource groups, use the -si parameter<br />
followed by a colon-separated list of resource groups. For example, to list statistical<br />
IDs for the connection manager <strong>and</strong> worker thread resource groups, enter the<br />
following comm<strong>and</strong>:<br />
ctgadmin -a stats -si cm:wt<br />
Getting help on statistics<br />
Use ctgadmin -a stats -? to get help on statistics.<br />
Resource groups<br />
Issue the following comm<strong>and</strong>:<br />
ctgadmin -a stats -?<br />
This information describes the resource groups that are available from the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>.<br />
A resource group is a logical grouping of resources such as connection managers. It<br />
defines an area for which statistical data can be associated <strong>and</strong> retrieved. Each<br />
resource group has these characteristics:<br />
ID A unique identifier for the resource group. The ID is used by ctgadmin <strong>and</strong> the<br />
statistical API to retrieve statistics, <strong>and</strong> is not case-sensitive.<br />
Name<br />
The name of the resource group, displayed when ctgadmin is used to display<br />
statistical information.<br />
Description<br />
A description of the resource group.<br />
These resource groups are defined:<br />
Table 7. Resource groups<br />
ID Name Description<br />
cm connection manager Statistics about connection manager threads.<br />
gd <strong>Gateway</strong> daemon Statistics on transaction counts, request counts, <strong>and</strong> <strong>Gateway</strong> status.<br />
ph protocol h<strong>and</strong>ler Statistics about protocol h<strong>and</strong>lers.<br />
wt worker thread Statistics about worker threads.<br />
List of statistics<br />
This information describes the statistics that are available from the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong>.<br />
Each statistic has the following characteristics:<br />
Chapter 15. Statistics introduction 189
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
ID A unique identifier for the statistic. The ID is used by ctgadmin <strong>and</strong> the<br />
statistical API to retrieve statistics, <strong>and</strong> is not case-sensitive. The structure of<br />
the ID is as follows:<br />
_<br />
Each part of the ID is m<strong>and</strong>atory; their characteristics are as follows:<br />
<br />
An alphanumeric string of one or more characters representing the<br />
resource group that the statistic belongs to.<br />
<br />
A single character; valid values are C, L, <strong>and</strong> S.<br />
C Current: the statistic is based on a current evaluation; the value<br />
is dynamic.<br />
L Lifetime: the statistic is based on observations since the<br />
<strong>Gateway</strong> daemon started; the value is dynamic. Each lifetime<br />
statistic has a default value which is set when the <strong>Gateway</strong><br />
daemon is initialized.<br />
S Startup: the statistic is based on a configuration setting for the<br />
<strong>Gateway</strong> daemon; the value is static.<br />
<br />
An alphanumeric string of one or more characters representing the<br />
resource that information is being returned about.<br />
Short description<br />
The short description is displayed when ctgadmin is used to display statistical<br />
information.<br />
Description<br />
A description of the information returned by the statistic.<br />
Value returned<br />
The type of information returned by the statistics:<br />
Integer<br />
The string value represents a 4-byte numeric value.<br />
Long The string value represents an 8-byte numeric value.<br />
String The string value represents character data.<br />
These statistics are defined:<br />
Connection manager statistics<br />
These statistics belong to the connection manager resource group.<br />
Table 8. Connection manager statistics<br />
ID Short description Description Value returned<br />
cm_calloc Currently allocated connection The current number of connection Integer<br />
managers<br />
manager threads allocated to Java<br />
clients.<br />
cm_ccurr Current number of connection The current number of connection Integer<br />
managers<br />
manager threads created.<br />
190 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Table 8. Connection manager statistics (continued)<br />
ID Short description Description Value returned<br />
cm_cwaiting Number of connection<br />
managers waiting<br />
cm_ltimeouts Number of times<br />
connecttimeout limit hit<br />
cm_sinit Initial number of connection<br />
managers<br />
cm_smax Maximum number of<br />
connection managers<br />
The current number of connection<br />
managers waiting for a worker thread<br />
to become available.<br />
The number of times that the <strong>Gateway</strong><br />
daemon failed to allocate a connection<br />
manager to a Java client application.<br />
The initial number of connection<br />
manager threads created by the<br />
<strong>Gateway</strong> daemon. It is defined by the<br />
configuration file parameter<br />
initconnect.<br />
The maximum number of connection<br />
manager threads that can possibly be<br />
created <strong>and</strong> allocated by the <strong>Gateway</strong><br />
daemon. It is defined by the<br />
configuration file parameter<br />
maxconnect.<br />
<strong>Gateway</strong> daemon statistics<br />
These statistics belong to the <strong>Gateway</strong> daemon resource group.<br />
Table 9. <strong>Gateway</strong> daemon statistics<br />
Integer<br />
Integer<br />
Integer<br />
Integer<br />
Note: A value<br />
of -1 indicates<br />
no limit.<br />
ID Short description Description Value returned<br />
gd_cstatus <strong>Gateway</strong> daemon status Returns the status of the <strong>Gateway</strong><br />
daemon. Status is one of the<br />
following: STARTING, RUNNING,<br />
SHUTTING DOWN.<br />
gd_lallreq Number of requests processed The number of API calls (ECI, EPI,<br />
ESI), <strong>and</strong> XA requests that have been<br />
processed. Failed <strong>and</strong> successful<br />
requests are included. Administrative<br />
requests <strong>and</strong> h<strong>and</strong>shakes are excluded.<br />
gd_lluwtxnc Extended LUW transactions<br />
committed<br />
gd_lluwtxnr Extended LUW transactions<br />
rolled back<br />
The number of extended LUW based<br />
transactions that were committed. This<br />
statistic returns information about<br />
one-phase-commit transactions.<br />
The number of extended LUW based<br />
transactions that were rolled back.<br />
This statistic returns information<br />
about one-phase-commit transactions.<br />
gd_lruntime <strong>Gateway</strong> daemon running time The length of time in seconds since<br />
the <strong>Gateway</strong> daemon successfully<br />
initialized.<br />
gd_lsynctxn Successful SYNCONRETURN<br />
transactions<br />
The number of synconreturn-based<br />
transactions (synconreturn ECI<br />
requests) that were successfully<br />
completed.<br />
gd_sver <strong>CICS</strong> TG version The version of the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong>.<br />
String<br />
Integer<br />
Integer<br />
Integer<br />
Long<br />
Integer<br />
String<br />
Chapter 15. Statistics introduction 191
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
Protocol h<strong>and</strong>ler statistics<br />
These statistics belong to the <strong>Gateway</strong> daemon resource group.<br />
Table 10. Protocol h<strong>and</strong>ler statistics<br />
ID Short description Description Value returned<br />
ph_sportssl SSL protocol h<strong>and</strong>ler port<br />
number<br />
ph_sporttcp TCP protocol h<strong>and</strong>ler port<br />
number<br />
The SSL protocol h<strong>and</strong>ler port<br />
number, or -1 if the protocol is not<br />
enabled.<br />
The TCP protocol h<strong>and</strong>ler port<br />
number, or -1 if the protocol is not<br />
enabled.<br />
Worker thread statistics<br />
These statistics belong to the worker thread resource group.<br />
Table 11. Worker thread statistics<br />
Integer<br />
Integer<br />
ID Short description Description Value returned<br />
wt_calloc Currently allocated worker<br />
threads<br />
wt_ccurr Current number of worker<br />
threads<br />
wt_ltimeouts Number of times<br />
workertimeout limit hit<br />
wt_ltimeouts Initial number of worker<br />
threads<br />
wt_smax Maximum number of worker<br />
threads<br />
192 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
The current number of worker threads<br />
that are being used by connection<br />
managers. Another way of viewing<br />
this is the number of worker threads<br />
processing requests.<br />
The current number of worker threads<br />
created.<br />
The number of times the <strong>Gateway</strong><br />
daemon failed to allocate a worker<br />
thread to a connection manager.<br />
The initial number of worker threads<br />
created by the <strong>Gateway</strong> daemon. It is<br />
defined by the configuration file<br />
parameter initworker.<br />
The maximum number of parallel<br />
requests that the <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> can process. It is defined by<br />
the configuration parameter<br />
maxworker.<br />
Integer<br />
Integer<br />
Integer<br />
Integer<br />
Integer<br />
Note: A value<br />
of -1 indicates<br />
no limit.
Appendix A. Data conversion when using the Client daemon<br />
<strong>and</strong> a <strong>CICS</strong> server<br />
Supported conversions<br />
The ECI <strong>and</strong> EPI allow non-<strong>CICS</strong> applications running in a client system to gain<br />
access to <strong>CICS</strong> facilities <strong>and</strong> data managed by a <strong>CICS</strong> server system.<br />
Character data may have to be converted as it is passed between client <strong>and</strong> server;<br />
for example data is encoded in ASCII on a client system <strong>and</strong> in EBCDIC on a <strong>CICS</strong><br />
mainframe server system. Data conversion is performed by the server system.<br />
The possible ASCII <strong>and</strong> EBCDIC encoding schemes are described in detail in<br />
SC09-2190, the Character Data Representation Architecture Reference <strong>and</strong> Registry<br />
(CRDA). In summary, each encoding scheme is identified by a Coded Character Set<br />
Identifier (CCSID) which defines a set of graphic characters <strong>and</strong> the Code Page<br />
Global Identifier (CPGID) which specifies the code points used to represent the<br />
graphic characters.<br />
The data managed by the server system may be accessed from several client<br />
systems each of which uses a different ASCII encoding scheme. To support such<br />
access, each client system must be able to supply a CCSID ’tag’ in order that the<br />
data is converted correctly.<br />
The method used to perform data conversion depends on the server platform. The<br />
range of data conversions supported also depends on the platform. The following<br />
information is taken from Communicating from <strong>CICS</strong> on System/390, <strong>and</strong> is provided<br />
as a guide; check the current copy of the book for full information. ASCII <strong>and</strong><br />
EBCDIC CCSIDs are assigned to geographic or linguistic groups.<br />
Data conversion is supported between ASCII <strong>and</strong> EBCDIC where both CCSIDs<br />
belong to the same group. The groups are:<br />
Arabic<br />
Baltic Rim<br />
Latvia, Lithuania<br />
Cyrillic<br />
Eastern Europe: Bulgaria, Russia, Yugoslavia<br />
Estonian<br />
Estonia<br />
Greek<br />
Greece<br />
Hebrew<br />
Israel<br />
Japanese<br />
Japan<br />
Korean<br />
Korea<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 193
Arabic<br />
Latin-1 <strong>and</strong> Latin-9<br />
USA, Western Europe, <strong>and</strong> many other countries<br />
Latin-2<br />
Eastern Europe: Albania, Czech Republic, Hungary, Pol<strong>and</strong>, Romania, Slovakia,<br />
Yugoslavia, Former Yugoslavia<br />
Latin-5<br />
Turkey<br />
Simplified Chinese<br />
People’s Republic of China<br />
Traditional Chinese<br />
Taiwan<br />
Vietnamese<br />
Vietnam<br />
The following tables list the CCSIDs supported for each group. For each CCSID,<br />
they show:<br />
v The value to be specified for the CLINTCP or SRVERCP keyword.<br />
v The code page identifier or identifiers (CPGIDs).<br />
v The current <strong>CICS</strong> on System/390 products that support the CCSID. Three levels<br />
of support are defined—“Base”, “T01”, <strong>and</strong> “T02”.<br />
Base<br />
Table 12. Arabic, Client CCSIDs<br />
– <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS<br />
– <strong>CICS</strong> <strong>Transaction</strong> Server for OS/390 (all releases)<br />
– <strong>CICS</strong>/ESA ®<br />
Version 4 Release 1<br />
– <strong>CICS</strong>/VSE<br />
– <strong>CICS</strong>/VSE Version 2 Release 3<br />
T01<br />
– <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS<br />
– <strong>CICS</strong> <strong>Transaction</strong> Server for OS/390 Release 3<br />
– <strong>CICS</strong> <strong>Transaction</strong> Server for OS/390 Release 1 or Release 2 plus APAR<br />
PQ19018<br />
– <strong>CICS</strong>/ESA Version 4 Release 1 plus APAR PQ18896<br />
– <strong>CICS</strong>/VSE<br />
– <strong>CICS</strong>/VSE Version 2 Release 3 plus APAR PQ19019<br />
T02<br />
– <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS<br />
CLINTCP in CCSID CPGID Comments<br />
864 Base 00864 00864 PC data: Arabic<br />
1089<br />
8859-6<br />
Base 01089 01089 ISO 8859-6: Arabic<br />
1256 T01 01256 01256 MS Windows: Arabic<br />
194 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Table 12. Arabic, Client CCSIDs (continued)<br />
CLINTCP in CCSID CPGID Comments<br />
5352 T02 05352 05352 MS Windows: Arabic, version 2 with euro<br />
17248 T02 17248 00864 PC Data: Arabic with euro<br />
Table 13. Arabic, Server CCSIDs<br />
SRVERCP in CCSID CPGID Comments<br />
420 Base 00420 00420 Host: Arabic<br />
16804 T02 16804 00420 Host: Arabic with euro<br />
Baltic Rim<br />
Table 14. Baltic Rim, Client CCSIDs<br />
Note: Data conversion does not change the direction of Arabic data.<br />
CLINTCP in CCSID CPGID Comments<br />
901 T02 00901 00901 PC data: Latvia, Lithuania; with euro<br />
921 T01 00921 00921 PC data: Latvia, Lithuania<br />
1257 T01 01257 01257 MS Windows: Baltic Rim<br />
5353 T02 05353 05353 MS Windows: Baltic Rim, version 2 with euro<br />
Table 15. Baltic Rim, Server CCSIDs<br />
SRVERCP in CCSID CPGID Comments<br />
1112 T01 01112 01112 Host: Latvia, Lithuania<br />
1156 T02 01156 01156 Host: Latvia, Lithuania; with euro<br />
Cyrillic<br />
Table 16. Cyrillic, Client CCSIDs<br />
CLINTCP in CCSID CPGID Comments<br />
808 T02 00808 00808 PC data: Cyrillic, Russia; with euro<br />
848 T02 00848 00848 PC data: Cyrillic, Ukraine; with euro<br />
849 T02 00849 00849 PC data: Cyrillic, Belarus; with euro<br />
855 Base 01235 00855 PC data: Cyrillic<br />
866 Base 00866 00866 PC data: Cyrillic, Russia<br />
872 T02 00872 00872 PC data: Cyrillic with euro<br />
915<br />
8859-5<br />
Base 00915 00915 ISO 8859-5: Cyrillic<br />
1124 T02 01124 01124 8-bit: Cyrillic, Belarus<br />
1125 T02 01125 01125 PC Data: Cyrillic, Ukraine<br />
1131 T02 01131 01131 PC Data: Cyrillic, Belarus<br />
1251 T01 01251 01251 MS Windows: Cyrillic<br />
5347 T02 05347 05347 MS Windows: Cyrillic, version 2 with euro<br />
Appendix A. Data conversion when using the Client daemon <strong>and</strong> a <strong>CICS</strong> server 195
Table 17. Cyrillic, Server CCSIDs<br />
SRVERCP in CCSID CPGID Comments<br />
1025 Base 01025 01025 Host: Cyrillic multilingual<br />
1123 T02 01123 01123 Host: Cyrillic Ukraine<br />
1154 T02 01154 01154 Host: Cyrillic multilingual; with euro<br />
1158 T02 01158 01158 Host: Cyrillic Ukraine; wtih euro<br />
Estonian<br />
Table 18. Estonian, Client CCSIDs<br />
CLINTCP in CCSID CPGID Comments<br />
902 T02 00902 00902 PC data: Estonia with euro<br />
922 T01 00922 00922 PC data: Estonia<br />
1257 T01 01257 01257 MS Windows: Baltic Rim<br />
5353 T02 05353 05353 MS Windows: Baltic Rim, version2 with euro<br />
Table 19. Estonian, Server CCSIDs<br />
SRVERCP in CCSID CPGID Comments<br />
1122 T01 01122 01122 Host: Estonia<br />
1157 T01 01157 01157 Host: Estonia with euro<br />
Greek<br />
Table 20. Greek, Client CCSIDs<br />
CLINTCP in CCSID CPGID Comments<br />
813<br />
8859-7<br />
Base 00813 00813 ISO 8859-7: Greece<br />
869 Base 00869 00869 PC data: Greece<br />
1253 T01 01253 01253 MS Windows: Greece<br />
4909 T02 04909 00813 ISO 8859-7: Greece with euro<br />
5349 T02 05349 01253 MS Windows: Greece, version 2 with euro<br />
9061 T02 09061 00869 PC Data: Greece with euro<br />
Table 21. Greek, Server CCSIDs<br />
SRVERCP in CCSID CPGID Comments<br />
875 Base 00875 00875 Host: Greece<br />
4971 T02 04971 00875 Host: Greece with euro<br />
Hebrew<br />
Table 22. Hebrew, Client CCSIDs<br />
CLINTCP in CCSID CPGID Comments<br />
