Support for OAuth2 OpenID Connect, Improved Support for Clustered Servers and Additional Fixes and Enhancements
Inventu Viewer+ Base Product and Components
(Version: 6.0.81 September 20, 2022)
FVTerm Web Terminal Emulation
- Oauth2 OpenID Connect has been added as an identity management option. Tested with Auth0, Okta, Salesforce and Microsoft Azure AD.
- The FVHealth.aspx module, used by load balancers to check on the health of a server has been updated to incorporate the new “Server Report Over Percentage” Advanced setting in the Profiles Configuration page. When the Server Report Over Percentage is set to a different value than 0, there will be a calculation based on other server availability—if the server reporting has fewer available sessions by the percentage set, it will report “OVER” instead of “ACTIVE” as part of the status message. An example message returned is “OVER – 123 Sessions Available; Other Server(s)=137, Over=11%”. This will also return the Server Unavailable Response Code if it is something other than 200.
- SAML 2.0 active user information data is now saved to disk and restored if the FVTerm v4.0 Application Pool is recycled (also with OpenID Connect).
- The Web Socket Handler was improved so that the task monitoring terminal session changes is persistent and in a tight loop, communicating events to the websocket task via a queue–this was previously returning an event and then re-started following each host event or timeout.
- Web Socket handler cleanup following a websocket error or session closing is faster and more efficient in resource utilization.
- Function key recognition improved
- For 5250 and 3270 field formatted screens, clipboard paste of multi-row column data from a spreadsheet was not aligning with fields arranged as columns on a target screen. Rather than starting on the next row when the last field on a spreadsheet row was pasted, the paste would just continue on the next field, same row instead of starting on the next row.
- Some 5250 screens with certain attributes were rendered incorrectly due to a change intended to reduce data transmission sizes.
- Some host screen updates were locking the keyboard with a large buffer update followed by a small buffer with the keyboard unlock. Sync with the client was improved so that if an update is received and the keyboard is still locked, ½ second wait for next update to reduce buffers sent to the client. Generally the wait is for a millisecond as the next buffer is right there.
- Default IO threads increased over prior default to improve performance with large number of active sessions
- The web API call that can be used for distributed load balancing (no load balancer needed), fvterm/Cluster/balanceinfo.aspx improved to better handle error conditions and service-down issues.
FlyServer Emulation Service
- Clustered server status tickets were upgraded to include complete status of the server sending the ticket.
- Clustered servers will now accept a new user or session start even when at full allocation for the concurrent user or session license. This will occur as long as other servers in the cluster have available sessions. In prior versions, this would only occur if one or more of the other server(s) in the cluster were on hold or offline. From this version on, a server will not reject a new connect unless all servers in a cluster are at full capacity.
- Clustered servers will now keep track of session availability to support the ability for a server in the cluster to report the new “OVER” status for a load balancer. This is further explained in the Profiles Mode Configuration and FVTerm Web Terminal Emulator sections.
- A character used for Telnet escape sequences was appearing in random SSH ASCII protocol buffers. This was being interpreted as a Telnet escape sequence (character is 0xFF) but then would not have a valid “next” character in the supposed sequence. Between 2022F2 and 2022G1 this was logged and the active buffer abandoned. In this release the 0xFF is converted to a blank and ignored (buffer is completed).
- TN3270 Internal buffer sizes could have 0xFF characters causing problems in rare circumstances. Fixed in this build.
- Unknown TN3270 WSF commands were being logged, but not including a comprehensive full buffer log (in the recordings folder as an “Event*.log” file). As part of a concerted effort to identify all unsupported protocol issues unknown WSF commands will now be fully logged.
- TN3270 IND$File binary downloads were hanging when a 0xFF character appeared as the last character in a buffer.
- TN3270 Modify Field commands with invalid offsets were being logged to the event log but without needed information to understand the possible issue—added comprehensive full buffer log.
- Added a new registry setting – “SessionTracking” which defaults to “no” –Session tracking creates a log in the data folder for each ID, like “Session_1.log” and so on.
- The text string “*TIMEOUT*” was causing logging in the data folder each time a session timed out. This was unintentional and causes the presence of trace files with nothing but timeout entries. This has been changed to –TIMEOUT– to avoid this unnecessary tracing.
- TN5250 DBCS (Double Byte Character Set) had some combinations of field types that were not being properly translated at the server
- Tweaks for TN3270 IND$File file transfers to improve reliability on very large transfers and data escapes.
- SSH ASCII terminal types can include the 0xFF character in datastreams that was causing problems since this is a Telnet command escape character. If SSH, the 0xFF character will not cause an error if not part of a Telnet escape and will be replaced with a blank (0x20).
- Fixed trace issue that would create an event log entry for sharing problem with flyserv_n.log file
- Internal synchronization tweaked to avoid rare locking issues.
Profiles Mode Configuration
- Added new Security Option- Oauth2 OpenID Connect as well as the necessary configuration settings.
- Added a new entry on the Web Server tab in the Advanced section for clustered servers: Server Report Over Percentage. This setting can produce better allocation of sessions between servers when it is found that a load balancer is allocating too many sessions or users to a particular server. Due to round-robin being simplistic, this can happen most often when the active license is user-based.
- Online Help for Security was organized so that each Identity option has its own section now in the Table of Contents (OpenID Connect also added)
- First introduced in June, continuous improvements have been made to the Diagnostics Dashboard
This provides extensive analysis of the Event Log to identify issues and corrective actions. It includes:
- Parsing and analysis of active Event Log entries along with a consolidated viewer of Informational, warning and error events.
- Suggested Actions along with linked help for identified issues
- Tests of the active Emulation Service and the IIS FVTerm Application
- Easy export of all diagnostic logs and events to a zip file for appending to an Inventu Support Ticket
- Easy Export of configuration elements for replication on another server or to provide to Inventu appended to a support ticket
Viewer Administration Console
- Added new Settings for Service—
- “Create MiniDumps on Exception” – Default is Yes / Checked, will create a Minidump on exception saved in the active data/logging folder. The “Catch Program Exceptions” must be checked for this option to work
- “Track Session LifeCycles” – Default is No / Unchecked. When checked, will create key session start/stop events as Session_n.log in the active data/logging folder
- Added a new property to the HostConnection object – mostOtherAvailableLicenses which can be used in conjunction with the availableLicenses property to calculate a server’s percentage of under or over allocation.
- Screen-to-HTTP streaming function fixed to accommodate when a DBCS field contains single blanks, which are represented using a single “start DBCS data” character instead of a blank.
- The installer will now set the shortcuts for the FVTerm web application to match the default web folder—this includes both requiring FVTerm in the URL as well as not (when FVTerm is set as the default for the website).
- The installer will now set the FVTerm v4.0 IIS Application pool recycling settings to avoid issues caused by IIS defaults:
- Disable Overlapped Recycle set TRUE to ensure any active data saves from the live FVTerm process are saved prior to the new process restoring the data, which includes active SAML 2.0 and Oauth2 OpenID Connect user profiles.
- Recycling Regular Time Interval (minutes) changed to 0 (no regular recycle)
- Shutdown time limit set to 5 minutes (default 90 seconds)
- Idle Time-out (minutes) set to 0 (no timeout) from default 20 minutes.