RKTools installation: Difference between revisions

From m204wiki
Jump to navigation Jump to search
m (add some details especially to last two numbered steps)
m (add link)
Line 345: Line 345:
INCLUDE RKTOOLS_INSTALL </p>
INCLUDE RKTOOLS_INSTALL </p>
<p>
<p>
RKTOOLS_INSTALL creates or updates the dozen or so RKTools application subsystems. It performs all installation functions for new sites and all upgrade functions for reinstalling sites. No user profiles or other site-specific customization will be lost, as long as your existing SIRLOCAL file is left in place.
RKTOOLS_INSTALL creates or updates the dozen or so RKTools application subsystems and sets up their supporting files. It performs all installation functions for new sites and all upgrade functions for reinstalling sites. No existing user profiles or other site-specific customization will be lost, as long as your existing SIRLOCAL file is left in place. </p>
If any problems are encountered while running this procedure, correct the problems and re-execute. </p>
<p>
<p>
You are encouraged to use the installation program's F1-key Help for detailed explanation of how the program is working with the subsystems. </p>
The procedure produces a screen that lists all of the subsystems and whether they have loaded. It may be necessary to troubleshoot why expected subsystems did not load, then re-execute the procedure. You are encouraged to use the installation program's F1-key Help for detailed explanation of how the program is working with the subsystems. </p>
<p>
<p>
The procedure <code>RKTOOLS_INSTALL</code> also builds an APSY subsystem called <code>RKINSTALL</code>.
During APSY subsystem execution, error messages are not suppressed, which aids in diagnosing any installation problems. For example, you will be able to see if an installation failed because a file was enqueued in a different Online, and so on. </p>
If the installation needs to be re-run, you can invoke the subsystem (from command line or later with option 9 in the [[RKTools#mainmenu|RKTools main menu]]) rather than the procedure. </p>
<p>
<p>
During APSY subsystem execution, error messages are not suppressed, which aids in diagnosing any installation problems. For example, you will be able to see if an installation failed because a file was enqueued in a different Online, and so on. </p>
The procedure <code>RKTOOLS_INSTALL</code> also builds a subsystem called <code>RKINSTALL</code>. If the installation needs to be re-run, you can invoke the subsystem (from command line or later with option 9 in the [[RKTools#mainmenu|RKTools main menu]]) rather than the procedure. </p>
<p>
<p>
Once the installation completes successfully, start the component subsystems (<var>[[START command: Starting an application subsystem|START SUBSYSTEM]]</var> command) before using the RKTools 3270 or RKWeb interface. </p>
Once the installation completes successfully, start the component subsystems (<var>[[START command: Starting an application subsystem|START SUBSYSTEM]]</var> command, invoke by name, or both) before using the RKTools 3270 or RKWeb interface. </p>
<p>
<p>
To verify that the subsystems are correctly installed, enter <code>RKTOOLS</code> at the command line, and use the main menu to bring up the RKTools components. </p></li>
To verify that the subsystems are correctly installed, enter <code>RKTOOLS</code> at the command line, and use the main menu to test the individual RKTools components. You may also want to use SUBSYSMGMT to check that the component subsystem definitions are viewable, and use [[SirPro]] to display the newly restored M204PROC file to ensure its availability. </p></li>


<li><p><b>Dictionary/204</b></p>
<li><p><b>Dictionary/204</b></p>
Line 379: Line 377:
<p>
<p>
The RKWeb interface, described further below in [[#Additional setup for RKWeb|Additional setup for RKWeb]], is controlled by the RKWEB subsystem, and you need to update the subsystem definition with the names of eligible users. Some of the RKWeb options require system administrator login privileges just as those options do when accessed with the RKTools TN3270 interface. To use these options in RKWeb requires system administrator login privileges and ADMIN SCLASS membership <i>in the RKWEB subsystem</i>, as well as a [[RKWeb#RKWeb security|suitable product license]]. </p></li>
The RKWeb interface, described further below in [[#Additional setup for RKWeb|Additional setup for RKWeb]], is controlled by the RKWEB subsystem, and you need to update the subsystem definition with the names of eligible users. Some of the RKWeb options require system administrator login privileges just as those options do when accessed with the RKTools TN3270 interface. To use these options in RKWeb requires system administrator login privileges and ADMIN SCLASS membership <i>in the RKWEB subsystem</i>, as well as a [[RKWeb#RKWeb security|suitable product license]]. </p></li>
<li>See the "Additional setup" sections below for the components you use at your site. </li>
</ol>
</ol>


Line 575: Line 575:
</p>
</p>


Again, because the above rules force users to log in with their enterprise credentials, and because RKWeb provides an interface into protected elements like passwords and APSY definitions, the port on which <var class="product">RKWeb</var> runs must be SSL protected.
Again, as described earlier in [[#Janus Web port definition|Janus Web port definition]], because the above rules force users to log in with their enterprise credentials, and because RKWeb provides an interface into protected elements like passwords and APSY definitions, the port on which <var class="product">RKWeb</var> runs must be SSL protected.
 
