With V5R1, to be announced April 30, Rochester delivers the biggest release of OS/400 yet. With more than 4 million new lines of code, V5R1 adds much needed enhancements to OS/400’s every nook and cranny, from RPG support (see “RPG IV: Free Format and More,” November 2000) to database, from security to networking, and all stops in between. IBM is also announcing new servers in conjunction with this release. (See “IBM Renovates iSeries Hardware Lines.") General availability is planned for May 25. Watch upcoming issues of NEWS/400 for more detail on these and other features in V5R1.

Clustering
V5R1 opens the door for new uses of clustering on the iSeries with support for switchable DASD and basic cluster-management functions built into Operations Navigator. DASD can be switched between partitions in a logical partitioning (LPAR) environment or between multiple systems connected via OptiConnect over High-Speed Link (HSL). This means that older AS/400s, which don’t support HSL, can’t share DASD from another AS/400 — they can only take advantage of switchable disk support between LPAR partitions.

Switched DASD support allows all the data in an independent auxiliary storage pool (ASP) to be accessed from another iSeries when the regular system is unavailable due to scheduled downtime or an unplanned outage. When switching between systems, the entire I/O expansion tower must be switchable, although it can be allocated to multiple ASPs. When using LPAR, an IOP on a shared bus is also eligible for switchable DASD. All of the support for determining which system is the primary system and switching over in the event of an unexpected failure, delivered with initial clustering support in V4R4, has been enhanced to support the new functions needed for switchable DASD. In addition, for the first time IBM is providing limited clustering management support in OS/400. (In the past, cluster management was almost always handled using a third-party high-availability product.)

The clustering management support in V5R1 includes interfaces and wizards to define and work with switchable DASD. In addition, IBM is offering Cluster Management Utility (Option 41 of OS/400), a tier-priced licensed program product (LPP) that can create and manage two-node switched disk clusters. It can also be used to manage cluster-proven applications, but it doesn’t manage data cluster resource groups (CRGs) because IBM expects that customers who are working with data CRGs will use a high-availability product that includes cluster management.

Currently the ability to switch DASD from one system to another is limited to data stored in the integrated file system (IFS); conventional AS/400 objects such as physical files and libraries can’t be switched. However, IBM has indicated that additional switchable DASD support will be added in subsequent releases. In the meantime, switchable DASD is an important enhancement for iSeries shops that use the IFS for applications such as Domino.

Database
V5R1 adds several new functions and interfaces to DB2/400. Perhaps most notably, Rochester removed the requirement to buy the C/400 compiler to use SQL procedures and functions. OS/400 now comes with the C compiler bundled internally for DB2 to use. Operations Navigator features a Database Navigator that gives graphical representations of your database. OpsNav also provides a function called Generate SQL that shows you the SQL statement behind graphically created objects. It can be used as a migration tool to convert physical and logical file DDS to SQL. For instance, you can select a physical file that was originally defined with DDS and, using this feature, generate the SQL statement to create an equivalent table.

V5 doesn’t bring any new data types or indexes, but it increases the size limit for LOBs to 2 GB from 15 MB and the table size to 1 TB from 0.5 TB. It also brings DB2 UDB/400 current with the other DB2s in supporting the latest version of ODBC.

Domino
IBM already ships the newest addition to the Domino family, iNotes Access for Microsoft Outlook, which turns Outlook into a Domino client and lets customers consolidate multiple Exchange servers onto a single iSeries box, reducing the number of servers necessary to run multiple Outlook clients.

Other Domino features in V5R1 include 128-byte password support, TCP/IP Autostart, EZ-Setup Wizard, ClusterProven Domino, Teraspace enablement for Web applications, and additional BRMS support.

Linux
Rochester said it was coming, and with V5R1 it’s almost here. Linux won’t truly be available on the iSeries until a Linux distributor offers an iSeries Linux distribution. SuSE is the closest to delivering a distribution for iSeries, tentatively scheduled for September. In the meantime, SuSE hopes to offer a rough version for download from its Web site sometime soon.

However, when a Linux distribution is finally available, OS/400 V5R1 will be ready. Linux will run on the iSeries in a logical partition (LPAR). Although the Linux kernel runs directly on the processor without OS/400 underneath, OS/400 is required to set up and manage the LPAR infrastructure and virtual I/O that Linux uses. Because of this requirement, Linux must run in a secondary partition with OS/400 V5R1 in the primary partition.

The Linux kernel itself is based on the PowerPC kernel with modifications for iSeries. No changes were made to the kernel and core Linux function, but IBM changed some peripheral code so that Linux can run on the iSeries. For example, IBM wrote device drivers for access to direct and virtual iSeries I/O and added support for Linux to get the time from iSeries.