856 Base 00856 00856 PC data: Hebrew<br />
196 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Table 22. Hebrew, Client CCSIDs (continued)<br />
CLINTCP in CCSID CPGID Comments<br />
862 T02 00862 00862 PC data: Hebrew (migration)<br />
867 T02 00867 00867 PC Data: Hebrew with euro<br />
916<br />
8859-8<br />
Base 00916 00916 ISO 8859-8: Hebrew<br />
1255 T01 01255 01255 MS Windows: Hebrew<br />
5351 T02 05351 05351 MS Windows: Hebrew, version 2 with euro<br />
Table 23. Hebrew, Server CCSIDs<br />
SRVERCP in CCSID CPGID Comments<br />
424 Base 00424 00424 Host: Hebrew<br />
803 T02 00803 00803 Host: Hebrew (Character Set A)<br />
4899 T02 04899 00803 Host: Hebrew (Character Set A) with euro<br />
12712 T02 12712 00424 Host: Hebrew with euro <strong>and</strong> new sheqel<br />
Japanese<br />
Table 24. Japanese, ASCII<br />
Note: Data conversion does not change the direction of Hebrew data.<br />
CLINTCP in CCSID CPGID Comments<br />
932 Base 00932 1. 00897<br />
2. 00301<br />
942 Base 00942 1. 01041<br />
2. 00301<br />
943 T01 00943 1. 00897<br />
2. 00941<br />
954<br />
EUCJP<br />
Base 00954 1. 00895<br />
2. 00952<br />
3. 00896<br />
4. 00953<br />
5050 T02 05050 1. 00895<br />
2. 00952<br />
3. 00896<br />
4. 00953<br />
Table 25. Japanese, EBCDIC<br />
SRVERCP CCSID CPGID Comments<br />
930 Base 00930 1. 00290<br />
2. 00300<br />
3. 00290<br />
4. 00300<br />
1. PC data: SBCS<br />
2. PC data: DBCS including 1880 user-defined<br />
characters<br />
1. PC data: Extended SBCS<br />
2. PC data: DBCS including 1880 user-defined<br />
characters<br />
1. PC data: SBCS<br />
2. PC data: DBCS for Open environment including<br />
1880 <strong>IBM</strong> user-defined characters<br />
1. G0: JIS X201 Roman<br />
2. G1: JIS X208-1990<br />
3. G1: JIS X201 Katakana<br />
4. G1: JIS X212<br />
1. G0: JIS X201 Roman<br />
2. G1: JIS X208-1990<br />
3. G1: JIS X201 Katakana<br />
4. G1: JIS X212<br />
1. Katakana Host: extended SBCS<br />
2. Kanji Host: DBCS including 4370 user-defined<br />
characters<br />
3. Katakana Host: extended SBCS<br />
4. Kanji Host: DBCS including 1880 user-defined<br />
characters<br />
Appendix A. Data conversion when using the Client daemon <strong>and</strong> a <strong>CICS</strong> server 197
Table 25. Japanese, EBCDIC (continued)<br />
SRVERCP CCSID CPGID Comments<br />
931 Base 00931 1. 00037<br />
2. 00300<br />
939 Base 00939 1. 01027<br />
2. 00300<br />
3. 01027<br />
4. 00300<br />
1390 T02 01390 1. 00290<br />
2. 00300<br />
1399 T02 01399 1. 01027<br />
2. 00300<br />
Korean<br />
Table 26. Korean, ASCII<br />
CLINTCP in CCSID CPGID Comments<br />
934 Base 00934 1. 00891<br />
2. 00926<br />
944 Base 00944 1. 01040<br />
2. 00926<br />
949 Base 00949 1. 01088<br />
2. 00951<br />
970<br />
EUCKR<br />
Base 00970 1. 00367<br />
2. 00971<br />
1363 T01 01363 1. 01126<br />
2. 01362<br />
Table 27. Korean, EBCDIC<br />
SRVERCP in CCSID CPGID Comments<br />
933 Base 00933 1. 00833<br />
2. 00834<br />
1364 T02 01364 1. 00833<br />
2. 00834<br />
198 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
1. Latin Host: SBCS<br />
2. Kanji Host: DBCS including 4370 user-defined<br />
characters<br />
1. Latin Host: extended SBCS<br />
2. Kanji Host: DBCS including 4370 user-defined<br />
characters<br />
3. Latin Host: extended SBCS<br />
4. Kanji Host: DBCS including 1880 user-defined<br />
characters<br />
1. Katakana Host: extended SBCS; with euro<br />
2. Kanji Host: DBCS including 6205 user-defined<br />
characters<br />
1. Latin Host: extended SBCS; with euro<br />
2. Kanji Host: DBCS including 4370 user-defined<br />
characters; with euro<br />
1. PC data: SBCS<br />
2. PC data: DBCS including 1880 user-defined<br />
characters<br />
1. PC data: Extended SBCS<br />
2. PC data: DBCS including 1880 user-defined<br />
characters<br />
1. <strong>IBM</strong> KS Code - PC data: SBCS<br />
2. <strong>IBM</strong> KS code - PC data: DBCS including 1880<br />
user-defined characters<br />
1. G0: ASCII<br />
2. G1: KSC X5601-1989 including 1880 user-defined<br />
characters<br />
1. PC data: MS Windows Korean SBCS<br />
2. PC data: MS Windows Koran DBCS including<br />
11172 full Hangul<br />
1. Host: Extended SBCS<br />
2. Host: DBCS including 1880 user-defined characters<br />
<strong>and</strong> 11172 full Hangul characters<br />
1. Host: Extended SBCS<br />
2. Host: DBCS including 1880 user-defined characters<br />
<strong>and</strong> 11172 full Hangul characters
Latin-1 <strong>and</strong> Latin-9<br />
Table 28. Latin-1, Client CCSIDs<br />
CLINTCP in CCSID CPGID Comments<br />
437 Base 00437 00437 PC data: PC Base; USA, many other countries<br />
819<br />
8859-1<br />
Base 00819 00819 ISO 8859-1: Latin-1 countries<br />
850 Base 00850 00850 PC data: Latin-1 countries<br />
858 T01 00858 00858 PC data: Latin-1 countries; with euro<br />
923 T01 00923 00923 ISO 8859-15: Latin-9<br />
924 T02 00924 00924 ISO 8859-15: Latin-9<br />
1047 T02 01047 01047 Host: Open Edition Latin-1<br />
1252 T01 01252 01252 MS Windows: Latin-1 countries<br />
5348 T01 05348 01252 MS Windows: Latin-1 countries, version 2 with euro<br />
Table 29. Latin-1 <strong>and</strong> Latin-9, Server CCSIDs<br />
SRVERCP in CCSID CPGID Comments<br />
037 Base 00037 00037 Host: USA, Canada (ESA), Netherl<strong>and</strong>s, Portugal,<br />
Brazil, Australia, New Zeal<strong>and</strong><br />
273 Base 00273 00273 Host: Austria, Germany<br />
277 Base 00277 00277 Host: Denmark, Norway<br />
278 Base 00278 00278 Host: Finl<strong>and</strong>, Sweden<br />
280 Base 00280 00280 Host: Italy<br />
284 Base 00284 00284 Host: Spain, Latin America (Spanish)<br />
285 Base 00285 00285 Host: United Kingdom<br />
297 Base 00297 00297 Host: France<br />
500 Base 00500 00500 Host: Belgium, Canada (AS/400 ® ), Switzerl<strong>and</strong>,<br />
International Latin-1<br />
871 Base 00871 00871 Host: Icel<strong>and</strong><br />
924 T01 00924 00924 Host: Latin-9<br />
1047 T01 01047 01047 Host: Open Edition Latin-1<br />
1140 T01 01140 01140 Host: USA, Canada (ESA), Netherl<strong>and</strong>s, Portugal,<br />
Brazil, Australia, New Zeal<strong>and</strong>; with euro<br />
1141 T01 01141 01141 Host: Austria, Germany; with euro<br />
1142 T01 01142 01142 Host: Denmark, Norway; with euro<br />
1143 T01 01143 01143 Host: Finl<strong>and</strong>, Sweden; with euro<br />
1144 T01 01144 01144 Host: Italy; with euro<br />
1145 T01 01145 01145 Host: Spain, Latin America (Spanish); with euro<br />
1146 T01 01146 01146 Host: United Kingdom; with euro<br />
1147 T01 01147 01147 Host: France; with euro<br />
1148 T01 01148 01148 Host: Belgium, Canada (AS/400), Switzerl<strong>and</strong>,<br />
International Latin-1; with euro<br />
1149 T01 01149 01149 Host: Icel<strong>and</strong>; with euro<br />
Appendix A. Data conversion when using the Client daemon <strong>and</strong> a <strong>CICS</strong> server 199
Latin-2<br />
Table 30. Latin-2, ASCII<br />
Note: Conversions are supported between non euro-supported CCSIDs <strong>and</strong><br />
euro-supported CCSIDs. These should be used with care because:<br />
v The international currency symbol in each non euro-supported EBCDIC<br />
CCSID (for example, 00500) has been replaced by the euro symbol in the<br />
equivalent euro-supported EBCDIC CCSID (for example, 01148).<br />
v The dotless i in non euro-supported ASCII CCSID 00850 has been<br />
replaced by the euro symbol in the equivalent euro-supported ASCII<br />
CCSID 00858.<br />
CLINTCP in CCSID CPGID Comments<br />
852 Base 00852 00852 PC data: Latin-2 multilingual<br />
912<br />
8859-2<br />
Base 00912 00912 ISO 8859-2: Latin-2 multilingual<br />
1250 T01 01250 01250 MS Windows: Latin-2<br />
5346 T02 05346 01250 MS Windows: Latin-2, version 2 with euro<br />
9044 T02 09044 00852 PC data: Latin-2 multilingual with euro<br />
Table 31. Latin-2, Server CCSIDs<br />
SRVERCP in CCSID CPGID Comments<br />
500 T02 00500 00500 Host: International Latin-1<br />
870 Base 00870 00870 Host: Latin-2 multilingual<br />
1148 T02 01148 01148 Host: International Latin-1 with euro<br />
1153 T02 01153 01153 Host: Latin-2 multilingual with euro<br />
Latin-5<br />
Table 32. Latin-5, Client CCSIDs<br />
Note: Conversions are supported for some combinations of Latin-2 ASCII CCSIDs<br />
<strong>and</strong> Latin-1 EBCDIC CCSIDs.<br />
CLINTCP in CCSID CPGID Comments<br />
857 Base 00857 00857 PC data: Latin-5 (Turkey)<br />
920<br />
8859-9<br />
Base 00920 00920 ISO 8859-9: Latin-5 (ECMA-128, Turkey TS-5881)<br />
1254 T01 01254 01254 MS Windows: Turkey<br />
5350 T02 05350 01254 MS Windows: Turkey, version 2 with euro<br />
9049 T02 09049 00857 PC data: Latin-5 (Turkey) with euro<br />
Table 33. Latin-5, Server CCSIDs<br />
SRVERCP in CCSID CPGID Comments<br />
1026 Base 01026 01026 Host: Latin-5 (Turkey)<br />
1155 T02 01155 01155 Host: Latin-5 (Turkey) with euro<br />
200 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Simplified Chinese<br />
Table 34. Simplified Chinese, ASCII<br />
CLINTCP in CCSID CPGID Comments<br />
946 Base 00946 1. 01042<br />
2. 00928<br />
1381 Base 01381 1. 01115<br />
2. 01380<br />
1383<br />
EUCCN<br />
T01 01383 1. 00367<br />
2. 01382<br />
1386 T01 01386 1. 01114<br />
2. 01385<br />
Table 35. Simplified Chinese, EBCDIC<br />
SRVERCP in CCSID CPGID Comments<br />
935 Base 00935 1. 00836<br />
2. 00837<br />
1388 T02 01388 1. 00836<br />
2. 00837<br />
9127 T02 09127 1. 00836<br />
2. 00837<br />
Traditional Chinese<br />
Table 36. Traditional Chinese, ASCII<br />
CLINTCP in CCSID CPGID Comments<br />
938 Base 00938 1. 00904<br />
2. 00927<br />
948 Base 00948 1. 01043<br />
2. 00927<br />
950<br />
BIG5<br />
964<br />
EUCTW<br />
Base 00950 1. 01114<br />
2. 00947<br />
Base 00964 1. 00367<br />
2. 00960<br />
3. 00961<br />
1370 T02 01370 1. 01114<br />
2. 00947<br />
1. PC data: Extended SBCS<br />
2. PC data: DBCS including 1880 user-defined<br />
characters<br />
1. PC data: Extended SBCS (<strong>IBM</strong> GB)<br />
2. PC data: DBCS (<strong>IBM</strong> GB) including 31<br />
<strong>IBM</strong>-selected, 1880 user-defined characters<br />
1. G0: ASCII<br />
2. G1: GB 2312-80 set<br />
1. PC data: S-Chinese GBK <strong>and</strong> T-Chinese <strong>IBM</strong> BIG-5<br />
2. PC data: S-Chinese GBK<br />
1. Host: Extended SBCS<br />
2. Host: DBCS including 1880 user-defined characters<br />
1. Host: Extended SBCS<br />
2. Host: DBCS including 1880 user-defined characters<br />
1. Host: Extended SBCS<br />
2. Host: DBCS including 1880 user-defined characters<br />
1. PC data: SBCS<br />
2. PC data: DBCS including 6204 user-defined<br />
characters<br />
1. PC data: Extended SBCS<br />
2. PC data: DBCS including 6204 user-defined<br />
characters<br />
1. PC data: SBCS (<strong>IBM</strong> BIG5)<br />
2. PC data: DBCS including 13493 CNS, 566 <strong>IBM</strong><br />
selected, 6204 user-defined characters<br />
1. G0: ASCII<br />
2. G1: CNS 11643 plane 1<br />
3. G1: CNS 11643 plane 2<br />
1. PC data: Extended SBCS; with euro<br />
2. PC data: DBCS including 6204 user-defined<br />
characters; with euro<br />
Appendix A. Data conversion when using the Client daemon <strong>and</strong> a <strong>CICS</strong> server 201
Table 37. Traditional Chinese, EBCDIC<br />
SRVERCP in CCSID CPGID Comments<br />
937 Base 00937 1. 00037<br />
2. 00835<br />
1371 T02 01371 1. 01159<br />
2. 00835<br />
Vietnamese<br />
Table 38. Vietnamese, Client CCSIDs<br />
CLINTCP in CCSID CPGID Comments<br />
1129 T02 01129 01129 ISO-8: Vietnamese<br />
1. Host: Extended SBCS<br />
2. Host: DBCS including 6204 user-defined characters<br />
1. Host: Extended SBCS; with euro<br />
2. Host: DBCS including 6204 user-defined characters;<br />
with euro<br />
1163 T02 01163 01163 ISO-8: Vietnamese with euro<br />
1258 T02 01258 01258 MS Windows: Vietnamese<br />
5354 T02 05354 01258 MS Windows: Vietnamese, version 2 with euro<br />
Table 39. Vietnamese, Server CCSIDs<br />
SRVERCP in CCSID CPGID Comments<br />
1130 T02 01130 01130 Host: Vietnamese<br />
1164 T02 01164 01164 Host: Vietnamese with euro<br />
Table 40. Unicode<br />
CLINTCP<br />
SRVERCP<br />
Unicode data<br />
<strong>CICS</strong> on System/390 provides limited support for Unicode-encoded character data.<br />
The support allows workstations to share UCS-2 or UTF-8 encoded data with the<br />
System/390 provided, that no conversion is required.<br />
in CCSID CPGID Comments<br />
1200 UCS-2 T01 01200 01400 UCS-2 level 3, maximal (growing) character set<br />
1208 UTF-8 T01 01200 01400 UTF-8 based on UCS-2 level 3, maximal (growing)<br />
character set<br />
13488 T01 13488 01400 UCS-2 level 1 (level 3 tolerant), subset (fixed) character<br />
set<br />
202 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Appendix B. Editing the configuration file ctg.ini<br />
ctg.ini: GATEWAY section<br />
A sample configuration file is supplied: /bin/ctgsamp.ini. To create<br />
a new configuration, copy this file to /bin/ctg.ini <strong>and</strong> edit the<br />
copy.<br />
The configuration file is a text file consisting of a number of sections. Each section<br />
starts with SECTION as the first entry on a line, <strong>and</strong> ends with ENDSECTION.<br />
This information maps entries in the configuration file to the corresponding fields<br />
in the Configuration Tool. For an explanation of the fields see the Configuration<br />
chapter in the <strong>Administration</strong> book.<br />
If you use the number sign (#) character to denote a comment, either:<br />
v place it at the start of a line; or<br />
v precede it by a space or tab character<br />
because some valid names (for example modename) can start with the # character.<br />
Some lines of the INI file are longer than 72 characters; take care when editing<br />
them.<br />
There must be one GATEWAY section. Entries correspond to fields in the <strong>Gateway</strong><br />
daemon settings panel of the Configuration Tool:<br />
Table 41. SECTION GATEWAY<br />
Entry in the INI file Configuration Tool field<br />
adminport “Port for local administration” on page 57<br />
closetimeout “Timeout for in-progress requests to complete (ms)” on<br />
page 56<br />
ecigenericreplies “Let Java Clients obtain generic ECI replies” on page 55.<br />
Set this to on to enable the field.<br />
statsport “Statistics API port” on page 57<br />
uowvalidation “Validate Units of Work” on page 55. Set this to on to<br />
enable the field.<br />
msgqualvalidation “Validate message qualifiers” on page 55. Set this to on<br />
to enable the field.<br />
connectionlogging “Log Java Client connections <strong>and</strong> disconnections” on<br />
page 58. Set this to on to enable the field.<br />
initconnect “Initial number of Connection Manager threads” on page<br />
53<br />
initworker “Initial number of Worker threads” on page 54<br />
log@error.dest “Error <strong>and</strong> warning log destination” on page 58. Set this<br />
to either console or file.<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 203
Table 41. SECTION GATEWAY (continued)<br />
Entry in the INI file Configuration Tool field<br />
log@error.parameters “Error log file name” on page 58, “Error log maximum<br />
size (KB)” on page 58 <strong>and</strong> “Maximum number of<br />
archived error log files” on page 58. These parameters<br />
are used if the destination is file; entries take the<br />
following form:<br />
log@error.parameters=filename=filename;<br />
filesize=filesize;<br />
maxfiles=number<br />
Parameter values can appear in any order separated by<br />
semi-colons (;).<br />
log@info.dest “Information log destination” on page 59. Set this to<br />
either console or file.<br />
log@info.parameters “Information log file name” on page 59, “Information log<br />
maximum size (KB)” on page 59 <strong>and</strong> “Maximum number<br />
of archived information log files” on page 59. These<br />
parameters are used if the destination is file; entries take<br />
the following form:<br />
log@error.parameters=filename=filename;<br />
filesize=filesize;<br />
maxfiles=number<br />
Parameter values can appear in any order separated by<br />
semi-colons (;).<br />
maxconnect “Maximum number of Connection Manager threads” on<br />
page 54. Enter the number, or -1 for unrestricted.<br />
maxworker “Maximum number of Worker threads” on page 54.<br />
Enter the number, or -1 for unrestricted.<br />
noinput “Enable reading input from console” on page 55. Set this<br />
to off to enable the field.<br />
nonames “Display TCP/IP hostnames” on page 57. Set this to off<br />
to enable the field.<br />
notime No equivalent field. Set this to on to disable timing<br />
information in messages.<br />
tfile “<strong>Gateway</strong> trace file” on page 80<br />
trace Equivalent to <strong>Gateway</strong> under “Trace Settings” on page<br />
79. Set this to on to enable <strong>Gateway</strong> trace, otherwise<br />
omit.<br />
workertimeout “Worker thread available timeout (ms)” on page 56<br />