To verify that the Janus Web rules are defined and that the SSL and unsecured ports are started, issue a <code>[[JANUS STATUS|JANUS STATUS *]]</code> command.


Once the rules are implemented and the port is started, RKWeb can be reached with a URL like this:
Once the rules are implemented and the port is started, You can access RKWeb with a URL like this:


<p class="code"><nowiki>https://www.mydomain.com/rkweb/welcome.html
<p class="code"><nowiki>https://www.mydomain.com/rkweb/welcome.html

Revision as of 20:37, 13 July 2017

Overview

RKTools (Rocket Tools for Model 204) is a set of application subsystems (aka APSYs) running inside a Model 204 Online that provide TN3270 and web-based tools for programmers, database administrators, and system managers.

As of RKTools V7.7, all Rocket-provided, SOUL-based tools are consolidated in the M204PROC procedure file. M204PROC includes all components from RKTools 7.5 in addition to Dictionary/204 and the SQL Server utilities. This means that all Model 204 SOUL tools provided by Rocket are in a single file.

Tip: The RKTools 7.7 installation process modifies the application subsystem definitions to point to the M204PROC file. If you might want to switch back to RKTools 7.5, keep a backup of your current SIRIUS file and your current CCASYS file (though you can also change the subsystem definitions manually using SUBSYSMGMT).

Installing RKTools requires downloading the M204PROC file from the Model 204 maintenance website, restoring it to your environment, setting up some subsidiary Model 204 files, and verifying that the Online environment has the appropriate parameter settings. Then you run a single procedure that installs or upgrades the RKTools subsystems.

Once the installation is complete, upgrades to RKTools can almost always be handled by restoring a fresh copy of the M204PROC file.

Download the installation file

All RKTools 7.7 code resides in the M204PROC Model 204 file. You need to download a dump version of this file from the Rocket Software Model 204 maintenance website. The procedure file for RKTools 7.5 is SIRIUS.

To download from the Rocket website:

  1. On the Rocket M204 Customer Care page, go to the "Downloads and Uploads" section and select the "Download SOUL files" link to access the "SOUL files for Rocket Software" page.
  2. Log in, and download the version of RKTools that is compatible with your version of Model 204. The procedure file contained in the "RKTools V7.7" link works for Model 204 versions 7.6 and above. For Model 204 version 7.5, use the download labeled "RKTools V7.5."

    A "Click here" link in the text above the file list on the SOUL files download page brings up Downloading and restoring SOUL files, which provides help about downloading and uploading files, file sizing, and more.

You can bypass any step of the installation that applies only to an RKTools component you are not installing.

System requirements

  • RKTools V7.7 was made specifically backward compatible to Model 204 version 7.6, though version 7.7 is recommended. Version 7.5 of RKTools requires Model 204 version 7.5 or higher.
  • Requirements for server sizes for each product and Model 204 User 0 and UTABLE parameter settings are listed where appropriate in the installation steps in the next section.
  • To verify the products for which your Online is authorized, enter ROCKET at the Model 204 command line.
  • The installing user must have:
    • Update access to the JCL or EXECs that bring up the host Online
    • Model 204 System Manager privileges
    • Access to the SUBSYSMGMT facility and the JCL or EXEC that runs the Online Model 204 region.

Install RKTools

Attention: If you are upgrading from a previous version, keep your old copies of SIRLOCAL, M204LOCL, and most application-specific data files, such as JANCAT, SIRLIBD, and SIRFILED. The SirMon SIRSTATS file is replaced in version 7.7 by MONDATA. The SIRIUS file is no longer used as of RKTools 7.7, but there is no harm in keeping it in case you want to fall back to a previous RKTools version.

The installation process uses your existing RKTools files to determine whether to perform upgrade actions or new-installation actions, so leave these files allocated and available, including SIRLOCAL.

  1. Allocate the RKTools files. The following table shows the RKTools files and their sizes:
  2. RKTools file allocations
    FileSizeAllocation is required...
    M204PROC 9800 pages Always.
    SIRLOCAL 1200 pages Always.
    M204LOCL 3000 pages If using RKWeb.
    MONDATA 4000 pages Only if installing SirMon.

