5697-D43 Domino Go Webserver 5.0 for OS/390


Table of Contents

5697-D43 Domino Go Webserver 5.0 for OS/390
IBM U.S. Product Life Cycle Dates
Abstract
Highlights
Description
Technical Description

  • Operating Environment
  • Hardware Requirements
  • Software Requirements
  • Planning Information
    Publications
    Security, Auditability, and Control

    5697-D43 Domino Go Webserver 5.0 for OS/390


    IBM U.S. Product Life Cycle Dates

    
    Program                                  Marketing   Service      Replaced
    Number   VRM     Announced   Available   Withdrawn   Discontinued    By
    

    5697-D43 5.00.0 1998/05/05 1998/06/12 2002/09/04 - -


    Abstract

    (For IBM US, No Longer Available as of September 4, 2002)

    The enhancements for Domino Go Webserver 5.0 for OS/390 continue to build on its industry leadership position in support of critical e-business applications. They provide additional performance, security, and Workload Manager (WLM) capability in concert with expanded user install options and configuration enhancements.

    • Security Enhancements:
      • Public Key Infrastructure (PKI) Enablement allows the server to exploit Public Key architecture
      • Crypto Keysize Selection enables the server administrator to specify the level of encryption to be used
      • Less Complex and More Secure Key and Certificate Management
      • 128-bit Encryption Support for Export (outside North America) Browsers

    • Performance Improvementshave been achieved by incorporating IBM Web Traffic Express enhanced caching algorithms and running an enhanced Java engine inside the Domino Go Webserver 5.0 address space. This enhanced Java engine, code named ServletExpress, is shipped to OS/390 customers as part of Domino Go Webserver 5.0.

    • Improved Workload Manager Exploitation
      • Enabling Secure Sockets Layer (SSL) Requests to participate in WLM Application Environment queueing
      • Encouraging Efficient Utilization of System Resources

    • Systems Management
      • User Defined Install Path allows multiple copies of Webserver on the same MVS image.
      • Configuration Enhancements:
        • Frames-based Interface
        • Continued Reliability, Availability, and Serviceability (RAS) Improvements

    Highlights

    These enhancements offer improvements to your e-business customers in the following areas:

    • Security
    • Performance
    • Workload Manager (WLM) Exploitation
    • Systems Management
    • Configuration

    Description

    IBM provides a comprehensive set of Internet products and solutions that can Web-enable your business. With the new Domino Go Webserver product, a business can effectively promote its corporate messages, provide marketing information, give sales support to customers, gain a competitive edge by having its own home pages accessible, and conduct electronic commerce on the Web. Access to the Web pages can be kept within a company or made available outside of the company.

    The predecessor product, Domino Go Webserver 4.6.1 for OS/390, provides the capability to establish a WWW secure presence on the Internet and conduct secure business-critical electronic commerce. Some of the features and functions that provide this capability are:

    • Home Page repository
    • Full HTTP 1.1 compliance
    • Repository for imbedded binary resources
    • Use of the OS/390 System Authorization Facility (SAF)
    • Proxy support
    • Proxy caching
    • CGI support
    • Easy-to-use configuration tool
    • NLS enablement
    • Security
    • Go Webserver API (GWAPI) - Formerly called Internet connection API (ICAPI)
    • Server-Side Includes
    • Error message customization
    • Enhanced logging and reporting
    • Multiple IP address support
    • Proxy authentication
    • Local file caching
    • Default code page support
    • S/390 Cryptographic Hardware support
    • Workload Manager (WLM) enablement
    • Web Usage Mining
    • OS/390 Console Support
    • SSL V3 support
    • Automatic browser detection
    • CGI support for C, REXX, Perl, and Java
    • PICS support
    • Client authentication
    • SNMP subagent
    • SOCKS support
    • SSL tunneling
    • OS/390 Dataset Support
    • Inputs to OS/390 System Management Facility logs
    • Authentication Using a Certificate
    • Java 1.1 Support
    • Fast CGI Support

    New Features

    Domino Go Webserver 5.0 for OS/390 (DGW 5.0 for OS/390) has incorporated improvements in the areas of security, performance, Workload Manager (WLM) exploitation, and systems management that extend its leadership position.

    • Security Enhancements

      • Public Key Infrastructure (PKI) enablement: Allows the server to exploit Public Key architecture. It lets customers take advantage of Certificate Authorities that issue and revoke client and server certificates. A Certificate Revocation List (CRL) is used to notify servers of a certificate revocation. Lightweight Directory Access Protocol (LDAP) is used to retrieve the CRL from the directory server. The Public Key architecture is based on X.500 and X.509 standards.

