New Features and Enhancements

Edit online

IBM® Connect:Direct® for Microsoft Windows version 6.4 and its related software have the following new features and enhancements added in this release of IBM Serling Connect:Direct for Microsoft Windows.

Attention:

Announcement about Removal of Cipher Suites

Announcement about Removal of Cipher Suites
As part of the upcoming fix packs for IBM Sterling Connect:Direct Microsoft Windows, the update to the IBM GSKit9 library will remove support for the following cipher suites due to enhanced security requirements: `TLS_ECDHE_ECDSA_WITH_RC4_128_SHA` `TLS_ECDHE_ECDSA_WITH_NULL_SHA` `TLS_ECDHE_RSA_WITH_RC4_128_SHA` `TLS_ECDHE_RSA_WITH_NULL_SHA` `TLS_RSA_WITH_RC4_128_SHA` `TLS_RSA_WITH_RC4_128_MD5` `TLS_RSA_WITH_DES_CBC_SHA` `TLS_RSA_WITH_NULL_SHA256` `TLS_RSA_WITH_NULL_SHA` `TLS_RSA_WITH_NULL_MD5` `TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA` `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA` `TLS_RSA_WITH_3DES_EDE_CBC_SHA` To avoid disruption during the upgrade, transition to supported cipher suites as early as possible.

As part of the upcoming fix packs for IBM Sterling Connect:Direct Microsoft Windows, the update to the IBM GSKit9 library will remove support for the following cipher suites due to enhanced security requirements:

TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_ECDSA_WITH_NULL_SHA
TLS_ECDHE_RSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_NULL_SHA
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_WITH_NULL_SHA256
TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_MD5
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA

To avoid disruption during the upgrade, transition to supported cipher suites as early as possible.

Attention:

Announcement about High Speed Add on (HSAO)
Version 2.0.0 of High Speed Add On (HSAO) is now available. The new version is based on IBM Aspera Faspio Gateway, to which HSAO parts give the owner entitlement. It is supported by Connect:Direct UNIX (Linux x86/x64 and AIX), Connect:Direct Windows and Connect:Direct z/OS. To support business-to-business HSAO transfers, IBM Sterling Secure Proxy may be located between Connect:Direct and Faspio Gateway. Getting started with Connect:Direct, Secure Proxy and faspio Gateway is described in Connect:Direct’s and Secure Proxy’s documentation. Note that v1.0.0 and v2.0.0 of the HSAO protocols are incompatible. Users of v1.0.0 must bear this in mind when moving to v2.0.0. HSAO v2.0.0 does not require SSP bridging on any platform. (HSAO v1.0.0 required SSP bridging on platforms without native support for HSAO v1.0.0.) HSAO v2.0.0 should be used for the same types of network connections as v1.0.0. For more details, refer to https://www.ibm.com/docs/en/announcements/deprecation-support-statement-direction-high-speed-add-sterling-connectdirect-v10.

Announcement about High Speed Add on (HSAO)

Version 2.0.0 of High Speed Add On (HSAO) is now available. The new version is based on IBM Aspera Faspio Gateway, to which HSAO parts give the owner entitlement.

It is supported by Connect:Direct UNIX (Linux x86/x64 and AIX), Connect:Direct Windows and Connect:Direct z/OS. To support business-to-business HSAO transfers, IBM Sterling Secure Proxy may be located between Connect:Direct and Faspio Gateway. Getting started with Connect:Direct, Secure Proxy and faspio Gateway is described in Connect:Direct’s and Secure Proxy’s documentation.

Note that v1.0.0 and v2.0.0 of the HSAO protocols are incompatible. Users of v1.0.0 must bear this in mind when moving to v2.0.0.

HSAO v2.0.0 does not require SSP bridging on any platform. (HSAO v1.0.0 required SSP bridging on platforms without native support for HSAO v1.0.0.)

HSAO v2.0.0 should be used for the same types of network connections as v1.0.0.

For more details, refer to https://www.ibm.com/docs/en/announcements/deprecation-support-statement-direction-high-speed-add-sterling-connectdirect-v10.