    Note: MONDATA replaces SIRSTATS, which is no longer needed as of RKTools V7.7.

    SIRFILED 1200 pages Only if installing SirFile.
    SIRLIBD 1200 pages Only if installing SirLib.
    SIRLIBP 1200 pages Only if installing SirLib.
    JANCAT 1200 pages Only if installing Janus OMNI.
    JANSSL 1200 pages Only if installing Janus SSL or RKWeb.
  3. RESTORE M204PROC from the DUMP file downloaded from the Rocket website.

    Note: If you are restoring into your existing M204PROC file, note that the M204PROC file has X'0221' privileges, which does not allow RESTORE. You will have to CREATE the file first (to wipe out existing content) before you execute the RESTORE. A sample command sequence is:

    CREATE FILE M204PROC END CREATE OPEN FILE M204PROC IN M204PROC RESTORE 192 FROM dumpfile

  4. Update the Online JCL or EXEC:
    1. Add DD (MVS) cards or FILEDEFs (CMS) for the RKTools files. The "RKTools file allocations" table above lists the files for which DD cards or FILEDEFs might be needed.
    2. Verify that the Online environment allows the use of file groups and application subsystems.
      • To use permanent file groups, the Online must have allocated a CCAGRP file, and the SYSOPT parameter must include the 2 bit.
      • To use APSY subsystems, an Online must have allocated a CCASYS file, and the SYSOPT parameter must include the 1 bit.
      For more information about APSY subsystems and file groups, see File groups and System requirements for Application Subsystems.
    3. Review the RKTools, Dictionary/204, and Model 204 SQL Server tables below for the minimum server-size requirements of individual subsystem components.

      Note: The actual server size requirements might vary slightly from the listings below because of table settings in your Model 204 Online, and because of slight differences between UTABLE requirements in different versions of Model 204.

      Rocket recommends using one server size for the entire Online, making it at least 750,000 bytes to accommodate the largest RKTools component. For more information about server sizing, see Sizing user server areas.

      Note: CCATEMP usage might increase with RKTools. CCATEMP should be monitored (VIEW TEMPSIZE, VIEW TEMPMAX) to ensure that sufficient space is allocated to accommodate the additional activity.

      RKTools server sizes
      Subsystem name Minimum server size
      JANSSL 300K
      RKTOOLS 135K
      SIRADMIN 150K
      SIRDBA 180K
      SIRFILE 230K
      SIRLIB 135K
      SIRMON 220K
      SIRPRO 750K
      SIRSCAN 250K
      Dictionary server sizes
      Subsystem name Minimum server size
      DICTADMIN 455K
      DICTIONARY 455K
      DICTREPORT 455K
      DOCUMENT 455K
      FILEMGMT 455K
      SUBSYSMGMT 455K
      XREF 455K
      SQL Server server sizes
      Subsystem nameMinimum server size
      CCACATREPT 250000
      CCATSF 165000
  5. Verify that the Online has a minimum of 10 Sdaemon threads allocated. Each of these threads is typically defined as an IODEV15 thread. If using RKWeb or any of the web interfaces to other components, you may need more IODEV15s available.
  6. Modify the User 0 stream.

    Adjust these parameters:

    Parameter Adjustment
    COMPOPT RKTools requires the COMPOPT X'03' bit, which enables mixed-case SOUL. RKTools makes extensive use of mixed-case coding, and the tools fail to compile if support is not enabled. If batch SirLib or other batch features are used, ensure that COMPOPT is set to X'03' in those jobs as well.
    CUSTOM RKWeb must include the 18 setting to enable a larger SSLIBSIZE on the Janus Web port, which must be secured.
    MAXBG Minimum setting is 4.
    MAXDAEM Minimum setting is 10.
    MAXINCL Minimum setting is 10.
    NDCBS Increase by the number of RKTools files.
    NDIR Increase by the number of RKTools files.
    NFILES Increase by the number of RKTools files.
    NORQS Minimum setting is 5.
    SESNPUB Minimum setting is 40. The right setting for your site might be higher, based on RKWeb usage (number of users).
    SESUMAX Minimum setting is 10. The right setting for your site might be higher, based on RKWeb usage (number of users).
  7. Verify you have adequate UTABLE settings.

    Initial problems with RKTools subsystems are usually associated with one or two extremely small default UTABLE settings. Running the failing subsystem in TEST DEBUG mode will highlight UTABLE parameters that need to be increased.

