Introduction to Remote Access Server
The Remote Access servers can be used by Component Enabler to access applications.
The server-side deployment consists of a number of platform-specific Remote Access servers that handle communications between clients and applications. Clients and servers communicate, using RATL protocol running on TCP/IP. This protocol is a simple wrapping of a standardized and extended set of NOF messages that provide all the functionality needed to support GUI forms.
Clients establish normal sessions with applications through the Remote Access servers using a TCP/IP connection. These servers perform a number of checks, such as authenticating users and verifying the application exists, before granting the client access. The servers then receive transaction requests from client programs over a TCP/IP connection and pass them to the application. Transaction responses from applications are passed back to the clients over the same TCP/IP connection. Remote Access servers can also pass back asynchronous messages, such as messages from Reports, to a client application.
Remote Access servers can also use the Microsoft Message Queue (MSMQ) server for connections instead of TCP/IP connections.
The Remote Access servers are designed to offer connectivity, throughput, and transit times comparable to terminal access to the applications on the same host applications. Each client application runs independently of all other clients, with its own connection back to the application server. There are no points of single threading or possible congestion in the transaction path to add overheads or reduce performance.
Installing Remote Access Server
Codefile
The codefile is automatically installed to the CCF system pack.
CCF params file
Obtain the sample CCF params file for the Remote Access Server, named:
(<ABSUITE usercode>)NGEN28/SAMPLE/CCF/
PARAMS/RATL ON <ABSUITE dictionary> Enter the Remote Access Entities required. Refer to CCF Configuration in Installing and Configuring Remote Subroutine Serverfor more information on configuring entities.
Insert the definitions into the current copy of the CCF params file,
SYSTEM/CCF/PARAMS ON <CCF PACK> Note: For A-Series Systems the CCF params file might not be present. Create this file using the sample provided:
(<ABSUITE usercode>)NGEN28/SAMPLE/
CCF/PARAMS ON <ABSUITE dictionary pack> COMS
Register the entities to COMS via the Utility window with the following file:
(<ABSUITE usercode>)NGEN28/SAMPLE/COMS/CONFIG/RATL ON <ABSUITE dictionary pack> For Big Buffers, set the Maximum Message Text size for Global Activity to 65000.
CCF Configuration
Use the CCF components to configure the server entities as follows:
| CCF Component | Entity |
|---|---|
| Router | PCM |
| CUCI | Device and Service |
| TCPIP | Port |
| RATL | Service, View, Language, MQserver, MQclient, and MQrequest |
Router
Identify the server as a PCM to the router and enable it, using the following syntax:
Add PCM <name> codefile = <filepath> Enable PCM <name>
Attributes | Description |
|---|---|
| <name> | Identifies a valid server name. |
| <file path> | Specifies the codefile path. |
Example:
Add PCM <name> codefile = <filepath> Enable PCM <name>
CUCI
As part of the CCF configuration you must configure a:
Connection Device
Connection Service
Connection Device
Configure a device to the CUCI PCM to associate device connection attributes with each dialog. Attributes are assigned using the following syntax:
Add Device <device name> acvt = <VTname>, ccenable = <boolean>, controlcapable = <boolean>, dynamic = <boolean>, marccapable = <boolean>, maxinput = <number>, maxoutput = <number>, messages = <category>, securitycatlist = <name>, ndlheader = <boolean>, screen = <boolean>, usage = <category>
Attributes | Description |
|---|---|
| <device name> | Defines a unique device name. |
| acvt | Specifies an Application Controller Virtual Terminal. This is the virtual terminal COMS expects the client to be using on input. This attribute is optional. <VT name> must be set to either Transparent or Default. |
| ccenable | Indicates if control character processing is enabled. This attribute is optional. This attribute can only be set to False. |
| controlcapable | Indicates if control commands can be entered or not. This attribute is optional. This attribute can only be set to False. |
| dynamic | Indicates if the connection is to be kept by COMS when the connection terminates. This attribute is optional. |
| marccapable | Indicates if the connection can handle screen output from MARC. This attribute must be set to True if you are to use the RATL Services attribute MARCOpenText. |
| maxinput | Specifies the maximum number of bytes in an input message. For Big Buffer Ispecs, this must be set to 45300 (65000 for Big Buffer Ispecs not using POF). <number> must be a minimum of 2500. |
| maxoutput | Specifies the maximum number of bytes in an output message. For Big Buffer Ispecs, this must be set to 45300 (65000 for Big Buffer Ispecs not using POF). <number> must be a minimum of 2500. |