FixPack 4 (v6.4.0.4)

New Features or Enhancements
To install this software, you should go to the Fix Central and follow instructions described to complete the download. The following issues are resolved in IBM Sterling Connect:Direct for Microsoft Windows: Enhancement of Statistics as specified by Federal Information Security Management Act (FISMA) standard: IBM Sterling Connect:Direct for Windows includes improved statistics logging for the following operations: Account logon operations: Successful and failed logon attempts. Account management operations: Actions related to local and proxy users. Object access operations: Operations on initialization parameters, netmap, Secure+, Integrated File Agent, and Process Library. Process tracking operations: Submit, change, delete, and similar actions. System events: Service start and stop events.

New Features or Enhancements

To install this software, you should go to the Fix Central and follow instructions described to complete the download.

The following issues are resolved in IBM Sterling Connect:Direct for Microsoft Windows:

Enhancement of Statistics as specified by Federal Information Security Management Act (FISMA) standard:
- IBM Sterling Connect:Direct for Windows includes improved statistics logging for the following operations:
  - Account logon operations: Successful and failed logon attempts.
  - Account management operations: Actions related to local and proxy users.
  - Object access operations: Operations on initialization parameters, netmap, Secure+, Integrated File Agent, and Process Library.
  - Process tracking operations: Submit, change, delete, and similar actions.
  - System events: Service start and stop events.

FixPack 2 (v6.4.0.2)

New Features or Enhancements
To install this software, you should go to the Fix Central and follow instructions described to complete the download. The following issues are resolved in IBM Sterling Connect:Direct for Microsoft Windows: Multi-Factor Authentication (MFA) Support: IBM Sterling Connect:Direct for Microsoft Windows now supports Multi-Factor Authentication (MFA) through the use of one-time password (OTP) as an additional layer of security for interactive users. By integrating any Identity Provider (IdP) that supports SAML 2.0 authentication protocol, customers can secure sensitive information and prevent unauthorized access, thereby achieving regulatory compliance and enhancing overall security. For more details on how to setup MFA in IBM Sterling Connect:Direct for Web Services refer to Configuring IBM Sterling Connect:Direct Web Services IdP Login and on IBM Connect:Direct for Microsoft Windows refer to API Proxy. Support for Windows Server 2025: The current release is certified to run on Windows Server 2025. Digitally Signed Installers: The Connect:Direct Microsoft Windows installers are now digitally signed with a certificate to confirm the software author. This guarantees that the software has not been altered since it was signed.

New Features or Enhancements

To install this software, you should go to the Fix Central and follow instructions described to complete the download.

The following issues are resolved in IBM Sterling Connect:Direct for Microsoft Windows:

Multi-Factor Authentication (MFA) Support:
- IBM Sterling Connect:Direct for Microsoft Windows now supports Multi-Factor Authentication (MFA) through the use of one-time password (OTP) as an additional layer of security for interactive users. By integrating any Identity Provider (IdP) that supports SAML 2.0 authentication protocol, customers can secure sensitive information and prevent unauthorized access, thereby achieving regulatory compliance and enhancing overall security. For more details on how to setup MFA in IBM Sterling Connect:Direct for Web Services refer to Configuring IBM Sterling Connect:Direct Web Services IdP Login and on IBM Connect:Direct for Microsoft Windows refer to API Proxy.
Support for Windows Server 2025:
- The current release is certified to run on Windows Server 2025.
Digitally Signed Installers:
- The Connect:Direct Microsoft Windows installers are now digitally signed with a certificate to confirm the software author. This guarantees that the software has not been altered since it was signed.

FixPack 1 (v6.4.0.1)

New Features or Enhancements

New Features or Enhancements
To install this software, you should go to the Fix Central and follow instructions described to complete the download. The following issues are resolved in IBM Sterling Connect:Direct for Microsoft Windows: Keystore Passwords with Special Characters: Upgrades from IBM Sterling Connect:Direct for Microsoft Windows versions prior to 6.3.0.3 may fail if Secure+ keystore passwords contain special characters. You may encounter errors such as `"Convert KeyStore failed…" and "PCG760E rc=8 PKCS12 KeyStore open exception - toDerInputStream rejects tag type 55."` Keystore Passwords with 64 or More Characters: Upgrades from IBM Sterling Connect:Direct for Microsoft versions Windows prior to 6.3.0.3 may fail if Secure+ keystore passwords contain 64 or more characters. You may encounter errors such as `"gsk_environment_init() failed GSK_ERROR_ASN - Error validating ASN fields in encoding".` Fresh Secure+ keystore creation with passwords containing 64 or more characters in IBM Sterling Connect:Direct for Microsoft Windows versions 6.3.0.3 and above may fail with the error `"gsk_environment_init() failed GSK_ERROR_CRYPTO - Error processing cryptography."`

To install this software, you should go to the Fix Central and follow instructions described to complete the download.