tfilesize “<strong>Gateway</strong> trace file wrap size (KB)” on page 80<br />
Two lines are present in the configuration file for each protocol that is enabled.<br />
Protocol settings take this form:<br />
v The first line defines the protocol.<br />
v The second line defines the parameters.<br />
v Parameters are separated by a semicolon.<br />
v If you will use the Configuration Tool, do not split long lines. If you do not<br />
intend to use the Configuration Tool, you may split long lines by placing the<br />
backslash character (\) after a semicolon, as shown:<br />
204 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Table 42. TCP protocol<br />
protocol@tcp.parameters=connecttimeout=2000;\<br />
idletimeout=600000;<br />
Entries for each supported protocol follow.<br />
TCP protocol<br />
To enable the protocol, insert this line:<br />
protocol@tcp.h<strong>and</strong>ler=com.ibm.ctg.server.TCPH<strong>and</strong>ler<br />
Follow it with a line like this:<br />
protocol@tcp.parameters=bind=host.domain.org;connecttimeout=3;dropworking;\<br />
idletimeout=4;pingfrequency=5;port=1;requiresecurity;\<br />
solinger=6;<br />
Entries correspond to fields in the TCP settings panel:<br />
Entry in the INI file Configuration Tool field<br />
bind “Bind Address” on page 60<br />
connecttimeout “Connection timeout (ms)” on page 61<br />
dropworking “Drop working connections” on page 62. Include this to<br />
enable the field, otherwise omit.<br />
idletimeout “Idle timeout (ms)” on page 61<br />
pingfrequency “Ping time frequency (ms)” on page 61<br />
port “Port” on page 61<br />
requiresecurity “Require Java Clients to use security classes” on page 62.<br />
Include this to enable the field, otherwise omit.<br />
solinger “SO_LINGER setting” on page 62<br />
Table 43. SSL protocol<br />
SSL protocol<br />
To enable the protocol, insert this line:<br />
protocol@ssl.h<strong>and</strong>ler=com.ibm.ctg.server.SslH<strong>and</strong>ler<br />
Follow it with a line like this:<br />
protocol@ssl.parameters=clientauth=on;connecttimeout=9;\<br />
dropworking;idletimeout=10;keyring=Key ring or Keystore name;\<br />
keyringpw=a2V5cmluZyBvciBLZXlzdG9yZSBwYXNzd29yZA==;keyringpwscrambled=on;\<br />
pingfrequency=11;port=7;requiresecurity;solinger=12;\<br />
ciphersuites=SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA,\<br />
SSL_DH_anon_WITH_3DES_EDE_CBC_SHA;<br />
Entries correspond to fields in the SSL settings panel:<br />
Entry in the INI file Configuration Tool field<br />
ciphersuites “Use only these ciphers” on page 64. To restrict the<br />
cipher suites that can be used with the SSL protocol,<br />
enter a comma-separated list of cipher suites. To allow<br />
all available cipher suites to be used, omit the entry. Use<br />
of the value 128bitonly is deprecated.<br />
clientauth “Use client authentication” on page 63. Set this to on to<br />
use client authentication, otherwise omit.<br />
Appendix B. Editing the configuration file ctg.ini 205
|<br />
Table 43. SSL protocol (continued)<br />
Entry in the INI file Configuration Tool field<br />
connecttimeout “Connection timeout (ms)” on page 61<br />
dropworking “Drop working connections” on page 62. Include this to<br />
enable the field, otherwise omit.<br />
idletimeout “Idle timeout (ms)” on page 61<br />
keyring “Key ring file” on page 63<br />
keyringpw “Key ring password” on page 64. To encrypt this entry:<br />
1. Ensure that keyringpwscrambled is set to on.<br />
2. Save the configuration file.<br />
3. Open <strong>and</strong> then save the file in the Configuration<br />
Tool.<br />
keyringpwscrambled No equivalent entry. Set this to on to scramble the “Key<br />
ring password” on page 64.<br />
pingfrequency “Ping time frequency (ms)” on page 61<br />
port “Port” on page 61<br />
requiresecurity “Require Java Clients to use security classes” on page 62.<br />
Include this to enable the field, otherwise omit.<br />
solinger “SO_LINGER setting” on page 62<br />
ctg.ini: CLIENT section<br />
Table 44. SECTION CLIENT<br />
There must be one CLIENT section. Entries correspond to fields in the Client<br />
Configuration <strong>and</strong> Trace settings panels of the Configuration Tool. The section<br />
name also stores the value entered in the “Application ID” on page 65 field of the<br />
Configuration Tool.<br />
Entry in the INI file Configuration Tool field<br />
SECTION CLIENT “Application ID” on page 65<br />
CCSID “Code page identifier override” on page 68<br />
CPNAME “Fully qualified CP name or template” on page 76<br />
(under Common TCP62 settings)<br />
CPIPADDRESSMASK “IP address mask for CP name (optional)” on page 77<br />
(under Common TCP62 settings)<br />
DOMAINNAMESUFFIX “AnyNet domain name suffix” on page 77 (under<br />
Common TCP62 settings)<br />
LOGFILE “Error <strong>and</strong> warning log file” on page 68<br />
LOGFILEINFO “Information log file” on page 69<br />
TCP62PORT “TCP62 port” on page 77 (under Common TCP62<br />
settings)<br />
MAXBUFFERSIZE “Maximum buffer size” on page 66<br />
MAXREQUESTS “Maximum requests” on page 66<br />
MAXSERVERS “Maximum servers” on page 66<br />
MAXWRAPSIZE “Client trace file wrap size (KB)” on page 81<br />
PRINTCOMMAND “Print comm<strong>and</strong>” on page 67<br />
206 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
Table 44. SECTION CLIENT (continued)<br />
Entry in the INI file Configuration Tool field<br />
PRINTFILE “Print file” on page 67<br />
REMOTENODEINACTIVITYPOLLINTERVAL “Remote node inactivity poll interval (s)” on page 78<br />
(under Common TCP62 settings)<br />
SRVRETRYINTERVAL “Server retry interval” on page 68<br />
TERMINALEXIT “Terminal exit” on page 66<br />
TERMINSTLOGGING “Log terminal installations <strong>and</strong> deinstallations” on page<br />
68<br />
TRACEFILE “Client trace file” on page 80<br />
TRACE A comma-separated list of components to trace, as<br />
entered on the “Trace Settings” on page 79 panel.<br />
Possible entries are as follows:<br />
ALL Trace everything<br />
API Client API level 1<br />
API.2 Client API level 2 (also traces level 1)<br />
TRN Transport layer<br />
DRV Protocol drivers level 1<br />
DRV.2 Protocol drivers level 2 (also traces level 1)<br />
CLI <strong>CICS</strong>CLI comm<strong>and</strong> line<br />
CCL Client daemon<br />
EMU <strong>CICS</strong>TERM <strong>and</strong> <strong>CICS</strong>PRINT<br />
CPP CPP classes<br />
ctg.ini: SERVER section<br />
Table 45. SECTION SERVER<br />
This section defines a server to which the Client daemon may connect. There may<br />
be more than one SERVER section. The first server listed is the default. The section<br />
name also stores the value entered in the Server name field of the Configuration<br />
Tool.<br />
Entry in the INI file Configuration Tool field<br />
SECTION SERVER “Server name” on page 71<br />
DESCRIPTION “Description” on page 71<br />
INITIALTRANSID “Initial transaction” on page 71<br />
MODELTERM “Model terminal definition” on page 71<br />
UPPERCASESECURITY “Use upper case security” on page 72. Set to Y to enable,<br />
otherwise set to N.<br />
PROTOCOL Network protocol. Valid entries are SNA (AIX <strong>and</strong> <strong>Linux</strong><br />
on zSeries operating systems only), TCP62, TCPIP. The<br />
Network protocol must correspond to an entry in the<br />
DRIVER section; see “ctg.ini: DRIVER section” on page<br />
208.<br />
Other entries in this section depend upon the protocol selected.<br />
Appendix B. Editing the configuration file ctg.ini 207
Table 46. SECTION SERVER: additional entries for the TCP protocol<br />
Entry in the INI file Configuration Tool field<br />
NETNAME “Hostname or IP address” on page 72<br />
PORT “Port” on page 73<br />
CONNECTTIMEOUT “Connection timeout” on page 73<br />
SRVIDLETIMEOUT “Server idle timeout (mins)” on page 72<br />
TCPKEEPALIVE “Send TCP/IP KeepAlive packets” on page 73. Set to Y<br />
to enable, otherwise set to N.<br />
Table 47. SECTION SERVER: additional entries for the TCP62 protocol<br />
Entry in the INI file Configuration Tool field<br />
LOCALLUNAME “Local LU name or template” on page 74<br />
LUIPADDRESSMASK “IP address mask for LU name template (optional)” on<br />
page 75<br />
SNAMAXRUSIZE “Maximum SNA RU size” on page 78<br />
SNASESSIONLIMIT “Maximum logical SNA sessions” on page 78<br />
MODENAME “Mode name” on page 76<br />
SNAPACINGSIZE “SNA pacing size” on page 78<br />
NETNAME “Partner LU name” on page 74<br />
Note:<br />
1. Entries corresponding to the Common TCP62 settings panel on the<br />
Configuration Tool are stored in the CLIENT section of the INI file; see<br />
“ctg.ini: CLIENT section” on page 206<br />
2. When configuring a TCP62 <strong>CICS</strong> server, you must also update the local<br />
“Hosts file” on page 74; see the Configuration chapter in the<br />
<strong>Administration</strong> book for details.<br />
Table 48. SECTION SERVER: additional entries for the SNA protocol<br />
Entry in the INI file Configuration Tool field<br />
LOCALLUNAME “Local LU name” on page 74<br />
MODENAME “Mode name” on page 76<br />
NETNAME “Partner LU name” on page 74<br />
SRVIDLETIMEOUT “Server idle timeout (mins)” on page 72<br />
ctg.ini: DRIVER section<br />
This section defines a communications protocol library used to communicate with<br />
a server. There should be one DRIVER section for each Network protocol used<br />
with your servers; see “ctg.ini: SERVER section” on page 207. Entries take the<br />
following form:<br />
SECTION DRIVER=<br />
DRIVERNAME=<br />
ENDSECTION<br />
208 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Table 49. DRIVER section<br />
Valid entries for Corresponding <br />
SNA CCL<strong>IBM</strong>SN<br />
TCP62 CCLTCP62<br />
TCPIP CCL<strong>IBM</strong>IP<br />
The DRIVER section has no corresponding section in the Configuration Tool. The<br />
Configuration Tool automatically selects the correct protocol drivers.<br />
Appendix B. Editing the configuration file ctg.ini 209
210 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
The product library <strong>and</strong> related literature<br />
This information lists books on the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>, <strong>and</strong> related topics.<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> books<br />
v <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Windows <strong>Administration</strong>, SC34-6371<br />
This book describes the administration of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> for<br />
Windows.<br />
v <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>, SC34-6372<br />
This book describes the administration of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> for<br />
<strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong>.<br />
v <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: z/OS <strong>Administration</strong>, SC34-6672<br />
This book describes the administration of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> for<br />
z/OS.<br />
v <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Messages, SC34-6675<br />
This online book lists <strong>and</strong> explains the error messages that can be generated by<br />
the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
v <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming Reference, SC34-6674<br />
This book provides information on the APIs of the programming languages<br />
supported by the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
Additional HTML pages contain JAVA programming reference information.<br />
v <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: Programming Guide, SC34-6673<br />
This introduction to programming for the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> provides<br />
the information that you need to allow user applications to use <strong>CICS</strong> facilities in<br />
a client/server environment.<br />
Sample configuration documents<br />
Redbooks<br />
Several sample configuration documents are available in portable document format<br />
(PDF). These documents give step-by-step guidance for configuring <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> for communication with <strong>CICS</strong> servers, using various<br />
protocols. They provide detailed instructions that extend the information in the<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> library.<br />
Visit the following Web site:<br />
www.ibm.com/software/cics/ctg<br />
<strong>and</strong> follow the Library link.<br />
The following International Technical Support Organization (ITSO) Redbook<br />
publication contains many examples of client/server configurations:<br />
v <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> V5 - The WebSphere Connector for <strong>CICS</strong>, SG24-6133<br />
v Revealed! Architecting Web Access to <strong>CICS</strong>, SG24-5466<br />
v Enterprise JavaBeans <br />
for z/OS <strong>and</strong> OS/390 <strong>CICS</strong> <strong>Transaction</strong> Server V2.2, SG24-6284<br />
v Java Connectors for <strong>CICS</strong>: Featuring the J2EE Connector Architecture, SG24-6401.<br />
This book provides information on developing J2EE applications.<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 211
Other Useful Books<br />
v Systems Programmer’s Guide to Resource Recovery Services (RRS), SG24-6980-00.<br />
This book provides information on using RRS in various scenarios.<br />
v Communications Server for z/OS V1R2 TCP/IP Implementation Guide, SG24-6517-00.<br />
This book provides information on using Communications Server for z/OS<br />
V1R2, including load balancing.<br />
v Redpaper: <strong>Transaction</strong>s in J2EE, REDP-3659-00. This redpaper provides a<br />
discussion of transactions in the J2EE environment, including one- <strong>and</strong> XA<br />
transactions.<br />
You can obtain ITSO Redbooks <br />
from a number of sources. For the latest<br />
information, see:<br />
www.ibm.com/redbooks/<br />
<strong>CICS</strong> <strong>Transaction</strong> Server publications<br />
<strong>CICS</strong> <strong>Transaction</strong> Server for z/OS RACF Security Guide, SC34-6249<br />
<strong>CICS</strong> interproduct communication<br />
The following books describe the intercommunication facilities of the <strong>CICS</strong> server<br />
products:<br />
v <strong>CICS</strong> Family: Interproduct Communication, SC34-6267<br />
v <strong>CICS</strong> <strong>Transaction</strong> Server for Windows V5.0 Intercommunication, SC34-6209<br />
v <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS <strong>CICS</strong> External Interfaces Guide, SC34-6449<br />
v <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS: Intercommunication Guide, SC34-6448<br />
v <strong>CICS</strong>/VSE 2.3: Intercommunication Guide, SC33-0701<br />
v <strong>CICS</strong> <strong>Transaction</strong> Server for iSeries V5R2: Intercommunication, SC41-5456<br />
v TXSeries 5.1: <strong>CICS</strong> Intercommunication Guide, SC09-4462<br />
The first book above is a <strong>CICS</strong> family book containing a platform-independent<br />
overview of <strong>CICS</strong> interproduct communication.<br />
<strong>CICS</strong> problem determination books<br />
The following books describe the problem determination facilities of the <strong>CICS</strong><br />
server products:<br />
v <strong>Transaction</strong> Server for Windows V5.0: Problem Determination, GC34-6210<br />
v <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS V3.1 <strong>CICS</strong> Problem Determination Guide,<br />
SC34-6441<br />
v <strong>CICS</strong>/VSE 2.3 Problem Determination Guide, SC33-0716<br />
v <strong>CICS</strong> <strong>Transaction</strong> Server for iSeries V5R2: Problem Determination, SC41-5453<br />
v TXSeries V5.1: <strong>CICS</strong> Problem Determination Guide, SC09-4465<br />
You can find information on <strong>CICS</strong> products at the following Web site:<br />
www.ibm.com/software/cics/ctg<br />
212 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
APPC-related publications<br />
<strong>IBM</strong> products<br />
<strong>IBM</strong> Communications Server<br />
See this Web page:<br />
www.ibm.com/software/network/commserver/library<br />
<strong>IBM</strong> Personal Communications<br />
See this Web page:<br />
www.ibm.com/software/network/pcomm/library<br />
Systems Network Architecture (SNA)<br />
v SNA Formats, GA27-3136<br />
v Systems Network Architecture Technical Overview, GC30-3073<br />
v Guide to SNA over TCP/IP, SC31-6527<br />
TCP62–related publications<br />
Multiprotocol Transport Networking (MPTN) Architecture: Technical Overview,<br />
GC31–7073<br />
Obtaining books from <strong>IBM</strong><br />
Multiprotocol Transport Networking (MPTN) Architecture: Formats, GC31–7074<br />
For information on books you can download, visit our Web site at:<br />
www.ibm.com/software/cics/ctg<br />
<strong>and</strong> follow the Library link.<br />
The product library <strong>and</strong> related literature 213
