Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version 3

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Universal Agent release 7.0 contains the following high level features. For a complete list of all included features and fixes, please refer to the Universal Agent 7.0.x Maintenance list.

The following is the 6.9.x release info

Application Integration

...

Backlog ID

...

Title

...

The following list of Python Modules and their respective Versions, used by Stonebranch-created Universal Task/Template definitions, will be included within the Python package delivered alongside Universal Agent. They do not require any further installation effort once the Agent has been installed.

Module NameVersion
azure-storage-blob12.1.0
azure-storage-logging0.5.1
botocore1.14.8
boto31.11.8
docker4.1.0
google-cloud-storage1.25.0
paramiko2.7.1
requests2.22.0

No additional installation or set-up activities will be required for the Python modules listed above.

Universal Agent Architecture




...

Release Notes

Universal Controller release 7.0.0.0 contains the following high-level features, For a complete list of all the included features and fixes, please refer to the Universal Agent 7.0.x Maintenance list



Upgrading Universal Agent for I-Series

ID

Title

Description

B-

11181Extend password scrubbing to CSK methods

When certain command and scripts are run with embedded user ID/password information, this information can be displayed in trace statements when message_level is set to trace.

The two trace points in question are:

  • 20190923 101709.181894 CPR ENTRY prcattr.c 00474 00004a90 CSProcessAttribSetCommand(000001E5867903A0, echo xxxsecretxxx )
  • 20190923 104155.555310 CPR ENTRY prcattr.c 00367 00005c08 CSProcessAttribSetScriptLine(0000018AC90E5850, echo xxxsecretxxx

With B-11181, the command and script lines in the offending trace statements will be replaced with *****.

B-12001Universal Java networking component (used by OMS Java Client) - Modify properties referenced in code to use the new "uc." pathing initiated by the ControllerCriticalUniversal Controller

12401

IBMi: Update IBMi implementation of agent to support changes for OpenSSL 1.1.1b.

Upgrade the current UA for IBMi to allow support of current SSL/TLS Versions as in any of the UA 6.9.0.0

modified the prefix used for properties from “opswise.” to “uc.”. The Universal Java Networking component (used by the OMS Java Client) references a subset of the Controller’s properties related to key managers and trust managers. Therefore, the Universal Java Networking Component must modify the property names it uses to the new “uc.” prefix used by the Controller. 

Properties in question are

In file .\ua\autoctr-projects\universal\src\com\stonebranch\universal\net\UniversalTrustManager.java, function com.stonebranch.universal.net.UniversalKeyManager.UniversalKeyManager() was modified to reference the new property names:

  • uc.keymanager.algorithm

  • uc.keymanager.provider

  • uc.keymanager.client.alias

In file .\ua\autoctr-projects\universal\src\com\stonebranch\universal\net\UniversalSession.java, function com.stonebranch.universal.net.UniversalSession.sendNegotiation() was modified to reference the new property name:

  • opswise.trustmanager.ssl.protocols => uc.trustmanager.ssl.protocols

In file .\ua\autoctr-projects\universal\src\com\stonebranch\universal\net\UniversalTrustManager.java, function com.stonebranch.universal.net.UniversalTrustManager.UniversalTrustManager() was modified to reference the new property names:

  • opswise.trustmanager.algorithm => uc.trustmanager.algorithm

  • opswise.trustmanager.provider => uc.trustmanager.provider

z/OS Features

Backlog

Agents.

UA 5.1.1.0 now connects to a UA 6.9 Agent that has a TLS1.2 protocol definition in place which is the current default setting.

B-12407

IBMi: Attempt OpenSSL 1.1.1b build on IBMi 5.4.

B-12410

IBMi: packaging of created Agent code as "new" Release (5.1.1.0).

z/OS Improvements

ID

Title

Description


B-

11540z/OS UAGSRV: Support exits issuing messages to UAG JESMSGLG, LOG and TRACE datasets

The $LOGMSG macro will allow assembler programs to issue message to the UAG LOG dataset with a severity level of INFO, DEBUG and TRACE.

The appropriate log level will need to be set to allow the messages to be logged.

It will allow TRACE messages with a level of ENTRY, EXIT, TRACE and WATCH. Trace will need to be active to allow the messages to be logged.

