Java requirements

To support the cryptographic services in IBM® Cognos® Analytics, you may be required to update your version of Java™ or set a JAVA_HOME environment variable. Depending on your security policy requirements, you may also have to install the unrestricted Java Cryptography Extension (JCE) policy file.

You can use an existing Java Runtime Environment (JRE) or the JRE that is provided with IBM Cognos Analytics.

Cryptographic standards

IBM Cognos® cryptographic services use a specific jar (Java Archive) file, named bcprov-jdknn-nnn.jar, that must be in your Java Runtime Environment. This file provides additional encryption and decryption routines that are not supplied as part of a default JVM (Java Virtual Machine) installation. To ensure security, the encryption file must be loaded by the JVM by using the Java extensions directory.
Note: For and higher versions, the jar file is named bcprovpkix-XXX.jar.
  1. Go to the install_location/jre/lib/ext directory.
  2. Copy the bcprov-jdk14-145.jar file to your $JAVA_HOME/lib/ext directory.

By default, IBM Cognos Analytics is configured to support the NIST SP800-131a security standard. To be compliant with this security standard, you must use a JRE that also supports this standard.

For more information about the supported Java versions for IBM Cognos Analytics, see the IBM Software Product Compatibility Reports page (www.ibm.com/support/docview.wss?uid=swg27047186).

For more information about this security standard, see the IBM SDK, Java Technology Edition Knowledge Center (www.ibm.com/support/knowledgecenter/SSYKE2/welcome_javasdk_family.html).

JAVA_HOME

Set a JAVA_HOME environment variable if you want to use your own Java.

Ensure that the JRE version is supported by IBM Cognos products.

On Microsoft Windows operating systems, if you do not have a JAVA_HOME variable, the JRE files that are provided with the installation are used.

To verify that your JRE is supported, see the IBM Software Product Compatibility Reports page (www.ibm.com/support/docview.wss?uid=swg27047186).

Unrestricted JCE Policy File

JREs include a restricted policy file that limits you to certain cryptographic algorithms and cipher suites. If you require a wider range of cryptographic algorithms and cipher suites than are shown in IBM Cognos Configuration, you can download and install the unrestricted JCE policy file.

For Java that is provided by IBM, the unrestricted JCE policy file is available on the IBM website (www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=jcesdk).