Release Notes

Edit online

The IBM® Connect:Direct® for UNIX Release Notes document supplements Connect:Direct for UNIX documentation. Release notes are updated with each release of the product and contain last-minute changes and product requirements, as well as other information pertinent to installing and implementing Connect:Direct for UNIX.

New Features and Enhancements

Edit online

IBM Sterling Connect:Direct for UNIX 6.3 and its related software have the following features and enhancements:

Attention:
Announcement about High Speed Add on (HSAO)

Version 2.0.0 of High Speed Add On (HSAO) is now available. Version 1.0.0 will be gradually phased out. The new version is based on IBM Aspera faspio Gateway, to which HSAO parts give the owner entitlement.

It is supported by Connect:Direct UNIX (Linux x86/x64 and AIX), Connect:Direct Windows and Connect:Direct z/OS. To support business-to-business HSAO transfers, IBM Sterling Secure Proxy may be located between Connect:Direct and faspio Gateway. Getting started with Connect:Direct, Secure Proxy and faspio Gateway is described in Connect:Direct’s and Secure Proxy’s documentation.

Note that v1.0.0 and v2.0.0 of the HSAO protocols are incompatible. Users of v1.0.0 must bear this in mind when moving to v2.0.0.

HSAO v2.0.0 does not require SSP bridging on any platform. (HSAO v1.0.0 required SSP bridging on platforms without native support for HSAO v1.0.0.)

HSAO v2.0.0 should be used for the same types of network connections as v1.0.0. Detailed connection information can be found in the white paper “Getting Started with High Speed Add On (HSAO)”.

FixPack 3 (v6.3.0.3)

New Features or Enhancements
To install this software, you should go to the Fix Central and follow instructions described to complete the download.
Connect:Direct for UNIX has the following features and enhancements:
  • Connect:Direct for Unix now bundles IBM Semeru Runtime version 17.0.10.0
  • Support for Java 17 introduces the following changes:
    • PKCS12 Keystore Support: In this release Connect:Direct’s keystore format changes from CMS to PKCS12. Migration occurs automatically during upgrade. Fore more information, refer to Node Configuration Overview.
    • Key Utility Changes: iKeyman and iKeycmd are no longer included in the product. Keystore Explorer is an alternative GUI utility. The Java Keytool is an alternative command line utility.
    • IBM Certified Container Software for Connect:Direct for Unix v1.3.9 has been certified on Azure Kubernetes Service (AKS). For more information, refer to Creating storage for Data Persistence.

FixPack 2 (v6.3.0.2)

New Features or Enhancements
To install this software, you should go to the Fix Central and follow instructions described to complete the download.
Connect:Direct for UNIX has the following features and enhancements:
  • Transmission Control Queue processing has been optimized for better performance of Connect:Direct for UNIX.
  • Support for performing pre and post-upgrade actions from Control Center Director has been added to Connect:Direct for UNIX.

FixPack 1 (v6.3.0.1)

New Features or Enhancements
To install this software, you should go to the Fix Central (Traditional Software) or Installing IBM Connect:Direct for UNIX using an IBM Certified Container Software website, and follow instructions described to complete the download.
Connect:Direct for UNIX has the following features and enhancements:
  • Connect:Direct for UNIX introduces support for Wildcard (*) in IP addresses/hostnames for Port Check Ignore List feature. Optional mask support for IP address range for Port Check parameters has also been added. For more information, refer to port.check record.
  • cduser will now be called as cdadmin in Connect:Direct for UNIX containers. For more details, refer to Upgrade Considerations
  • Added the support for Egress Network Policy. By default, the Connect:Direct for UNIX pod can only communicate within the cluster. To expose it outside the cluster a proper Egress Network Policy should be set as required. For more details, refer to Upgrade Considerations
  • IBM Certified Container Software for Connect:Direct for UNIX is based on Red Hat UBI 9 base image.

Base Release (v6.3)

New Features or Enhancements
To install this software, you should go to the Passport Advantage website, and follow instructions described to complete the download. The maintenance installations on Fix Central also support new and upgrade installation; the Fix Lists include the relevant instructions.