For JESMSGLG messages, the message number will be 1097. The levels will be ERROR, WARN, INFO, AUDIT and TRACE. The appropriate log level will need to be set.

The macro specification will allow a single text string to be sent. The assembler code line number and the issuing CSECT name will be sent as well. These will be printed in the LOG and TRACE datasets to indicate the source of the message.

B-11561z/OS UAGSRV: Implementation bi-directional messaging between primary and secondary agents in sysplex

With Universal Agent 6.9.0.0, UAG for z/OS will create and join a Sysplex group if it is running Sysplex-aware.

The XCF group name will consist of the characters UAG, followed by the first 4 (upper cased) characters of the system ID (system_id from UBRCFG00).

Each UAG will have a member name, which will be the group name appended with @ and followed by the MVS system name.

So, for example, my UAG with a system ID of mndv, running on DVZOS202, would have a group name of UAGMNDV and a member name of UAGMNDV@DVZOS202.

B-06132

Recognize when a pre-allocated file is updated on z/OS (Implementation)

Note
titleNote

Universal Agent 6.9.0.0 Behavioral Change: Adding a z/OS File Monitor type "change" that may affect your current file monitor settings for z/OS.

Currently, UAG for z/OS uses SMF record type 15 to detect dataset creates. The same record can be used to detect updates. Create File Monitors will be modified to trigger only on creation of a dataset. Change File Monitors will be supported by having them trigger on dataset updates.

Additionally, UAG for z/OS will start collecting SMF type 18 records. (These are created when a dataset is renamed.) When a dataset rename is detected which matches a Change File Monitor, the File Monitor will also trigger.

For Change File Monitors, z/OS will support only the “Monitor File(s)” field in the “Agent File Monitor Details” section of the “Agent File Monitor” pane. Wildcards * and ? will be supported.

For Create File Monitors, z/OS will continue to support only the “Monitor File(s)” field in the “Agent File Monitor Details” section of the “Agent File Monitor” pane. Wildcards * and ? are supported.

Both Create and Change File Monitors will not be triggered until a dataset has been opened for output and then subsequently closed. Change File Monitors will also trigger when a rename of a dataset completes successfully.

B-10813Suppress ICH408I message for unprivileged z/OS Agent install

Running UDM with an un-authorized User message

ICH408I USER(UBRTRP  ) GROUP(UBRGRP  ) NAME(####################)
  BPX.SUPERUSER CL(FACILITY)                                    
  INSUFFICIENT ACCESS AUTHORITY                                  
  ACCESS INTENT(READ   )  ACCESS ALLOWED(NONE   )

is shown within the LOG.

Even though it is an informational message confirming that the user does not have authorization, it is often considered as a "security issue" in Audits. To avoid confusion, the RACF-check, leading to thai message, will be ommited when an unauthorized user is used.

Hybrid IT/Cloud

...

Backlog ID

...

Title

...

A customer has identified a situation in which a Universal Agent’s Access Control List (ACL) entry will not be applied if the host name portion of the entry does not match a resolved host name returned by a domain name server (DNS).

According to RFC-4343, resolved host names returned from a DNS should be compared in a case-insensitive manner.

The Universal Agent logic that selects ACL entries by comparing host names is currently doing a case-sensitive comparison. This means that entries that should be applied for a particular host will be bypassed, mistakenly allowing or denying access to UA components.

To conform to RFC-4343, any host names compared during ACL entry processing will be treated in a case-insensitive manner.

...

Since the client is not aware of its external IP, it cannot report that to the Controller in the JSS-HELLO message. However, the external IP is known by the OMS server when a client connects. What was missing is the way to report that IP from the OMS server to the Controller.

However, OMS Server already has notification messages for client connection connection open/close events. The connection open event (destination=topic.oms.event.connection.open) already contains the “clientid” tag which carries the client’s queue name in the “ops.agent.AGENTID” format.

The new tag “clientip” was added into the event. Its value contains the IP address of the source of client connection to the OMS server. That value is the external IP of a client if it resides behind NAT.

