Release Notes

Edit online

The IBM® Connect:Direct® for UNIX Release Notes document supplements Connect:Direct for UNIX documentation. Release notes are updated with each release of the product and contain last-minute changes and product requirements, as well as other information pertinent to installing and implementing Connect:Direct for UNIX.

New Features and Enhancements

Edit online

IBM Sterling Connect:Direct for UNIX 6.4 and its related software have the following features and enhancements:

FixPack 1 (v6.4.0.1)

New Features or Enhancements
To install this software, you should go to the Fix Central and follow instructions described to complete the download.

The following issues are resolved in IBM Sterling Connect:Direct for UNIX:
  1. Keystore Passwords with Special Characters:
    • Upgrades from IBM Sterling Connect:Direct for Unix versions prior to 6.3.0.3 may fail if Secure+ keystore passwords contain special characters. You may encounter errors such as "Convert KeyStore failed…" and "PCG760E rc=8 PKCS12 KeyStore open exception - toDerInputStream rejects tag type 55."
  2. Keystore Passwords with 64 or More Characters:
    • Upgrades from IBM Sterling Connect:Direct for Unix versions prior to 6.3.0.3 may fail if Secure+ keystore passwords contain 64 or more characters. You may encounter errors such as "gsk_environment_init() failed GSK_ERROR_ASN - Error validating ASN fields in encoding".
    • Fresh Secure+ keystore creation with passwords containing 64 or more characters in IBM Sterling Connect:Direct for Unix versions 6.3.0.3 and above may fail with the error "gsk_environment_init() failed GSK_ERROR_CRYPTO - Error processing cryptography."
  3. Multi-Factor Authentication (MFA):
    • Multi-Factor Authentication (MFA) support for containers has been added starting from IBM Sterling Connect:Direct for Unix version 6.4.0.1_iFix018 onwards. To download the Helm chart, click on this link.
Attention:
Announcement about High Speed Add on (HSAO)

Version 2.0.0 of High Speed Add On (HSAO) is now available. Version 1.0.0 will be gradually phased out. The new version is based on IBM Aspera Faspio Gateway, to which HSAO parts give the owner entitlement.

It is supported by Connect:Direct UNIX (Linux x86/x64 and AIX), Connect:Direct Windows and Connect:Direct z/OS. To support business-to-business HSAO transfers, IBM Sterling Secure Proxy may be located between Connect:Direct and Faspio Gateway. Getting started with Connect:Direct, Secure Proxy and faspio Gateway is described in Connect:Direct’s and Secure Proxy’s documentation.

Note that v1.0.0 and v2.0.0 of the HSAO protocols are incompatible. Users of v1.0.0 must bear this in mind when moving to v2.0.0.

HSAO v2.0.0 does not require SSP bridging on any platform. (HSAO v1.0.0 required SSP bridging on platforms without native support for HSAO v1.0.0.)

HSAO v2.0.0 should be used for the same types of network connections as v1.0.0. Detailed connection information can be found in the white paper “Getting Started with High Speed Add On (HSAO)”.

Base Release (v6.4)

New Features or Enhancements
To install this software, you should go to the Passport Advantage website, and follow instructions described to complete the download. The maintenance installations on Fix Central also support new and upgrade installation; the Fix Lists include the relevant instructions.

