This file contains information that became available too late for inclusion in the publications or the online help. This file also contains important support information.
Third Party Components' names and license terms are referenced in license.txt, located in the directory where you installed Host On-Demand.
For product documentation, visit the Host On-Demand Information Center. For Windows, the Host On-Demand Information Center is located at Start > Programs > IBM Rational Host On-Demand > Information Center.
For the latest information, please visit the US or Japanese Host On-Demand Web site.
For hints and tips and other support, please visit the Host On-Demand support page.
For product brochures, white papers, redbooks, and other documentation, visit the Host On-Demand library.
For a list of APARs fixed in this release, please refer to the file apars.txt. The location of this file depends on the form in which you received this release:
To print a complete copy of Planning, Installing, and Configuring Host On-Demand with page numbers and a table of contents, use install.pdf, located on the DVD in /doc/xx/doc/install, where xx is your two letter language suffix. You can also open the HTML version, install.html, located on the DVD in /doc/xx/doc/install, where xx is your two letter language suffix.
Refresh pack 11.0.16 contains fixes for APARs and internal defects.
The digital certificate used to sign the Host On-Demand .jar files has been updated. This does not affect the functionality of the Host On-Demand client. The new certificate is valid till Jan 23, 23:59:59 GMT 2020.
Host On-Demand now includes an option to securely connect 3270, 5250 printer sessions over TLS v1.0, TLS v1.1, and TLS v1.2 using Java Secure Socket Extension (JSSE). To use this option, the JRE (IBM or Oracle) must be V7 or later.
To enable this option, in the TLS/SSL panel of the session properties window, select Yes for the Use JSSE setting. Doing this enables the use of TLS v1.0, TLS v1.1 or TLS v1.2 using the JSSE security library, instead of SSLite, for the session. If you select No (the default) for the Use JSSE setting, the SSLite library is used, and TLS v1.1 and TLS v1.2 are not available for the session.
For more information about this support, see Configuring Host On-Demand to use Java Secure Socket Extension for Transport Layer Security support at http://www.ibm.com/support/docview.wss?uid=swg21665725.
Host On-Demand now includes 64-bit native library to accept certificate authorities trusted by the Microsoft Internet Explorer browser using 64-bit JRE.
This upgraded version of GSKit addresses a security vulnerability called "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability (CVE-2015-0138). Please refer to the following Security Bulletin for more details: http://www.ibm.com/support/docview.wss?uid=swg21699016
The digital certificate used to sign the Host On-Demand .jar files has been updated. This does not affect the functionality of the Host On-Demand client.
Due to a security vulnerability, SSLv3 protocol is disabled by default starting with Host On-Demand v11.0.11. For more information please refer to the Security Bulletin at: http://www-01.ibm.com/support/docview.wss?uid=swg21687670
Refresh pack 11.0.10 contains fixes for APARs and internal defects.
Starting this release, the Windows installer for IBM JRE is removed from the HOD publish directory. End users must contact their HOD administrators to get the IBM JRE installer for Windows, if needed. HOD administrators with a valid HOD entitlement can download the latest supported version of IBM JRE from the IBM fix central web site.
In addition to existing support for HTML-based model sessions, you can now use server macro libraries with configuration server-based sessions.
You configure server macro library support for configuration server-based sessions in the Administration Utility. When adding or modifying session properties, in the configuration panel, under Preferences select Server Macro Library. For Select server macro library type select either Web server macro library or Shared drive macro library, as appropriate. In the Path/URL to macros field, enter the location of the server macro libraries. For more information about configuring the location of the server macro libraries, see the "Creating and deploying server macro libraries" chapter in Planning, Installing, and Configuring Host On-Demand.
A new HTML parameter enables you to set the location of the server macro library.
HTML parameter name: SetServerMacroLibraryPath
Parameter values: The URL or path of the server macro library. The value can take either of the following forms:
- The fully qualified URL of a macro list file that contains the names of all the macros for use by the session, for example
http://servername/hod/macrolist.txt. In this example,macrolist.txtis a simple text file that contains the list of macros.- The full path of a directory located on a shared drive. Use a valid format for the directory path. Follow the rules described for the Save HTML parameter in the online help. All the macro files located in the specified directory are available to the session.
Description: This parameter enables you to specify the location of the server macro library to use for this session. If a URL or path is specified for this session in either the Deployment Wizard or Administration Utility graphical user interface, it takes priority over a URL or path specified using this HTML parameter. For more information about configuring the location of the server macro libraries, see the "Creating and deploying server macro libraries" chapter in Planning, Installing, and Configuring Host On-Demand.