New Central Licensing: UCAM

Backlog ID

Title

DescriptionB-10873UAG sending License Information to Ubroker

Ensure proper license processing for Universal Broker working for a pre-Universal Agent 6.9.0.0 environment and map local license keys, as defined in UCMD and UDM Manager components to the new license structure.

This is mainly to avoid unnecessary communication between a Broker and the central license managemnt component. Once the Broker has received / Aquired the License key it will handle further license requirements locall on the Broker level.

B-10874Start-up sequencing between Primary and Secondary z/OS UAGs

When a Primary agent starts, it will initialize normally (Like a non-Sysplex UAG). Additionally, it will broadcast an (internal) XCF message to all members connected to the UAG Sysplex Group. (A group that encompasses all Primary and Secondary agents in the Sysplex that share the same system_id value.) When a Secondary agent receives this message, it will reply to it. Once the Primary agent receives a reply, it will send another XCF message to the replying Secondary agent containing its license information. The Secondary agent will use this information to decide to start processing, or shut down.

When a Secondary agent starts, it will initialize to the point where it can start to process. It will remain in a state where no tracking data of any kind will be processed. It will wait to be contacted by a Primary agent.

Note

Tracking data will be collected by the various UAG exits and cached in the high common storage area while there is space. (The size of this area is defined by the high_common_storage configuration parameter.) Jobs will continue to run and UAGRERUN will function normally. However, job tracking, File Monitor and Syslog message information will not be processed until the Secondary receives a valid license.

If a Primary shuts down after granting licenses to Secondary agents, all Secondary agents will return to their initial state, waiting to be contacted by the Primary. Secondaries will have to re-acquire a license when the Primary restarts. If the number of licenses has been reduced for any reason (or the number of Secondaries increased), some Secondaries will not receive a new license and will have to stop processing.

Licenses are handed out by the Primary on a first come, first serve basis.

In case a Secondary agent starts after the Primary agent, the Primary agent will detect the startup and broadcast the same XCF message it broadcast on startup. Processing will then proceed as described above. (Agents can detect the startup, and shutdown, of any agent in their group through XCF events that are sent to all agents connected to the group.)

Note
titleNote

When upgrading in a Sysplex environment, the customer should upgrade the Primary first and then the Secondaries (or upgrade them all at the same time).

If the Secondaries are upgraded first, and then the Primary, the Secondaries will not initialize because they will be waiting for a V6.9.0 Primary to contact them.

B-11515Ubroker receives UAG license Information

Implementation allows Ubroker to receive the new license information in the new MSID_BROKER_LICENSE command from the broker interface IPC. 

Message issued upon reception of license Information:

Panel

UNV0226I [1000000001] License Information Received: EXPIREDATE 0, DISTRIBUTED 0, ZOS 0, ZOSSECONDARY 0, USAP 0, UPPS 0, SOA 0

When GA, the above message will contain the details of the license key received.

B-11518Distribute License key, to UAC (SOA conector) when needed

The UNiversal Agent 6.9.0.0 release removes the requirement to enforce licenses based on endpoint counts.

License enforcement is based solely on the following supported protocols:

  • HTTP

  • JMS

  • SOAP

  • XD SOAP

  • IBM WebSphere MQ

A value of TRUE authorizes the protocol for use; a value of FALSE prohibits use of the protocol.

The JMS, SOAP, and MQ protocols control inbound (file listener) and outbound (Web service execution) connections. If the protocol is licensed, the SOA connector is authorized to create an unlimited number of inbound or outbound connections using that protocol.

The SOA connector uses the HTTP and XD SOAP for Web service execution only.

  • A 6.9.0.0 Universal Agent receives license information upon receipt of a UC 6.9.0.0’s HELLO message response

  • The Universal Broker receives the license information from UAG Server

    • The Universal Broker forwards the license information to UAC Server during component registration.
    When UAC Server starts, it may perform component registration before the Broker has obtained license information from the Controller.  In this case, the license is un-acquired at this point and UAC Server terminates.

    The UAC Server component definition may be authored to restart until it either:

    • Receives license information.

    • Exceeds the number of retry attempts.