214 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Accessibility features for <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong><br />
Installation<br />
Documentation<br />
Accessibility features help users who have a physical disability, such as restricted<br />
mobility or limited vision, to use information technology products successfully. The<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> supports keyboard-only operation. Topics on the<br />
following pages give details of accessibility features.<br />
Visit the <strong>IBM</strong> Accessibility Center for more information about <strong>IBM</strong>’s commitment<br />
to accessibility.<br />
The InstallShield wizard is not fully accessible to screen readers. An alternative is<br />
to use the -console option; see “Installing from the console” on page 30.<br />
See the Eclipse information center for an HTML version of the documentation.<br />
Configuration Tool accessibility<br />
See Appendix B, “Editing the configuration file ctg.ini,” on page 203 for<br />
information on how to configure the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> by editing the<br />
configuration file. This is the recommended way if you use a screen reader.<br />
The configuration file uses the number sign (#) character to denote a comment;<br />
consider configuring your screen reader accordingly.<br />
Components<br />
Each component in the Configuration Tool has a name <strong>and</strong> description for screen<br />
readers.<br />
Keys<br />
You can use the following keys to operate the Configuration Tool:<br />
Alt, Space<br />
Press <strong>and</strong> release the Alt key, then press Space, to open the window menu.<br />
This allows you to move, size, maximize or minimize the window.<br />
Ctrl+key<br />
Certain actions have shortcuts assigned to them. Hold down the Ctrl key <strong>and</strong><br />
type the letter to do the action.<br />
Action Ctrl+key<br />
Activate a link. Spacebar<br />
Copy the selected value C except in the following locales:<br />
Locale Key<br />
German<br />
K<br />
Turkish<br />
P<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 215
Action Ctrl+key<br />
Create a new configuration N<br />
Create a new server definition W except in the following locales:<br />
Locale Key<br />
German<br />
N<br />
Italian V<br />
Spanish<br />
V<br />
Turkish<br />
S<br />
Cut the selected value U except in the following locales:<br />
Cycle between the navigation panel, objects on the settings panel,<br />
<strong>and</strong> the buttons<br />
Next link or other focusable object T<br />
Locale Key<br />
Italian G<br />
Spanish<br />
O<br />
Turkish<br />
E<br />
Use this key combination on panels that contain<br />
a table. Otherwise use Tab.<br />
Open an existing configuration O except in the following locales:<br />
Locale Key<br />
German<br />
F<br />
Italian A<br />
Spanish<br />
B<br />
Turkish<br />
A<br />
Paste P except in the following locales:<br />
Locale Key<br />
French L<br />
German<br />
F<br />
Italian I<br />
Turkish<br />
P<br />
Previous link or other focusable object Shift+T<br />
Save the current configuration S except in the following locales:<br />
216 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
Locale Key<br />
Spanish<br />
G<br />
Italian L
Action Ctrl+key<br />
Scroll left Page Up<br />
Scroll right Page Down<br />
Arrows (left <strong>and</strong> right)<br />
1. (Applies if the menus are active.) Move to a different menu.<br />
2. (Applies if the buttons are active.) Cycle through the buttons.<br />
3. (Applies if the navigation panel is active.) If a node contains subnodes, the<br />
left arrow collapses the node, the right arrow exp<strong>and</strong>s it. If a node cannot<br />
be exp<strong>and</strong>ed further, pressing the right arrow moves down to the next<br />
node. If a subnode is selected, pressing the left arrow moves to the parent<br />
node.<br />
Arrows (up <strong>and</strong> down)<br />
1. (Applies if the navigation panel is active.) Move up <strong>and</strong> down through the<br />
navigation panel.<br />
2. (Applies if the buttons are active.) Cycle through the buttons.<br />
3. (Applies if the Authorized Hosts list box is active.) Move through the<br />
entries in the list. If only one entry is in the list, press the Home key to<br />
select it.<br />
Escape<br />
Closes the menu.<br />
F2 Select <strong>and</strong> change an editable number field in a table.<br />
F6 (Applies if the navigation panel or the settings panel is active.) Toggles<br />
between the navigation panel <strong>and</strong> the settings panel.<br />
F8 (Applies if the navigation panel or the settings panel is active.) Allows you to<br />
gain control of the split between the navigation panel <strong>and</strong> settings panel areas.<br />
After pressing F8, use the arrow keys to move the split:<br />
v Press the left arrow key to move the split left (decrease the width of the<br />
navigation panel, increase the width of the settings panel).<br />
v Press the right arrow key to move the split right (increase the width of the<br />
navigation panel, decrease the width of the settings panel).<br />
F10<br />
Opens the file menu.<br />
Home<br />
Selects the first entry in the Authorized Hosts list box.<br />
Page Up<br />
Scroll up.<br />
Page Down<br />
Scroll down.<br />
Scroll bars<br />
You cannot use the keyboard to control scroll bars in the navigation panel. Use<br />
the up <strong>and</strong> down arrow keys to navigate the tree; settings for the selected item<br />
are shown in the settings panel.<br />
Shift+Tab<br />
If the cursor is on a field in the settings panel other than the first field, moves<br />
backwards through the fields. Otherwise, toggles between the navigation panel<br />
<strong>and</strong> the settings panel.<br />
Accessibility features for <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> 217
cicsterm<br />
Space<br />
1. Activates a button.<br />
2. Selects a check box.<br />
3. Selects a node in the tree.<br />
Tab<br />
Cycles through the tree, fields in the settings panel, <strong>and</strong> the buttons.<br />
Customizing colors <strong>and</strong> fonts<br />
Use the Settings option on the menu to change colors <strong>and</strong> fonts.<br />
Fields that contain errors are displayed by default in the font warning color,<br />
preceded by an asterisk. Use the Settings->Font option on the menu to change the<br />
warning color.<br />
Although cicsterm is accessible, it relies on the application that is being processed<br />
to define an accessible 3270 screen. Keyboard mapping depends on the terminal<br />
type that you are using; see “Keyboard mapping in cicsterm” on page 145 for<br />
details.<br />
The bottom row of cicsterm contains status information. The following list shows<br />
this information, as it appears from left to right:<br />
Status For example, 1B is displayed while cicsterm is connecting to a server.<br />
Displayed at columns 1 – 3.<br />
Terminal name<br />
Also referred to as LU Name. Columns 4 – 7.<br />
Action<br />
For example, X-System, indicating that you cannot enter text in the<br />
terminal window because cicsterm is waiting for a response from the<br />
server. Columns 9 – 16.<br />
Error number<br />
Errors in the form CCLNNNN, relating to the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
Columns 17 – 24.<br />
Server name<br />
The server to which cicsterm is connected. Columns 27 – 35.<br />
Upper case<br />
An up arrow is displayed when the Shift key is pressed. Column 42.<br />
Caps Lock<br />
A capital A is displayed when Caps Lock is on. Column 43.<br />
Insert on<br />
The caret symbol (^) is displayed if text will be inserted, rather than<br />
overwriting existing text. If you have difficulty seeing the caret, change the<br />
font face <strong>and</strong> size, or use a screen magnifier to increase the size of the<br />
status line. Column 52.<br />
Cursor position<br />
The cursor position, in the form ROW/COLUMN, where ROW is a<br />
two-digit number, <strong>and</strong> COLUMN a three-digit number. The top left of the<br />
screen is 01/001. Column 75–80.<br />
218 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Note: You might need to change the default behavior of your screen<br />
reader if it reads only the last digit of the cursor position. Customize<br />
your screen reader to specify that columns 75–80 of the status row<br />
are to be treated as one field. This will cause the full area to be read<br />
when any digit changes.<br />
Accessibility features for <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> 219
220 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Glossary<br />
This glossary defines special terms used in the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> library.<br />
3270 emulation<br />
The use of software that enables a client to emulate an <strong>IBM</strong> 3270 display<br />
station or printer, <strong>and</strong> to use the functions of an <strong>IBM</strong> host system.<br />
abnormal end of task (abend)<br />
The termination of a task, job, or subsystem because of an error condition<br />
that recovery facilities cannot resolve.<br />
Advanced program-to-program communication (APPC)<br />
An implementation of the SNA/SDLC LU 6.2 protocol that allows<br />
interconnected systems to communicate <strong>and</strong> share the processing of<br />
programs. The Client daemon uses APPC to communicate with <strong>CICS</strong><br />
server systems.<br />
APAR See Authorized program analysis report.<br />
API Application programming interface.<br />
applet A small application program that performs a specific task <strong>and</strong> is usually<br />
portable between operating systems. Often written in Java, applets can be<br />
downloaded from the Internet <strong>and</strong> run in a Web browser.e<br />
application identifier<br />
The name by which a logical unit is known in a VTAM network. The <strong>CICS</strong><br />
applid is specified in the APPLID system initialization parameter.<br />
application programming interface (API)<br />
A functional interface that allows an application program that is written in<br />
a high-level language to use specific data or functions of the operating<br />
system or another program.<br />
applid See application identifier.<br />
ARM See automatic restart management.<br />
Authorized program analysis report (APAR)<br />
A request for correction of a defect in a current release of an <strong>IBM</strong>-supplied<br />
program.<br />
ATI See automatic transaction initiation.<br />
attach In SNA, the request unit that flows on a session to initiate a conversation.<br />
Attach Manager<br />
The component of APPC that matches attaches received from remote<br />
computers to accepts issued by local programs.<br />
autoinstall<br />
A method of creating <strong>and</strong> installing resources dynamically as terminals log<br />
on, <strong>and</strong> deleting them at logoff.<br />
automatic restart manager<br />
A z/OS recovery function that can improve the availability of specific<br />
batch jobs or started tasks, <strong>and</strong> therefore result in faster resumption of<br />
productive work. Acronym: ARM.<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 221
automatic transaction initiation (ATI)<br />
The initiation of a <strong>CICS</strong> transaction by an internally generated request, for<br />
example, the issue of an EXEC <strong>CICS</strong> START comm<strong>and</strong> or the reaching of a<br />
transient data trigger level. <strong>CICS</strong> resource definition can associate a trigger<br />
level <strong>and</strong> a transaction with a transient data destination. When the number<br />
of records written to the destination reaches the trigger level, the specified<br />
transaction is automatically initiated.<br />
bean A definition or instance of a JavaBeans component. See also JavaBeans.<br />
bean-managed transaction<br />
A transaction where the J2EE bean itself is responsible for administering<br />
transaction tasks such as committal or rollback. See also container-managed<br />
transaction.<br />
BIND comm<strong>and</strong><br />
In SNA, a request to activate a session between two logical units (LUs).<br />
business logic<br />
The part of a distributed application that is concerned with the application<br />
logic rather than the user interface of the application. Compare with<br />
presentation logic.<br />
CA See certificate authority.<br />
callback<br />
A way for one thread to notify another application thread that an event<br />
has happened.<br />
certificate authority<br />
In computer security, an organization that issues certificates. The certificate<br />
authority authenticates the certificate owner’s identity <strong>and</strong> the services that<br />
the owner is authorized to use. It issues new certificates <strong>and</strong> revokes<br />
certificates from users who are no longer authorized to use them.<br />
change-number-of-sessions (CNOS)<br />
An internal transaction program that regulates the number of parallel<br />
sessions between the partner LUs with specific characteristics.<br />
<strong>CICS</strong> on System/390<br />
A generic reference to the products <strong>CICS</strong> <strong>Transaction</strong> Server for z/OS,<br />
<strong>CICS</strong> for MVS/ESA , <strong>CICS</strong> <strong>Transaction</strong> Server for VSE/ESA, <strong>and</strong><br />
<strong>CICS</strong>/VSE.<br />
class In object-oriented programming, a model or template that can be<br />
instantiated to create objects with a common definition <strong>and</strong> therefore,<br />
common properties, operations, <strong>and</strong> behavior. An object is an instance of a<br />
class.<br />
classpath<br />
In the execution environment, an environment variable keyword that<br />
specifies the directories in which to look for class <strong>and</strong> resource files.<br />
Client API<br />
This is the interface used by Client applications to invoke services in <strong>CICS</strong><br />
using the facilities of the Client daemon. See External Call Interface,<br />
External Presentation Interface <strong>and</strong> External Security Interface.<br />
Client application<br />
A user application written in a supported programming language, other<br />
than Java, that uses the Client API.<br />
222 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Client daemon<br />
The Client daemon, process cclclnt, exists only on <strong>UNIX</strong>, Windows <strong>and</strong><br />
<strong>Linux</strong>. It manages network connections to <strong>CICS</strong> servers. It processes ECI,<br />
EPI, <strong>and</strong> ESI requests, sending <strong>and</strong> receiving the appropriate flows from<br />
the <strong>CICS</strong> server to satisfy the application requests. It uses the CLIENT<br />
section of ctg.ini for its configuration.<br />
client/server<br />
Pertaining to the model of interaction in distributed data processing in<br />
which a program on one computer sends a request to a program on<br />
another computer <strong>and</strong> awaits a response. The requesting program is called<br />
a client; the answering program is called a server.<br />
CNOS See Change-Number-of-Sessions.<br />
code page<br />
An assignment of hexadecimal identifiers (code points) to graphic<br />
characters. Within a given code page, a code point can have only one<br />
meaning.<br />
color mapping file<br />
A file that is used to customize the 3270 screen color attributes on client<br />
workstations.<br />
commit phase<br />
The second phase in a XA process. If all participants acknowledge that<br />
they are prepared to commit , the transaction manager issues the commit<br />
request. If any participant is not prepared to commit the transaction<br />
manager issues a back-out request to all participants.<br />
communication area (COMMAREA)<br />
A communication area that is used for passing data both between<br />
programs within a transaction <strong>and</strong> between transactions.<br />
configuration file<br />
A file that specifies the characteristics of a program, system device, server<br />
or network.<br />
connection<br />
In data communication, an association established between functional units<br />
for conveying information.<br />
In Open Systems Interconnection architecture, an association established by<br />
a given layer between two or more entities of the next higher layer for the<br />
purpose of data transfer.<br />
In TCP/IP, the path between two protocol application that provides<br />
reliable data stream delivery service.<br />
In Internet, a connection extends from a TCP application on one system to<br />
a TCP application on another system.<br />
container-managed transaction<br />
A transaction where the EJB container is responsible for administration of<br />