Host On-Demand now includes an option to securely connect 3270, 5250, and VT display sessions over TLS v1.0, TLS v1.1, and TLS v1.2 using JSSE. To use this option, the JRE (IBM or Oracle) must be V7 or later.
To enable this option, in the TLS/SSL panel of the session properties window, select Yes for the Use JSSE setting. Doing this enables the use of TLS v1.0, TLS v1.1 or TLS v1.2 using the JSSE security library, instead of SSLite, for the session. If you select No (the default) for the Use JSSE setting, the SSLite library is used and TLS v1.1 and TLS v1.2 are not available for the session.
For more information about this support, see Configuring Host On-Demand to use Java Secure Socket Extension for Transport Layer Security support at http://www.ibm.com/support/docview.wss?uid=swg21665725.
HTML parameter name: InactivityLogoffTime
Parameter values: The time in minutes. Minimum:
1;Maximum:120.Description: For configuration server-based model pages that prompt users to enter a Host On-Demand User ID to login, if all sessions are closed or in disconnect state, the length of time to wait before triggering automatic logoff of the session.
Host On-Demand 11.0.8 includes security enhancements for all types of Host On-Demand clients to support the latest Oracle Java runtime.
You can now enable Host On-Demand to send VT100+ function key sequences. In VT100+ mode, the function keys generate ESC OP through ESC O[ sequences. Enable and disable this function using a radio button on the Terminal Properties panel in Session properties. By default it is disabled.
The signer certificate, "VeriSign Class 3 Public Primary Certification Authority - G5" is now included in the WellKnownTrustedCAs.p12 file. This enables you to encrypt telnet communication using the 2048 bit certificate you receive from VeriSign.
Host On-Demand 11.0.7 provides the IBM JRE 1.7 SR3 installer for Windows clients.
When a secure connection is established, a lock icon is displayed in the Host On-Demand status bar. Depending on the level of encryption, the icon is accompanied by a number (0, 40, 56, 64, 128, 168, 256). If the session is not TLS/SSL-based, the icon shows as unlocked.
Host On-Demand now recognizes more email addresses as 'hotspots', including those with special characters in the local-part. Addresses using any of the ASCII characters shown below are treated as valid email addresses and highlighted as links. If the domain name is an IP address, then the IP address literal must be surrounded by square braces.
Due to the security restrictions in recent JREs, Host On-Demand clients now use the CustomizedCAs.p12 file instead of the KeyRing.class file for reading public key information to transfer files using SSL enabled 5250 sessions. This eliminates the need to add the host's public key to the KeyRing.class file.
Host On-Demand clients can now work with SSL Certificates created using the SHA256WithRSA signature algorithm.
Host On-Demand now recognizes email addresses with a hyphen (-) in the local-part as 'hotspots'. For example, abc-def@example.com is treated as a valid email address and highlighted as a link.
A new HTML parameter enables you to count the licenses for virtual machines or machines with Terminal Services enabled.
HTML parameter name: enableLicenseCountForVM
Parameter values: true or false
Default value: false
Description: When this parameter is set to true, Host On-Demand logs the user ID and client machine IP address in the LicenseCount log.
The digital certificate used to sign the Host On-Demand .jar files has been updated. This does not affect the functionality of the Host On-Demand client.
This new feature enables you to bypass the option to download the Windows 32-bit JRE from the Host On-Demand server to the client desktop. This feature is enabled by configuring a new HTML parameter.
HTML parameter name: SkipJavaDownload
Parameter values: true or false
Description: When this parameter is set to true, and no JRE is detected on a client machine, Host On-Demand issues a message to contact the administrator instead of asking whether you want to download a JRE. This parameter can be specified for download or cached clients. It applies when using Internet Explorer on Windows. The default is false.
Host On-Demand HTML clients can now be configured to display the local system date and time information on the session frame. This new feature is disabled by default.
HTML parameter name: ShowDateTime
Parameter values: Yes or No
Default value: No
Display format:
<month> <date>, <year><time> <am/pm>, <timezone>Description: When this parameter is set to Yes in the Deployment Wizard, the date and time information is available in the Host On-Demand client on the Textual OIA of the session. The Textual OIA bar is opened by selecting View > Textual OIA on the Host On-Demand session menu bar.
The format for the date and time information is not configurable, and this feature is currently not supported in Host Access Toolkit and Host On-Demand container environments.
