
The manuals for CS Linux v6.2 have not been updated since
CS Linux v6.2.2.0 was originally released.  This document
describes changes to CS Linux v6.2.2.1 that are not in the
v6.2.2.0 manuals.  You should also review the Technotes at:
   http://www.ibm.com/software/network/commserver/linux/support
   http://www.ibm.com/software/network/commserver/z_lin/support



TN Server listen_local_address and xsnaadmin
-------------------------------------------------------------------------------

Any define_tn3270_access or define_tn_redirect definitions which
use the new listen_local_address parameter will not be displayed
with the xsnaadmin GUI.  You must use the snaadmin command line
or a NOF application to add, change, or query configuration
definitions which use the listen_local_address parameter.

The snaadmin command line usage statements can be seen by doing:
   snaadmin -d -h define_tn3270_access
   snaadmin -d -h define_tn_redirect



64bit JavaCPI-C
-------------------------------------------------------------------------------

The JavaCPI-C API has been enhanced to support 64bit Java
JREs on the Linux-x86_64, Linux-ppc64, Linux-s390x, and
AIX platforms.  Other than the changes described below,
all other variables are the same as with a 32bit Java.

On a Linux system set the LD_LIBRARY_PATH environment variable
to point to the /opt/ibm/sna/lib64 directory and the PATH
environment variable to point to the 64bit JRE and the LD_PRELOAD
and the LD_PRELOAD environment variable to point to the
64bit LiS library.  For example:
   export LD_LIBRARY_PATH=/opt/ibm/sna/lib64
   export LD_PRELOAD=/usr/lib64/libpLiS.so
   PATH=/opt/ibm/java2-ppc64-50/jre/bin:/opt/ibm/java2-ppc64-50/bin:$PATH

On an AIX system set the LD_LIBRARY_PATH environment variable
to point to the /usr/lib/sna directory and the PATH environment
variable to point to the 64bit JRE.  For example:
   export LD_LIBRARY_PATH=/usr/lib/sna
   PATH=/usr/java5_64/jre/bin:/usr/java5_64/bin:$PATH



WAN support
-------------------------------------------------------------------------------

CS Linux v6.2.2.0 added support for SDLC and X.25 adapters.
Dialogic Inc. (formerly Eicon Inc.) sells adapters and drivers
for RHEL4 and SLES9 on the Linux-i686 platform which work with
CS Linux v6.2.2.0 and v6.2.2.1.  See details at:
   http://www.eicon.com/worldwide/products/WAN/cn4ibm_comm_server.htm



TN3270 server disconnect tn3270 on unbind (def4884)
-------------------------------------------------------------------------------

The TN3270 server has been enhanced to optionally allow
a client session to be disconnected when the host sends
an UNBIND instead of displaying the VTAM MSG10 or returning
to a host session manager.  This option is set on the
define_lu_0_to_3 and define_lu_0_to_3_range commands
with the new 'disconnect_on_unbind' field.  The default
value for that field is NO to match the previous behavior.

The snaadmin command line usage statements can be seen by doing:
   snaadmin -d -h define_lu_0_to_3
   snaadmin -d -h define_lu_0_to_3_range



TN3270 server allows ssl & non-ssl on same tn3270 port
-------------------------------------------------------------------------------

The TN3270 server has been enhanced to optionally allow
a port to be used for both ssl and non-ssl clients at the
same time.  This setting is only recommended for short
migration windows because it allows a non-ssl client to
use the same resources as ssl clients.  This option is set
on the define_tn3270_access command with the new
'allow_ssl_timeout_to_nonssl' field.  the default value
for that field is NO to match the previous behavior.

If you have tn3270 ports with allow_ssl_timeout_to_nonssl=YES
you will see a reminder log in sna.err that says:
   yyyy-mm-dd hh:mm:ss TZ 4102-122(0-1) E (nodename) PID pid# (snatnsrvr_mt)
   WARNING: allow_ssl_timeout_to_nonssl option has been configured for port ###
   This option is a migration feature that should not be enabled on a full time
   basis since it allows non-SSL clients to attach to SSL servers.