IBM Sterling Connect:Direct for Unix has the following features and enhancements:
  1. Horizontal Autoscaling in Containers:
    • IBM Sterling Connect:Direct Unix containers now support multi-pod deployment through Horizontal Pod Autoscaler (HPA) and this feature enables dynamic scaling by adding additional instances as the load increases and removing instances as load decreases, ensuring efficient resource utilization and optimal performance. For more details, refer to Configuring- Understanding values.yaml.
  2. Multi-Factor Authentication (MFA) Support:
    • IBM Sterling Connect:Direct UNIX now supports Multi-Factor Authentication (MFA) through the use of one-time password (OTP) as an additional layer of security for interactive users. By integrating any Identity Provider (IdP) that supports SAML 2.0 authentication protocol, customers can secure sensitive information and prevent unauthorized access, thereby achieving regulatory compliance and enhancing overall security. For more details on how to setup MFA in IBM Sterling Connect:Direct for Web Services and IBM Sterling Connect:Direct Unix, refer to Configuring IBM Sterling Connect:Direct Web Services IdP Login.
  3. Single Sign-On (SSO) to a Connect:Direct Node:
  4. API Proxying Support:
    • API Proxying enhances certificate-based authentication by allowing remote API user to be mapped to any local user. This feature supports Multi-Factor Authentication (MFA), improves the flexibility and security of certificate-based access. For more details, refer to API User Information Record.
  5. Increased Config File Size in Integrated File Agent:
    • The maximum size of the configuration file in Integrated File Agent has been increased to 2 MB which enables larger number of rules and watch directories to be created.
  6. New Operating Platform Support:
    • This release of IBM Sterling Connect:Direct for UNIX is certified to run on Ubuntu 24.

Hardware and Software Requirements

Edit online

Connect:Direct for UNIX and its related software require the following hardware and software: It supports systems running in 64-bit mode.

Component or Functionality Hardware Software RAM (min.) Disk Space (min.)
IBM Connect:Direct for UNIX with TCP/IP or FASP connectivity IBM System pSeries, POWER8 or greater processor required AIX versions 7.2 TL5 and greater, 7.3 TL1 and greater 2 GB 1.5 GB
  IBM System pSeries, POWER8 or greater processor required SuSE Linux Enterprise Server (ppc64le) version 15 SP6 and above. 2 GB 1.5 GB
  Intel and AMD x86-64

Red Hat Enterprise Linux version 8.8 and above†††

Red Hat Enterprise Linux version 9.2 and above†††

 2 GB 1.5 GB

Amazon Linux 2.††

Amazon Linux 2023.††

Ubuntu version 20 and above†††

Ubuntu version 24 and above†††

 2 GB 1.5 GB
SuSE Linux Enterprise Server version 15 SP6 and above.††† 2 GB 1.5 GB
  Linux® zSeries
Red Hat Enterprise Linux version 8.8 and above.†††

Red Hat Enterprise Linux version 9.2 and above.†††

 2 GB 1.5 GB
SuSE Linux Enterprise Server version 15 SP6 and above.††† 2 GB 1.5 GB
Connect:Direct Integrated File Agent Same as requirements for IBM Sterling Connect:Direct for UNIX Same as requirements for IBM Connect:Direct for UNIX. 2 GB 275 MB
Connect:Direct Secure Plus Same as requirements for IBM Sterling Connect:Direct for UNIX. Same as requirements for IBM Sterling Connect:Direct for UNIX.

Java™ Standard Edition 8, installed with Connect:Direct Secure Plus.

 2 GB 70 MB
High-Availability support IBM System pSeries, POWER7 or greater processor required IBM HACMP    

Libraries to Install

Edit online

Ensure that you have the following libraries installed:

UNIX Platform Software Library
Intel and AMD x86-64, Linux zSeries All supported Linux
Amazon Linux 2023
  • libxcrypt-compat
Linux zSeries All supported Linux.
Red Hat Enterprise Linux version 9.0 and above
  • libxcrypt-compat
AIX All Supported AIX

XL C++ Runtime 16.1.0.7 or later beginning with Connect:Direct UNIX 6.3.0.3.iFix000

Note: Ensure that the libc++.rte fileset is installed, as it is not included by default.
All All FreeType font rendering engine (freetype2) is required with Connect:Direct UNIX 6.3.0.3.iFix000 for running Java UI applications, such as the Secure+ Admin Tool (spadmin).

Supported File Systems

Edit online

Connect:Direct for UNIX may be installed on a local disk or a shared disk file system, also known as a clustered file system. Examples of clustered file systems are IBM’s GPFS, Veritas Cluster File System, and Red Hat Global File System.

The nosuid mount option must not be enabled on the file system where Connect:Direct is to be installed.

