Configuring IBM ADDI Analyze Client

Edit online

Before you begin

Before you configure IBM® ADDI Analyze Client, you need to update the eclipse.ini or developer_for_zos.ini in your Eclipse or IDz installation directory first.

  • IBM Developer for z Systems® (IDz)

    If IBM ADDI Analyze Client is installed together with IDz, make sure to add the following lines in the eclipse.ini or developer_for_zos.ini configuration file in the -vmargs section. Avoid blank lines in the -vmargs section.

    • If you installed IDz with Eclipse p2, add the following lines.
      -Dorg.osgi.framework.os.name=win32
-Dsun.awt.noerasebackground=true
-Dsun.java2d.noddraw=true
    • If you installed IDz with IBM Installation Manager , add the following lines.
      -Dsun.awt.noerasebackground=true
-Dsun.java2d.noddraw=true
  • Eclipse IDE

    Eclipse IDE startup is controlled by the options in eclipse.ini. Make sure that for each Eclipse version that is used, your installed Java™ version is compatible with the recommendations of Eclipse. For more information about Eclipse compatibilities with Java versions, see Prerequisite software and configurations.

    For IBM ADDI Analyze Client-614 the latest supported version of Eclipse IDE is Eclipse 2024-03 (4.31) which is compatible with Java 17.

    Eclipse versions released between 2022-12 (4.26) and 2024-03 (4.31) includes Java 17 jars as prerequisites, and updates are not required in the eclipse.ini file, as IBM ADDI Analyze Client-613-ifix1 is compatible with Java 17 versions.

    • OS-Dependent Configuration: In case Analyze Client is installed on Windows Server (any version) or Windows 10/11, you need to edit the eclipse.ini configuration file and add the following line, in the -vmargs section. Avoid blank lines in the -vmargs section.
      -Dorg.osgi.framework.os.name=win32
      Figure 1. OS-Dependent Configuration
      This image shows the OS-dependent configuration.
    • Java-Dependent Configuration: If an AD-supported IBM Java version is used as the system Java and you want to enable the TLS V1.2 connection, make sure to add the following lines in the eclipse.ini configuration file, in the -vmargs section. Avoid blank lines in the -vmargs section.
      -Dcom.ibm.jsse2.overrideDefaultTLS=true
-Djsse.enableCBCProtection=false

Managing Security in Analyze Client

Note: The following configurations apply for IBM Developer for z Systems (IDz):
  • Import the ADDI server keystore into the IBM Java cacerts keystore.
  • The initial password of the cacerts keystore file is changeit.
  • To import the ADDI server keystore into the IDz Java cacerts keystore , complete the following steps:
    1. Open a command prompt (on Windows) and navigate to the folder that contains the IBM ADDI server keystore.
    2. Run the following command to import the certificates from ADDI server keystore into the IDz Javas cacerts keystore.
      keytool -importkeystore -srckeystore "<server_keystore.p12>" -srcstorepass "<server_keystore_password>"
-destkeystore"<IDz_installation_path>\jdk\lib\security\cacerts" -deststorepass changeit
Note: The default cacerts password is changeit.
Note: The following configurations apply for both IDz and Eclipse IDE.
  • Java-TLS configuration: If an AD-supported Java version is used as the system Java and you want to enable the TLS V1.2 and/or TLS V1.3 for secure connection, make sure to add the following lines in the eclipse.ini configuration file, in the -vmargs section. Avoid blank lines in the -vmargs section.
    -Djdk.tls.server.protocols=<LIST_SEPARATED_BY_COMMA_IF_MULTIPLE_VERSIONS_ARE_SUPPORTED>
-Dhttps.protocols=<LIST_SEPARATED_BY_COMMA_IF_MULTIPLE_VERSIONS_ARE_SUPPORTED>
-Djdk.tls.client.protocols=<LIST_SEPARATED_BY_COMMA_IF_MULTIPLE_VERSIONS_ARE_SUPPORTED>
-Djavax.net.ssl.keyStore=</path/to/keystore>
-Djavax.net.ssl.keyStorePassword=password
-Djavax.net.ssl.trustStore=</path/to/truststore>
-Djavax.net.ssl.trustStorePassword=password
    Note: The strings TLSv1.2 and TLSv1.3 are case-sensitive and must be written exactly as shown. For example:
    -Djdk.tls.server.protocols=TLSv1.2,TLSv1.3
  • TLS-Dependent Configuration: If IBM ADDI Analyze Client is configured with TLS support, to have a secured communication between IBM ADDI Analyze Client and IBM ADDI ZooKeeper, make sure to add the following lines in the eclipse.ini or developer_for_zos.ini configuration file, in the -vmargs section. Avoid blank lines in the -vmargs section.
    -Dzookeeper.client.secure=true
-Dzookeeper.ssl.keyStore.location=</path/to/keystore.jks>
-Dzookeeper.ssl.keyStore.password=password
-Dzookeeper.ssl.trustStore.location=</path/to/trustore.jks>
-Dzookeeper.ssl.trustStore.password=password
-Dzookeeper.ssl.protocol=<SMALLEST_TLS_VERSION_SELECTED_IN_DASHBOARD>
-Dzookeeper.ssl.enabledProtocols=<LIST_SEPARATED_BY_COMMA_IF_MULTIPLE_VERSIONS_ARE_SUPPORTED>
    Note: The strings TLSv1.2 and TLSv1.3 are case-sensitive and must be written exactly as shown. For example:
    -Dzookeeper.ssl.protocol=TLSv1.2
-Dzookeeper.ssl.enabledProtocols=TLSv1.2,TLSv1.3