When a non-ssl client connects to a port with this option
enabled it will see a 5 second delay while the TN3270 server
is waiting for SSL negotiation to begin.  When no SSL exchange
has happened after 5 seconds the TN3270 port will assume the
client is non-ssl and use normal tn3270 protocols.

The snaadmin command line usage statement can be seen by doing:
   snaadmin -d -h define_tn3270_access



TN3270 server allows bypassing the DNS lookup for CV64
-------------------------------------------------------------------------------

The tn3270 server will send the ip address and ip name
of each client in an CV64 control vector to the host so
that VTAM can display that information.  Using the
define_node,ptf_flags=NO_TCPIP_VECTOR you can turn off
the CV64 altogether.  With v6.2.2.1 the tn3270 server has
been enhanced to allow sending the ip address but not the
ip name of the client in a CV64.  This bypasses the DNS
lookup which the tn3270 server would have otherwise done.
This can be useful if you have a DNS environment which
is slow or if you have clients which you know will not
be in the DNS, e.g. DHCP clients without DDNS.

This function is enabled by setting any value in the
'NO_IPNAME_IN_CV64' environment variable before a 'sna start'
is done.  Typically this would be done by adding a line
in the /etc/init.d/snastart like this:
      :
   # start daemons
   export NO_IPNAME_IN_CV64=true
   /opt/ibm/sna/bin/sna start
      :



Changes to the /etc/init.d/snastart script
-------------------------------------------------------------------------------

The CS Linux v6.2.2.1 install will replace the /etc/init.d/snastart
script with a new copy which has changes required for this
release.  Any existing copy of /etc/init.d/snastart will be
saved in the /etc/opt/ibm/sna directory so you can re-merge
any local customizations that may have been made.



Use multiple SAPs on one HPR/IP interface
-------------------------------------------------------------------------------

By default CS Linux will use lsap_address=0x04 on an hpr/ip (EE) port
definition.  VTAM may use SAPADDR=8 by default on a MEDIUM=HPRIP
switched major node, especially when EE connection networks are used.
In order to have CS Linux EE ports with multitple saps on the same
tcp/ip interface you need to have multiple define_ip_port definitions
with unique lsap_address= values.  Each of the define_ip_port
definitions will point to unique define_ip_dlc definitions but will
have the same local_ip_interface= value.

For example, these commands:
   snaadmin define_ip_dlc, dlc_name=IP0
   snaadmin define_ip_dlc, dlc_name=IP1
   snaadmin define_ip_port, port_name=IPP0, dlc_name=IP0, \
            lsap_address = 0x04, local_ip_interface = eth0
   snaadmin define_ip_port, port_name=IPP1, dlc_name=IP1, \
            lsap_address = 0x08, local_ip_interface = eth0
will define both saps 04 and 08 on the eth0 interface.

The snaadmin command line usage statements can be seen by doing:
   snaadmin -d -h define_ip_dlc
   snaadmin -d -h define_ip_port



Alias and VIPA addresses for HPR/IP interface
-------------------------------------------------------------------------------

The CS Linux v6.2.2 documentation says that the local_ip_interface
field on the define_ip_port definition is the NAME of the tcp/ip
interface, e.g. 'eth0'.  This field can also be set to the ADDRESS
of the tcp/ip interface, e.g. '9.42.108.42' or it can be the name
of an alias or vipa interface, e.g. 'eth0:1'.  These values can
be entered on the xsnaadmin GUI or via the snaadmin command line.

The snaadmin command line usage statement can be seen by doing:
   snaadmin -d -h define_ip_port



Disconnect an LU when no ACTLU is forthcoming
-------------------------------------------------------------------------------

CS Linux v6.2.2.1 has been enhanced to disconnect an LU
when an application such as the tn3270 server connects
to that LU but no ACTLU has been received from the host
within 10 seconds.  The missing ACTLU could be because of
a misconfigured SDDLU environment or a lack of host
resources.  Previous levels of CS Linux would just leave
the LU in a connected state but with no host MSG10,
effectively making the session unusable.