| messages | Determines whether application messages are displayed at the client. <category> must be set to None. |
securitycatlist | Specifies a COMS Security Category List configuration entity that is defined in COMS. When set, the value of this attribute is the default value used when connecting to COMS. It can be overridden by the service attributes of NOFidentity. This attribute is optional. |
ndlheader | This attribute is optional. This attribute can only be set to False. |
screen | Indicates whether the client is a screen device. This attribute is optional. This attribute can only be set to False. |
usage | Identifies whether the client can receive input messages, send output messages, or both. <category> must be set to one of In, Out, or IO. The recommended value is IO, so that the client can both send and receive messages. |
Example
Add Device RATLweb acvt = transparent, ccenable = false, controlcapable = false, dynamic = true, marccapable = false, maxinput = 10000, maxoutput = 10000, messages = none, securitycatlist = SCL_NOF, ndlheader = false, screen = false, usage = IO
Connection Service
Configure a service to the CUCI PCM to associate device connection attributes and to identify the connection path for each dialog. Attributes can be assigned using the following syntax:
Add Service RATLon closeaction = <number>, device = <name>, logoffdisconnect = <boolean>, dynamic = <boolean> Enable Service RATLon
Attribute | Description |
|---|---|
| closeaction | The SYSTEM/COMS Close Action as defined on the SYSTEM/COMS Usercode menu. The close action is also defined on the Station menu of the COMS Utility. You must enter a value in the range 1 to 4. Note: If the dynamic attribute is set to True, the action is that of the DefaultStation definition in COMS. |
| device | You must provide a CUCI Device Name. This does not need to be a valid SYSTEM/COMS Device name. |
| dynamic | Indicates if the connection is to be kept by COMS. This attribute is optional. Allowed values are:
|
| logoffdisconnect | Indicates whether the session is automatically logged off when the connection is terminated. This attribute must be set to True. |
Example
Add Service RATLon closeaction = 3, device = ratlweb, logoffdisconnect = true Enable Service RATLon
Note: For services, the service name associated with the declared service is the name of the next service in the connection path
TCPIP Port
Define a port to the TCPIP PCM to associate port attributes for the dialogs. Attributes can be assigned using the following syntax:
Add Port <port name> stationname = <name>, checkinterval = <number>, device = <name>, framing = <category>, maxoffer = <number>, maxoutput = <number>, service = <name>, socket = <number>, transport = <category>, windowsize = <number> Enable Port <port name>
Attribute | Description |
|---|---|
<port name> | Specifies a unique port name. <port name> must correspond with an identified service. |
| stationname | Specifies a unique station name. Refer to Using StationName. |
| checkinterval | Specifies the period of inactivity before keep alive packets are sent. <number> is specified in seconds, and must be in the range 0 through 1440. |
| device | Specifies the name of a device to be used for all subport connections that are passed to the CUCI PCM. <name> must be a previously configured device. |
| framing | Specifies the type of message delineation to be used. Message delineation indicates where a message starts and ends. <category> must be set to Standard. |
| maxoffer | Specifies the number of subports to be offered (made available for connection) at any time. <number> must be in the range 0 through 31. |
| maxoutput | Specifies the maximum number of bytes in an output message. For Big Buffer Ispecs, this must be set to 45300 (65000 for Big Buffer ispecs not using POF). <number> must be in the range 128 through 65535. |
| service | Specifies the name of a service to be used for inbound subport connections. This is the next service in the connection path. <name> defaults to <port name>. |
| socket | Specifies the socket number used by the client to connect to the port file. <number> should be set to the recommended value of 2449, unless a non-standard port configuration exists. |
| transport | Identifies the transport to be used. <category> must be set to TCPIP, or it defaults to null. |
| windowsize | Specifies the maximum number of bytes that can be queued, on input, per dialog before more is received. For Big Buffer Ispecs, this must be set to 45300. |
Example
Add Port RATL stationname = actlinc/#, checkinterval = 5, device = ratlweb, framing = standard, maxoffer = 1, maxoutput = 10000, service = ratl, socket = 2449, transport = tcpip, maxoffer = 500 Enable Port RATL
Using StationName
This attribute names a connection to COMS. It provides a flexible format from which station names can be generated.