IBM Connect:Direct for UNIX has the following features and enhancements:

-Standard User Mode
  • In prior releases, to allow it to access files as an appropriate user, IBM Sterling Connect:Direct for UNIX has run as superuser, and consequently the Certified Container has run with elevated privileges. In Standard User Mode, available in a container deployment, the Certified Container runs with standard privileges. To separate the Administrator and User roles, Standard User Mode supports:
    • Many Connect:Direct Admins for administrating Connect:Direct. The built-in account cdadmin is a Connect:Direct Admin; more may be added. A Connect:Direct Admin has configuration authority but does not need access to the files that Connect:Direct transfers.
    • One fully functional user account for executing Connect:Direct process language scripts, the built-in account appuser. appuser has no configuration authority and must be granted access to the files that Connect:Direct transfers. Other User accounts may be defined, but they will lack the ability to execute Run Tasks and Run Jobs. For more information, refer to Standard User Mode in IBM Connect:Direct for Unix Containers.
      Attention:

      As mentioned in the previous IBM Connect:Direct for UNIX version, the customization of UID/GID of cdadmin and appuser is deprecated and will be removed from future releases.

      This support has been removed from the IBM Connect:Direct for UNIX 6.3.0.0 release. By default, the UID/GID of cdadmin will remain as 45678/45678. Thus, plan and proceed further.

-RFE CONDIRECT-I-251: Enhanced Support for NFS Root Squash
RFE CONDIRECT-I-251 has been addressed. When Connect:Direct UNIX accesses a file on an NFS file system with root squash enabled, it is no longer necessary to set world execute permission on the directories in the file's path.
-Removal of support of deprecated Security Protocols
  • With this release, the support of SSL 3.0 protocol has been removed completely.
    • If SSL along with other protocols was configured prior to an upgrade to Connect:Direct for UNIX 6.3, then after upgrade instead of SSL, other protocols would be used.
    • In case only SSL was configured before upgrade, then after upgrade TLS 1.2 will be used automatically in the background.

  • With this release, Connect:Direct for UNIX won’t support new configurations of deprecated Security Protocols like TLS 1.0 and TLS 1.1. Existing configurations with these deprecated protocols, inherited during an upgrade from an earlier release, will still be supported. A Connect:Direct admin won’t be able to configure nodes with these deprecated protocols or their supported cipher suites. Connect:Direct won’t accept any requests with deprecated protocols.
    • In case of an upgrade from an older version where the deprecated protocols were configured, these will still be honoured and will be preserved after upgrade to Connect:Direct for UNIX 6.3.
    • After an upgrade, if a deprecated protocol is removed either accidentally or intentionally, it cannot be configured again.

-This release of IBM Connect:Direct for UNIX is certified to run on AIX 7.3, RHEL 9, and Ubuntu 22.

Hardware and Software Requirements

Edit online

Connect:Direct for UNIX and its related software require the following hardware and software: It supports systems running in 64-bit mode.

Component or Functionality Hardware Software RAM (min.) Disk Space (min.)
IBM Connect:Direct for UNIX with TCP/IP or FASP connectivity IBM System pSeries, POWER7 or greater processor required AIX versions 7.2 and 7.3
Note: Not supported with FASP.
 2 GB 1.5 GB
  IBM System pSeries, POWER8 or greater processor required SuSE Linux Enterprise Server (ppc64le) version 15.x.
Note: Not supported with FASP.
 2 GB 1.5 GB
  Intel and AMD x86-64 Red Hat Enterprise Linux version 7.9.

Red Hat Enterprise Linux version 8.6 and above†††

Red Hat Enterprise Linux version 9.2 and above†††

 2 GB 1.5 GB

CentOS version 7.9.††

Note: Not supported with FASP.

Amazon Linux 2.††

Note: Not supported with FASP.

Ubuntu version 18 and above†††

Ubuntu version 22.04 and above†††

Note: Not supported with FASP.
 2 GB 1.5 GB
SuSE Linux Enterprise Server version 12.3 and above or 15.x.††† 2 GB 1.5 GB
  Linux® zSeries Red Hat Enterprise Linux version 7.9
Red Hat Enterprise Linux version 8.6 and above.†††

Red Hat Enterprise Linux version 9.0 and above.†††

 2 GB 1.5 GB
SuSE Linux Enterprise Server version 12.3 and above or 15.x.†††
Note: Not supported with FASP.
 2 GB 1.5 GB
Connect:Direct Integrated File Agent Same as requirements for IBM Sterling Connect:Direct for UNIX Same as requirements for IBM Connect:Direct for UNIX. 2 GB 275 MB
Connect:Direct Secure Plus Same as requirements for IBM Sterling Connect:Direct for UNIX. Same as requirements for IBM Sterling Connect:Direct for UNIX.

Java™ Standard Edition 8, installed with Connect:Direct Secure Plus.

