Orchestration Query Language (OQL)
Orchestration Query Language: querying has never been so easy.
The Orchestration Query Language (OQL) is a new syntax that applies to REST API V2 and helps you monitoring your Workload Automation production plan environment. For more information about REST API V2, see Introducing REST API V2 topic in the Documentation.
Creating queries and retrieving items in your database is now quicker and easier than before thanks to the different intuitive OQL keywords at your service.
For more information, see Querying with the OQL syntax topic in the Documentation.
Use JSON Web Tokens to enhance your agent authentication standard.
A JSON Web Token (JWT) is a standardized, self-contained access token which makes it possible for two parties to securely exchange data. Authentication information, expiry time information, and other user-defined claims are digitally signed, so that no database queries are required and the session does not need to be stored on a server.
JWT is especially suited for authentication purposes. Its short messages can be encrypted and securely convey who the sender is and whether they have the necessary access rights. It is also very useful in REST applications, because it ensures stateless protocols, since the information for the authentication is sent with the request.
JWT ensures mutual authentication between master domain manager and dynamic agents. Using JWT is easier and more immediate than downloading and maintaining certificates and, in a containerized environment, you no longer need to configure the ingress controller for SSL passthrough. For more information about JWT on containers, see the Ingress controller section in Workload Automation Server topic in the Documentation.
For more information about configuring security and authentication, see Connection security overview topic in the Documentation.
To download the JWT on your dynamic agents at installation time, use the jwt parameter as explained in Agent installation parameters - twsinst script. You can also download the JWT at a later time as explained in Certificates download to dynamic agents - AgentCertificateDownloader script.
You can find some installation examples in Example installation commands
You can also revoke a JWT simply by deleting the workstation definition where the JWT is installed. For more information about deleting a scheduling object from the command line and Dynamic Workload Console, see Revoking and reissuing a JSON Web Token topic in the Documentation.
Ensure there are no misalignments in date and time in your network nor significant network delays because this might prevent JWT from working.
Enhancing authentication using API Keys
Use API Keys to authenticate a command line or application easily and quickly.
You can create both Personal and Service API Keys in the Dynamic Workload Console and easily assign them to either specific users or groups. A comprehensive API Keys monitoring tool gives you full control over every valid, expiring and expired API Key that have been associated with an engine. For more information, see Authenticating the command line client using API Keys topic in the Documentation.
You can use API Keys to authenticate the command line. You can use an API Key to get authenticated when you launch composer, conman, wappman, and ocli commands, instead of having to provide username and password as in previous versions.
To use the API Key with these commands, you need to have a specific set of authorizations defined in the security file, so that you can generate and retrieve the key from the Dynamic Workload Console. To find out the required authorizations, see Object type - file topic in the Documentation.
To generate the key from the Dynamic Workload Console, perform the steps listed in Authenticating the command line client using API Keys.
After generating the token, you can either specify it in the command line with the -jwt parameter, or add it in the useropts file.
For more information about adding JWT in the useropts file, see Setting user options topic in the Documentation.
For more information about using JWT with commands, see Running the composer program, Running the conman program, wappman command.
You can also use the API Key to authenticate the master domain manager when installing the agents. This authentication allows the product to download the JWT or the certificates to be used for secure communication between master domain manager and dynamic agents. If you provide the API Key (with the apikey parameter), you no longer need to specify username and password (wauser and wapassword parameters) as in previous versions.
For more information about using the API Key for authentication purposes, see Agent installation parameters - twsinst script, Certificates download to dynamic agents - AgentCertificateDownloader script and Example installation commands topics in the Documentation.
Ensure there are no misalignments in date and time in your network nor significant network delays because this might impact JWT performance.
Self-Service Catalog: a business-oriented interface to submit on-demand business flow.
A new and improved version of the Self-Service Catalog is available. You can now launch your services quickly and easily and check on them at anytime by accessing the Self-Service Catalog from any device.
To use the Self-Service Catalog you do not need to be a Workload Automation expert, but you can leverage on services based on automation capabilities in no time, provided you are connected to the Dynamic Workload Console in Single Sign-On (SSO). For more information, see Configuring the Dynamic Workload Console for Single Sign-On topic in the Documentation.
The Workload Automation scheduler or application can now define services directly from the Workload Designer marking the job streams as services and specifying service parameters. As part of the job stream definition, the service definitions now can be easily transferred to a different environment
When creating and editing SSC-ready job streams, it is recommended you use the Dynamic Workload Console.
For more information about defining SSC-ready job streams, see the online help for job stream definitions in the Dynamic Workload Console and Job stream definition for editing the job stream from the command line in the Documentation.
Starting from this release, a new component is available in Workload Automation - AI Data Advisor (AIDA) - based on Artificial Intelligence and Machine Learning, for early anomaly detection and analysis.