Note: Refer to <tcpip connection name> field of the Add or Modify TCPIP PCM command in the ClearPath MCP Software Custom Connect Facility Administration and Programming Guide for all possible station name values.
When developing a station name, you need to consider uniqueness and determinability. For example, you might require that the station name be consistent each time a particular user connects, and will not change over time. You might also require that more than one connection be used from the same client or from any number of clients and each name used is unique.
You also need to consider any COMS security that is applied to station names and how these stations comply.
For the best means of ensuring a consistently unique name, use the <tcpip psnf> attributes $yourhost or $yourIPaddress within the stationname attribute value.
If a hostname is desired but an IP address is formed for the stationname instead, that is the letters IP are inserted in front of the address, it might be possible to use TCP/IP mapping to set the hostname. Refer to the TCP/IP Implementation and Operations Guide for more information on mapping IP addresses.
On some networks, such as Dynamic Host Configuration Protocol (DHCP), IP addresses are not consistent over time. In this situation there are two possible alternatives:
Reserving a period of time where the IP address remains stable.
Configuring a Domain Name Server (DNS) so TCP/IP can resolve an IP address to a known hostname.
Refer to the TCP/IP Distributed System Services (DSS) Operations Guide for more information on configuring a DNS Resolver.
Overriding the Stationname by Client
When a station name is set by the client it overrides the configured setting defined for RATL connections above. Refer to the Agile Business Suite Component Enabler User Guide for more information on setting the station name by client. The station name supplied by the client might have a numerator applied to uniquely qualify the name, where multiple connections are desired from the same client. The numerator is represented by a string of one or more consecutive hash characters (#) appended to the station name which is converted to a unique ascending number. The number of consecutive hash characters indicates the minimum number of digits to be appended. For example, a supplied station name of user### results in names of the form: USER001, USER002, USER003 ... USER999, USER1000, USER1001 etc
The effect of StationName on station name (Glb.Stn)
The setting of the internal station name, or attribute Glb.Stn, is affected by the external (COMS) station name.
For Component Enabler (or NOF) based connections the value of Glb.Stn is based on the COMS station name value and the Remote Access service attribute StationNamePrefix value. If the StationNamePrefix is not defined then Glb.Stn is prefixed by the letters RAT, as shown in the first example below. If the derived station name is longer than the limit of 17 characters, the connection attributes for yourhost is used, as shown in the second example below. If the value for yourhost is not known or it is longer than the 17 character limit, the value for youripaddress is used. If this value is also too long the IP address is converted to its integer equivalent, as shown in the third example below.
The following example shows the resulting COMS and station names for a client with the specified Port Stationname format, a station name prefix set or not set to SNP, a hostname of Timbertown, and an IP address of 123.132.213.231:
TCPIP Port StationName | RATL Service StationName Prefix | COMS Station Name | Glb.Stn |
|---|---|---|---|
| ACTLINC/# | <null> | ACTLINC/1 | RATACTLINC/1 |
| SNP | SNPACTLINC/1 | ACTLINC/1 | |
| $yourhost/ | <null> | TIMBERTOWN/1234 | RATTIMBERTOWN/1 |
$youraddress | SNP | SNPTIMBERTOWN/1234 | TIMBERTOWN/1 |
| $youripaddress/# | <null> | 123_132_213_231/1 | RAT2072303079/1 |
| SNP | SNP123_132_213_231/1 | 123_132_213_231/1 |
RATL Configuration
Configure the following entities:
Service
View
Language
RATL Configuration Syntax
You can use the following verbs in CCF to configure the server for Component Enabler, or Web Enabler:
Verb | How it is Used |
|---|---|
Add | To define attributes for Views, Languages, Services, MQservers, MQclients, and MQrequests. |
| Delete | To change existing Views, Languages, Services, MQservers, MQclients, and MQrequests. The View, Language, Service, MQserver, MQclient, or MQrequest must be disabled before it can be deleted or modified. |
| Disable | To change existing Views, Services, and MQrequests. The View, Service, or MQrequest must be disabled before it can be deleted or modified. |
| Enable | To enable existing Views, Services, and MQrequests. |
| List | To list Dialogs, Services, Languages, Views, MQservers, MQclients, and MQrequests. |
| Modify | To define attributes for Views, Languages, Services, MQservers, MQclients, and MQrequests. The View, Language, Service, MQserver, MQclient, and MQrequest must be disabled before it can be deleted or modified. |
Option | To change server program runtime options. |
| Show | To show existing Views, Services, Languages, connected Dialogs, MQservers, MQclients, and MQrequests. |
| Status | To show the status of the PCM, such as compile time, code version, and title. |
| Trace | To alter or show the trace options. |
Service