tasks such as committal or rollback. See also bean-managed transaction.<br />
control table<br />
In <strong>CICS</strong>, a storage area used to describe or define the configuration or<br />
operation of the system.<br />
conversation<br />
A connection between two programs over a session that allows them to<br />
communicate with each other while processing a transaction.<br />
Glossary 223
|<br />
conversation security<br />
In APPC, a process that allows validation of a user ID or group ID <strong>and</strong><br />
password before establishing a connection.<br />
daemon<br />
A program that runs unattended to perform continuous or periodic<br />
systemwide functions, such as network control. A daemon may be<br />
launched automatically, such as when the operating system is started, or<br />
manually.<br />
data link control (DLC)<br />
A set of rules used by nodes on a data link (such as an SDLC link or a<br />
token ring) to accomplish an orderly exchange of information.<br />
DBCS See double-byte character set.<br />
dependent logical unit<br />
A logical unit that requires assistance from a system services control point<br />
(SSCP) to instantiate an LU-to-LU session.<br />
deprecated<br />
Pertaining to an entity, such as a programming element or feature, that is<br />
supported but no longer recommended, <strong>and</strong> that might become obsolete.<br />
digital certificate<br />
An electronic document used to identify an individual, server, company, or<br />
some other entity, <strong>and</strong> to associate a public key with the entity. A digital<br />
certificate is issued by a certificate authority <strong>and</strong> is digitally signed by that<br />
authority.<br />
digital signature<br />
Information that is encrypted with an entity’s private key <strong>and</strong> is appended<br />
to a message to assure the recipient of the authenticity <strong>and</strong> integrity of the<br />
message. The digital signature proves that the message was signed by the<br />
entity that owns, or has access to, the private key or shared secret<br />
symmetric key.<br />
distributed application<br />
An application for which the component application programs are<br />
distributed between two or more interconnected processors.<br />
distributed processing<br />
The processing of different parts of the same application in different<br />
systems, on one or more processors.<br />
distributed program link (DPL)<br />
A link that enables an application program running on one <strong>CICS</strong> system to<br />
link to another application program running in another <strong>CICS</strong> system.<br />
DLL See dynamic link library.<br />
domain<br />
In the Internet, a part of a naming hierarchy in which the domain name<br />
consists of a sequence of names (labels) separated by periods (dots).<br />
domain name<br />
In TCP/IP, a name of a host system in a network.<br />
domain name server<br />
In TCP/IP, a server program that supplies name-to-address translation by<br />
mapping domain names to internet addresses. Synonymous with name<br />
server.<br />
224 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
dotted decimal notation<br />
The syntactical representation for a 32-bit integer that consists of four 8-bit<br />
numbers written in base 10 with periods (dots) separating them. It is used<br />
to represent IP addresses.<br />
double-byte character set (DBCS)<br />
A set of characters in which each character is represented by 2 bytes.<br />
Languages such as Japanese, Chinese <strong>and</strong> Korean, which contain more<br />
symbols than can be represented by 256 code points, require double-byte<br />
character sets. Because each character requires 2 bytes, the typing, display,<br />
<strong>and</strong> printing of DBCS characters requires hardware <strong>and</strong> programs that<br />
support DBCS. Contrast with single-byte character set.<br />
DPL See distributed program link.<br />
dynamic link library (DLL)<br />
A collection of runtime routines made available to applications as required.<br />
EBCDIC<br />
See Extended binary-coded decimal interchange code.<br />
ECI See external call interface.<br />
EJB See Enterprise JavaBeans.<br />
emulation program<br />
A program that allows a host system to communicate with a workstation<br />
in the same way as it would with the emulated terminal.<br />
emulator<br />
A program that causes a computer to act as a workstation attached to<br />
another system.<br />
encryption<br />
The process of transforming data into an unintelligible form in such a way<br />
that the original data can be obtained only by using a decryption process.<br />
enterprise bean<br />
A Java component that can be combined with other resources to create<br />
J2EE applications. There are three types of enterprise beans: entity beans,<br />
session beans, <strong>and</strong> message-driven beans.<br />
Enterprise JavaBeans<br />
A component architecture defined by Sun Microsystems for the<br />
development <strong>and</strong> deployment of object-oriented, distributed,<br />
enterprise-level applications (J2EE).<br />
environment variable<br />
A variable that specifies the operating environment for a process. For<br />
example, environment variables can describe the home directory, the<br />
comm<strong>and</strong> search path, the terminal in use, <strong>and</strong> the current time zone.<br />
EPI See external presentation interface.<br />
ESI See external security interface.<br />
Ethernet<br />
A local area network that allows multiple stations to access the<br />
transmission medium at will without prior coordination, avoids contention<br />
by using carrier sense <strong>and</strong> deference, <strong>and</strong> resolves contention by using<br />
collision detection <strong>and</strong> transmission. Ethernet uses carrier sense multiple<br />
access with collision detection (CSMA/CD).<br />
EXCI See External <strong>CICS</strong> Interface.<br />
Glossary 225
|<br />
|<br />
|<br />
external call interface (ECI)<br />
A facility that allows a non-<strong>CICS</strong> program to run a <strong>CICS</strong> program. Data is<br />
exchanged in a COMMAREA as for normal <strong>CICS</strong> interprogram<br />
communication.<br />
Extended binary-coded decimal interchange code (EBCDIC)<br />
A coded character set of 256 8-bit characters developed for the<br />
representation of textual data.<br />
extended logical unit of work (extended LUW)<br />
A logical unit of work that is extended across successive ECI requests to<br />
the same <strong>CICS</strong> server.<br />
External <strong>CICS</strong> Interface (EXCI)<br />
An MVS application programming interface provided by <strong>CICS</strong> <strong>Transaction</strong><br />
Server for z/OS that enables a non-<strong>CICS</strong> program to call a <strong>CICS</strong> program<br />
<strong>and</strong> to pass <strong>and</strong> receive data by means of a COMMAREA. The <strong>CICS</strong><br />
application program is invoked as if linked-to by another <strong>CICS</strong> application<br />
program. The EXCI is used as the communications interface by the <strong>CICS</strong><br />
<strong>Transaction</strong> <strong>Gateway</strong> for z/OS. Compare with External Call Interface (ECI).<br />
external presentation interface (EPI)<br />
A facility that allows a non-<strong>CICS</strong> program to appear to <strong>CICS</strong> as one or<br />
more st<strong>and</strong>ard 3270 terminals. 3270 data can be presented to the user by<br />
emulating a 3270 terminal or by using a graphical user interface.<br />
external security interface (ESI)<br />
A facility that enables client applications to verify <strong>and</strong> change passwords<br />
for user IDs on <strong>CICS</strong> servers.<br />
firewall<br />
A configuration of software that prevents unauthorized traffic between a<br />
trusted network <strong>and</strong> an untrusted network.<br />
gateway<br />
A device or program used to connect two systems or networks.<br />
gateway classes<br />
This is the Java class library used by Java Client applications to invoke<br />
services in <strong>CICS</strong>.<br />
<strong>Gateway</strong> daemon<br />
This is a long running Java process used only in remote mode. The<br />
<strong>Gateway</strong> daemon listens for network requests from remote Java Client<br />
applications. It issues these requests to <strong>CICS</strong> using the facilities of the<br />
Client daemon on <strong>UNIX</strong>, Windows <strong>and</strong> <strong>Linux</strong> platforms, or using the EXCI<br />
on z/OS. The <strong>Gateway</strong> daemon runs the protocol listener threads, the<br />
connection manager threads <strong>and</strong> the worker threads. It uses the GATEWAY<br />
section of ctg.ini (<strong>and</strong> on z/OS the STDENV file or the ctgenvvar script)<br />
for its configuration.<br />
<strong>Gateway</strong> group<br />
A collection of <strong>Gateway</strong> daemon instances, that uses the services of a<br />
single ctgmaster. The group provides a TCP/IP load balancing capability<br />
for XA transactions.<br />
gateway token<br />
<strong>Gateway</strong> tokens are used in the statistical data API. A token represents a<br />
specific <strong>Gateway</strong> daemon, once a connection is established successfully.<br />
226 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
global transaction<br />
A recoverable unit of work performed by one or more resource managers<br />
in a distributed transaction processing environment <strong>and</strong> coordinated by an<br />
external transaction manager.<br />
host A computer that is connected to a network (such as the Internet or an SNA<br />
network) <strong>and</strong> provides an access point to that network. The host can be<br />
any system; it does not have to be a mainframe.<br />
host address<br />
An IP address that is used to identify a host on a network.<br />
host ID<br />
In TCP/IP, that part of the Internet address that defines the host on the<br />
network. The length of the host ID depends on the type of network or<br />
network class (A, B, or C).<br />
host name<br />
In the Internet suite of protocols, the name given to a computer.<br />
Sometimes, host name is used to mean the fully qualified domain name;<br />
other times, it is used to mean the most specific subname of a fully<br />
qualified domain name. For example, if mycomputer.city.company.com is<br />
the fully qualified domain name, either of the following may be considered<br />
the host name: mycomputer.city.company.com, mycomputer.<br />
hover help<br />
Information that can be viewed by holding a mouse over an item such as<br />
an icon in the user interface.<br />
HTTP See Hypertext Transfer Protocol.<br />
HTTPS<br />
See Hypertext Transfer Protocol Secure.<br />
Hypertext Transfer Protocol<br />
In the Internet suite of protocols, the protocol that is used to transfer <strong>and</strong><br />
display hypertext <strong>and</strong> XML documents.<br />
Hypertext Transfer Protocol Secure<br />
A TCP/IP protocol that is used by World Wide Web servers <strong>and</strong> Web<br />
browsers to transfer <strong>and</strong> display hypermedia documents securely across<br />
the Internet.<br />
ID data<br />
An ID data structure holds an individual result from a statistical API<br />
function.<br />
iKeyman<br />
A tool for maintaining digital certificates for JSSE.<br />
independent logical unit<br />
A logical unit (LU) that can both send <strong>and</strong> receive a BIND, <strong>and</strong> which<br />
supports single, parallel, <strong>and</strong> multiple sessions. See BIND.<br />
Internet Architecture Board<br />
The technical body that oversees the development of the internet suite of<br />
protocols known as TCP/IP.<br />
Internet Protocol (IP)<br />
In TCP/IP, a protocol that routes data from its source to its destination in<br />
an Internet environment.<br />
Glossary 227
interoperability<br />
The capability to communicate, execute programs, or transfer data among<br />
various functional units in a way that requires the user to have little or no<br />
knowledge of the unique characteristics of those units.<br />
IP Internet Protocol.<br />
IP address<br />
A unique address for a device or logical unit on a network that uses the IP<br />
st<strong>and</strong>ard.<br />
J2EE See Java 2 Platform Enterprise Edition<br />
J2EE Connector architecture (JCA)<br />
A st<strong>and</strong>ard architecture for connecting the J2EE platform to heterogeneous<br />
enterprise information systems (EIS).<br />
Java An object-oriented programming language for portable interpretive code<br />
that supports interaction among remote objects.<br />
Java 2 Platform Enterprise Edition (J2EE)<br />
An environment for developing <strong>and</strong> deploying enterprise applications,<br />
defined by Sun Microsystems Inc. The J2EE platform consists of a set of<br />
services, application programming interfaces (APIs), <strong>and</strong> protocols that<br />
allow multitiered, Web-based applications to be developed.<br />
JavaBeans<br />
As defined for Java by Sun Microsystems, a portable, platformindependent,<br />
reusable component model.<br />
Java Client application<br />
A user application written in Java, including servlets <strong>and</strong> enterprise beans,<br />
that uses the <strong>Gateway</strong> classes.<br />
Java Development Kit (JDK)<br />
The name of the software development kit that Sun Microsystems provided<br />
for the Java platform, up to <strong>and</strong> including v 1.1.x. Sometimes used<br />
erroneously to mean the Java platform or as a generic term for any<br />
software developer kits for Java.<br />
Java<strong>Gateway</strong><br />
The URL of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> with which the Java Client<br />
application will communicate. The Java<strong>Gateway</strong> takes the form<br />
protocol://address:port. These protocols are supported: tcp://, ssl://,<br />
<strong>and</strong> local:. The <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> runs with the default port<br />
value of 2006. This parameter is not relevant if you are using the protocol<br />
local:. For example, you might specify a Java<strong>Gateway</strong> of<br />
tcp://ctg.business.com:2006. If you specify the protocol as local: you<br />
will connect directly to the <strong>CICS</strong> server, bypassing any <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> servers.<br />
Java Native Interface (JNI)<br />
A programming interface that allows Java code running in a Java virtual<br />
machine to work with functions that are written in other programming<br />
languages.<br />
Java Runtime Environment (JRE)<br />
A subset of the Java Software Development Kit (SDK) that supports the<br />
execution, but not the development, of Java applications. The JRE<br />
comprises the Java Virtual Machine (JVM), the core classes, <strong>and</strong> supporting<br />
files.<br />
228 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Java Secure Socket Extension (JSSE)<br />
A Java package that enables secure Internet communications. It implements<br />
a Java version of the Secure Sockets Layer (SSL) <strong>and</strong> Transport Layer<br />
Security (TSL) protocols <strong>and</strong> supports data encryption, server<br />
authentication, message integrity, <strong>and</strong> optionally client authentication.<br />
Java virtual machine (JVM)<br />
A software implementation of a processor that runs compiled Java code<br />
(applets <strong>and</strong> applications).<br />
JDK See Java development kit (JDK).<br />
JCA See J2EE Connector Architecture (JCA).<br />
JNI See Java Native Interface (JNI).<br />
JRE See Java Runtime Environment<br />
JSSE See Java Secure Socket Extension (JSSE).<br />
JVM See Java Virtual Machine (JVM).<br />
keyboard mapping<br />
A list that establishes a correspondence between keys on the keyboard <strong>and</strong><br />
characters displayed on a display screen, or action taken by a program,<br />
when that key is pressed.<br />
key ring<br />
In the JSSE protocol, a file that contains public keys, private keys, trusted<br />
roots, <strong>and</strong> certificates.<br />
local mode<br />
A term that describes the use of the <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> local<br />
protocol. The <strong>Gateway</strong> daemon is not used in local mode.<br />
local transaction<br />
A recoverable unit of work managed by a resource manager <strong>and</strong> not<br />
coordinated by an external transaction manager<br />
logical unit (LU)<br />
In SNA, a port through which an end user accesses the SNA network in<br />
order to communicate with another end user <strong>and</strong> through which the end<br />
user accesses the functions provided by system services control points<br />
(SSCP). An LU can support at least two sessions, one with an SSCP <strong>and</strong><br />