This feature enables the Host On-Demand administrator to configure the maximum JRE level to launch and use the Host On-Demand client. This feature is enabled by configuring a new HTML parameter.
HTML parameter name: MaximumJRELevel
Parameter value: A string that follows standard JRE version naming conventions described in Oracle's Java website in the Version String Naming Convention section. This is also the format returned by the
java –versioncommand entered in a Windows command prompt.Description: If this parameter is specified, Host On-Demand compares the specified level with the version of the JRE installed on the client machine. If the installed version exceeds the MaximumJRELevel parameter, Host On-Demand issues the error message, You are running a level of Java that exceeds the value of MaximumJRELevel. Please contact your administrator, or return to a supported level. The MaximumJRELevel parameter is set by an administrator to ensure that clients are running a level of Java supported by Host On-Demand.
The MaximumJRELevel parameter includes the update level of Sun JREs but does not include the service release or SR level of IBM JREs. This is consistent with the output of the
java –versioncommand. This means that the SR level of IBM JREs will be ignored when checking the MaximumJRELevel parameter.This parameter can be specified for download, cached, and Web Start clients. It is only supported for custom HTMLs defined through the Deployment Wizard, not for predefined HTMLs shipped with Host On-Demand. By default, Host On-Demand does not check if the level of the client JRE exceeds the MaximumJRELevel parameter.
Cached clients with or without the offline feature are only downloaded and installed if the maximum JRE level is not exceeded. Once a cached client is installed, Host On-Demand checks if the maximum JRE level is exceeded each time it is used.
Web Start applications are only launched if the maximum JRE level is not exceeded.
When using Host On-Demand with WebSphere Portal, clients can be configured as either download or cached clients in the Deployment Wizard. For both types of clients, Host On-Demand checks whether the maximum JRE level is exceeded.
Examples:
MaximumJRELevel parameter is set to "1.6.0"
Installed client JRE Result Sun or IBM JRE 1.5.0 no error Sun or IBM JRE 1.6.0 no error Sun JRE 1.6.0_1 error IBM JRE 1.6.0 SR1 no error MaximumJRELevel parameter is set to "1.6.0_11"
Installed client JRE Result Sun or IBM JRE 1.6.0 no error Sun JRE 1.6.0_11 no error Sun JRE 1.6.0_12 error IBM JRE 1.6.0 SR12 no error As you can see, the service release level of IBM JREs is ignored when comparing the client JRE version with the MaximumJRELevel parameter.
Starting with Host On-Demand V11.0.4, support is extended for certain EHLLAPI APIs to work with Host Access Beans applications. For more details and the list of supported APIs, refer to the EHLLAPI readme.
Host on-Demand now supports Oracle Java 1.6.0_24, and later. For information about this fix, and its probable impact on programmable Host On-Demand applications, refer to https://www.ibm.com/support/docview.wss?uid=swg21460650.
This new feature allows Host On-Demand administrators to remove one or more
new features (Search Text, Quick Connect, Scratch Pad and Screen History)
introduced in Host On-Demand v11 from the user interface of the Host
On-Demand client, making the functions unavailable to the end users.
These new features can be disabled from the Appearance tab of the Disable
Functions window panel.
To open the Disable Functions window:
For more information see "Disabling functions for end-user clients" and "Disable Functions" in the Host On-Demand information center.
This new feature allows you to simultaneously start multiple sessions configured to run a Reuse Active Credentials Macro at session startup, without entering the same user credentials on Macro login prompt for each session. This is enabled by default and does not need any setup or keyword.
Starting this release, aqdministrators can restrict the usage of blank passwords by setting a specific property on the Host On-Demand server. A new property has been added in the config.properties file in Host On-Demand publish directory.
Property Name = AllowBlankPassword
Possible Values = "YES" or "NO"
Default Value = "YES"
NOTE:- All values other than NO will be considered as YES.
If the property value is YES, administrators can create users with a blank
password and users can also change their passwords to be blank. This is the same
and default behavior prior to this release of Host On-Demand v11.
When the Host On-Demand administrator sets the property value to NO in
config.properties file, administrators cannot create new users or edit existing
users with password value set to blank. Users also cannot change a password to
be blank.
This parameter is added to bypass XANT Order defined as 2B and further process this character and the data after that. This applies to 3270 sessions only.
Name: disableXANTOrder
Value: true or false
Description: When this parameter is set to true, Host On-Demand will ignore XANT order and when 2B is encountered which is a non-displayable character, it will be taken as a blank space. The default value is false.