Identify a service to the PCM to associate the connection path for dialogs. Attributes are assigned using the following syntax:
Add Service <service name> service = <name>, NOFidentity = <name>, SwitchToFireUp = <boolean>, StationNamePrefix = <name> Enable Service <service name>
Attribute | Description |
|---|---|
| <service name> | Defines a unique service name. |
| service | Specifies the name of a service to which inbound stations should be connected. This is the next service in the connection path. <name> must be a previously configured service. |
| NOFidentity | Identifies the connection types of the applications. <name> is a COMS Security Category List configuration entity that is defined in COMS. If the attribute is not configured in the service definition, it must be defined using the SecurityCatList attribute in the CUCI service definition before the server can handle the Component Enabler connections. |
SwitchToFireUp | Specifies behavior when switching back to an application from which a switch previously occurred. This attribute is optional. If True, returns to the Fireup Ispec instead of the Ispec from which the original switch occurred. If False, returns to the Ispec from which the original switch occurred. If the client has not previously been displayed, the Fireup Ispec is retrieved. Any data contained in the SwitchTo command overrides the setting of this attribute. |
StationNamePrefix | Prevents the RAT station name prefix appearing in Glb.Stn for Component Enabler connections. <name> prefixes the COMS Station Name. Refer to Using StationName. This attribute is optional. |
MARCOpenText | Allows input to be passed to the MARC dialog when a new COMS connection is established from the server to a desired application. The value must be enclosed in double quotation marks. When this attribute is present the text is sent instead of the server passing a hard coded message to the MDPLAUNCH window. Note: In order for the command to be carried out successfully by MARC, the CUCI Device attribute marccapble must be set to true. |
Example
Add Service RATL service = LINC, NOFidentity = SCL_NOF, SwitchToFireUp = False, StationNamePrefix = AL/ Enable Service RATL
Configuring Remote Access Server Entities
The Remote Access configuration entities for the COMS Security Category List names must be configured in at least one of the following attributes of the CCF configuration:
SecurityCatList in the CUCI service definition
NOFidentity in the service definition
Refer to RATL Configuration Syntax for more information about the syntax used to configure the server in an MCP environment.
When configuring entities you can change their names, but the names must remain unique. You can define additional Port and Service entities ensuring that a connection path can be resolved through CCF, encompassing the PCMs from TCIP using the Remote Access server to CUCI. Refer to the ClearPath HMP NX/Services Administration Guide or ClearPath HMP Series CCF Administration Guide for more information on using CCF.
View
You can identify Views to the PCM to associate connection criteria for Component Enabler users to access applications. A View can refer to one or more applications, or different Views might apply to the same application.
To identify at least one application, you can assign attributes using the following syntax:
Add View <view name> application = <system>, level = <number>, window = <name>, usercode = <usercode>, language = <language> comsstatuscheck = <boolean> Enable View <view name>
Attribute | Description |
|---|---|
| <view name> | Specifies a unique view name. |
| application | Indicates the name of the initial application to be accessed through this View. This attribute is optional. <system> might contain the usercode, the application name and the Dictionary name of the built application. The Dictionary contains the LINCGLI, LINCFORM, and LINCCNTL files for the built application. |
| ComsStatusCheck | Specifies behavior when the transaction encounters a COMS Disabled Database on the MCP server. If True, an error 202 is returned to the client immediately. If False, the transaction will timeout. |
| level | Indicates the command level for dialogs using this View. This attribute is optional and only applies to NOF based connections. |
| window | Specifies the COMS window to be used by this View. This attribute is optional, but is required when the application to which you might need to switch is not already in use. |
| usercode | Indicates the usercode for every dialog that is established for this View. If it is not present, the client is asked for a usercode. This attribute is optional. <usercode> must be valid for the purposes of workstations connected to Runtime through COMS. |
| language | Indicates the preferred language to be used for this View. This attribute is optional. <language> must be a previously identified language. |
Example
Add View sample_auto application = (USER1)SAMPSYS on DICTPACK, level = 0, window = SAMPLE usercode = anonymous, language = english Enable View sample_auto
Language
Identify a language to associate the ISO Country code and an ISO Language code with a language name. The ISO Language code is defined in ISO 639 while the ISO Country code is defined in ISO 3166. These standards are available in the official ISO website, http://www.iso.ch/.