one with another LU, <strong>and</strong> may be capable of supporting many sessions<br />
with other logical units. See network addressable unit, primary logical unit,<br />
secondary logical unit.<br />
logical unit 6.2 (LU 6.2)<br />
A type of logical unit that supports general communications between<br />
programs in a distributed processing environment.<br />
The LU type that supports sessions between two applications using APPC.<br />
logical unit of work (LUW)<br />
A recoverable unit of work performed within <strong>CICS</strong>.<br />
LU-LU session<br />
In SNA, a session between two logical units (LUs) in an SNA network. It<br />
provides communication between two end users, or between an end user<br />
<strong>and</strong> an LU services component.<br />
Glossary 229
LU-LU session type 6.2<br />
In SNA, a type of session for communication between peer systems.<br />
Synonymous with APPC protocol.<br />
LUW See logical unit of work.<br />
managed mode<br />
Describes an environment in which connections are obtained from<br />
connection factories that the J2EE server has set up. Such connections are<br />
owned by the J2EE server.<br />
medium access control (MAC) sublayer<br />
One of two sublayers of the ISO Open Systems Interconnection data link<br />
layer proposed for local area networks by the IEEE Project 802 Committee<br />
on Local Area Networks <strong>and</strong> the European Computer Manufacturers<br />
Association (ECMA). It provides functions that depend on the topology of<br />
the network <strong>and</strong> uses services of the physical layer to provide services to<br />
the logical link control (LLC) sublayer. The OSI data link layer corresponds<br />
to the SNA data link control layer.<br />
method<br />
In object-oriented programming, an operation that an object can perform.<br />
An object can have many methods.<br />
mode In SNA, a set of parameters that defines the characteristics of a session<br />
between two LUs.<br />
name server<br />
In TCP/IP, synonym for Domain Name Server. In Internet<br />
communications, a host that translates symbolic names assigned to<br />
networks <strong>and</strong> hosts into Internet addresses.<br />
network address<br />
In SNA, an address, consisting of subarea <strong>and</strong> element fields, that<br />
identifies a link, link station, or network addressable unit (NAU). Subarea<br />
nodes use network addresses; peripheral nodes use local addresses. The<br />
boundary function in the subarea node to which a peripheral node is<br />
attached transforms local addresses to network addresses <strong>and</strong> vice versa.<br />
See also network name.<br />
network addressable unit (NAU)<br />
In SNA, a logical unit, a physical unit, or a system services control point.<br />
The NAU is the origin or the destination of information transmitted by the<br />
path control network. See also logical unit, network address, network name.<br />
network name<br />
In SNA, the symbolic identifier by which end users refer to a network<br />
addressable unit (NAU), link station, or link. See also network address.<br />
node type<br />
In SNA, a designation of a node according to the protocols it supports <strong>and</strong><br />
the network addressable units (NAUs) it can contain. Four types are<br />
defined: 1, 2, 4, <strong>and</strong> 5. Type 1 <strong>and</strong> type 2 nodes are peripheral nodes; type<br />
4 <strong>and</strong> type 5 nodes are subarea nodes.<br />
nonmanaged mode<br />
An environment in which the application is responsible for generating <strong>and</strong><br />
configuring connection factories. The J2EE server does not own or know<br />
about these connection factories <strong>and</strong> therefore provides no Quality of<br />
Service facilities.<br />
230 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
object In object-oriented programming, a concrete realization of a class that<br />
consists of data <strong>and</strong> the operations associated with that data.<br />
object-oriented (OO)<br />
Describing a computer system or programming language that supports<br />
objects.<br />
one-phase commit<br />
A protocol with a single commit phase, that is used for the coordination of<br />
changes to recoverable resources when a single resource manager is<br />
involved.<br />
pacing<br />
A technique by which a receiving station controls the rate of transmission<br />
of a sending station to prevent overrun.<br />
parallel session<br />
In SNA, two or more concurrently active sessions between the same two<br />
LUs using different pairs of network addresses. Each session can have<br />
independent session parameters.<br />
PING In Internet communications, a program used in TCP/IP networks to test<br />
the ability to reach destinations by sending the destinations an Internet<br />
Control Message Protocol (ICMP) echo request <strong>and</strong> waiting for a reply.<br />
partner logical unit (PLU)<br />
In SNA, the remote participant in a session.<br />
partner transaction program<br />
The transaction program engaged in an APPC conversation with a local<br />
transaction program.<br />
PLU See primary logical unit <strong>and</strong> partner logical unit.<br />
port An endpoint for communication between devices, generally referring to a<br />
logical connection. A 16-bit number identifying a particular Transmission<br />
Control Protocol (TCP) or User Datagram Protocol (UDP) resource within a<br />
given TCP/IP node.<br />
prepare phase<br />
The first phase of a XA process in which all participants are requested to<br />
confirm readiness to commit.<br />
presentation logic<br />
The part of a distributed application that is concerned with the user<br />
interface of the application. Compare with business logic.<br />
primary logical unit (PLU)<br />
In SNA, the logical unit that contains the primary half-session for a<br />
particular logical unit-to-logical unit (LU-to-LU) session. See also secondary<br />
logical unit.<br />
protocol boundary<br />
The signals <strong>and</strong> rules governing interactions between two components<br />
within a node.<br />
Query strings<br />
Query strings are used in the statistical data API. A query string is an<br />
input parameter, specifying the statistical data to be retrieved.<br />
Resource Access Control Facility (RACF)<br />
An <strong>IBM</strong> licensed program that provides access control by identifying users<br />
to the system; verifying users of the system; authorizing access to protected<br />
Glossary 231
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
resources; logging detected unauthorized attempts to enter the system; <strong>and</strong><br />
logging detected accesses to protected resources.<br />
region In workload management on <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> for Windows, an<br />
instance of a <strong>CICS</strong> server.<br />
remote mode<br />
A term that describes the use of one of the supported <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> network protocols to connect to the <strong>Gateway</strong> daemon. See<br />
<strong>Gateway</strong> daemon.<br />
remote procedure call (RPC)<br />
A protocol that allows a program on a client computer to run a program<br />
on a server.<br />
request unit (RU)<br />
In SNA, a message unit that contains control information such as a request<br />
code, or function management (FM) headers, end-user data, or both.<br />
request/response unit<br />
A generic term for a request unit or a response unit. See also request unit<br />
<strong>and</strong> response unit.<br />
response file<br />
A file that contains a set of predefined answers to questions asked by a<br />
program <strong>and</strong> that is used in place of a user dialog. See CID methodology.<br />
response unit (RU)<br />
A message unit that acknowledges a request unit; it may contain prefix<br />
information received in a request unit.<br />
resource group ID<br />
A resource group ID is a logical grouping of resources, grouped for<br />
statistical purposes. A resource group ID is associated with a number of<br />
resource group statistics, each identified by a statistic ID.<br />
resource ID<br />
A resource ID refers to a specific resource. Information about the resource<br />
is included in resource-specific statistics. Each statistic is identified by a<br />
statistic ID.<br />
resource manager<br />
The participant in a transaction responsible for controlling access to<br />
recoverable resources. In terms of the <strong>CICS</strong> resource adapters this is<br />
represented by an instance of a ConnectionFactory.<br />
Resource Recovery Services (RRS)<br />
A z/OS facility that provides two-phase sync point support across<br />
participating resource managers.<br />
Result set<br />
A result set is a set of data calculated or recorded by a statistical API<br />
function.<br />
Result set token<br />
A result set token is a reference to the set of results returned by a statistical<br />
API function.<br />
rollback<br />
An operation in a transaction that reverses all the changes made during the<br />
unit of work. After the operation is complete, the unit of work is finished.<br />
Also known as a backout.<br />
232 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
RU Request unit. Response unit.<br />
RPC See remote procedure call.<br />
SBCS See single-byte character set.<br />
secondary logical unit (SLU)<br />
In SNA, the logical unit (LU) that contains the secondary half-session for a<br />
particular LU-LU session. Contrast with primary logical unit. See also<br />
logical unit.<br />
Secure Sockets Layer (SSL)<br />
A security protocol that provides communication privacy. SSL enables<br />
client/server applications to communicate in a way that is designed to<br />
prevent eavesdropping, tampering, <strong>and</strong> message forgery. SSL applies only<br />
to internet protocols, <strong>and</strong> is not applicable to SNA.<br />
servlet<br />
A Java program that runs on a Web server <strong>and</strong> extends the server’s<br />
functionality by generating dynamic content in response to Web client<br />
requests. Servlets are commonly used to connect databases to the Web.<br />
session limit<br />
In SNA, the maximum number of concurrently active logical unit to logical<br />
unit (LU-to-LU) sessions that a particular logical unit (LU) can support.<br />
single-byte character set (SBCS)<br />
A character set in which each character is represented by 1 byte. Contrast<br />
with double-byte character set.<br />
sign-on capable terminal<br />
A sign-on capable terminal allows sign-on transactions, either<br />
<strong>CICS</strong>-supplied (CESN) or user-written, to be run. Contrast with sign-on<br />
incapable terminal.<br />
SIT See system initialization table.<br />
SNA sense data<br />
An SNA-defined encoding of error information In SNA, the data sent with<br />
a negative response, indicating the reason for the response.<br />
SNASVCMG mode name<br />
The SNA service manager mode name. This is the architecturally-defined<br />
mode name identifying sessions on which CNOS is exchanged. Most<br />
APPC-providing products predefine SNASVCMG sessions.<br />
socket A network communication concept, typically representing a point of<br />
connection between a client <strong>and</strong> a server. A TCP/IP socket will normally<br />
combine a host name or IP address, <strong>and</strong> a port number.<br />
SSL See Secure Sockets Layer (SSL).<br />
SSLight<br />
An implementation of SSL, written in Java, <strong>and</strong> no longer supported by<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>.<br />
statistic data<br />
A statistic data structure holds individual statistical result returned after<br />
calling a statistical API function.<br />
statistic group<br />
A statistic group is a generic term for a collection of statistic IDs.<br />
Glossary 233
|<br />
|<br />
|<br />
|<br />
statistic ID<br />
A statistic ID is a label refering to a specific statistic. A statistic ID is used<br />
to retrieve specific statistical data, <strong>and</strong> always has a direct relationship<br />
with a statistic group.<br />
system initialization table<br />
A table containing parameters used to start a <strong>CICS</strong> control region.<br />
System Management Interface Tool (SMIT)<br />
An interface tool of the AIX operating system for installing, maintaining,<br />
configuring, <strong>and</strong> diagnosing tasks.<br />
st<strong>and</strong>ard error<br />
In many workstation-based operating systems, the output stream to which<br />
error messages or diagnostic messages are sent.<br />
subnet<br />
An interconnected, but independent segment of a network that is identified<br />
by its Internet Protocol (IP) address.<br />
subnet address<br />
In Internet communications, an extension to the basic IP addressing scheme<br />
where a portion of the host address is interpreted as the local network<br />
address.<br />
sync point<br />
A logical point in the execution of program where the changes made by<br />
the program are consistent <strong>and</strong> complete, <strong>and</strong> can be committed. The<br />
output, which has been held up to that point, is sent to its destination, the<br />
input is removed from the message queues, <strong>and</strong> updates are made<br />
available to other applications. When a program terminates abnormally,<br />
<strong>CICS</strong> recovery <strong>and</strong> restart facilities do not backout updates prior to the last<br />
completed sync point.<br />
Systems Network Architecture (SNA)<br />
An architecture that describes the logical structure, formats, protocols, <strong>and</strong><br />
operational sequences for transmitting information units through the<br />
networks <strong>and</strong> also the operational sequences for controlling the<br />
configuration <strong>and</strong> operation of networks.<br />
System SSL<br />
An implementation of SSL, no longer supported by <strong>CICS</strong> <strong>Transaction</strong><br />
<strong>Gateway</strong> on z/OS.<br />
TCP62 SNA logical unit type 62 (LU62) protocol encapsulated in TCP/IP. This<br />
allows APPC applications to communicate over a TCP/IP Network without<br />
changes to the applications.<br />
TCP/IP<br />
See Transmission Control Protocol/Internet Protocol.<br />
TCP/IP load balancing<br />
The ability to distribute TCP/IP connections across target servers.<br />
terminal emulation<br />
The capability of a microcomputer or personal computer to operate as if it<br />
were a particular type of terminal linked to a processing unit <strong>and</strong> to access<br />
data. See also emulator, emulation program.<br />
thread A stream of computer instructions that is in control of a process. In some<br />
operating systems, a thread is the smallest unit of operation in a process.<br />
Several threads can run concurrently, performing different jobs.<br />
234 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
|<br />
timeout<br />
A time interval that is allotted for an event to occur or complete before<br />
operation is interrupted.<br />
TLS See Transport Layer Security (TLS).<br />
token-ring network<br />
A local area network that connects devices in a ring topology <strong>and</strong> allows<br />
unidirectional data transmission between devices by a token-passing<br />
procedure. A device must receive a token before it can transmit data.<br />
trace A record of the processing of a computer program. It exhibits the<br />
sequences in which the instructions were processed.<br />
transaction manager<br />
A software unit that coordinates the activities of resource managers by<br />
managing global transactions <strong>and</strong> coordinating the decision to commit<br />
them or roll them back.<br />
transaction program<br />
A program that uses the Advanced Program-to-Program Communications<br />
(APPC) application programming interface (API) to communicate with a<br />
partner application program on a remote system.<br />
Transmission Control Protocol/Internet Protocol (TCP/IP)<br />
An industry-st<strong>and</strong>ard, nonproprietary set of communications protocols that<br />
provide reliable end-to-end connections between applications over<br />
interconnected networks of different types.<br />
Transport Layer Security (TLS)<br />
A security protocol that provides communication privacy. TLS enables<br />
client/server applications to communicate in a way that is designed to<br />
prevent eavesdropping, tampering, <strong>and</strong> message forgery. TLS applies only<br />
to internet protocols, <strong>and</strong> is not applicable to SNA. TLS is also known as<br />
SSL 3.1.<br />
two-phase commit<br />
A protocol with both a prepare <strong>and</strong> a commit phase, that is used for the<br />
coordination of changes to recoverable resources when more than one<br />
resource manager is used by a single transaction.<br />
type 2.0 node<br />