    • UAC Server starts a local Apache Tomcat container and starts an application to execute within that container

      • This application is responsible for servicing inbound and outbound requests

      • License enforcement occurs when it receives new inbound or outbound requests

    B-11519UAGSRV: Receive new license parameters in HELLO message response

    The Controller handles the JSS-HELLO message from UAGSRV and sends back the license information in the JSS-HELLO response. UAGSRV collects the information for transmission to the ubroker process. Since there is no way to check the new field existence, the following log message was added to the agent.log:

    "License info: CUSTOMER: <custname>, REGISTERED: YES, EXPIREDATE: <expdt>, DISTAGENTS: <cnt>, ZOSAGENTS: <cnt>, ZOSSECAGENTS: <cnt>, USAP: <conn>, UPPS: <conn>, SOA: <protocols>"

    JSS-HELLO message tags containing license information

    Tag

    Type

    Description

    LICCUSTOMER

    String buffer

    Licensed customer name

    LICEXPIREDATE

    String representation of 64-bit unsigned integer

    Expiration date (TBD)

    LICDISTAGENTS

    String representation of 32-bit unsigned integer

    Number of distributed agents

    LICZOSAGENTS

    String representation of 32-bit unsigned integer

    Number of z/OS agents

    LICZOSSECAGENTS

    String representation of 32-bit unsigned integer

    Number of z/OS secondary agents

    LICUSAP

    String representation of 32-bit unsigned integer

    Number of USAP connections granted by the license

    LICUPPS

    String representation of 32-bit unsigned integer

    Number of UPPS connections granted to the agent.

    LICSOA

    String representation of 32-bit unsigned integer

    A value that indicates which Web service protocols/endpoints the SOA connector may use/connect to, from the following:

    • HTTP

    • JMS

    • SOAP

    • XD SOAP

    • IBM WebSphere MQ

    REGISTERED

    “YES”/”NO”, or “TRUE”/”FALSE”

    Flag indicating whether the agent is successfully registered and the license was granted.

    Recognizing a 6.9.0.0 License:

    All of the new license handling implemented in the Agent requires it to know whether a new, 6.9.0.0 license was obtained from Universal Controller. If the HELLO response does not contain information for a 6.9.0.0 license, the Agent must rely on locally-configured license information.

    If the Agent does not receive values for the REGISTERED, LICEXPIREDATE, LICDISTAGENTS, and LICZOSAGENTS parameters, then it will behave as though it received a HELLO response from a pre-6.9.0.0 Controller and local license information is used.

    B-11543Enforce startup order of autostart components so that OMS & UAG start first

    Starting with Universal Agent 6.9.0.0, all licensing can, optionally, be handled by Universal Controller for Agent Management

    Prior to 6.9.0.0 licenses for individual agent components were stored in their respective configuration files. Aside from verifying that the license information was valid (i.e., the individual license parameters were capable of generating a key at runtime that matched the configured license key)

    To ensure proper startup behavior, the UA components responsible to obtaining license information (manager components) from the Controller must be started in an orderly fashion. 

    Specifically, an OMS Server must exist to enable message exchange between the Central license management and Agent. OMS Server does not need to run on every Agent installation, but it must start first for those agents that do have it set to auto start.

    Next, a UAG Server must start to register with the Controller and receive the license information. All agents must now execute a UAG Server that connects to an OMS Server (B-11845), and that UAG Server must start before the Broker can proceed with its startup.

    After OMS Server (if necessary) and UAG Server start – and valid license information is available to the Universal Broker – the order in which the Broker starts remaining auto-start components is not important.

    B-11544Ensure that Universal Broker does not open any local Service Interfaces until license Information is received

    At this stage the license received from the Controller by UAG and passed to the Broker. The Broker saves the information and allows the UCMD/UDM component startup only in case if the license was received and the agent is allowed to execute jobs. Also, the current license information on the broker side is available for display in the UQUERY output.

    In case if UAG did not pass the license to the Controller for any reason (UAG is not connected to OMS, Controller unavailable, etc), the broker will refuse to start UDM or UCMD component with the following error:

    UNV3354E [1000000001] Error starting component ucmd for client 127.0.0.1:61830: CPMStartComponent, 25, License for running this component was not acquired

    2020.06.24 15.48.45.455 UNV3385W [1000000001] Manager component ucmd 1593002837 (PID20045) ended with non-zero exit code 202 (000000CA).