Allow Linux and AIX clients to activate_session, initialize_session_limit
-------------------------------------------------------------------------------

The Remote API Clients for AIX and Linux at the v6.3.0.2 level
have been enhanced to allow the client to run the NOF verbs
initialize_session_limit and activate_session and also the
corresponding snaadmin commands.  This brings these clients
into sync with the Remote API Clients for Windows which
could run these NOF verbs in the v6.3.0.1 level.  These verbs
and commands must be run from root or from a userid which is
a member of the sna group on Linux or the sys group on AIX.



Allow Linux and AIX clients to set_log_type, set_log_file, and set_cs_trace
-------------------------------------------------------------------------------

The Remote API Clients for AIX and Linux at the v6.3.0.2 level
have been enhanced to allow the client to run the NOF verbs
set_log_type, set_log_file, and set_cs_trace and also the
corresponding snaadmin commands.  These verbs and command
must be run from root or from a userid which is a member
of the sna group on Linux or the sys group on AIX.

These clients will save the values set with these commands
in the /etc/opt/ibm/sna/sna_local.net file (for Linux clients)
or /etc/sna/sna_local.net file (for AIX clients).



RedHat Enterprise Linux 5 (RHEL5) Support
-------------------------------------------------------------------------------

The CS Linux v6.2.2.1 server and the v6.3.0.2 Remote API Clients
add support for the RedHat Enterprise Linux 5 (RHEL5) distribution.
The Remote API Client runs on a RHEL5 Server or a RHEL5 Client
(Desktop or Workstation) system.
The CS Linux server runs on a RHEL5 Server system only.
The CS Linux server on RHEL5 requires LiS 2.19.0 plus two
patches which are on the CS Linux v6.2.2.1 install CDs.

See the appropriate README file on the CS Linux v6.2.2.1
or v6.3.0.2 Remote API Client CDs for additional pre-requisites
and details about running with RHEL5.

If the RHEL5 system has SELinux enabled you should review the
Technotes at the websites below for additional steps which need
to be run to add the SELinux authorizations for CS Linux:
   http://www.ibm.com/software/network/commserver/linux/support
   http://www.ibm.com/software/network/commserver/z_lin/support



Microsoft Windows Vista Support
-------------------------------------------------------------------------------

The v6.3.0.2 Remote API Clients for Windows add support
for both 32bit and 64bit Microsoft Windows Vista systems.
Vista does not contain the WINHLP32.EXE binary used to
display Remote API Client help panels for double byte (DBCS)
locales (Japanese, Korean, Simplified Chinese, Traditional
Chinese) .  See the Microsoft Knowledge Base article:
   http://support.microsoft.com/kb/917607
for details about adding this function back on Vista.

Vista systems come with a built-in firewall that is
enabled by default.  You will either need to disable
this firewall or allow ip traffic on TCP port 1553 
and UDP port 1553 to have the Remote API Client function
correctly.  If you are using HTTPS you need to allow
the SSL port being used throught the firewall also.

Vista comes with a stronger User Account Control (UAC)
system, so to use the 'net start sxclient' and
'net stop sxclient' commands you need to run from a
Windows Command Prompt which has administrator authority.
On Vista the 'tpinst32' command must be run with from a
Windows Command Prompt which has administrator authority.
To get a Windows Command Prompt with administrator authority
use the right-hand mouse button on the Command Prompt
icon and select 'Run as administrator'.



HTTPS for Win-x64 clients and gskit install changes for Win32 clients
-------------------------------------------------------------------------------

The v6.3.0.2 Remote API Clients for Win-x64 now includes the
support for HTTPS connections to the server.  For both win-x64
and win32 platforms the GSKIT package is now installed automatically,
so no additional steps need to be taken to install software for
HTTPS support.