    These are the recommended settings:

    UTABLE parameter Value Description
    HTLEN 220 Max length of each header or trailer
    LFTBL 1000 Length of FTBL
    LFSCB 21400 Length of full screen buffer
    LGTBL 2000 Length of global variable table
    LIBUFF 2000 Length of input buffer
    LITBL 104 Length of ITBL
    LNTBL 450 Length of NTBL
    LOBUFF 960 Length of output buffer
    LOUTPB 10000 Length of output page buffer
    LPDLST 10000 Length of user push down list
    LQTBL 2200 Length of QTBL
    LSTBL 60000 Length of STBL
    LTTBL 2000 Length of TTBL
    LVTBL 1300 Length of VTBL
    LXTBL 1000 Length of XTBL
    MAXHDR 7 Max number of headers
    MAXTRL 7 Max number of trailers
    NORQS 10 Number of requests preserved
    SCRNSTBL 12000 STBL size for screen objects; this must be set for SIRMON, SIRPRO, and SIRSCAN.

    A setting of 18000 is recommended for shops that use Mod 6 terminals with very large screen sizes (Rocket regularly tests with 3270 screen sizes of 50x150 characters).

    Note: Either 12000 or 18000 is both a recommended minimum and maximum. Unless you have very large servers at your site (1 megabyte or larger), or you have very large screen objects in your own application code, a very large SCRNSTBL will cause table-size resets to fail.

    SEQPDL 4096 Minimum PDL available for sequencer
  8. Bring up the Online and install all the RKTools components except Dictionary/204 and SQL Server; then install or reinstall Dictionary/204 and SQL utilities as needed:
    1. RKTools 7.5 components

      Issue these commands:

      OPEN FILE CCASYS OPEN FILE M204PROC INCLUDE RKTOOLS_INSTALL

      RKTOOLS_INSTALL creates or updates the dozen or so RKTools application subsystems and sets up their supporting files. It performs all installation functions for new sites and all upgrade functions for reinstalling sites. No existing user profiles or other site-specific customization will be lost, as long as your existing SIRLOCAL file is left in place.

      The procedure produces a screen that lists all of the subsystems and whether they have loaded. It may be necessary to troubleshoot why expected subsystems did not load, then re-execute the procedure. You are encouraged to use the installation program's F1-key Help for detailed explanation of how the program is working with the subsystems.

      During APSY subsystem execution, error messages are not suppressed, which aids in diagnosing any installation problems. For example, you will be able to see if an installation failed because a file was enqueued in a different Online, and so on.

      The procedure RKTOOLS_INSTALL also builds a subsystem called RKINSTALL. If the installation needs to be re-run, you can invoke the subsystem (from command line or later with option 9 in the RKTools main menu) rather than the procedure.

      Once the installation completes successfully, start the component subsystems (START SUBSYSTEM command, invoke by name, or both) before using the RKTools 3270 or RKWeb interface.

      To verify that the subsystems are correctly installed, enter RKTOOLS at the command line, and use the main menu to test the individual RKTools components. You may also want to use SUBSYSMGMT to check that the component subsystem definitions are viewable, and use SirPro to display the newly restored M204PROC file to ensure its availability.

    2. Dictionary/204

      Though the Dictionary/204 components are delivered in M204PROC and accessible from RKWeb, they have their own installation process. Review the Dictionary/204 installation guide to see what steps, if any, related to the Dictionary/204 tools (SUBSYSMGMT, FILEMGMT, and so on) you might need to run in addition to the RKTools installation.
    3. SQL Server

      The Model 204 SQL Server components continue to be delivered in M204PROC but they are also accessible from RKWeb. Using RKWeb for the SQL Server tools (CCACATREPT, CCATSF) requires the availability of additional supporting files and the inclusion of a separate installation procedure, as described in Model 204 SQL Server installation.
  9. Use SUBSYSMGMT to add users to the appropriate SCLASS classes for any private or semi-public RKTools subsystems.

    For authority to do this, you need System Administrator log in privileges, and you need SUBSYSMGMT privileges authorized via the DICTADMIN facility of Dictionary/204. The ID of the user that runs the INSTALL_RKTOOLS procedure is automatically added to the ADMIN or to the highest-level administration SCLASS in each of the RKTools subsystems.

    Each component application of RKTools has its own APSY subsystem definition and privileges associated with SCLASS specifications. If you have a good reason for doing so, you can redefine any of the RKTools subsystems as PUBLIC, SEMI-PUBLIC, or PRIVATE. Contact Rocket Software if you are unsure of the effect of a proposed change.