    Make sure that the keystore.jks and trustore.jks files are physically present on the machine where IBM ADDI Analyze Client is installed and configured.

  • OrientDB SSL-Dependent Configuration: If OrientDB is configured with SSL in the orientdb-server-config.xml file, make sure to add the following lines in the eclipse.ini or developer_for_zos.ini configuration file, in the -vmargs section. Avoid blank lines in the -vmargs section.
    -Dcom.ibm.ad.client.ssl.enabled=true
-Dclient.ssl.keyStore=</path/to/client-keystore.jks>
-Dclient.ssl.keyStorePass=password
-Dclient.ssl.trustStore=</path/to/client-keystore.jks>
-Dclient.ssl.trustStorePass=password
    Important: Make sure that the client-keystore.jks file is physically present on the machine where IBM ADDI Analyze Client is installed and configured, and that the correct path to client-keystore.jks is added in the eclipse.ini configuration file. The file can be found in the server machine where IBM ADDI was installed, and then obtained from the path <IBM ADDI Installation Folder>\security\<environment-id>. The keystore file can be .p12, .jks, .keystore, .pfx, and .ks.
  • Cross Applications Service-Dependent Configuration: If IBM ADDI Cross Application Service is configured and up and running, make sure to add the following line in the eclipse.ini or developer_for_zos.ini configuration file, in the -vmargs section. Avoid blank lines in the -vmargs section.
    -Dad.http.read.timeout=100
    This image shows the OS-dependent configuration.
  • Memory Management Configuration: Eclipse must be configured to allow for optimized memory consumption. To configure Eclipse, edit the eclipse.ini or developer_for_zos.ini file under the Eclipse or IDz installation folder and set the minimum memory parameter (marked –Xms), the maximum memory parameter (marked –Xmx). Following is an example of an eclipse.ini file containing parameters for optimized memory consumption.
    Figure 2. Memory Management Configuration
    Memory Management Configuration
  • To use a specific language in the Eclipse interface, add the following parameter before the -startup parameter in the eclipse.ini or developer_for_zos.ini file:
    -clean
-nl
language
    The -nl parameter has the following language values:
    Language value Language
    de German
    es Spanish
    fr French
    it Italian
    ja Japanese
    ko Korean
    pt_BR Brazilian Portuguese
    zh Simplified Chinese
    zh_HK Traditional Chinese, Hong Kong
    zh_TW Traditional Chinese, Taiwan
    Note: The -clean parameter only needs to be present once, or the first time Eclipse is configured to be used in a specific language, and can then be removed from the eclipse.ini or developer_for_zos.ini file for the faster startup of Eclipse/IDz.

Configure IBM ADDI Analyze Client

To configure IBM ADDI Analyze Client, follow these steps.
  1. Go to IBM ADDI Analyze Client main window and select Window > Preferences > Application Discovery > Environment settings.
    The following Environment identification settings are available:
    • Host, enter the hostname or the IP address of the computer where IBM ADDI Configuration Server is installed.
    • Port, enter the communications port number for IBM ADDI Configuration Server. If you are using the default port, enter 2181. If IBM ADDI Configuration Server is configured for secure communications and you are using the default port, enter 2281.
    • Unique id, enter the unique ID assigned by IBM ADDI Configuration Server to the environment you want to work with.
    • Name, enter the name of the environment with which you want to work, as defined in IBM ADDI Configuration Server.
  2. Click Apply and Apply and Close. Then, restart IBM ADDI Analyze Client (File Menu > Restart).
  3. After restarting, a pop-up message displays the configurations that were made in IBM ADDI Configuration Server, and a restart is needed in order to be considered by IBM ADDI Analyze Client.
    Important: For monitoring the IBM ADDI Analyze Client tasks, see Checking the log files of components.
  4. In order to see the Mainframe Analysis projects, go to Explore Projects Tab.
    Note: At this point, all IBM AD components are up and running and ready for Analysis.