    B-11546Universal Broker to refresh local license Info with UCTRL

    The Universal Control (UCTL) utility must not cause Universal Controller-obtained license information that is cached within Universal Broker to be replaced with locally-configured license information during a configuration refresh.

    The Universal Broker is responsible for responding to a UCTL configuration refresh request (i.e., UCTL -refresh). In its response handling, the Broker re-reads all configuration files and stores the information in its cached configuration information. When this occurs, it is not possible to prevent the Broker from re-reading and re-caching any locally-configured license information that may exist in the configuration files. However, it is possible – and necessary – to prevent the re-cached license information from being applied and enforced against license information obtained from Universal Controller.

    To enforce the requirement, the Broker must cache license information separately from the configuration file cache. The Broker must know the source of the license information in that separate cache. Finally, the Broker must know when license acquisition is complete, and the source of the license information to enforce is resolved.

    At startup, the Universal Broker always caches any locally-configured license information and maps that information to the new license parameters. This new licensing information is stored in a cache that is separate from the cache used for local configuration files.

    At the point where license information is merely mapped and cached, the Broker considers the license to be un-acquired (i.e., the license’s source has not been fully resolved). The Broker knows it has cached local license information, but won’t enforce that information until license acquisition completes.

    The Universal Broker will allow any cached, locally-configured license information to be refreshed while the license is un-acquired.

    The idea behind this implementation is to ensure no stale data exists when the Broker resolves the license source to use locally-configured information.

    If the Broker completes license acquisition and determines that locally-configured license information should be used, that Broker will allow that information to be refreshed at any time and it will enforce the refreshed information.

    If, at any point during its life, the Broker receives notification that UAG Server successfully connected to Universal Controller and received a 6.9.0.0 or later license, only that remote license information will be used. To prevent a UCTL refresh from overlaying this information, the Broker changes the license source from local to remote. The function within the Broker that handles the license configuration refresh sees that a remote license is being used and will immediately exit. This ensures that after a remote license is acquired, the Broker never allows a UCTL refresh to update the cached license information again.

    There is no situation in which a Broker will “fall-back” to using locally-configured license information after it acquires a UC 6.9.0.0 or later license.

    No combination of UCTL refreshes or UAG Server activity will allow remote license information to be replaced with local information.

    B-11552Implementation USAP licensing based on results of B-11521

    Special Handling for USAP/UPPS Licensing

    Licensed execution of the Universal Connector for SAP (USAP) and Universal Connector for PeopleSoft Process Scheduler (UPPS) will be enforced using a value that represents the number of concurrent connections any USAP or UPPS component executing on behalf of a licensed agent may use at one time.

    Every agent as of UA 6.9.0.0, that connects to a Universal Controller 6.9.0.0 or later will receive the SAP and PeopleSoft connections that are included with the Controller’s license.

    The UAG Server is responsible for providing this information to its Universal Broker, which is then responsible for providing the values to the USAP and UPPS components.

    USAP and UPPS are responsible for defining what constitutes a unique connection.

    USAP and UPPS are responsible for ensuring that the number of unique connections in use at any given time do not exceed the value provided by the license.

    Sample

    Suppose that a customer purchases a license that permits 5 SAP connections.

    This customer has 2 6.9.0.0 Universal Agents.

    Each agent will receive this value (5). A USAP instance running on either agent will be permitted to use 5 unique SAP connections at the same time. An attempt to create a 6th unique connection while the other 5 are in use will fail.

    B-11551Implementation UPPS licensing based on results of B-11520

    Legacy licenses did not allow to limit the connections number made by upps, i.e. the number was unlimited. The new license sends the maximum connections allowed by the license to the broker, which must keep track of all active connections and allow/reject any new connections depending on how many connections are currently active.

    A “connection” for UPPS is defined as the PeopleSoft Connector’s Endpoint .

    The license restricts the number of simultaneous unique connections performed by UPPS, meaning that the numer of sessions to the same PeopleSoft Endpoint is unlimited.