Starting with Sun Java Standard Edition 6 Update 19 release (and IBM JRE
1.6.0 SR 8 and above), when a program contains mixed-mode code (signed and
unsigned components), a security warning dialog is raised.
This new feature is to make sure Host On-Demand does not contain mixed-mode code
and resources which throw a java security warning pop up. All the components
that is necessary for a client like class files, image files etc, are downloaded
only as signed jars.
| Type of Client | Additional jars | Increase in Download Size (approx. in MB) | |
| 1 | Cached client | Images jar | 0.4 |
| 2 | Download client | Images jar, ha_xx.jar (xx-locale), font jars, codepage jars | 5.3 |
| 3 | Admin client (full) | Images jar, ha_xx.jar (xx-locale), font jars, codepage jars | 4.8 |
| 4 | New User client | ha_xx jar (xx-locale) | 0.3 |
The following two HTML parameters are provided only for download clients.
Name: SkipSecurityPopupSuppress
Value: true or false
Description: The customers who are willing to use the other work arounds or able to disable this feature in Java control panel can forego this fix by setting the value for this parameter to 'true'. If this parameter is set to 'true', then the above jars will not be added even if the clients are using Sun Java 1.6.0_19 / IBM 1.6 and above.
The default value is 'false'.
Name: DownloadAdditionalCodepages
Value: true or false
Description: In the deployment wizard, the administrator has an option to select the necessary codepages to be downloaded. It is recommended to select all the codepages if the clients are using Sun 1.6.0_19 / IBM 1.6 and above.
If the administrator selects the only necessary codepages, then we will not be downloading all the other codepage jars. This may cause the client to receive a security pop up warning in case the client uses a codepage not added by the administrator in the preload options. To provide an option for the administrator to add all the codepage jars only if the client is using Sun Java 1.6.0_19 / IBM 1.6 and above, the following parameter is provided - DownloadAdditionalCodepages.
The default value is false for the Deployment wizard generated files.
For the default HTML files (download clients), like HOD.html, this parameter will be set to 'true' and it will download all the codepage jars. This is because, if the administrator has selected a codepage for the sessions, and the client is using a different locale (other than the codepage that is selected), you will see the security warning popup. Since there is no option for the administrator clients to select only the necessary codepage jars for the default HTML files, the Host On-Demand client will download all the codepage jars.Note:
If any custom unsigned jar is added using AdditionalArchives html parameter, the user will receive security warning pop up. To avoid this, it is recommended to add only signed jars.
For administrator clients, all the codepage and fonts jars are downloaded if it is a full client.
This new feature in Host On-Demand Deployment Wizard will allow administrators to add meta tags in the HTML files are generated. A new panel titled Tags has been added under Advanced Options->Other->Tags. This pane of the Tags panel has a text area where administrators can type the meta tags to be added as per the HTML syntax.
To add the meta tags follow these steps:
Select Advanced Options ->Other->Tags.
Add meta tags (as per the HTML syntax) in the text area located on the right pane.
For example, a meta tag for disabling Google indexing is:
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
Host On-Demand does not perform any HTML syntax validation on the content being added in the text area. Whatever text is added by the administrator will be written to the HTML file created by the Deployment Wizard under the Header tag.
When the administrator edits the HTML file using the Deployment Wizard, the text area will show the previously added meta tags. If the administrator wants to add, edit or delete meta tags, this text area content should be modified accordingly.
Catalan language support has been added starting this release level of Host On-Demand V11.
ISMP does not support Catalan language, and as a result, the installer panels for Host On-Demand will not display installation or text messages in Catalan language.
This new HTML parameter will allow the Connected status message on the Host On-Demand session status bar remain until the next message arrives. This applies to 3270 sessions only.
Name: persistConnectedStatusMessage
Value: true or false
Description: To use this feature, set the HTML parameter 'persistConnectedStatusMessage' to 'true'. The default value is 'false', which means the Connected status message will continue to be removed from the status bar after a predefined time-out value.
Starting this release, the Help button from Host On-Demand's Custom Function Dialog in the Keyremap bean has been removed. This allows Host On-Demand beans users to add their application-specific help support and remove any redundancy.
Starting this level of release, Host On-Demand supports 3278 APL Extended Character Code along with 3270 APL Characters for 3270 Display sessions.
Start the Deployment Wizard and select Create/edit the HTML. In the Properties window for any session to be used with APL, add the following in the Start Options tab:
This applet can also be run after the session has been started by selecting Actions > Run applet from the session menu and typing com.ibm.eNetwork.HOD.applet.ExtendedAPL as the name of the applet.