Language names are configured in the application. Attributes can be assigned and enabled using the following syntax:
Add Language <language> ISOC = <country code>, ISOL = <language cod
Attribute | Description |
|---|---|
ISOC | Specifies the ISO Country code to be associated with the language name. |
ISOL | Specifies the ISO Language code to be associated with the language name. |
Example
Add Language english ISOC = EN, ISOL = EN
Message Queuing
Message Queuing allows multiple concurrent users of Component Enabler to access an Agile Business application, by making more efficient use of system resources, and reducing the overheads associated with establishing and maintaining individual connections for each user session. This is an alternative to the existing method of connecting to the Runtime application using individual TCP/IP connections.
Refer to the Agile Business Suite Component Enabler User Guide for more information on how to use message queuing for Component Enabler Scalability.
The following entities are added to the PCM section of the CCF params file to configure the request queues and connection details of the FalconMQ Server and FalconMQ Client library:
MQServer
MQclient
MQrequest
MQServer
Add MQServer <name> Servername = <name>, IPaddress = <ipaddress>, Port = <number>, Domain = <name>, UserName = <name>, Password = <name>,
Set attributes associated with the FalconMQ server using the following syntax:
Attribute | Description |
|---|---|
| Servername | The name of the FalconMQ server. Default: <MQserver name> |
| IPaddress | The IPaddress of the FalconMQ server. An assigned IPaddress overrides any specified Servername. |
| Port | The required port number. Default: 0 |
| Domain | The Windows security domain. Default: nulls |
| UserName | The Windows user name. Default: nulls |
| Password | The password associated with the Windows user name. Default: nulls |
Note: Case sensitive names that refer to a Windows entity can be enclosed by single quotes to prevent uppercasing.
You can also use the following commands:
Modify attributes of existing server entities
modify MQServer <name>
<attribute> = <value>,Itemize all declared MQServers
list MQServers
Display the attributes for the selected server
show MQServer <name>
Remove the selected server entity
delete MQServer <name or list>
Example (italics denote responses):
Add MQserver FMQS IPaddress = 123.1.2.3, Port = 1100, Domain = realm, UserName = dnote, Password = test, MQserver FMQS added Show MQserver FMQS 1 FMQS IPaddress = 123.1.2.3 Port = 1100 Domain = realm UserName = dnote Password = test
MQClient
Set attributes associated with the FalconMQ client using the following syntax:
Add MQclient <name> Functionname = <name>
Attribute | Description |
|---|---|
| Functionname | The System Library function name. Default: <MQclient name> |
You can also use the following commands:
Modify attributes of existing client entities.
modify MQclient <name> <attribute> = <value>,
Itemize all declared MQclients.
list MQclient
Display the attributes for the selected client.
show MQclient <name>
Remove the selected client entity.
delete MQclient <name or list>
Example (italics denote responses):
Add MQclient FalconMQSupport MQclient FALCONMQSUPPORT added Enable MQclient FalconMQSupport MQclient FALCONMQSUPPORT enabled
MQrequest
Set attributes associated with the request queue using the following syntax:
Add MQrequest <name> MQclient = <name>, MQserver = <name>, Pathname = <name>, Processes = <number>, Station Name = <SNformat>, Usercode = <identifier>, View = <name>, Service = <name>
Attribute | Description |
|---|---|
MQclient | The name of the FalconMQclient. |
MQserver | The name of the FalconMQ server. |
Pathname | The request queue path name. Default: .\PRIVATE$\<MQrequestname> |
Processes | The number of queue reader processes. Default: 1 |
Stationname | The pooling station name format. The possible Snformats are as follows:
Default: $MQrequest/# |
Usercode | The pooling user code. |
View | The name of the view. Default: <MQrequestname> |
MQrequestname> | The service name. Default: <first service name defined (in Remote Access Server)> |
You can also use the following commands:
Modify attributes of existing MQrequest entities.
modify MQrequest <name> <attribute> = <value>,
Terminate the selected MQrequest reader process.
disable MQclient <name>
Execute the selected MQrequest reader process.
enable MQrequest <name>
Itemize all declared MSQclients.
list MQrequest
Display the attributes for the selected client.