    RKTools components are installed as auto-start. Use SUBSYSMGMT to disable this feature if you prefer that the subsystems not start automatically at each user request.

    The RKWeb interface, described further below in Additional setup for RKWeb, is controlled by the RKWEB subsystem, and you need to update the subsystem definition with the names of eligible users. Some of the RKWeb options require system administrator login privileges just as those options do when accessed with the RKTools TN3270 interface. To use these options in RKWeb requires system administrator login privileges and ADMIN SCLASS membership in the RKWEB subsystem, as well as a suitable product license.

  10. See the "Additional setup" sections below for the components you use at your site.

Additional setup

Additional setup for SirLib

Read and follow the instructions in the SirLib "getting started" steps.

Additional setup for SirScan

The SirScan administrator can use SIRADMIN to set default I/O and record maximums for users in the various SirScan SCLASSes. See SirScan setup for details.

Additional setup for SirMon

When users are added to SCLASSes, note that there is a special BUMP SCLASS. Any user added to this SCLASS gains the ability to BUMP other users. This class does not provide access to customizing options in SirMon. Only users in the ADMIN SCLASS are able to add custom screen definitions to SirMon.

If the SirMon background monitor is to be used, add the following line to the User 0 input stream:

SIRMON BACKGROUND

The background monitor may also be started automatically in a BATCH2 thread or an sdaemon thread.

You can customize statistic thresholds or use the supplied defaults to establish problem conditions.

The background monitor also lets you send warnings to e-mail addresses and cell phones (via e-mail). This feature requires Janus Sockets and a started Janus Sockets port.

Additional setup for SirFile

If the SirFile background monitor is to be used, add the following line to User 0's input stream:

SIRFILE BACKGROUND

As with SirMon, the background monitor may be started automatically in a BATCH2 thread or in an sdaemon thread. See SirFile refresh process for details.

You can customize the system and file-specific thresholds or use the supplied defaults to establish problem conditions.

Additional setup for RKWeb

New for RKTools version 7.7 (and requiring at least Model 204 version 7.6), RKWeb (Model 204 Tools on the Web) provides web access for all the important elements of Model 204. Use of this product requires Janus Web Server. If your site does not own Janus Web Server, RKWeb can still be used by a limited number of Janus Web threads under the Janus TOGA agreement, which allows the running of as many as five web threads.

Because RKWeb includes an interface for password maintenance and other protected Model 204 entities, it is mandatory to run it on an SSL-protected web port. Experienced users of Janus Web will probably have Janus ports already defined and protected by SSL certificates. Users new to Janus Web might want to review Defining a Janus port and generating a self-signed SSL certificate, below, on defining an unprotected port that can be used to generate an initial self-signed certificate.

Browser support and configuration

RKWeb supports Edge, Chrome, and the latest versions of Firefox and Safari. IE (Internet Explorer) is explicitly not supported as it is deprecated by Microsoft.

On some browsers, it might be necessary to allow pop-ups or to whitelist your RKWeb port so that pop-ups are authorized.

RKWeb makes extensive use of Javascript, which must be enabled for your browser.

Janus Web port definition

Authorized Janus Web Server users will find that RKWeb works best with at least ten Janus Web threads available on the port definition. Non-Janus customers can still use RKWeb via the free Limited Janus Web Server feature, which allows a Janus Web port to be defined with as many as five threads. Under this configuration, RKWeb might operate a little slowly and might require occasional forced-refreshes, but all features are otherwise allowed.

An SSL-protected web port can be defined like this:

JANUS DEFINE portname 8205 WEBSERV 20 IBSIZE 4096 OBSIZE 65534 TRACE 1 - RBSIZE 4096 UPCASE SESCOOKIE RKSESSION SSLSES VARIPADDR - SSL JANSSL JUNE2017.PKEY SSLCACHE 320 SSLMAXCERTL 2048 - SSLIBSIZE 32767 SSLOBSIZE 16000 - WEBUSER WEBUSER WEBACCT WEBUSER MAXTEMP 2000 COMPRESS 1 JANUS START portname privateKeyPassword

Such an SSL port as defined above will not start unless you have already obtained a signed certificate. To do so, you can start with an unsecured port and use the JANSSL application to generate a self-signed SSL certificate.

RKWeb also provides an interface (Manage > SSL Certificates) for running the Janus Network Security application (JANSSL) for obtaining and managing SSL certificates. The RKWeb version of this application mimics the operation of the application that is described in detail in the Janus Network Security wiki pages.