    B-11553Implement USOA licensing depending on results of B-11522

    The Universal Connector for SOA (USOA) is an optional agent component that executes Web services using one of the five connection protocols or endpoints:

    • HTTP

    • JMS

    • SOAP

    • XD SOAP

    • IBM WebSphere MQ

    All that USOA needs to know is whether or not the customer purchased a license that permits Web service execution using one of the supported protocols/endpoints.

    Because there is no requirement for the agent to request any USOA-specific license information from the Controller, no updates to the HELLO message are needed to support USOA’s new licensing implementation.

    The protocols/endpoints the customer is permitted to execute will be sent via parameters in the HELLO message response. The Universal Broker will forward the value of these parameters to USOA, which is responsible for managing Web service execution based on the values it receives.

    B-11917Universal Broker to check license expiration once a day

    A 6.9.0.0 Universal Agent receives license information upon receipt of a UC 6.9.0.0’s HELLO message response

    The Universal Broker receives the license information from UAG Server

    The Universal Broker converts the expiration date to local time.

    Universal Controller licenses expire at 23:59:59 UTC

    The first expiration check occurs at this time, converted to local time.

    After the first expiration check, subsequent checks occur at 24 hour intervals.

    Expiration notices begin 30 days prior to the expiration date.

    The Universal Broker sends the expiration date to licensed components upon local registration.

    Each licensed component will report an expired license at startup.

    When a 6.9.0.0 Universal Agent (UA) connects to a 6.9.0.0 UACM(via UAG Server and OMS) it will receive license information during the HELLO message/response exchange that occurs at UAG Server startup. UC has always maintained its own license information, but in 6.9.0.0 the information it maintains is expanded to control UA licensing. This single set of license information allows the Agent to manage licensing for all of its components and eliminates the need to have licenses stored in local configuration files.

    UA receives a single license expiration date from the Controller and applies that expiration date to all licensed components. Although UAG Server is the direct recipient of this license information the Universal Broker is the final keeper of it, given its traditional role as owner of an agent’s local configuration.

    As a long-running process, the Universal Broker must implement a daily check on the license’s expiration date. Starting 30 days prior to a license’s expiration, the Broker will issue the following message when it performs its periodic check on the license:

    UNV0130W [] Product license expires in nn day(s). Contact Stonebranch, Inc. for license renewal.

    Individual licensed components will also display this message at startup.

    When the expiration date elapses, the Broker must ensure that no new work can start on that Universal Agent instance. The Broker and any auto-started components will continue to run, but will fail upon a check of the license’s expiration date.

    When a license expires, you can expect to see the following message in the Broker log and from licensed components:

    UNV0129E [] License is expired. Contact Stonebranch, Inc. for license renewal.

    Expired licenses can still be considered to be valid. Validity and expiration are handled and reported differently.

    Universal Agents that connect to Universal Controller whose license is expired will still receive a HELLO response. The Agent will be granted the license, provided the number of licensed agents is not exceeded.

    Universal Agents do not change state when a UACM license expires. Any “online” Agents will continue to show online after the license expires.

    However, when a UCAM license expires, it will enter a paused state, which will prevent any Universal Agent task execution. After a new license is applied, you must select the UACM Server Operations option and execute the Resume Cluster Node task.

    12811

    Make UBROKER and components (UAG UDM UCMD...) XCF REALLOCATE aware/compatible

    Implementation of the required changes to fully support compatibility to XCF reallocate process.

    This support comes in two basic parts:

    1. When connecting to the XCF structure UAG indicates it supports System Managed Rebuild.
    2. Recognize and support new XCF events.

    XCF events are asynchronous notifications sent to each connector to a structure indicating the state of the structure, the CF and the connection.

    For example, events occur when users connect to - or disconnect from, the structure, or when failures occur in the structure the CF or the connection to it.

    System Managed Rebuild will result in (up to) five events. “Structure Temporarily Unavailable”, “Structure State Change”, “Structure Available” and “Alter Begin” and “Alter End”.

    Info
    titleNew Messages that can be Expected

    UAG1109 XCF structure <cf_struct_name> is temporarily unavailable.

    UAG1109 XCF structure <cf_struct_name> is now available.