 2 GB 70 MB
High-Availability support IBM System pSeries, POWER7 or greater processor required IBM HACMP    

Libraries to Install

Edit online

Ensure that you have the following libraries installed:

UNIX Platform Software Library
Intel and AMD x86-64, Linux zSeries All supported Linux
Linux zSeries All supported Linux.
Red Hat Enterprise Linux version 9.0 and above
  • libxcrypt-compat
AIX All Supported AIX

XL C++ Runtime 16.1.0.7 or later beginning with Connect:Direct UNIX 6.3.0.3.iFix000

Note: Ensure that the libc++.rte fileset is installed, as it is not included by default.
All All FreeType font rendering engine (freetype2) is required with Connect:Direct UNIX 6.3.0.3.iFix000 for running Java UI applications, such as the Secure+ Admin Tool (spadmin).

Supported File Systems

Edit online

Connect:Direct for UNIX may be installed on a local disk or a shared disk file system, also known as a clustered file system. Examples of clustered file systems are IBM’s GPFS, Veritas Cluster File System, and Red Hat Global File System.

The nosuid mount option must not be enabled on the file system where Connect:Direct is to be installed.

The only supported distributed file system protocol is NFSv4. For example, a NAS device accessed via NFS v4.1 is supported.
Note: When Connect:Direct for UNIX is installed on NFSv4, performance in high load scenarios may be reduced, significantly for NFSv4.0, as compared to the installation on a local or shared disk file system.
For example, in a development lab environment, a TCQ load test takes up to 3 times as long to run when Connect:Direct is installed on NFSv4.1 or NFSv4.2 than when it is installed on a local file system. When Connect:Direct is installed on NFSv4.0, the load test takes up to 30 times as long to run than when Connect:Direct is installed on a local file system- installing Connect:Direct on NFSv4.0 has limited applicability as a production solution.

Virtualization and public cloud support

Edit online

IBM cannot maintain all possible combinations of virtualized platforms and cloud environments. However, IBM generally supports all enterprise class virtualization mechanisms, such as VMware ESX, VMware ESXi, VMware vSphere, Citrix Xen Hypervisor, KVM (Kernel-based virtual machine), and Microsoft Hyper-V Server.

IBM investigates and troubleshoots a problem until it is determined that the problem is due to virtualization. The following guidelines apply:
  • If a specific issue is happening because the system is virtualized and the problem cannot be reproduced on the non-virtualized environment, you can demonstrate the issue in a live meeting session. IBM can also require that further troubleshooting is done jointly on your test environment, as there is not all types and versions of VM software installed in-house.
  • If the issue is not able to be reproduced in-house on a non-virtualized environment, and troubleshooting together on your environment indicates that the issue is with the VM software itself, you can open a support ticket with the VM software provider. IBM is happy to meet with the provider and you to share any information, which would help the provider further troubleshoot the issue on your behalf.
  • If you chose to use virtualization, you must balance the virtualization benefits against its performance impacts. IBM does not provide advice that regards configuring, administering, or tuning virtualization platforms.

Known Restrictions

Edit online

Connect:Direct for UNIX has the following restrictions when using third-party hardware or software:

  • On AIX, an error in the install/upgrade logs is seen as follows: chmod: javaws: No such file or directory.

    This is a known issue in IBM Java and does not affect any functionality.

  • In an Ordinary User Mode install, error logs can be seen as follows in the installation logs:
    chmod: changing permissions of '/opt/cdunix/file_agent/config: Operation not permitted.
    This does not affect any functionality. This issue is fixed in 6.3.0.0 iFix 11.
  • The silent installation parameters related to Ordinary User mode do not work for a traditional install of Connect:Direct.
  • When performing a new or upgrade installation of Connect:Direct with Control Center Director, Integrated File Agent cannot be selected as an option.
  • An issue occurs which causes invalid data to be written to the destination file when standard compression is enabled and transfer is text mode when sending to another Connect:Direct Unix node. This issue leads to inadvertent conversion of some spaces to EBCDIC space instead of ASCII. A possible workaround of this issue is to use extended compression or no compression or use binary mode.
  • Connect:Direct Secure Plus Connect Direct for UNIX is administered through Java and a graphical user interface (GUI). The standard UNIX telnet server does not support a GUI client session. To use the UNIX GUI you must be connected to the UNIX server via an X Windows client session, such as xterm. If you are connected to the UNIX server using a telnet session, you will not be able to run the GUI sessions required to install and administer IBM Connect:Direct for UNIX. If you do not have access to X Windows, you can use the Connect:Direct Secure Plusfor UNIX Command Line Interface (Secure+ CLI).
  • Connect:Direct Secure Plus IBM Connect Direct for UNIX does not support server gated crypto (SGC) certificates.
  • The Secure+ CLI does not support using $HOME or the tilde (~) to specify the path to your home directory.
  • On the IBM System pSeries, and Linux platforms, when a run task defines an invalid UNIX command, the operating system return code is 127 and the completion code (CCOD) reported by Connect:Direct for UNIX is displayed in hexadecimal (7F) in the statistics output. This return code is correct for the error received, even though most return codes are defined as 0, 4, 8, or 16.