      • Crypto Keysize Selection: Enables the server administrator to specify the level of encryption to be used, versus the default, which is the highest (strongest) level common to both requester and server. The administrator may use a lower level of encryption when appropriate, with an accompanying improvement in performance, or refuse connection to a requester at levels lower than those he/she has specified.

      • Less Complex and More Secure key and certificate management function. The security is improved by running the key management function outside the server but in the same physical machine. This eliminates connecting to the key management function over the network. The complexity of setting up a secure server has been reduced by requiring less interaction from the administrator.

      • 128-bit Encryption support for export (outside North America) browsers. This enables export browsers, with 128-bit encryption capability, to use 128-bit encryption when communicating with financial institution servers authorized to use 128-bit encryption. This requires a special financial institution server certificate from an authorized certificate authority.

    • Performance Improvements have been achieved through:
      • Running an enhanced Java servlet engine inside the DGW 5.0 for OS/390 address space. This enhanced Java engine, code named ServletExpress, is shipped to OS/390 customers as part of DGW 5.0 for OS/390 and is its Java engine. Running it inside the address space results in less data transfer for servlet execution. Some of the features and functions of ServletExpress are:
        • Full support for the latest session-tracking APIs
        • A graphical interface for servlet management
        • Web-based remote administration
        • Security features, including "servlet sandbox" and access control lists
        • Servlet chaining
        • Loading from Jar files
      • Integration of Web Traffic Express into DGW 5.0 for OS/390:

        • Enhanced Caching Algorithms: Caching algorithms, specifically aimed at increasing the likelihood of finding a Web object in the local cache, have been incorporated into the server. In the past, typical Web object caching algorithms have been derived from traditional computer caching schema where the objects to be cached are of known and consistent sizes. Web objects are variable in size and have different arrival characteristics which were not considered by traditional caching algorithms.

        • Automatic Cache Refresh: The server has the flexibility of having the automatic cache controlled by the administrator or controlled by algorithms in the server. For example, the administrator might decide to always cache and refresh on a specified time schedule the company home page. Or, the server can be configured to determine the top "n" (set by administrator) most frequently accessed pages, cache them, and refresh on a nightly basis. This method could be used to provide fresh high usage pages at the beginning of the work day or shift.

        • Over-Ride of Page Caching Information: Some Web pages have header information that specifies they be fetched from the source each time they are requested. This might be done, as an example, to maximize the earnings from advertising contained in these pages. This practice tends to use additional network bandwidth resources and extends the time spent waiting for it by the user versus having the page cached. The administrator is provided the capability to override the header instructions, by URL, to not cache. In addition to caching the page, the time interval before refresh can be set.

    • Improved Workload Manager Exploitation:

      • Enabling Secure Sockets Layer (SSL) requests to participate in Workload Manager (WLM) Application Environment queuing which extends the WLM advantages first provided in Internet Connection Secure Server (ICSS) 2.2 for OS/390 to key business-critical applications

      • Encouraging efficient utilization of system resources such as CICS EXCI connections and DB2 Database by controlling which application environments specific plug-ins are loaded into

    • Systems Management
      • User-Defined Install Path allows multiple copies of a Webserver on the same MVS image. This provides users with an orderly migration path.
      • Configuration Enhancements:

        • The user interface for the Go Server will be a frames based interface

        • Continued Reliability, Availability, and Serviceability (RAS) improvements

    The availability of DGW 5.0 for OS/390 can offer important benefits for business and government customers such as:

    • Starting an electronic commerce system on the Internet

    • Establishing a secure intranet or Internet site that integrates existing transactions and data

    • Use of centralized skills in maintenance of HTML pages

    • Consolidation of support in the data center to provide economies in meeting the needs of many departments requiring a presence on the Web

    • Support of large repositories utilizing the large storage capacities of System/390

    • Access to frequently changed pages that can be maintained centrally in distributed server environments

    • Access to selected up-to-the minute data maintained in centralized database applications on System/390

    Support for the Secure Sockets Layer (SSL), and the S/390 Cryptographic Hardware feature are part of IBM's SecureWay portfolio of security offerings. For additional information about SecureWay, visit the IBM Security Home Page at URL:

    • http://www.ibm.com/security.

    For more information about products that may be used with Domino Go Webserver 5.0 for OS/390 to provide additional capabilities and functions, see Software Announcement 297-355, dated September 9, 1997.