To run this applet in WCT, hodappln2.jar (or hodappl2.jar if problem determination is enabled) user needs to be added as User Jar file while creating the plugin.
Note: The addition of 3278 APL Extended Character Code does not affect the existing 3270 APL functions, which can be enabled using the Ctrl+F8 key combination.
This support is available only for the Type 3 APL keyboard layout. (Not available for BIDI, Thai and Hindi codepages.)
The Regional and Language settings of the system should be configured as follows -
Regional Options should be English (United States)
Keyboard layout should be English (United States) - US
When the ExtendedAPL applet is running, the Ctrl+F11 key combination is always used to enable and disable Extended APL mode, and any action assigned to this combination in keyremap will be ignored.
public Properties getRemapColors();
This method will return a Java Properties object with all the modified color properties for the current session. If default colors are not changed and this method is called, it will return an empty Properties object. This object will have key value pairs as the Color remap property string (based on the host type) and a numeric value which is the color code (combination of both foreground and background).
Note: Writing the properties object to a file (if needed) should be implemented by the user or programmer in their application. One of the ways of doing this is by using the Java API 'properties.store(new FileOutputStream("filename.properties"), null);'
public void setRemapColors(Properties p);
This method will take a Properties object (similar to the one returned by getRemapColors() method) and apply the colors defined in the properties object to the current session. The properties object passed to this method should have key value pairs as the Color remap property string (based on host type) and a numeric value which is the color code (combination of both foreground and background).
Note: Reading the properties from a file (if needed) should be implemented by the user/programmer in their application. One of the ways of doing this is by using the Java API : 'properties.load(new FileInputStream("filename.properties"));'
The HOD status bar has been enhanced for Lu-Lu sessions. With this new enhancement, the HOD Status Bar now also displays the LU name (if set) with the host name and port number by default.
Bidirectional layout transformation in HOD macro extract/prompt actions enables the bidirectional layout transformation from user-specified client-side attributes to the current session attributes (current Presentation Space format) and vice versa. For example, if the client is Logical LTR, and the session format (current Presentation Space format) is Visual RTL, the text of prompt action will be converted from Logical LTR to Visual RTL so the data will be displayed correctly on the Presentation Space. Also, the extracted text will convert from Visual RTL (current Presentation Space format) to Logical LTR to display correctly.
In order to enable the BIDI transformation in the macro extract/prompt action, three parameters should be added:
For the prompt action:
The JIS2004 support is separated from original 1390/1399 host code page and two new host code pages are added into the host code page selection list for JIS2004 support. Select 1390 Japanese (Katakana Unicode Extended; JIS2004) or 1399 Japanese (Latin Unicode Extended; JIS2004) host code page to enable JIS2004 support. The following functions are also enabled for JIS2004 support:
This release includes enhanced logic for merging the buttons in the HTML-based HOD client, based on button entries in the server as well as in the client.
Note: An earlier enhancement, HTML parameter "mergeToolbarConfigs", had to be
set to "true" to enable the enhanced button merging; the parameter was set to
"false" by default. With this feature, the HTML parameter is "true" by default,
so it does not need to be set explicitly. Also, setting the HTML parameter to
"false" will disable the buttonBar merge logic for that particular HOD client.
By setting it to "false", however, you may need to reset the buttonBar once in
the client system to see the server buttons if they do not appear. This is due
to a difference between the old and the new buttonBar settings formats.
Resetting the client buttonBar clears the client button settings. To do this,
right-click with a mouse on buttonBar and click "Set to Default".
To find the HOD version installed on your system (server system only), invoke the HODVersion.class file under sm.zip with a simple command.
In the command prompt, type the following:
%JAVA_ENGINE% -classpath %HODVERSIONCLASSPATH%
com.ibm.eNetwork.HODUtil.services.admin.HODVersion
where
Note: Available on all supported server platforms.
With this enhancement, HOD displays the Dialog window with an ADD FAVORITES button and a text field. You can give the bookmark a different name by editing the name in the text field. Clicking Add Favorites adds the URL to the Favorites in the browser window. You click the Continue button to access HOD. This enhancement is available only for Microsoft Internet Explorer with Java2.
Note: This enhancement only works if the default Favorites path is unchanged.
SuSE Linux Enterprise Desktop 8.2, 9.0 and 10.0 (For HOD Client and Server)
Windows Server 2008 R2 (For HOD Client and Server)
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
Other product and service names might be trademarks of IBM or other companies.