show MQclient <name>
Remove the selected MQrequest entity.
delete MQrequest <name or list>
Example (italics denote responses):
Add MQrequest sampleQ
MQclient = FalconMQSupport,
MQserver = FMQS,
Usercode = legion,
View = samplesystem,
Service = ratl
MQrepuest sampleQ added
List MQrequests
MQrequests:
1 sampleQCOMS Configuration
To define connection types to applications, you need to define two COMS configuration entities. These are Security Category List and Installation Data entities. The names used in the CCF configuration for SecurityCatList (CUCI device attribute), and NOFidentity, should correspond to the names of Security Category List entities in the COMS configuration. Each Security Category List entity needs a corresponding Installation Data entity. The value assigned to the INTEGER1 attribute determines the type of connection for that entity. Currently, the only allowable value for INTEGER1 is 9.
You can define Component Enabler (NOF) based connection types for applications using the following COMS configuration entries:
CREATE INSTALLATION_DATA RATL_NOF INTEGER1 = 9 CREATE SECURITY_CATEGORY_LIST RATL_NOF ID = RATL_NOF
Remote Access Server Commands
Clear Command
This command is used to clear connections from the PCM.
Syntax:
Clear Dialog<#,name, or list>
Example:
Clear Dialogs 1,4-7,9
Option Command
The following list outlines the options users can set:
AllAttributes
ShowAsserts
AssertDump
CompactTables
LogicError1
LogicError2
ForwardSyncMessages
When set any received CCF Sync protocol messages are sent onwards, otherwise they are ignored.
Syntax:
Option [+/-] <option list>
Example:
Option +ForwardSyncMessages
NoStationNameOverride
When set prevents clients from overriding the station name configured for RATL connections. It can only be set in the CCF configuration file and its default value is off.
Administering the Remote Access Server
Administering the Remote Access Server involves the following tasks
Starting and stopping
Monitoring
Security
Tracing
Starting and Stopping
Use the CCF commands to start and stop the server and to monitor or trace server activities.
Note: Any connections to COMS or a COMS application via NX Services (for example, NX view) are terminated.
Because the server is configured as part of CCF, starting and stopping CCF starts and stops the server:
To start Remote Access Server along with CCF, use:
NA CCF+
To stop Remote Access Server along with CCF, use:
NA CCF-
Alternatively, the server can be started and stopped without disrupting CCF:
To start Remote Access Server without affecting CCF, use:
NA CCF enable pcm ratlpcm
To stop Remote Access Server without affecting CCF, use:
NA CCF disable pcm ratlpcm
Monitoring
You can monitor the status of any Remote Access server component configured in CCF, such as Languages, Views, and Dialogs. You can use the CCF STATUS or SHOW commands to display the status of the selected component.
The following example uses the STATUS command to display the status of the PCM. It displays the version, timestamp, internal program options and default language.
NA CCF RATLPCM STATUS
This command returns the following data:
Unisys Corporation COMSock RATLPCM 44.201.1 -09/20/98 - 10:29:31 Compile Options:Trace, Assert Language = ENGLISH
The following example uses the SHOW command to display the status of the connected dialog.
NA CCF RATLPCM SHOW DIALOG 1
This command returns the following data:
Sunday 09/20/98 10:29:31 1 RATL/UNO Client = Open Transport = Open Service = Open Input Seq Num = 8 Output Seq Num = 6 NOF = True GUI = False View = UNO Language = SPANISH Device = RATLWEB Maxoutput = 6000 HostName = ACUSAHA ACVT = Default
Security
If a host application supports password aging and the Remote Access server is compliant with the application then user passwords can be changed when using the Remote Access server.
Refer to the MCP/AS Security Administration Guide for more information on setting password aging on an A Series host.
Tracing
Use CCF commands to start and stop tracing and to set the tracing attributes. Tracing can be initiated either by the operator, or by the client as part of the connection request. Tracing is normally used only for problem resolution, as it might impact the performance of the server.