    Three implementations of the security function exist, one for the US and Canada, one for France, and one for all other countries. The US and Canadian version cannot be made available outside the US or Canada since it contains DES, triple DES, 128-bit RC2, and 128-bit RC4 cryptographic algorithms for bulk data encryption as well as up to 1024-bit RSA key exchange. This version cannot be exported outside the US and Canada to any entities. The version of the product announced outside of US, Canada, and France uses DES, 40-bit RC2, and 40-bit RC4 cryptographic algorithms for bulk data encryption as well as up to 512-bit RSA key exchange. The version of the product for France uses 40-bit RC2, and 40-bit RC4 cryptographic algorithms for bulk data encryption as well as up to 512-bit RSA key exchange. Because the cryptographic export regulations are subject to change, see the ICS Web pages at:

    • http://www.ics.raleigh.ibm.com

    The Domino Go Webserver 5.0 for OS/390 may be ordered as a stand-alone product immediately. It will be integrated into OS/390 Version 2 Release 6 September 1998. It may be ordered without the security feature for those installations not requiring it.


    Technical Description

    Domino Go Webserver 5.0 for OS/390 is a member of the IBM server family. A TCP/IP server must meet the requirements of the environment in which it runs. This server has many designed extensions to meet the requirements of OS/390 and exploit functions of OS/390 and OpenEdition. Specifically, for efficient performance and scalability, threaded transaction processing functions of OS/390 UNIX System Services are used. This distinguishes this server from any derived from servers available in the public domain. Security functions are another area benefitting from functions available in the OS/390 platform and exploited by this product.

    Operating Environment

    Hardware Requirements

    Domino Go Webserver 5.0 for OS/390 operates on all ESA-capable machines supporting OS/390 Version 2 Release 5 and later. Additional requirements include:

    • One tape or cartridge drive for installation
    • Communication hardware for network attachment supported by the transport provider
    • One or more workstations capable of running a Web browser for configuration and administration

    Software Requirements

    • OS/390 Version 2 Release 5

      Domino Go Webserver 5.0 for OS/390 exploits and depends upon OS/390 Version 2 Release 5 UNIX System Services.

    • A supported OpenEdition INET transport provider such as:
      • TCP/IP V3 (5655-HAL) or
      • ACF/VTAM V4R3 (5695-117) with AnyNet/MVS feature

    Compatibility

    Domino Go Webserver 5.0 for OS/390 uses industry-standard protocols and is compatible with other Web clients and servers that are compliant with these protocols.


    Planning Information

    Customer Responsibilities

    Not applicable.


    Publications

    A memo, a program directory, and one copy of the following publications is supplied automatically with the basic machine-readable material:

    • Domino Go Webserver 5.0 for OS/390 Planning for Installation (SC31-8690)
    • Web Traffic Express User's Guide (GC31-8645)
    • Domino Go Webserver 5.0 Messages (GC31-8692)
    • Domino Go Webserver 5.0 for OS/390 Webmaster's Guide (SC31-8691)

    They are also shipped in HTML with DGW 5.0 for OS/390 and may be accessed via a Web browser from the front page of the server.

    All of the above publications are available in portable document format (PDF) through the Domino Go Webserver site. The PDF files can be downloaded and viewed or printed using the Adobe Acrobat Reader. You can obtain a copy of the Acrobat Reader through the Lotus Go Webserver site.

    Additional copies of the above unlicensed publications will be available for a fee. These copies may be ordered from your IBM representative.

    The "Domino Go Webserver 5.0 Web Programming Guide" is available through the Domino Go Webserver site:

    • http://www.ics.raleigh.ibm.com/dominogowebserver/resource.htm

    It is available in HTML and portable document format (PDF). The PDF files can be downloaded and viewed or printed using the Adobe Acrobat Reader. You can obtain a copy of the Acrobat Reader through the Lotus Go Webserver site.

    Displayable Softcopy Publications

    Domino Go Webserver 5.0 for OS/390 comes with its own default home page. From this, home page users can link to:

    • Configuration and administration forms - a set of forms that can be used to configure the server to meet particular customer needs.
    • Product documentation
    • Domino Go Webserver 5.0 for OS/390 website
    • Domino Go Webserver support

    Security, Auditability, and Control

    Domino Go Webserver 5.0 for OS/390 uses the security and auditability features of the OS/390 Operating System and interfaces with an external security system using SAF interfaces.

    The customer is responsible for evaluation, selection, and implementation of security features, administrative procedures, and appropriate controls in application systems and communication facilities.

    Trademarks

    (R), (TM), * Trademark or registered trademark of International Business Machines Corporation.

    ** Company, product, or service name may be a trademark or service mark of others.

    UNIX is a registered trademark in the United States and other countries licensed exclusively through X/Open Company Limited.