A node that attaches to a subarea network as a peripheral node <strong>and</strong><br />
provides a range of end-user services but no intermediate routing services.<br />
type 2.1 node<br />
An SNA node that can be configured as an endpoint or intermediate<br />
routing node in a network, or as a peripheral node attached to a subarea<br />
network.<br />
Uniform Resource Locator (URL)<br />
A sequence of characters that represent information resources on a<br />
computer or in a network such as the Internet. This sequence of characters<br />
includes (a) the abbreviated name of the protocol used to access the<br />
information resource <strong>and</strong> (b) the information used by the protocol to locate<br />
the information resource.<br />
unit of recovery (UR)<br />
A defined package of work to be performed by the RRS.<br />
unit of work (UOW)<br />
A recoverable sequence of operations performed by an application between<br />
Glossary 235
|<br />
|<br />
|<br />
two points of consistency. A unit of work begins when a transaction starts<br />
or at a user-requested syncpoint. It ends either at a user-requested<br />
syncpoint or at the end of a transaction.<br />
user session<br />
Any APPC session other than a SNASVCMG session.<br />
verb A reserved word that expresses an action to be taken by an application<br />
programming interface (API), a compiler, or an object program.<br />
In SNA, the general name for a transaction program’s request for<br />
communication services.<br />
version string<br />
A character string containing version information about the statistical data<br />
API.<br />
Web browser<br />
A software program that sends requests to a Web server <strong>and</strong> displays the<br />
information that the server returns.<br />
Web server<br />
A software program that responds to information requests generated by<br />
Web browsers.<br />
wide area network (WAN)<br />
A network that provides communication services to a geographic area<br />
larger than that served by a local area network or a metropolitan area<br />
network, <strong>and</strong> that may use or provide public communication facilities.<br />
wrapping trace<br />
A configuration in which the Maximum Client wrap size setting is greater<br />
than 0. The total size of Client daemon binary trace files is limited to the<br />
value specified in the Maximum Client wrap size setting. With st<strong>and</strong>ard<br />
I/O tracing, two files, called cicscli.bin <strong>and</strong> cicscli.wrp, are used; each<br />
can be up to half the size of the Maximum Client wrap size.<br />
XA transaction<br />
A global transaction that adheres to the X/Open st<strong>and</strong>ard for distributed<br />
transaction processing (DTP.)<br />
236 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Index<br />
Special characters<br />
(External Call Interface) 1, 4<br />
(External Presentation Interface) 1, 4<br />
(External Security Interface) 1, 4<br />
(TCP62) 76<br />
viii<br />
A<br />
accessibility 215<br />
Acrobat 24<br />
adding features 32<br />
administration 126<br />
Adobe 24<br />
advanced program-to-program communication (APPC) 41<br />
Advanced Program-to-Program Communication (APPC) 25<br />
AnyNet domain name suffix configuration setting 77<br />
APAR (authorized program analysis report)<br />
authorization 180<br />
closing 180<br />
documentation needed 178<br />
process 180<br />
submitting 180<br />
API (Application Programming Interface) 3<br />
APPC (advanced program-to-program communication) 41<br />
APPC (Advanced Program-to-Program Communication) 25<br />
application development tools 23<br />
Application ID configuration setting 65<br />
Application Programming Interface (API) 3<br />
application servers 22<br />
application tracing 156<br />
asymmetric keys 7<br />
authentication 9<br />
B<br />
background task 126<br />
binary trace formatter 164<br />
Bind Address 60, 205<br />
Bind Address configuration setting 60<br />
books 211<br />
browsers 21<br />
C<br />
CA (certification authority) 8<br />
ccllog.hlp 162<br />
cclmsg.hlp 162<br />
certification authority (CA) 8<br />
<strong>CICS</strong> resource adapters 82<br />
<strong>CICS</strong> server PTF requirements 24<br />
<strong>CICS</strong> servers 22<br />
<strong>CICS</strong> servers, communicating with 37<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> 125, 126<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> Version 4 183<br />
<strong>CICS</strong>_EPI_ERR_FAILED 121<br />
cicscli comm<strong>and</strong> 133<br />
<strong>CICS</strong>CLI environment variable 50<br />
cicscli.bin 162, 163, 164<br />
cicscli.log 68, 162<br />
cicscli.trc 162<br />
cicscli.wrp 163<br />
<strong>CICS</strong>COL environment variable 91<br />
cicseci resource adapters 82<br />
cicseci.rar 82<br />
cicsepi.rar 82<br />
cicsftrc utility 164<br />
<strong>CICS</strong>KEY environment variable 90<br />
cicsprnt comm<strong>and</strong> 147<br />
cicsterm comm<strong>and</strong> 143<br />
CLASSPATH 49<br />
CLASSPATH environment variable 106, 159<br />
client control 5<br />
Client daemon 133, 134<br />
Client daemon, restarting 134<br />
Client daemon, shutting down 134<br />
Client daemon, starting 133, 134<br />
Client daemon, stopping 134<br />
client security 136<br />
Client trace file configuration setting 80<br />
Client trace file wrap size (KB) configuration setting 81<br />
client tracing 135<br />
security considerations 136<br />
client/server connections 25<br />
ClientSecurity 84, 85<br />
code page identifier override configuration setting 68<br />
code page problems 157<br />
code pages 27<br />
color mapping file 91, 143<br />
Common Client Interface (CCI) 11<br />
Communicating with <strong>CICS</strong> servers 37<br />
communication<br />
cicscli 133<br />
cicsprnt 147<br />
cicsterm 143<br />
problems 174<br />
communication protocols 23<br />
APPC 25<br />
TCP/IP 25<br />
Communications server 176<br />
compilers 23<br />
configuration<br />
CLASSPATH 49<br />
programming environment 49<br />
configuration file 50, 182<br />
referencing 50<br />
configuration settings<br />
Log file 68<br />
Configuration settings<br />
AnyNet domain name suffix 77<br />
Application ID 65<br />
Bind Address 60<br />
Client trace file 80<br />
Client trace file wrap size (KB) 81<br />
code page identifier override 68<br />
Connection timeout 73<br />
Connection timeout (ms) 61<br />
Description 71<br />
Display TCP/IP hostnames 57<br />
Drop working connections 62<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 237
Configuration settings (continued)<br />
Enable protocol h<strong>and</strong>ler 60<br />
Enable reading input from console 55<br />
Error <strong>and</strong> warning log destination 58<br />
Error log file name 58<br />
Error log maximum size (KB) 58<br />
Fully qualified CP name or template 76<br />
<strong>Gateway</strong> trace file 80<br />
<strong>Gateway</strong> trace file wrap size (KB) 80<br />
Hostname or IP address 72<br />
Idle timeout (ms) 61<br />
Information log destination 59<br />
Information log file 69<br />
Information log file name 59<br />
Information log maximum size (KB) 59<br />
Initial number of Connection Manager threads 53<br />
Initial number of Worker threads 54<br />
Initial transaction 71<br />
IP address mask for CP name (optional) 77<br />
IP address mask for LU name template (optional) 75<br />
Java clients obtaining generic ECI replies 55<br />
Key ring file 63<br />
Key ring password 64<br />
Local LU name 74<br />
Local LU name or template 74<br />
Log Java Client connections <strong>and</strong> disconnections 58<br />
Log terminal installations <strong>and</strong> deinstallations 68<br />
Maximum buffer size 66<br />
Maximum logical SNA sessions 78<br />
Maximum number of archived error log files 58<br />
Maximum number of archived information log files 59<br />
Maximum number of Connection Manager threads 54<br />
Maximum number of Worker threads 54<br />
Maximum requests 67<br />
Maximum servers 66<br />
Maximum SNA RU size 78<br />
Mode name 74, 76<br />
Model terminal definition 71<br />
Partner LU name 74<br />
Ping time frequency (ms) 61<br />
Port 61, 73<br />
Port for local administration 57<br />
Print comm<strong>and</strong> 67<br />
Print file 67<br />
Remote node inactivity poll interval(s) 78<br />
Require Java Clients to use security classes 62<br />
Send TCP/IP KeepAlive packets 73<br />
Server idle timeout (mins) 72<br />
Server name 71<br />
Server retry interval 68<br />
SNA pacing size 78<br />
SO_LINGER setting 62<br />
Statistics API port 57<br />
Terminal exit 66<br />
Timeout for in-progress requests to complete (ms) 56<br />
Trace 79<br />
Trace settings 162<br />
Use client authentication 63<br />
Use LU alias names 73<br />
Use only these ciphers 64<br />
Use the same file for information messages 69<br />
Use the same settings for error <strong>and</strong> information logs 59<br />
Use upper case security 72<br />
Validate message qualifiers 55<br />
Validate Units of Work 55<br />
Worker thread available timeout (ms) 56<br />
Configuration Tool 50<br />
238 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
connecting to <strong>CICS</strong> servers 134, 137<br />
Connection timeout (ms) configuration setting 61<br />
Connection timeout configuration setting 73<br />
ConnectionURL 83, 85<br />
Corrective Service Diskette (CSD) 180<br />
corrective service software 32<br />
CPMI 174<br />
CRSR transaction 42<br />
CSD (Corrective Service Diskette) 180<br />
CTG_JNI_TRACE environment variable 81, 157<br />
CTG_JNI_TRACE_ON environment variable 81, 157<br />
ctg.ini 182<br />
ctgclient.jar 159<br />
ctgd comm<strong>and</strong> 126<br />
ctgserver.jar 159<br />
customizing<br />
keyboard 89<br />
screen colors 91<br />
D<br />
data conversion<br />
Arabic conversions 194<br />
Baltic Rim conversions 195<br />
Cyrillic conversions 195<br />
Estonian conversions 196<br />
Greek conversions 196<br />
Hebrew conversions 196<br />
Japanese conversions 197<br />
Korean conversions 198<br />
Latin-1 conversions 199<br />
Latin-2 conversions 200<br />
Latin-5 conversions 200<br />
Latin-9 conversions 199<br />
simplified Chinese conversions 201<br />
traditional Chinese conversions 201<br />
Vietnamese conversions 202<br />
Data conversion 45<br />
dbx 172<br />
default installation location viii<br />
defining 3270 printer terminal emulator characteristics 148<br />
defining 3270 terminal emulator characteristics 143<br />
Description configuration setting 71<br />
development tools 23<br />
DeviceType 86<br />
diagnosing common problems<br />
Client daemon 168<br />
code page problems 157<br />
<strong>Gateway</strong> daemon 157<br />
if a process locks 158<br />
Java exceptions 159<br />
Java security exceptions 159<br />
java.lang.OutOfMemory exception 159<br />
SSL exceptions 158<br />
diagnostic tools<br />
APING 175<br />
digital certificates 7, 9<br />
externally signed 100<br />
maintaining 96<br />
self-signed 97<br />
digital signatures 7<br />
disability 215<br />
disabling the display of messages 137<br />
DISPLAY environment variable 34<br />
Display TCP/IP hostnames configuration setting 57<br />
displaying comm<strong>and</strong> syntax 137<br />
distinguished name (DN) 8
DN (distinguished name) 8<br />
documentation 211<br />
documenting problems 178<br />
Drop working connections configuration setting 62<br />
Dump options 130<br />
dump file location 130<br />
dump parameters 130<br />
dump responses 131<br />
Dumps<br />
<strong>IBM</strong> JVM 161<br />
System JVM 161<br />
E<br />
ECI resource adapters 82<br />
ECI_ERR_SYSTEM_ERROR 121<br />
Enable protocol h<strong>and</strong>ler configuration setting 60<br />
Enable reading input from console configuration setting 55<br />
Encoding 86<br />
encryption 7, 9<br />
Enterprise Information Systems (EIS) 10<br />
environment variables<br />
<strong>CICS</strong>CLI 50<br />
<strong>CICS</strong>COL 91<br />
<strong>CICS</strong>KEY 90<br />
CLASSPATH 49, 106<br />
JAVA_HOME 96<br />
LD_LIBRARY_PATH 93<br />
PATH 93<br />
SHLIB_PATH 93<br />
EPI resource adapter 85<br />
Error <strong>and</strong> warning log destination configuration setting 58<br />
error log 176<br />
cicscli.log 162<br />
client error log 162<br />
server error log 174<br />
Error log file name configuration setting 58<br />
Error log maximum size (KB) configuration setting 58<br />
euro support 68<br />
EXCI (external <strong>CICS</strong> interface) 4<br />
EXEC <strong>CICS</strong> RETURN TRANSID IMMEDIATE comm<strong>and</strong> 144,<br />
149<br />
External Call Interface (ECI) 1, 4<br />
external <strong>CICS</strong> interface (EXCI) 4<br />
External Presentation Interface (EPI) 1, 4<br />
External Security Interface (ESI) 1, 4<br />
externally-signed certificates 8<br />
F<br />
free memory 66<br />
Fully qualified CP name or template configuration setting 76<br />
G<br />
<strong>Gateway</strong> daemon 126<br />
operating 123<br />
<strong>Gateway</strong> daemon tracing 156<br />
<strong>Gateway</strong> daemon with user-specified options 123<br />
<strong>Gateway</strong> trace file configuration setting 80<br />
<strong>Gateway</strong> trace file wrap size (KB) 80<br />
<strong>Gateway</strong> trace file wrap size (KB) configuration setting 80<br />
generic ECI replies<br />
Configuration 55<br />
GhostView 24<br />
glossary of terms <strong>and</strong> abbreviations 221<br />
H<br />
hangs 158, 171<br />
hardware requirements 19<br />
Hostname or IP address configuration setting 72<br />
I<br />
<strong>IBM</strong> Communications Server 176<br />
<strong>IBM</strong> JVM<br />
dump 126<br />
dump responses 131<br />
Idle timeout (ms) configuration setting 61<br />
iKeyMan 96<br />
inactivity poll interval 41<br />
Information log destination configuration setting 59<br />
Information log file configuration setting 69<br />
Information log file name configuration setting 59<br />
Information log maximum size (KB) configuration setting 59<br />
Initial number of Connection Manager threads configuration<br />
setting 53<br />
Initial number of Worker threads configuration setting 54<br />
initial transaction 143, 148<br />
Initial transaction configuration setting 71<br />
initialization files<br />
cicscol.inicicscol.ini 91<br />
cicskey.inicicskey.ini 90<br />
install_path viii<br />
installation 29<br />
adding features 32<br />
complete installation 29<br />
custom installation 29<br />
default location viii<br />
known issues 29<br />
path viii<br />
removing features 32<br />
silent installation 31<br />
types of installation 29<br />
installation path viii<br />
InstallTimeout 86<br />
internal client communication 46<br />
IP address mask for CP name (optional) configuration<br />
setting 77<br />
IP address mask for LU name template (optional)<br />
configuration setting 75<br />
J<br />
J2EE<br />
resource adapter files 82<br />
resource adapters 4<br />
J2EE connector architecture 10<br />
Java<br />
classes 3<br />
installing 31<br />
Java clients obtaining generic ECI replies configuration<br />
setting 55<br />
Java development kit 21<br />
Java exceptions 159<br />
Java Secure Socket Extension (JSSE) 22<br />
Java security exceptions 159<br />
JAVA_HOME environment variable 96<br />
java.lang.OutOfMemory exception 159<br />
JCA 10<br />
JNI trace file 81, 128, 157<br />
JNI tracing 81, 126, 157<br />
Index 239
JRE<br />
installing 31<br />
JSSE 9, 22, 95, 96<br />
migration from SSLight 95<br />
JVM<br />
installing 31<br />
K<br />
KeepAlive packets 41<br />
Key ring file configuration setting 63<br />
Key ring password configuration setting 64<br />
key rings 9<br />
keyboard 215<br />
keyboard mapping file 89, 143<br />
KeyRingClass 84, 86<br />
KeyRingPassword 84, 86<br />
KeyStores 9, 96<br />
keytool 96, 100<br />
L<br />
LD_LIBRARY_PATH 93<br />
libctgjni.so 93<br />
listing connected servers 137<br />
Local LU name configuration setting 74<br />
Local LU name or template configuration setting 74<br />
local mode 11<br />
benefits 12<br />
local support 93<br />
locks 158<br />
Log file configuration setting 68<br />
Log Java Client connections <strong>and</strong> disconnections configuration<br />
setting 58<br />
log stream 88<br />
Log terminal installations <strong>and</strong> deinstallations configuration<br />
setting 68<br />
logging 88<br />
logical unit (LU) 41<br />
Logical units of work<br />
extending 118<br />
LogonLogoffClass 86<br />
LU6.2 25<br />
M<br />
MAXACTIVE 174<br />
Maximum buffer size configuration setting 66<br />
Maximum logical SNA sessions configuration setting 78<br />
Maximum number of archived error log files configuration<br />
setting 58<br />
Maximum number of archived information log files<br />
configuration setting 59<br />
Maximum number of Connection Manager threads<br />
configuration setting 54<br />
Maximum number of Worker threads configuration<br />
setting 54<br />
Maximum requests configuration setting 67<br />