    B-06093

    UAGSRV tracing enhancements

    Improved Tracing capabilities for SMF Exits


    B-11538

    zOS UAGSRV: Extended "Cancel Job" support for jobs running on any Sysplex node

    The Problem

    1. UAG supports cancelling jobs submitted by UAG and currently executing. This functionality does not work if a job is running on a Sysplex node other than the Primary one.

    2. When a UNIX System Services (USS) job is executed as a batch job, multiple address spaces are spawned with the same job name. Since UAG cancels jobs by executing a z/OS CANCEL command with the job name as the parameter, the CANCEL fails due to multiple matching address spaces.

    The Solution

    UAG for z/OS tracks internally which system a job is executing on. When a Task Cancel request is received by a Primary UAG for a job which is not executing on the same system as the Primary UAG, the Task Cancel request will be forwarded to the system on which the job is executing. (Note this only works if the job has started execution and the Primary UAG has received the notification thereof.)

    UAG has been extended to capture and save the address space ID of the submitted job. When a Task Cancel request is received, the address space ID is added to the CANCEL command to uniquely identify the job/address space to be cancelled.


    B-07134

    UAG File Monitor on z/OS should return an error when attempting to use features not supported

    z/OS File Monitor enhancements for better supporting Sysplex secondary Agents and allowing Error based handling when non supported Features are being used.

    As the primary Agent is, and will remain, the only Agent connected to a Controller and receive workload from a controller, a change has been implemented that will ensure that relevant File Monitors will be made available from the primary to any secondary Agent within the PLEX. That will ensure that any of the secondary Agents can also handle relevant file activity in case it is happening on a secondary Agent.

    After a secondary Agents has started, and received his license, a file monitor synchronization process will be initiated by the primary Agent to allow triggering the file activity across the PLEX.


    B-11537

    zOS UAGSRV: Extend file monitor support for secondary agents in a sysplex environment



    Universal Agent Password Handling Extensions

    ID

    Title

    Description


    B-10365

    Add support to UDM scripts for passwords with certain special characters =+-"

    In order to support extended UTF-8 characters (those that translate into multibyte sequences) the passwords are internally translated from UTF-8 to UTF-16 and Unicode-aware version of the logon function is now being used for user authentication. This allows to use any extended unicode character to be used in user names and passwords. Since the change was introduced in the common code for UDM, UCMD and UAG, it added support for those unicode characters not only for UDM, but for UCMD and UAG as well. There are no changes in behavior of UDM, UCMD and UAG as result of this change except for support of extended characters in user names and passwords.


    B-12882

    update configuration parsing routines to handle password with all supported characters


    B-12884

    Allow passwords with any characters to be specified in a udm script



    UFTP Separation connection & Transfer Logic

    ID

    Title

    Description


    B-11141

    UFTP (SFTP Protocol) - Separate Connection from Transfer Logic


    For the respective protocols, the Return-codes are categorized in 3 different, internal, groups

    1.) XP_EXIT_ERROR (1002)

    This generally includes any transfer error.

    The client should end unsuccessfully with exit code 1002

    2.) XP_EXIT_NETWORK (1024)

    This error Code describes network issues that are encountered while a file transfer processing

    The client should end unsuccessfully with exit code 1024

    3.) XP_EXIT_SECURITY (1023)

    This error generally occurs with authentication problems.

    The client should end unsuccessfully with exit code 1023

    Any results provided will be mapped to the Windows or Linux Exit-Code field to allow Job Status to be set accordingly.

    B-11140

    UFTP (FTP & FTPS Protocol) - Separate Connection from Transfer Logic


    B-09713

    UFTP - Add support for timestamps on UNV stdout/stderr messages


    In Order to synchronize messaging structure UFTP is enhanced to allow the same or similar timestamp settings as other components to enhance Messages produced for STDout and STDerr



    SSL Default Changes

    ID

    Title

    Description


    B-12442

    UAG Remove enable SSL from configuration and installs


    Necessary changes based on vulnerability findings in the 2020 Audit performed by SECUVERA

    B-12368

    UAG change default for enable SSL to YES



    Summary of UIP-Related Items to Strength Integration & Orchestration Capabilities

    ID

    Title

    Description


    E-01561

    Universal Agent feature & Function for creating and delivering the Universal Integration Platform


    Allow UA Extension to become the new standard for deploying downstream integration Solutions to applications