The options for the CCF TRACE command are:
| ON or RESUME | Turns tracing on. |
| OFF or SUSPEND | Turns tracing off. |
| CLOSE | Closes the current trace file. |
You can set trace attributes to specify which activity is traced. The trace attributes are listed in the following table:
Attribute | Components Traced |
|---|---|
| RATL | RATL protocol |
| ALLDLGS | All dialogs |
| Attach | Session establishment and termination |
| Blocked | Suspended and resumed output |
| CMDINFO | CCF command data buffer |
| CREDITS | Bytes available for transmission |
| DATAINFO | CCF associated data buffer |
| DATAPATH | Procedural flow of message buffering |
| FULL | Shows full size of data buffers |
| LISTBUFS | Internal data space processing |
| LOCKS | Contention |
| MISC | Miscellaneous |
| MISCPROCS | Miscellaneous processing |
| MQ | Message Queue interface |
| MSG | Message displays |
| OPERINP | Operational interface |
| PFD | Configuration file parameters |
| SCANNER | Parsing |
| TBL | Tables |
An example of the CCF command to start tracing all dialogs for the Remote Access server is as follows:
NA CCF RATLPCM TRACE ON +ALLDLGS
Remote Access Server Protocol Response Messages
In particular situations the server sends protocol messages, with a number of possible response codes, to the client.
The following table outlines some of the more common codes and possible causes, to assist in determining the cause of the message:
Response Code | Meaning | Possible Causes |
|---|---|---|
| 100 | Successful operation | Session was successfully established. |
| 101 | Login is required | The View does not contain a usercode attribute setting. |
| 103 | Additional login | The userdata file indicates that other required user related attributes are needed. |
| 201 | Application does not exist | Either the View is not known to the server or the application referred to in the View does not exist. |
| 203 | Application cannot be contacted | Unable to read or obtain the desired information from the control file. |
| 204 | Access denied |
|
Localization of Messages
Remote Access Server messages can be translated using the MCP-based Multilingual System (MLS). The user messages are stored in the program SYSTEM/LINC/PCM/RATL in the following arrays:
pcm_msgs
login_prompts
login_labels
Configuring TLS 1.2 Remote Access Server
A TLS certificate must be installed on the server to ensure a secure connection and protect all important information. You must first create a TLS 1.2 certificate on the MCP host machine before importing the security certificate using Security Center.
Notes:
Earlier TLS and SSL levels are not supported due to known vulnerabilities. Only TLS 1.2 level is supported.
In the following procedure, the use of the terminology SSL for service and parameter names is due to the use of pre-existing frameworks and must not be read as SSL support.
To configure the TLS Remote Access Server, perform the following:
Create the TLS certificate request on the MCP host machine:
Ensure that the Security Center must be installed on the host and a PC environment.
Refer to the MCP Security Overview and Implementation Guide for more information.
To open the Security Center, select All Programs > Unisys MCP > Security Center.
Select MCP Cryptographic Services Manager > Trusted Keys.
Right-click on Other Keys, and then select Create Key.
Set the Application to CCF and the Service name to RATLKEY.
Set the Usercode to *NULL and key strength to at least 2048.
Select the Create Certificate Request check box, and then fill in the remaining fields with the appropriate details (for example, Signature Algorithm is SHA256_RSA).
Refer to the Online Help for more information.
Click OK.
The Save dialog box is displayed.
Enter the file name, and then click Save.
This creates a certificate request file (.req).
Note: It is recommended that this certificate request file must be processed by a trusted third-party Certificate Authority (CA).
Import the security certificate:
Open the Security Center.
Select MCP Cryptographic Services Manager > Trusted Keys.
Expand the key store where the key was created.
Right-click the key, and then select Options > Install Certificate Into Set.
In the File Browser, select the .P7B or .P7C file.
When the certificate is successfully installed a green check mark appears next to the name of the certificate.
Note: If you are using a non-trusted CA, the created .P7B or .P7C file will be ready for installing or importing on the client. This same process must be followed if you are using a self-signed certificate.
Configure the RATL TLS port:
The supplied file NGEN28/SAMPLE/CCF/PARAMS/RATL contains the necessary configurations for RATL TLS. These must be customized to suit your environment.
The added configurations are
PORT RATLSSL
As per PORT RATL with the additions/change of:
SOCKET = 2018, % choose the socket number
SSLSECUREMODE = TRUE, % always
SSLKEYCONTAINER = CCF_RATLKEY; % the key name, this must be the concatenation of the two names used in 1 (e) above using a ‘_’.
SERVICE RATLSSL
As per SERVICE RATL
Additionally, TLS must be enabled on TCPIP.
From MARC: NW TCPIP OPT +SSL
Refer to the MCP Security Overview and Implementation Guide and TCP/IP Distributed Systems Services Operations Guide for more information on MCP security.