The only supported distributed file system protocol is NFSv4. For example, a NAS device accessed via NFS v4.1 is supported.
Note: When Connect:Direct for UNIX is installed on NFSv4, performance in high load scenarios may be reduced, significantly for NFSv4.0, as compared to the installation on a local or shared disk file system.
For example, in a development lab environment, a TCQ load test takes up to 3 times as long to run when Connect:Direct is installed on NFSv4.1 or NFSv4.2 than when it is installed on a local file system. When Connect:Direct is installed on NFSv4.0, the load test takes up to 30 times as long to run than when Connect:Direct is installed on a local file system- installing Connect:Direct on NFSv4.0 has limited applicability as a production solution.

Virtualization and public cloud support

Edit online

IBM cannot maintain all possible combinations of virtualized platforms and cloud environments. However, IBM generally supports all enterprise class virtualization mechanisms, such as VMware ESX, VMware ESXi, VMware vSphere, Citrix Xen Hypervisor, KVM (Kernel-based virtual machine), and Microsoft Hyper-V Server.

IBM investigates and troubleshoots a problem until it is determined that the problem is due to virtualization. The following guidelines apply:
  • If a specific issue is happening because the system is virtualized and the problem cannot be reproduced on the non-virtualized environment, you can demonstrate the issue in a live meeting session. IBM can also require that further troubleshooting is done jointly on your test environment, as there is not all types and versions of VM software installed in-house.
  • If the issue is not able to be reproduced in-house on a non-virtualized environment, and troubleshooting together on your environment indicates that the issue is with the VM software itself, you can open a support ticket with the VM software provider. IBM is happy to meet with the provider and you to share any information, which would help the provider further troubleshoot the issue on your behalf.
  • If you chose to use virtualization, you must balance the virtualization benefits against its performance impacts. IBM does not provide advice that regards configuring, administering, or tuning virtualization platforms.

Known Restrictions

Edit online

Connect:Direct for UNIX has the following restrictions when using third-party hardware or software:

  • The silent installation parameters related to Standard User Mode (SUM) do not work for a traditional install of Connect:Direct.
  • When performing a new or upgrade installation of Connect:Direct with Control Center Director, Integrated File Agent cannot be selected as an option.
  • An issue occurs which causes invalid data to be written to the destination file when standard compression is enabled and transfer is text mode when sending to another Connect:Direct Unix node. This issue leads to inadvertent conversion of some spaces to EBCDIC space instead of ASCII. A possible workaround of this issue is to use extended compression or no compression or use binary mode.
  • Connect:Direct Secure Plus Connect Direct for UNIX is administered through Java and a graphical user interface (GUI). The standard UNIX telnet server does not support a GUI client session. To use the UNIX GUI you must be connected to the UNIX server via an X Windows client session, such as xterm. If you are connected to the UNIX server using a telnet session, you will not be able to run the GUI sessions required to install and administer IBM Connect:Direct for UNIX. If you do not have access to X Windows, you can use the Connect:Direct Secure Plusfor UNIX Command Line Interface (Secure+ CLI).
  • Connect:Direct Secure Plus IBM Connect Direct for UNIX does not support server gated crypto (SGC) certificates.
  • The Secure+ CLI does not support using $HOME or the tilde (~) to specify the path to your home directory.
  • On the IBM System pSeries, and Linux platforms, when a run task defines an invalid UNIX command, the operating system return code is 127 and the completion code (CCOD) reported by Connect:Direct for UNIX is displayed in hexadecimal (7F) in the statistics output. This return code is correct for the error received, even though most return codes are defined as 0, 4, 8, or 16.

    If the return code value of 127 is the highest step return code, the Process End (PRED) statistics record message ID is set to the Message ID of the run task step. On other platforms, the run task return code is 1, resulting in the message ID of XSMG252I in the PRED statistics record.

  • Installation on Linux platforms displays the following message: awk: cmd. line:6: warning: escape sequence `\.' treated as plain `.'

    This is a known issue with Install Anywhere and does not affect installation or functionality of Connect:Direct File Agent IBM Connect Direct for UNIX on Linux.

