Sitworld: Portal Client [TEP] on Windows Using a Private Java Install
John Alvord, IBM Corporation
Draft #1 – 28 December 2016 - Level 1.00000
Giving Credit! This blog post was created after a customer Nathan Posey at Citibank emailed me the general scheme. They deserve 95% of the credit and I will take any blame.
Once more a client called when Portal Client [TEP] no longer worked because a new Java RTE was installed by system administrators. This usually takes several days or a week+ to resolve. The underlying issue is that TEP is developed and tested against specific Java RTE levels – usually the more current ones. As time passes new Java RTEs are published and they get installed en masse. When all goes well, no one notices. But when things break they break hard and that causes a crisis and a support issue for the customer and IBM also. This document shows how to avoid that issue by using a non-installed java rte.
If you are interested in reviewing TEP/Java problems ahead of time: Master list of ITM TEP/Java issues.
The technique described here documents a good way to run an ITM Portal Client in Java Web Start mode. That will be standard practice as time goes on because all the major browser vendors and even Oracle is eliminating the Browser applet mode of operation from future Java versions.
This technique shows how to deliver and use Java without a Java Windows install. The result is a private version of Java used only for ITM Portal Client. In this mode ITM usage is effectively insulated against system level Java updates.
However this could be considered a security exposure. For Portal Client or TEP a private Java RTE is used to perform the Java Web Start process. It so happens that on Windows Java can be used in this way without going through the install process. The benefit is increased usage stability. On the other hand, this private version of Java may have security problems and it will continue to run even though the system Java has been upgraded. This *might* be considered a security exposure and any customer using this method should clear it with their security team and management. The balancing act here is better end user stability versus the theoretical security problems while this one particular application is running.
If your security folks do not approve this usage, then you will have to endure reduced end user stability.
Creating A Private Java zip file on Windows.
I expect most end user Windows environments will be 64 bit and so the instructions will follow that path. The example will use a Java RTE which comes as part of the TEMS media image but any Java RTE can be used which works with TEP. As always testing thoroughly is suggested After TEPS install on Windows on the default C:\IBM\ITM directory these files will be seen:
Directory of C:\IBM\ITM\CNB\java
07/04/2015 08:18 AM 85,476,984 ibm-java6.exe
07/04/2015 08:19 AM 65,526,355 ibm-java6.rpm
07/04/2015 08:19 AM 65,441,752 ibm-java6.tgz
07/04/2015 08:18 AM 97,035,904 ibm-java7.exe
07/04/2015 08:18 AM 77,682,924 ibm-java7.rpm
07/04/2015 08:20 AM 81,675,376 ibm-java7.tgz
07/04/2015 08:19 AM 111,716,040 ibm-java7_64.exe
07/04/2015 08:19 AM 84,052,070 ibm-java7_64.rpm
07/04/2015 08:19 AM 89,954,859 ibm-java7_64.tgz
In this case we will be using ibm-java7_64.exe: IBM version of java version 7 (build pwi3270sr9fp40-20160422_01 (SR9 FP40))
This is the exact version that would be installed on an end user system the first time TEP is made use of. Thus this version is definitely one that has been well tested and has a lot of customer experience in the user base.
On a 64 bit Windows system, you run the install by copying that file into the environment and double clicking on it. This could be performed on the system running the TEPS.
If you need to create a 32 bit version, this will need to be performed on a 32 bit Windows system using ibm-java.exe.
You see a normal sort of dialog boxes selecting language, target etc. One early dialog looks like this
Later a dialog box shows you the target install directory and note it down.
Click on No!!
When the install is complete, use Windows Explorer to locate the install directory
Now right-click on the Java70 directory and select Send to/Compressed (zipped) Folder. The compressed folder cannot be in that Program Files directory so select the default target of the desktop. It will look like this.
Save that file somewhere because that is what the user will employ during the install.
Installing the TEP Java image – Performed by End User
You will likely tailor these instructions to your company standards... and also set actual target TEPS addresses.
On the end user Windows system, create a directory c:\apps_local. Copy the Java70.zip into that directory. If you can find a way to automate the following process all the better... and please tell me more about it.
Next right-click on Java70.zip and select extract to Java70\
Note: The cache seems to be saved here for the IBM Java if you need to look at traces/logs:
This document how to install a private version of Java RTE to run a tested version of Portal Client or TEP. When this has been set up, the system Java can be updated without losing access to Portal Client.
History and Earlier versions