Janus Web rules for RKWeb

Following are the recommended and mandatory Janus rules to run RKWeb:

*... Codepage 0037... json requires square brackets to be Unicode 5B & 5D *... translate EBCDIC BA/BB accordingly UNICODE TABLE STANDARD MAP E=BA IS U=005B UNICODE TABLE STANDARD MAP E=BB IS U=005D *... TYPE rules for serving up binaries JANUS WEB portname TYPE ANY * TEXT/HTML JANUS WEB portname TYPE ANY *.HTML TEXT/HTML JANUS WEB portname TYPE ANY / TEXT/HTML JANUS WEB portname TYPE ANY *.HTM TEXT/HTML JANUS WEB portname TYPE ANY *.GIF IMAGE/GIF JANUS WEB portname TYPE ANY *.PNG IMAGE/GIF JANUS WEB portname TYPE ANY *.CSS TEXT/CSS JANUS WEB portname TYPE ANY *.JS TEXT/JAVASCRIPT JANUS WEB portname TYPE ANY *.JPEG IMAGE/JPEG JANUS WEB portname TYPE ANY *.JPG IMAGE/JPEG JANUS WEB portname TYPE ANY *.ICO IMAGE/X-ICON *... support for the Ace Editor, part of RKWeb JANUS WEB portname ON /ACE/* OPEN M204PROC SEND * TEXT JANUS WEB portname ON /ACE/EDITOR OPEN M204PROC CMD 'RKWEB' JANUS WEB portname ON /ACE/EDITOR.JSON OPEN M204PROC CMD 'RKWEB' JANUS WEB portname ON /ACE/PROCLIST OPEN M204PROC CMD 'RKWEB' JANUS WEB portname ON /ACE/PROCLIST.JSON OPEN M204PROC CMD 'RKWEB' JANUS WEB portname ON /ACE/S.SETTINGS.PNG OPEN M204PROC SEND S.SETTINGS.PNG BINARY EXPIRE +999999 JANUS WEB portname ON /ACE/S.SIRLIB_SEQ.PNG OPEN M204PROC SEND S.SIRLIB_SEQ.PNG BINARY EXPIRE +999999 JANUS WEB portname ON /ACE/*.JS OPEN M204PROC SEND *.JS TEXT JANUS WEB portname ON /ACE/SRC/SNIPPETS/*.JS OPEN M204PROC SEND /ACE/SRC/SNIPPETS/*.JS BINARY EXPIRE +999999 JANUS WEB portname ON /ACE/SRC/*.JS OPEN M204PROC SEND /ACE/SRC/*.JS BINARY EXPIRE +999999 JANUS WEB portname ON /ACE/SRC/MODE-M204.JS OPEN M204PROC SEND MODE-M204.JS TEXT JANUS WEB portname ON /ACE/LIB/*.JS OPEN M204PROC SEND *.JS BINARY EXPIRE +999999 *... RKWeb rules: JANUS WEB portname ON /RKWEB/* CMD RKWEB JANUS WEB portname ON /RKWEB/*.CSS OPEN FILE M204PROC SEND "1.CSS TEXT EXPIRE +7200 JANUS WEB portname ON /RKWEB/*.JS OPEN FILE M204PROC SEND "1.JS TEXT EXPIRE +7200 JANUS WEB portname ON /RKWEB/*.GIF OPEN FILE M204PROC SEND "1.GIF EXPIRE +7200 JANUS WEB portname ON /RKWEB/*.PNG OPEN FILE M204PROC SEND "1.PNG EXPIRE +7200 JANUS WEB portname ON /RKWEB/*.JPG OPEN FILE M204PROC SEND "1.JPG EXPIRE +7200 JANUS WEB portname ON /RKWEB/*.JPEG OPEN FILE M204PROC SEND "1.JPEG EXPIRE +7200 JANUS WEB portname ON /RKWEB/*/*.CSS OPEN FILE M204PROC SEND "2.CSS TEXT EXPIRE +7200 JANUS WEB portname ON /RKWEB/*/*.JS OPEN FILE M204PROC SEND "2.JS TEXT EXPIRE +7200 JANUS WEB portname ON /RKWEB/*/*.GIF OPEN FILE M204PROC SEND "2.GIF EXPIRE +7200 JANUS WEB portname ON /RKWEB/*/*.PNG OPEN FILE M204PROC SEND "2.PNG EXPIRE +7200 JANUS WEB portname ON /RKWEB/*/*.JPG OPEN FILE M204PROC SEND "2.JPG EXPIRE +7200 JANUS WEB portname ON /RKWEB/*/*.JPEG OPEN FILE M204PROC SEND "2.JPEG EXPIRE +7200 JANUS WEB portname ON /RKWEB/*/RKWSEND/*.