New Features in COBOL Server 5.0

Back to Top

This release offers an enhanced and improved availability, and serviceability of Enterprise Server through the ability to administer and maintain a cross-system group of regions as a single system image with the new Performance and Availability Cluster (PAC).

In order for different Enterprise Server instances to be able to work together, they need to be able to share data. This is achieved through the use of a Scale Out Repository (SOR). All ES instances in a PAC will have a common SOR (PSOR) which is used to store CICS resources (limited to PCTs, PPTs, FCTs, DCTs and TSTs in this release) as well as internal system data to facilitate synchronisation between instances. Temporary Storage Queues and Transient Data Queues can also be shared between Enterprise Server instances by directing them to a SOR. Benefits of using PACs and SORs in this way include:

• Reduced hardware costs - taking advantage of the PAC to scale-out rather than scaling-up for more efficient use of processor resources.
• Easier maintenance - Dynamically adding or removing of regions to the PAC for system maintenance.
• Increased availability - in the event of the failure of an Enterprise Server instance, the PAC can continue to operate with reduced capacity. Enterprise Server instances can reside on different machines, improving availability further.
• Dynamic scaling - Enterprise Server instances can be added to, or removed from, the PAC depending on demand.
• Better performance - throughput is no longer restricted by the resources on a single machine (scale-up).
• Improved serviceability - you can now administer the PAC and any associated regions as a single image from a new contemporary web-based administration interface (ESCWA).

Back to Top

Visual COBOL now includes a new Enterprise Server Common Web Administration interface (ESCWA). ESCWA is a web user interface and server for modern administration, monitoring and control of Enterprise Server. It offers improved usability that consolidates the different Enterprise Server user interfaces so that native and managed regions, and security stores can be managed in one place. Features include:

• Administering directory servers across multiple hosts.
• Monitoring and control of Enterprise Server instances.
• Configuring and administering a security store, defined in an LDAP-compatible security manager such as Microsoft Active Directory or OpenLDAP.
• Administering the Scale-Out features - enable you to specify logical groups of Enterprise Server instances, and configure and run Performance Availability Clusters (PACs) and their related Scale-Out Repositories (SORs).
• Administering, monitoring and control of Enterprise Server for .NET regions and listeners.
• The use of current web frameworks that have a greater focus on security.

Back to Top

This release provides the following enhancements:

• Dynamic CTF - it is now possible to configure the CTF dynamically from outside the process being traced.

  Using a new command line utility - cblctd - you can alter the tracing events of running applications that already have CTF tracing enabled. You can alter trace levels, add or remove components to or from the trace, and also configure the emitters in effect.

  Additionally, there is also a new component that you can trace - mf.mfdbfh enables you to trace activity of the Micro Focus Native Database File Handler.

Back to Top

This release provides the following enhancements:

• The Data File Editor now includes a Compare Files tool that enables you to compare the contents of two data files side-by-side.
• Structure files, and the layouts within them, can now be created within the Data File Editor; you no longer need to use the Classic Data File Tools utility to manage your layouts.
• When connecting to a VSAM dataset stored in an enterprise server region, you can store any passwords required for access, for the duration of your current session.
• You can view archived JES spool jobs that have been merged into one spool file using the merging archived spool files process.
• You can now quickly duplicate records in non-indexed files, using the Duplicate Record option.

Back to Top

Enhancements are available in the following areas:

Back to Top

This release includes the following enhancements:

• Security - security features can now be employed when developers and administrators install new COBOL services (web services and EJBs) into an enterprise server instance over the network. There are a number of authentication and authorization options that can be enabled. See Deployment Listeners and The .mfdeploy File.
• Vault Facility - a new security feature has been added that enables some Enterprise Server components to keep certain sensitive information in a form of storage defined as a vault, accessible via a configurable vault provider. The default vault provider stores data in encrypted format on disk.
• OpenSSL 1.1.1 - the OpenSSL security provider has been updated to OpenSSL version 1.1.1.

  This is the stable Long Term Support version of OpenSSL.

  • Added support for the ratified TLS protocol version 1.3. TLS 1.3 benefits include:
    • Much shorter initial connection negotiation sequence. This reduces the time taken to establish a link before starting to transmit data.
    • Using only the most secure ciphers and hash methods.
    • TLS 1.3 will be negotiated in preference to the older TLS protocols.
  • Added support for new Ciphers and Key Exchange groups in line with TLS 1.3 requirements.
  • The default security level for previously configured endpoints has been moved from Security Level 0 to Security Level 1. This removes the ability to accidentally make use of known-weak elements such as SSL3 and MD5. Similar changes to the default Security Level have recently happened to Java, Chrome, Firefox, and other systems providing secure connections.
• Fileshare Security - the Fileshare Secure TCP/IP transport provider now supports the trusted use of X509 certificates bearing the name of the Fileshare service as the Common Name element of the certificate.

  In previous releases, a secure connection to a Fileshare server was made using a certificate that represented the network location upon which the Fileshare service was located. This method is still supported, but does not distinguish between the exact Fileshare server that is being connected to when more than one service can exist on a single host system. With this change, individual Fileshare services can identify themselves by using a unique certificate. While running on the same host and registered with the same network endpoint.

• Support for Active Directory user groups and group name mapping - the Enterprise Server External Security Facility's MLDAP ESM Module can now use Active Directory user group objects for Enterprise Server user groups. Also, the module can now map long group names to the 8-character-maximum names required for mainframe emulation.
• Selective auditing - administrators can audit only security activity of particular interest, reducing audit overhead and the volume of events. The Enterprise Server External Security Facility's MLDAP ESM Module can now enable ESF Audit events only for particular users, groups, and resources.
• Improved interaction with LDAP client libraries resulting in fewer LDAP-related issues and easier diagnostics - the Enterprise Server External Security Facility's MLDAP ESM Module has improved interoperation with LDAP client libraries:
  • The client library vendor and version information is logged after the library is loaded
  • The module has better heuristics for loading the correct library supplied by the OS vendor, so the "provider" configuration option can generally be omitted
  • For OpenLDAP, the module sets its proprietary "connect timeout" option