Maximum servers configuration setting 66<br />
Maximum SNA RU size configuration setting 78<br />
MAXTASKS 174<br />
memory leak 159<br />
memory mapped tracing 135, 136, 163, 164<br />
memory requirements 66<br />
message queues 46<br />
messages 155, 162<br />
240 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
messages, disabling the display of 137<br />
messages, redirecting 137<br />
migration viii<br />
support for resource adapters 183<br />
migration issues 183<br />
mode definitions, APPC 41<br />
Mode name configuration setting 74, 76<br />
Model terminal definition configuration setting 71<br />
monitoring 129, 185, 186, 187, 188, 189, 190, 191, 192<br />
N<br />
national language support 33<br />
network security<br />
authentication 9<br />
certification authority (CA) 8<br />
concepts 6<br />
digital certificates 7, 9<br />
externally signed 100<br />
maintaining 96<br />
self-signed 97<br />
digital signatures 7<br />
distinguished name (DN) 8<br />
encryption 7, 9<br />
externally-signed certificates 8<br />
iKeyMan 96<br />
JSSE 9, 95, 96<br />
migration from SSLight 95<br />
key rings 9<br />
keys 7<br />
KeyStores 9, 96<br />
keytool 96, 100<br />
migrating old self-signed certificates 100<br />
security exits 10<br />
self-signed certificates 9<br />
signer certificate 8<br />
SSL 9, 106<br />
SSL h<strong>and</strong>shaking 9<br />
trusted root key 8<br />
X.509 protocol 8, 9<br />
O<br />
online help, for end user messages, 162<br />
online help, for trace <strong>and</strong> log messages 162<br />
operating<br />
<strong>Gateway</strong> daemon 123<br />
operating systems 19<br />
operation<br />
<strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> 125<br />
options<br />
cicscli comm<strong>and</strong> 137<br />
cicsprnt comm<strong>and</strong> 149<br />
cicsterm comm<strong>and</strong> 145<br />
P<br />
Partner LU name configuration setting 74<br />
Password 84, 85<br />
password expiry management (PEM) 4, 109<br />
PATH 93<br />
PEM (password expiry management) 4, 109<br />
performance<br />
assessing 113<br />
configuration 115<br />
considerations 116
performance (continued)<br />
monitoring 118<br />
other system factorssystem considerations 117<br />
tracing 118<br />
Ping time frequency (ms) configuration setting 61<br />
planning 19<br />
PMR (Problem Management Record) 177<br />
Port configuration setting 61, 73<br />
Port for local administration configuration setting 57<br />
PortNumber 83, 85<br />
preset options<br />
ctgstart comm<strong>and</strong> 123<br />
Print comm<strong>and</strong> configuration setting 67<br />
Print file configuration setting 67<br />
print file, processing 143, 148<br />
print terminal emulator, starting 148<br />
printer support 5<br />
printer terminal emulator characteristics, defining 148<br />
problem determination 153, 173<br />
application tracing 156<br />
diagnosing common problems 168<br />
<strong>Gateway</strong> daemon 157<br />
<strong>Gateway</strong> daemon tracing 156<br />
JNI tracing 157<br />
messages 155, 162<br />
preliminary checks 153<br />
tracing<br />
Client daemon 162<br />
<strong>Gateway</strong> daemon 155<br />
Problem Management Record (PMR) 177<br />
problem reporting<br />
documenting problems 178<br />
information needed 179<br />
support organization 177<br />
problems, communication 174<br />
process locks 158<br />
program support 177<br />
protocols<br />
SSL 1, 9<br />
TCP/IP 1<br />
PTF (Program Temporary Fix) 180<br />
public key encryption 7<br />
publications 211<br />
R<br />
re-authentication support 84, 87<br />
README file 19<br />
ReadTimeout 86<br />
redirecting messages 137<br />
remote mode 11<br />
Remote node inactivity poll interval 41<br />
Remote node inactivity poll interval(s) configuration<br />
setting 78<br />
removing features 32<br />
Require Java Clients to use security classes configuration<br />
setting 62<br />
requirements, hardware 19<br />
resource adapter files 82<br />
resource adapters 82<br />
resource adapters, J2EE 4<br />
restrictions, using <strong>CICS</strong> servers 26<br />
RETAIN database 177<br />
RETAIN problem management system<br />
APARs 180<br />
Problem Management Record 177<br />
running in the background 126<br />
S<br />
SDKs for Java 21<br />
Secure Sockets Layer (SSL) 1, 9<br />
security 72<br />
External Security Interface (ESI) 4<br />
password expiry management (PEM) 4<br />
security exits 10<br />
self-signed certificates 9<br />
Send TCP/IP KeepAlive packets configuration setting 73<br />
Server idle timeout (mins) configuration setting 72<br />
Server name configuration setting 71<br />
Server retry interval configuration setting 68<br />
ServerName 83, 85<br />
servers<br />
application 22<br />
<strong>CICS</strong> 22<br />
servers, listing 137<br />
ServerSecurity 84, 85<br />
service 126<br />
SHLIB_PATH 93<br />
shortcut keys 215<br />
sign-on capable terminals 24<br />
signer certificate 8<br />
SignonType 86<br />
silent installation 31<br />
SMIT 172<br />
smitty 172<br />
SNA 23<br />
checking configuration 175<br />
configuring 41<br />
SNA (Systems Network Architecture) 25<br />
sna error log 170<br />
SNA pacing size configuration setting 78<br />
sna.err 176<br />
SO_LINGER setting configuration setting 62<br />
SocketConnectTimeout 83, 85<br />
SSL (Secure Sockets Layer) 1, 9<br />
SSL exceptions 158<br />
SSL h<strong>and</strong>shaking 9<br />
starting a 3270 print terminal emulator 148<br />
starting a 3270 terminal emulator 143<br />
starting <strong>and</strong> stopping 126<br />
startup options 123<br />
statistics 129, 185, 186, 187, 188, 189, 190, 191, 192<br />
Statistics API port configuration setting 57<br />
stopping 125<br />
stopping a terminal emulator 144<br />
support organization<br />
program support 177<br />
sending documentation to 179<br />
symmetric keys 7<br />
Systems Network Architecture (SNA) 25<br />
T<br />
TCP/IP (Transmission Control Protocol/Internet Protocol) 1,<br />
23, 25, 37<br />
TCP/IP communication problems 169<br />
TCP62 23<br />
port number 77<br />
TCP62 protocol 39<br />
terminal emulation 5<br />
terminal emulator characteristics, defining 143<br />
terminal emulator, starting 143<br />
terminal emulator, stopping 144<br />
Terminal exit configuration setting 66<br />
Index 241
the system locks up 171<br />
timeout 86<br />
Timeout for in-progress requests to complete (ms)<br />
configuration setting 56<br />
TLS 9<br />
tools<br />
application development 23<br />
other 24<br />
TPNName 83<br />
Trace configuration setting 79<br />
Trace settings<br />
Configuration Tool 162<br />
trace, wrapping 163<br />
TraceLevel 84, 87<br />
tracing 87<br />
Client daemon 162<br />
dynamic 126<br />
<strong>Gateway</strong> daemon 126, 155<br />
JNI 126<br />
levels 87<br />
performance considerations 156<br />
query current trace settings 126<br />
tracing, JNI 157<br />
tracing, memory mapped 135, 136, 163, 164<br />
TranName 83<br />
transaction programs (TP), APPC 41<br />
transaction support 84, 87<br />
transmission control protocol/internet protocol (TCP/IP) 25<br />
Transmission Control Protocol/Internet Protocol (TCP/IP) 1,<br />
25, 37<br />
Transport Layer Security<br />
TLS 105<br />
traps 171<br />
troubleshooting<br />
hangs 171<br />
starting clients <strong>and</strong> terminals 168<br />
traps 171<br />
trusted root key 8<br />
U<br />
uninstalling 32<br />
updating<br />
installed software 32<br />
upgrading 183<br />
Use client authentication configuration setting 63<br />
Use LU alias names configuration setting 73<br />
Use only these ciphers configuration setting 64<br />
Use the same file for information messages configuration<br />
setting 69<br />
Use the same settings for error <strong>and</strong> information logs<br />
configuration setting 59<br />
Use upper case security configuration setting 72<br />
Userid 84, 85<br />
V<br />
Validate message qualifiers configuration setting 55<br />
Validate Units of Work configuration setting 55<br />
VTAM<br />
buffer trace 175<br />
242 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong><br />
W<br />
web browsers 21<br />
Worker thread available timeout (ms) configuration<br />
setting 56<br />
wrapping trace 163<br />
X<br />
X-Window System 34<br />
X.509 protocol 8, 9
Notices<br />
This information was developed for products <strong>and</strong> services offered in the U.S.A.<br />
<strong>IBM</strong> may not offer the products, services, or features discussed in this document in<br />
other countries. Consult your local <strong>IBM</strong> representative for information on the<br />
products <strong>and</strong> services currently available in your area. Any reference to an <strong>IBM</strong><br />
product, program, or service is not intended to state or imply that only that <strong>IBM</strong><br />
product, program, or service may be used. Any functionally equivalent product,<br />
program, or service that does not infringe any <strong>IBM</strong> intellectual property right may<br />
be used instead. However, it is the user’s responsibility to evaluate <strong>and</strong> verify the<br />
operation of any non-<strong>IBM</strong> product, program, or service.<br />
<strong>IBM</strong> may have patents or pending patent applications covering subject matter<br />
described in this document. The furnishing of this document does not give you<br />
any license to these patents. You can send license inquiries, in writing, to:<br />
<strong>IBM</strong> Director of Licensing<br />
<strong>IBM</strong> Corporation<br />
North Castle Drive<br />
Armonk, NY 10504-1785<br />
U.S.A.<br />
For license inquiries regarding double-byte (DBCS) information, contact the <strong>IBM</strong><br />
Intellectual Property Department in your country or send inquiries, in writing, to:<br />
<strong>IBM</strong> World Trade Asia Corporation<br />
Licensing<br />
2-31 Roppongi 3-chome, Minato-ku<br />
Tokyo 106, Japan<br />
The following paragraph does not apply in the United Kingdom or any other<br />
country where such provisions are inconsistent with local law:<br />
INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS<br />
PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER<br />
EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED<br />
WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY, OR FITNESS<br />
FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or<br />
implied warranties in certain transactions, therefore this statement may not apply<br />
to you.<br />
This information could include technical inaccuracies or typographical errors.<br />
Changes are periodically made to the information herein; these changes will be<br />
incorporated in new editions of the information. <strong>IBM</strong> may make improvements<br />
<strong>and</strong>/or changes in the product(s) <strong>and</strong>/or the program(s) described in this<br />
information at any time without notice.<br />
Any references in this information to non-<strong>IBM</strong> Web sites are provided for<br />
convenience only <strong>and</strong> do not in any manner serve as an endorsement of those Web<br />
sites. The materials at those Web sites are not part of the materials for this <strong>IBM</strong><br />
product <strong>and</strong> use of those Web sites is at your own risk.<br />
Licensees of this program who wish to have information about it for the purpose<br />
of enabling: (i) the exchange of information between independently created<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 243
Trademarks<br />
programs <strong>and</strong> other programs (including this one) <strong>and</strong> (ii) the mutual use of the<br />
information which has been exchanged, should contact <strong>IBM</strong> United Kingdom<br />
Laboratories, MP151, Hursley Park, Winchester, Hampshire, Engl<strong>and</strong>, SO21 2JN.<br />
Such information may be available, subject to appropriate terms <strong>and</strong> conditions,<br />
including in some cases, payment of a fee.<br />
The licensed program described in this information <strong>and</strong> all licensed material<br />
available for it are provided by <strong>IBM</strong> under terms of the <strong>IBM</strong> Customer Agreement,<br />
<strong>IBM</strong> International Programming License Agreement, or any equivalent agreement<br />
between us.<br />
Information concerning non-<strong>IBM</strong> products was obtained from the suppliers of<br />
those products, their published announcements or other publicly available sources.<br />
<strong>IBM</strong> has not tested those products <strong>and</strong> cannot confirm the accuracy of<br />
performance, compatibility or any other claims related to non-<strong>IBM</strong> products.<br />
Questions on the capabilities of non-<strong>IBM</strong> products should be addressed to the<br />
suppliers of those products.<br />
The following terms are trademarks of International Business Machines<br />
Corporation in the United States, or other countries, or both:<br />
AIX<br />
AnyNet<br />
AS/400<br />
<strong>CICS</strong><br />
<strong>CICS</strong>/400<br />
<strong>CICS</strong>/ESA<br />
<strong>CICS</strong>/VSE<br />
DB2<br />
Domino<br />
Hummingbird<br />
<strong>IBM</strong><br />
<strong>IBM</strong><br />
<strong>IBM</strong>Link<br />
IMS<br />
iSeries<br />
MQSeries<br />
MVS<br />
MVS/ESA<br />
Notes<br />
OS/2<br />
OS/390<br />
POWER<br />
pSeries<br />
RACF<br />
Redbooks<br />
RETAIN<br />
RMF<br />
RS/6000<br />
SAA<br />
SP2<br />
System/390<br />
Tivoli<br />
TXSeries<br />
244 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
VisualAge<br />
VSE/ESA<br />
VTAM<br />
WebSphere<br />
z/OS<br />
zSeries<br />
Microsoft ® , Windows, Windows NT, <strong>and</strong> the Windows logo are trademarks of<br />
Microsoft Corporation in the United States, other countries, or both.<br />
Java <strong>and</strong> all Java-based trademarks <strong>and</strong> logos are trademarks or registered<br />
trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.<br />
<strong>UNIX</strong> is a registered trademark of The Open Group in the United States <strong>and</strong> other<br />
countries.<br />
Intel, Intel Inside ®<br />
(logos), MMX <br />
<strong>and</strong> Pentium ®<br />
are trademarks of Intel<br />
Corporation in the United States, other countries, or both.<br />
<strong>Linux</strong> is a trademark of Linus Torvalds in the United States, other countries, or<br />
both.<br />
Other company, product or service names may be trademarks or service marks of<br />
others.<br />
Notices 245
246 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
Sending your comments to <strong>IBM</strong><br />
If you especially like or dislike anything about this book, use one of the methods<br />
listed below to send your comments to <strong>IBM</strong>.<br />
Feel free to comment on what you regard as specific errors or omissions, <strong>and</strong> on<br />
the accuracy, organization, subject matter, or completeness of this book.<br />
Limit your comments to the information in this book <strong>and</strong> the way in which the<br />
information is presented.<br />
To ask questions, make comments about the functions of <strong>IBM</strong> products or systems,<br />
or to request additional publications, contact your <strong>IBM</strong> representative or your <strong>IBM</strong><br />
authorized remarketer.<br />
When you send comments to <strong>IBM</strong>, you grant <strong>IBM</strong> a nonexclusive right to use or<br />
distribute your comments in any way it believes appropriate, without incurring<br />
any obligation to you.<br />
You can send your comments to <strong>IBM</strong> in any of the following ways:<br />
v By mail, to this address:<br />
User Technologies Department (MP095)<br />
<strong>IBM</strong> United Kingdom Laboratories<br />
Hursley Park<br />
WINCHESTER,<br />
Hampshire<br />
SO21 2JN<br />
United Kingdom<br />
v By fax:<br />
– +44 1962 842327 (if you are outside the UK)<br />
– 01962 842327 (if you are in the UK)<br />
v Electronically, use the appropriate network ID:<br />
– <strong>IBM</strong> Mail Exchange: GB<strong>IBM</strong>2Q9 at <strong>IBM</strong>MAIL<br />
– <strong>IBM</strong>Link : HURSLEY(IDRCF)<br />
– Internet: idrcf@hursley.ibm.com<br />
Whichever you use, ensure that you include:<br />
v The publication title <strong>and</strong> order number<br />
v The topic to which your comment applies<br />
v Your name <strong>and</strong> address/telephone number/fax number/network ID.<br />
© Copyright <strong>IBM</strong> Corp. 1996, 2006 247
248 <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong>: <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong>
���<br />
Program Number: 5724-I81<br />
SC34-6752-00
Spine information:<br />
��� <strong>CICS</strong> <strong>Transaction</strong> <strong>Gateway</strong> <strong>UNIX</strong> <strong>and</strong> <strong>Linux</strong> <strong>Administration</strong> Version 7.0