V5R1 allows for I/O flexibility in Linux. One way to manage I/O is through virtual I/O, which allows OS/400 to control I/O. In this model, some of the disk belonging to OS/400 is carved out for Linux, exactly the way iSeries handles I/O for Windows on an Integrated xSeries Server (IXS) today. Because a user goes through OS/400 to get to Linux in this scenario, the OS/400 uses a physical LAN adapter and Linux uses a virtual one. With virtual I/O, Linux has no tape drives, no dedicated I/O, and no physical LAN adapters. It uses what OS/400 already has.

Networking
V5R1 is chock-full of networking enhancements, with better networking security, more integration with Operations Navigator and Management Central, and support for more networking standards, to name a few.

QoS. The main attraction is Quality of Service (QoS), which lets you reserve the bandwidth you’ll need between two applications at a particular time. QoS comes in two types: integrated services and differentiated services. With integrated services, commonly used for streaming media applications or Webcasts, your application calls an API that requests the bandwidth it needs at a particular time. Differentiated services lets you prioritize your network traffic so that the most critical types of traffic get priority, while less critical traffic takes whatever bandwidth is left over. Integrated services requires you to make changes to your application, but differentiated services is ready to go with just OS/400 V5R1.

VPN Certificates. V5R1 also supports the use of certificates for security with virtual private networking (VPN). Unlike the certificate support for HTTP, the VPN certificates don’t require Secure Sockets Layer (SSL) or any changes to your application. You simply set up a policy to protect your VPN traffic, and OS/400 does the rest.

Dynamic DNS. Domain Name Services (DNS) on the iSeries evolves to the next level with V5R1. Dynamic DNS (DDNS) automatically updates the DNS server with whatever host names and addresses the Dynamic Host Configuration Protocol (DHCP) hands out so that you don’t need an operator constantly keeping those tables up-to-date. DDNS works at the system level so requires no programming changes. It’s AIX-based and runs in PASE, which means that any updates to the standard from the Internet Software Consortium should be put into play on the iSeries fairly quickly.

SNTP Server. A new simple network time protocol (SNTP) server lets the iSeries synchronize watches with an external time source so that all of the systems on your network will be ticking in step, so to speak.

FTP Enhancements. File Transfer Protocol (FTP) gets SSL support to keep snoops from being able to easily tap into your communications. V5R1 also adds TCP I/O completion ports, which send and receive traffic several times faster than other I/O, depending on the processor and network adapters you’re using.

Network Management. Rochester is trying to make it easier to trouble-shoot your network with new management tools. The first, an OpsNav version of NetStat, provides more function than the old green-screen version. For example, if you want to know what jobs are running over a TCP/IP connection to the iSeries, you can click on the connection from the NetStat GUI, display the jobs, and then manage those jobs. A second utility, TraceRoute, shows you the path your TCP/IP data is going to take from its starting point to its end destination on the network, so you can see where problems might occur and make modifications. Another utility lets you go into the address resolution protocol (ARP) cache where IP addresses are mapped to hardware addresses, and then delete or modify entries to make data go where it’s supposed to.

RADIUS. Point-to-Point (PTP) protocol gets a lot of enhancements with V5R1, but perhaps the most significant is support for a remote access dial-in user services (RADIUS) client that handles user authorization and monitors how long users are connected, how much data they transfer, and so on.

Networking also gets updates to the lightweight directory access protocol (LDAP), simple mail transfer protocol (SMTP), and Telnet servers; a new Internet print protocol (IPP) server; and support for 1 GB Ethernet and ISDN multilink, which lets you tie together multiple phone lines for greater bandwidth.

PASE
V5R1 brings some new capabilities to the Portable Applications Solution Environment (PASE). PASE remains compatible with AIX 4.3.3 in this release but is enabled for both 32-bit and 64-bit support. In addition, PASE has been enabled for national language version (NLV) and includes mapped file support through four new APIs: mmap, munmap, msysnc, and mprotect. Mapped file support, which has been added for both PASE and ILE applications, means that an application can treat files as if they were resident in a section of memory rather than issuing reads and writes to DASD. (OS/400 single-level store uses the same concept, but V5R1 makes this type of processing possible for AIX applications running on the AS/400.)

V5R1 also includes new C++ and Fortran runtimes for PASE. Other enhancements that may be of interest if you’re porting a Unix application to the iSeries include named pipes, process sizes greater than 2 GB, and support for /dev/null.

Printing
With V5R1, IBM finally acknowledges that iSeries users want to be able to work with the same types of data output available on other systems. V5R1 supports Internet Print Protocol (IPP), new Java print classes for XML, XSL, and Advanced Function Printing (AFP) in the OS/400 Toolbox for Java, and new formatting interfaces to AFP. A new LPP, Infoprint Server, provides iSeries support for PDF files, enables PDF output to e-mail, IFS, or PDF, and lets the iSeries serve as a network print server. Another LPP, Infoprint Designer, provides page layout capabilities for iSeries documents.