AIDA enables fast and simplified data-driven decision making, for an intelligent workload management. By analyzing historical data and metrics gathered by Workload Automation and predicting their future patterns, AIDA identifies anomalies in the trend of Key Performance Indicators (such as the number of completed jobs in the current plan, the job duration, the job end-time) and sends alerts immediately to anticipate and prevent problems and delays. Alerts show up on the Workload Dashboard and can be notified via email.
For more information, see AI Data Advisor (AIDA) User's Guide.
Furthermore, you can always take your environments under control by adding the AIDA widget to your custom dashboard. For further information, see Creating a customized dashboard for monitoring in the Dynamic Workload Console User's Guide.
For instructions about how to install AIDA, see Deploying AI Data Advisor in the AI Data Advisor (AIDA) User's Guide .
An innovative infrastructure and design have been thought to simplify the user experience and create a more responsive, fast and fluid user interface.
You do not need to switch among the Dynamic Workload Console pages to complete your business workflow anymore. The new Workload Designer contains everything you need. Automate business-critical processes from a single point of access and control.
Automate fast, automate better.
You can now install your on-premises Workload Automation environment also on Google Cloud SQL for SQL server, a fully-managed database service that helps you set up, maintain, manage, and administer your relational databases on Google Cloud Platform.
You only need to install your database, then proceed with the command-line installation for master domain manager and Dynamic Workload Console, as always, specifying MSSQL as the database type.
For the complete command-line installation procedure, see the section about Typical installation in Planning and installation.
For more information, see Creating the database for Azure SQL or Google Cloud SQL for SQL server for the master domain manager and Creating and populating the database for Azure SQL or Google Cloud SQL for SQL server for the Dynamic Workload Console in Planning and installation.
Managed file transfer
The File Transfer integration, already available on Automation Hub, now provides full capabilities for managing and processing all your file transfers using Workload Automation with no need for third-party products. The main enhancements are as follows:
Support for File Proxy
A new component, named File Proxy, is now available by default on each master domain manager. You can use the File Proxy to store and manage securely files to be transferred with the File Transfer integration available on Automation Hub. All transfer operations are performed by Workload Automation, with no need of third-party products.
You can also optionally install your File Proxy as a stand-alone component on a workstation different from the master domain manager, for example to reduce network traffic and resource usage on the master domain manager. You can configure your stand-alone File Proxy in high availability by defining the URLs of alternate file proxies or a load balancer in the Broker.fileproxy.urls property in the BrokerWorkstation.properties file. For more information, see BrokerWorkstation.properties file in the Administration Guide.
Ensure the selected workstation runs a supported version of a Windows or Linux operating system and proceed with the installation and start of the service, as described in File proxy installation - fileproxyinst script and File proxy start - fileproxystart script in Planning and installation.
Support for file transfers via the Workstation-to-Workstation internal protocol
You can now easily transfer files to and from agents connected to the same master domain manager. You no longer have to specify the address of the workstations involved in the file transfer, but you can simply define the workstations from the File Transfer integration. Ensure both the master domain manager and agents are at version 10.1. For more information about the integration, see File Transfer integration.
Search on remote file systems
You can now perform a search operation on the file system of a remote workstation. On Linux systems, if you do not specify a path, the search is performed on the working directory. On Windows systems, the path is required.
Integrations with Managed File Transfer (MFT) tools as well as Robotic Process Automation (RPA) tools
More integrations with other MFT tools as well as RPA tools to support orchestration of all data transfer using Workload Automation.
You can now monitor the availability of your infrastructure and services, monitor performance, and analyze bottlenecks. Workload Automation features an improved mechanism for monitoring and auditing events. The monitoring engine generates a .json file containing all Workload Automation events, a file which is consumable by all applications using .json and meeting the OpenMetrics standard, for example AI Data Advisor (AIDA), Splunk and Fluentd.
By further analyzing these values through a data analytics tool, such as AI Data Advisor (AIDA), you detect anomalies and anticipate failure or degradations. For more information about AIDA and how to use it, see AI Data Advisor (AIDA) User's Guide.
You can also install Instana and monitor the whole infrastructure, both on-premises and cloud, on which you have installed Workload Automation.
On the cloud side, within the server and agent containers you have a number of sidecar containers which monitor .json log files.
On the on-premises side, you can feed your monitoring tool the .json log files and monitor your environment by creating custom dashboards in the monitoring tool.
This enhancement grants an immediate deep dive into all events generated in the Workload Automation environment.
For more information about the metrics IBM® Workload Scheduler exposes, see the section about monitoring Workload Scheduler in User's Guide and Reference.
Support for SAP S/4HANA
The support statement for SAP S/4HANA, on-premise edition, has been extended to 2020 and future fix packs, based on SAP_BASIS 7.55 component.