  • Installation of Integrated File Agent via IBM Sterling Control Center Director is not supported currently, as it does not support the specification of silent installation parameters for an installation.
  • Connect:Direct for UNIX interactive and silent installations support the conversion of a Standalone File Agent installed by an earlier version of Connect:Direct for UNIX to an Integrated File Agent. This functionality will not be available through IBM Sterling Control Center Director because it uses silent installation of Connect:Direct for UNIX. Whether conversion occurs or not is controlled by a silent installation parameter whose default value is "no". Since, Control Center Director does not support the specification of silent installation parameters during the upgrade, the conversion is not available through IBM Sterling Control Center Director.

Support policy for Container Delivery Models

Edit online

The support policies for container delivery models are as follows.

Support statement for Connect:Direct for Unix certified containers for Red Hat that are deployed using OpenShift Container Platform

Connect:Direct for Unix certified containers for Red Hat are built to deploy on the Red Hat OpenShift Container Platform. The product containers and deployment model are certified by IBM to be production ready, enterprise-grade, resilient, secure and compliant in many public and private clouds which the OpenShift Container Platform supports. IBM Technical Support supports this delivery model across the lifecycle management of Connect:Direct for Unix certified containers, including container orchestration scripts in OpenShift Container Platform and product documentation.

Support statement for Connect:Direct for Unix certified containers deployed on non-OpenShift Container Platform

For users who choose to deploy the IBM certified containers on; proprietary container orchestration tools such as EKS/GKE/AKS/PCF, on public cloud such as Amazon/Azure/ Google or in their private cloud using native Kubernetes, the IBM Technical Support is limited to the base Connect:Direct for Unix software, certified containers, and HELM package manager. IBM provides limited support for the container editions that are deployed in proprietary renderings for Kubernetes. The non-conformant characteristics of such tools hinder the ability for IBM to assist users in all scenarios.

Support policy statement for containers that are created by users

For users who have created custom docker containers for Connect:Direct for Unix and have deployed in any Kubernetes platform, the IBM Technical Support is limited to the technical inquiries in the core Connect:Direct for Unix. IBM recommends using IBM provided certified containers and not the user created containers for Connect:Direct for Unix.

When upgrading IBM Sterling Connect:Direct for UNIX through Control Center Director, an extra 3 GB is required for temporary storage.
†† IBM does not formally test and certify IBM Sterling Connect:Direct Amazon Linux 2 and Amazon Linux 2023. However, Amazon Linux 2 and Amazon Linux 2023 are derived from the sources of Red Hat Enterprise Linux (RHEL), we believe that the product should work correctly. IBM will investigate and troubleshoot a problem until it is determined that the problem caused by a difference in behavior between Amazon Linux 2, Amazon Linux 2023 and RHEL. Defect support will only be available for problems that can be reproduced on a certified platform as documented in the Software Product Compatibility Reports (link: https://www.ibm.com/software/reports/compatibility/clarity/index.html?lnk=uctug_ratl_dw_2013-02-01_clarity_updated).
††† Due to a system library change on more recent versions of Linux, such as Red Hat Enterprise Linux version 8, you must set your current working directory (CWD) to {CDU install dir}/ndm/bin to invoke the executable modules there. To invoke these modules from another CWD, there are two options:
  • As root, create the following symbolic link:
    • For RHEL and SLES systems, in /lib64: ln -s /lib64/libtirpc.so.3 /lib64/libtirpc.so.1
    • For Ubuntu systems, in /lib/x86_64-linux-gnu: ln -s /lib/x86_64-linux-gnu/libtirpc.so.3 /lib/x86_64-linux-gnu/libtirpc.so.1
    • Note: Interactive (cdinstall) installations and upgrades done from current maintenance will check to see if this symbolic link is needed and offer to add it for you when performing configurations requiring root privilege. Automated (cdinstall_a) installations and upgrades can achieve the same result via the cdai_tirpcCreateLink parameter, set to ‘y’ or ‘n’.
  • Set the environment variable LD_LIBRARY_PATH={CDU install dir}/ndm/lib for the user that starts Connect:Direct.