Security
With V5R1, OS/400 gets object signing, new password capabilities, and bunches of other enhancements.

Object Signing. Interfaces in OS/400 V5R1 let you sign and verify OS/400 executables, so that you can determine whether they were signed by someone you trust and can make sure they haven’t been changed since they were signed. In addition, every piece of V5R1, as well as all IBM LPPs and PTFs, will ship as signed executables. A new system value, QVFYOBJRST (Verify object restore), will let you control how the system handles invalid, unverified, or unsigned objects.

Password Enhancements. V5R1 brings OS/400 password traits current with other systems but lets you choose to use traditional OS/400 passwords if you’d like. A new system value, QPWDLEV (Password level), gives you four options for setting OS/400 passwords. Level 0 gives you what you’ve always had: 10-character passwords with encryption for both OS/400 and Microsoft NetServer. Level 1 keeps the 10-character OS/400 password but gets rid of the NetServer password. Level 2 keeps the old types of OS/400 and NetServer passwords, but also brings you new password support, letting you create passwords anywhere from 1 to 128 characters in length, using mixed case, embedded blanks, and any character set or language you can type from your keyboard, which makes it much more difficult for an intruder to guess or brute-force a password. (You can still use QPWDMIN and QPWDMAX to control exactly how long your passwords can be.) Password level 2 uses an entirely different algorithm for encrypting passwords than OS/400 and NetServer have used before. Level 2 is meant to be a testing level so that you can try out the new passwords but move back to the old if you run into compatibility problems. Password level 3 provides only the new password support and gets rid of everything else.You can move between levels 2 and 0 fairly easily, but it’s difficult to move back from levels 1 and 3, since they get rid of the old support.

The Password validation program (PWDVLDPGM) gets a new system value called RegFac (registration facility), which tells the registration program to look for the exit program that should run.

A password delay algorithm will slow down people trying to get unauthorized access to the system via FTP. If a user types a password incorrectly, the system will make him wait a certain number of seconds before trying it again. And with each successive wrong entry, the delay time will grow exponentially.

Program Creation Data Templates. V5R1 includes a new option for vendors who want to ship OS/400 programs without the source code. Rather then saving just the object code, V5R1 lets them save a retranslation step called Program Creation Data Templates that retains enough information to generate a new set of object code but that’s difficult to revert to program code.

Other security enhancements include support for the government-backed Rijn-Dahl encryption algorithm through the cipher MI instruction, integrated support for the generic security service (GSS) API and its underlying Kerberos authentication mechanism (delivered as PTF SF63662 to V4R5), SSL support for the IBM 4758 cryptographic coprocessor, and the ability to define your own user IDs for dedicated service tools (DST) and system service tools (SST). DST will now also require a user ID and password.

SQL Triggers
The introduction of SQL triggers eliminates one of the few remaining requirements to work with iSeries data outside of SQL. In addition to making the existing OS/400 trigger capabilities available using SQL, V5R1 also includes column-level triggers, statement-level triggers, and the ability to have up to 300 triggers per table. (The previous maximum was six.)

Triggers are assigned using the Create Trigger SQL statement, which includes the ability to test for conditions (e.g., if balance greater than zero). The addition of column-level triggers is an important enhancement to trigger usability. Using this function, an application can fire a trigger based on changes to a particular field rather than firing the trigger based on a record event (add, update, delete) and then determining within the trigger program which fields were affected. This could be a major performance enhancement in situations where only a small percentage of changed records actually require the trigger program to run.

Because SQL statements often process multiple records (rows), the application developer can now create triggers that run once per statement rather than once per row. Statement triggers will run even if no records are processed by the statement. One concern with all of the new trigger capabilities is database administration. Triggers for the same event run in the order they were created, so unless you have a central clearinghouse, the order could be ambiguous.

Virtual LAN
Virtual LAN is a new technology designed to enhance communications between OS/400 partitions. Virtual LAN can be used to communicate to other OS/400 partitions or Linux partitions. No additional hardware or software is required to enable Virtual LAN, which offers up to 16 high-speed TCP/IP connections for each partition. Communication utilizes the iSeries’ memory bus and emulates 1 GB Ethernet communications. For each partition, you can select which other partitions you want to communicate with and set up the TCP/IP configuration just as if you were using a physical LAN to connect multiple servers.

Sharon Hoffman (shoffman@as400network .com) is a senior technical editor for NEWS/400. Joanna Moore (jmoore@as400network.com) is an industry reporter. Cheryl Ross (cherylr@ as400network.com) is news editor.