* OPEN FILE M204PROC SEND "2."3 EXPIRE +7200 JANUS WEB portname ON /RKWSEND/* OPEN FILE M204PROC SEND * EXPIRE +7200 *... Rules supporting the applications implemented as Janus Legacy apps. JANUS WEB portname DISALLOW /SIRLIB* JANUS WEB portname DISALLOW /DICTADMIN* JANUS WEB portname DISALLOW /DICTREPORT* JANUS WEB portname DISALLOW /DICTDOC* JANUS WEB portname DISALLOW /XREF* JANUS WEB portname DISALLOW /FILEMGMT* JANUS WEB portname DISALLOW /CCACATREPT* JANUS WEB portname DISALLOW /CCATSF* JANUS WEB portname ALLOW /SIRLIB* USER * JANUS WEB portname ALLOW /DICTADMIN* USER * JANUS WEB portname ALLOW /DICTREPORT* USER * JANUS WEB portname ALLOW /DICTDOC* USER * JANUS WEB portname ALLOW /XREF* USER * JANUS WEB portname ALLOW /FILEMGMT* USER * JANUS WEB portname ALLOW /CCACATREPT* USER * JANUS WEB portname ALLOW /CCATSF* USER * JANUS WEB portname ON /SIRLIB* CMD 'SIRLIB *' JANUS WEB portname ON /DICTADMIN* CMD 'DICTADMIN *' JANUS WEB portname ON /DICTREPORT* CMD 'DICTREPORT *' JANUS WEB portname ON /DICTDOC* CMD 'DOCUMENT *' JANUS WEB portname ON /XREF* CMD 'XREF *' JANUS WEB portname ON /FILEMGMT* CMD 'FILEMGMT *' JANUS WEB portname ON /CCACATREPT* CMD 'CCACATREPT *' JANUS WEB portname ON /CCATSF* CMD 'CCATSF *' JANUS WEB portname SCREEN /SIRLIB/* - EXITURL '/rkweb/' EXITKEY 'Exit SirLib' AUTOPF ON CSS /styles/cool.css - BGCOLOR 'white' TEXT 'black' - BLUE '#000066' GREEN '#006600' PINK '#ff80ff' RED '#ff0000' TURQUOISE '#0033ff' WHITE '#0000ff' YELLOW '#ffff00' JANUS WEB portname SCREEN /DICTADMIN* - EXITURL '/rkweb/' EXITKEY 'Exit DictAdmin' AUTOPF ON CSS /styles/cool.css - BGCOLOR 'white' TEXT 'black' - BLUE '#000066' GREEN '#006600' PINK '#ff80ff' RED '#ff0000' TURQUOISE '#0033ff' WHITE '#0000ff' YELLOW '#ffff00' JANUS WEB portname SCREEN /DICTREPORT* - EXITURL '/rkweb/' EXITKEY 'Exit DictReport' AUTOPF ON CSS /styles/cool.css - BGCOLOR 'white' TEXT 'black' - BLUE '#000066' GREEN '#006600' PINK '#ff80ff' RED '#ff0000' TURQUOISE '#0033ff' WHITE '#0000ff' YELLOW '#ffff00' JANUS WEB portname SCREEN /DICTDOC* - EXITURL '/rkweb/' EXITKEY 'Exit Document' AUTOPF ON CSS /styles/cool.css - BGCOLOR 'white' TEXT 'black' - BLUE '#000066' GREEN '#006600' PINK '#ff80ff' RED '#ff0000' TURQUOISE '#0033ff' WHITE '#0000ff' YELLOW '#ffff00' JANUS WEB portname SCREEN /XREF* - EXITURL '/rkweb/' EXITKEY 'Exit Xref' AUTOPF ON CSS /styles/cool.css - BGCOLOR 'white' TEXT 'black' - BLUE '#000066' GREEN '#006600' PINK '#ff80ff' RED '#ff0000' TURQUOISE '#0033ff' WHITE '#0000ff' YELLOW '#ffff00' JANUS WEB portname SCREEN /FILEMGMT* - EXITURL '/rkweb/' EXITKEY 'Exit FileMgmt' AUTOPF ON CSS /styles/cool.css - BGCOLOR 'white' TEXT 'black' - BLUE '#000066' GREEN '#006600' PINK '#ff80ff' RED '#ff0000' TURQUOISE '#0033ff' WHITE '#0000ff' YELLOW '#ffff00' JANUS WEB portname SCREEN /CCACATREPT* - EXITURL '/rkweb/' EXITKEY 'Exit CCACatRept' AUTOPF ON CSS /styles/cool.css - BGCOLOR 'white' TEXT 'black' - BLUE '#000066' GREEN '#006600' PINK '#ff80ff' RED '#ff0000' TURQUOISE '#0033ff' WHITE '#0000ff' YELLOW '#ffff00' JANUS WEB portname SCREEN /CCATSF* - EXITURL '/rkweb/' EXITKEY 'Exit CCATSF' AUTOPF ON CSS /styles/cool.css - BGCOLOR 'white' TEXT 'black' - BLUE '#000066' GREEN '#006600' PINK '#ff80ff' RED '#ff0000' TURQUOISE '#0033ff' WHITE '#0000ff' YELLOW '#ffff00' START SUBSYSTEM DICTADMIN START SUBSYSTEM DICTREPORT START SUBSYSTEM DOCUMENT START SUBSYSTEM XREF START SUBSYSTEM FILEMGMT START SUBSYSTEM CCACATREPT START SUBSYSTEM CCATSF