The following issues are resolved in IBM Sterling Connect:Direct for Microsoft Windows:

Keystore Passwords with Special Characters:
- Upgrades from IBM Sterling Connect:Direct for Microsoft Windows versions prior to 6.3.0.3 may fail if Secure+ keystore passwords contain special characters. You may encounter errors such as "Convert KeyStore failed…" and "PCG760E rc=8 PKCS12 KeyStore open exception - toDerInputStream rejects tag type 55."
Keystore Passwords with 64 or More Characters:
- Upgrades from IBM Sterling Connect:Direct for Microsoft versions Windows prior to 6.3.0.3 may fail if Secure+ keystore passwords contain 64 or more characters. You may encounter errors such as "gsk_environment_init() failed GSK_ERROR_ASN - Error validating ASN fields in encoding".
- Fresh Secure+ keystore creation with passwords containing 64 or more characters in IBM Sterling Connect:Direct for Microsoft Windows versions 6.3.0.3 and above may fail with the error "gsk_environment_init() failed GSK_ERROR_CRYPTO - Error processing cryptography."

Base Release (v6.4)

New Features and Enhancements

New Features and Enhancements
To install this software, you should go to the Passport Advantage website, and follow instructions described to complete the download. The maintenance installations on Fix Central also support new and upgrade installation; the Fix Lists include the relevant instructions. IBM Sterling Connect:Direct for Microsoft Windows has the following features and enhancements: Emergency Restore Support: IBM Sterling Connect:Direct for Microsoft Windows 6.4 now supports Emergency Restore, providing the ability to quickly rollback to a previous version and achieve recovery of essential configurations and data during critical situations at scale using IBM Sterling Control Center Director. For more information, refer to Install Agent Parameters, CD_SRVR.INI Parameter Values and IBM Sterling Control Center Director. This feature is supported starting with IBM Sterling Connect:Direct Microsoft Windows 6.4 and later versions. Rollbacks are permitted only when upgrades or updates are performed using IBM Sterling Control Center Director from IBM Sterling Connect:Direct Microsoft Windows V6.4 to a higher version. However, rollbacks to earlier versions (e.g., 6.3 or 6.2) from 6.4 are not supported. Increased config file size in Integrated File Agent: The maximum size of the configuration file in Integrated File Agent has been increased to 2 MB which enables larger number of rules and watch directories to be created. Logon Configuration Utility Support: Logon configuration utility (`LCU.bat``)` is added support for batch mode operation (-b) with reading input values from a file or another command's output or pipe.

To install this software, you should go to the Passport Advantage website, and follow instructions described to complete the download. The maintenance installations on Fix Central also support new and upgrade installation; the Fix Lists include the relevant instructions.

IBM Sterling Connect:Direct for Microsoft Windows has the following features and enhancements:

Emergency Restore Support:
- IBM Sterling Connect:Direct for Microsoft Windows 6.4 now supports Emergency Restore, providing the ability to quickly rollback to a previous version and achieve recovery of essential configurations and data during critical situations at scale using IBM Sterling Control Center Director. For more information, refer to Install Agent Parameters, CD_SRVR.INI Parameter Values and IBM Sterling Control Center Director.
  This feature is supported starting with IBM Sterling Connect:Direct Microsoft Windows 6.4 and later versions. Rollbacks are permitted only when upgrades or updates are performed using IBM Sterling Control Center Director from IBM Sterling Connect:Direct Microsoft Windows V6.4 to a higher version. However, rollbacks to earlier versions (e.g., 6.3 or 6.2) from 6.4 are not supported.
Increased config file size in Integrated File Agent:
- The maximum size of the configuration file in Integrated File Agent has been increased to 2 MB which enables larger number of rules and watch directories to be created.
Logon Configuration Utility Support:
- Logon configuration utility (LCU.bat) is added support for batch mode operation (-b) with reading input values from a file or another command's output or pipe.