    If the return code value of 127 is the highest step return code, the Process End (PRED) statistics record message ID is set to the Message ID of the run task step. On other platforms, the run task return code is 1, resulting in the message ID of XSMG252I in the PRED statistics record.

  • Installation on Linux platforms displays the following message: awk: cmd. line:6: warning: escape sequence `\.' treated as plain `.'

    This is a known issue with Install Anywhere and does not affect installation or functionality of Connect:Direct File Agent IBM Connect Direct for UNIX on Linux.

  • Installation of Integrated File Agent via IBM Sterling Control Center Director is not supported currently, as it does not support the specification of silent installation parameters for an installation.
  • Connect:Direct for UNIX interactive and silent installations support the conversion of a Standalone File Agent installed by an earlier version of Connect:Direct for UNIX to an Integrated File Agent. This functionality will not be available through IBM Sterling Control Center Director because it uses silent installation of Connect:Direct for UNIX. Whether conversion occurs or not is controlled by a silent installation parameter whose default value is "no". Since, Control Center Director does not support the specification of silent installation parameters during the upgrade, the conversion is not available through Control Center Director.

Support policy for Container Delivery Models

Edit online

The support policies for container delivery models are as follows.

Support statement for Connect:Direct for Unix certified containers for Red Hat that are deployed using OpenShift Container Platform

Connect:Direct for Unix certified containers for Red Hat are built to deploy on the Red Hat OpenShift Container Platform. The product containers and deployment model are certified by IBM to be production ready, enterprise-grade, resilient, secure and compliant in many public and private clouds which the OpenShift Container Platform supports. IBM Technical Support supports this delivery model across the lifecycle management of Connect:Direct for Unix certified containers, including container orchestration scripts in OpenShift Container Platform and product documentation.

Support statement for Connect:Direct for Unix certified containers deployed on non-OpenShift Container Platform

For users who choose to deploy the IBM certified containers on; proprietary container orchestration tools such as EKS/GKE/AKS/PCF, on public cloud such as Amazon/Azure/ Google or in their private cloud using native Kubernetes, the IBM Technical Support is limited to the base Connect:Direct for Unix software, certified containers, and HELM package manager. IBM provides limited support for the container editions that are deployed in proprietary renderings for Kubernetes. The non-conformant characteristics of such tools hinder the ability for IBM to assist users in all scenarios.

Support policy statement for containers that are created by users

For users who have created custom docker containers for Connect:Direct for Unix and have deployed in any Kubernetes platform, the IBM Technical Support is limited to the technical inquiries in the core Connect:Direct for Unix. IBM recommends using IBM provided certified containers and not the user created containers for Connect:Direct for Unix.

When upgrading IBM Sterling Connect:Direct for UNIX through Control Center Director, an extra 3 GB is required for temporary storage.
†† IBM does not formally test and certify IBM Sterling Connect:Direct on CentOS and Amazon Linux 2. However as CentOS and Amazon Linux 2 are derived from the sources of Red Hat Enterprise Linux (RHEL), we believe that the product should work correctly. IBM will investigate and troubleshoot a problem until it is determined that the problem caused by a difference in behavior between CentOS, Amazon Linux 2, and RHEL. Defect support will only be available for problems that can be reproduced on a certified platform as documented in the Software Product Compatibility Reports (link: https://www.ibm.com/software/reports/compatibility/clarity/index.html?lnk=uctug_ratl_dw_2013-02-01_clarity_updated).
††† Due to a system library change on more recent versions of Linux, such as Red Hat Enterprise Linux version 8, you must set your current working directory (CWD) to {CDU install dir}/ndm/bin to invoke the executable modules there. To invoke these modules from another CWD, there are two options:
  • As root, create the following symbolic link:
    • For RHEL and SLES systems, in /lib64: ln -s /lib64/libtirpc.so.3 /lib64/libtirpc.so.1
    • For Ubuntu systems, in /lib/x86_64-linux-gnu: ln -s /lib/x86_64-linux-gnu/libtirpc.so.3 /lib/x86_64-linux-gnu/libtirpc.so.1
    • Note: Interactive (cdinstall) installations and upgrades done from current maintenance will check to see if this symbolic link is needed and offer to add it for you when performing configurations requiring root privilege. Automated (cdinstall_a) installations and upgrades can achieve the same result via the cdai_tirpcCreateLink parameter, set to ‘y’ or ‘n’.
  • Set the environment variable LD_LIBRARY_PATH={CDU install dir}/ndm/lib for the user that starts Connect:Direct.