Again, as described earlier in Janus Web port definition, because the above rules force users to log in with their enterprise credentials, and because RKWeb provides an interface into protected elements like passwords and APSY definitions, the port on which RKWeb runs must be SSL protected.

To verify that the Janus Web rules are defined and that the SSL and unsecured ports are started, issue a JANUS STATUS * command.

Once the rules are implemented and the port is started, You can access RKWeb with a URL like this:

https://www.mydomain.com/rkweb/welcome.html

In addition to web rules, if low-privileged users are to be given access to RKWeb, certain system level methods need to be made available to those users. The following commands are required to implement this:

SIRMETH ALLOW SYSTEMSET SUBSYSTEM RKW* NONPRE SIRMETH ALLOW SUBSYSTEMSET SUBSYSTEM RKW* NONPRE SIRMETH ALLOW SYSTEMSET SUBSYSTEM SIR* NONPRE

As implied by the recommended and mandatory JANUS WEB rules above, some RKWeb applications are implemented with Janus Legacy, which launches them into a separate browser tab. These Janus Legacy applications are not fully integrated with RKWeb, so you must use the security configured for those applications. For instance, FILEMGMT is implemented as Janus Legacy, and it might prompt the user for a separate password.

Additional setup for JANSSL

Defining a Janus port and generating a self-signed SSL certificate

You can run RKWeb on any SSL-protected Janus port, and experienced users are likely to add the recommended Janus rules to a port or ports they already have configured.

New users might need to define an initial unprotected Janus port that can then be used to generate a self-signed certificate. That certificate is then used to protect the port on which RKWeb is to run. Directions follow:

  1. Enter these rules to create a very basic Janus Web port:

    JANUS DEFINE MYWEBPORT 80 WEBSERV 10 IBSIZE 4096 OBSIZE 8192 TRACE 1 RBSIZE 4096 - UPCASE WEBUSER WEBUSER WEBACCT WEBUSER MAXTEMP 1000 JANUS WEB MYWEBPORT ON / OPEN FILE M204PROC CMD 'INCLUDE JANWEB.HOMEPAGE.HTML' JANUS WEB MYWEBPORT ON /JANSSL/* OPEN FILE M204PROC CMD 'INCLUDE JANSSL.*' JANUS WEB MYWEBPORT ON /JANWEB/* OPEN FILE M204PROC CMD 'INCLUDE JANWEB.*' * ALLOW rules that will force a logon for the JANSSL application. * These will result in a warning, which is expected, but can be ignored. JANUS WEB MYWEBPORT DISALLOW * JANUS WEB MYWEBPORT ALLOW * USER * JANUS START MYWEBPORT

  2. Use either of the following ways to connect to the JANSSL certificate management program:
    • With the following URL, invoke the Janus default home page:

      http://www.mydomain.com:xxxx

      where xxxx is the port number. In the preceding port definition, 80 is the default port for web connections. Your network administrator might require a different port number.

      On the Janus default home page, click the link to the JANSSL certificate management program.

    • Using your own domain name and port number, connect directly to the JANSSL certificate management program:

      http://www.mydomain.com:9999/janweb/sslmain.html

  3. Use the certificate management program to generate a self-signed certificate.

    The program contains ample online Help. Follow the instructions for generating a self-signed certificate.

  4. Use the self-signed certificate to protect the port from which RKWeb will run.