Central Governance 1.1.0 release notes

New features and enhancements

Govern SecureTransport 5.3.1

Central Governance can manage Axway SecureTransport 5.3.1 in addition to Axway Transfer CFT 3.1.2 and 3.1.3.

Manage application-to-business flows

Central Governance can manage flows involving business partners in addition to application-to-application flows. Flows involving business partners can use these protocols: PeSIT, SFTP, HTTP, FTP.

Fine-grained access control

The role-based access control within the Central Governance Access and Security service enables defining access restrictions on object instances for products, applications and flows.

Make copies of flows

You can make copies of flows. The copies are the same as the originals, except the default names and descriptions identify the flows as copies. Using a copy as the starting point, you can keep or change the original configuration. Best practice is to add copies when you want multiple flows that differ only in details.

Enhance visibility

Central Governance out-of-the-box visibility encompasses application-to-business flows. In addition, actions on transfers can be performed from the Web Dashboard interface.

Enhance Transfer CFT governance

Central Governance can automatically apply a Policy upon Transfer CFT's registration; manage Transfer CFT's CRONJOBs, which enable Transfer CFT to execute scheduled jobs; manage file-based broadcast lists; and manage activation period per flow.

Support TLS 1.2

Central Governance supports TLS 1.2.

Secure database connection

Central Governance can use a secured JDBC connection to connect to an external Oracle, MySQL or SQL Server database.

Identity stores support STARTTLS

You can configure secure LDAP connections with STARTTLS for identity stores. STARTTLS is an extension to plain text communication protocols, which offers a way to upgrade a plain text connection to an encrypted TLS or SSL connection instead of using a separate port for encrypted communication.

Audit for dashboards

Actions performed in the dashboards user interface are stored in the Central Governance audit trail.

Known issues

The following are known issues in this version.

Transfer CFT

Cannot use file for distribution or collect list on IBM i and z/OS

The file option for distribution and collect lists can be used for Transfer CFTs on Windows and Linux, but not IBM i and z/OS.

Change name of Transfer CFT broadcast or collect list in flow copy

When you copy a flow containing a Transfer CFT broadcast or collect list, you must change the list name to a unique value before saving the flow copy. Otherwise, a server error is generated.

Restart command does not work from flows report

The restart command does not work from the flows report for flows with Transfer CFT as a relay. As a work-around, use the restart command from Monitoring, or update the current transfers data dictionary, select all the table fields and save it.

Removing a flow with SSL doesn't remove certificate reference in CFTSSL for Transfer CFT

When you remove a flow with Transfer CFT that uses SSL mutual authentication, the certificate linked on the security profile (CFTSSL) remains even if there is no flow using the certificate. You must update the CFTSSL object manually.

SecureTransport

Flows with SecureTransport as client and SSL with password authentication do not work

Flows with SecureTransport as client (SecureTransport pushes to receivers or pulls from senders) that use SSL and password authentication do not work for protocols FTP, HTTP and PeSIT.

  • Flows with SecureTransport as client and SSL client optional and no certificate authentication is used (meaning password authentication is used)
  • Flows with SecureTransport as client and SSL server only

Flow limitations when using SecureTransport

The following are limitations and work-arounds when using SecureTransport in flows.

Receiver pulls files from SecureTransport over PeSIT

If files are available to pull but the flow manager changes the Partner’s PeSIT login in the flow and re-deploys it, the partner no longer can download the available files. This is because the files are in /<PeSIT identifier>/OLD_PESIT_LOGIN and stay there forever unless removed manually. The same situation can occur if the PeSIT identifier is changed in the flow.

SecureTransport receives files over PeSIT and receiver pulls files from SecureTransport over PeSIT

If the same PeSIT identifier and SecureTransport PeSIT login is configured in the flow both before and after the SecureTransport relay the result is only one transfer profile representing the PeSIT flow (name= <PeSIT identifier>). This is because receive properties for file encoding and record format configured in the first part of the flow are overwritten at deployment by properties setting the receiver as pulling files from SecureTransport.

Change direction from pull to push and schedule date has past

Deployment fails when SecureTransport is the receiver in a flow, the direction is changed from pull files to push files and the scheduler set in SecureTransport is a date in the past. The work-around is:

  1. While the direction is receiver pulls files, set the scheduler to No and save the changes.
  2. Edit the flow and change the direction to push files.
  3. Deploy the flow.

Issues when importing flows with SecureTransport

  • No PGP keys are imported with the flow.
  • When importing a flow with the overwrite option, and the existing flow has PGP encryption but the overwriting flow does not, there is an error retrieving PGP keys when the flow is opened in the user interface.
  • Flows with a SecureTransport processing step for decompression and decompression password are imported without the decompression password.

Replace an unmanaged product with a managed SecureTransport in SSL flows

Rather than have a flow with an unmanaged product sending files to Transfer CFT via SSL, replace the unmanaged product with a registered SecureTransport. When changing the flow, you must provide a private certificate for SecureTransport to authenticate to Transfer CFT. You cannot use the same certificate used for the unmanaged product being replaced. You must upload a certificate chain containing a new SSL certificate in the client communication profile.

Dashboards

New dashboards unavailable when application database is SQL Server

New dashboards in this release of Central Governance are not available when the external application database is SQL Server.

Dashboards missing when application database is MySQL

Some dashboards are missing in environments where MySQL is the application database. As a work-around you can download these dashboards from the Axway knowledge base on Sphere and import them manually from the dashboards user interface.

The KB article is titled, "Some OOTB dashboards are missing when installing Central Governance 1.1.0." The URL for it is https://support.axway.com/en/articles/article-details/id/177584/do/search. Accessing Sphere requires a user name and password.

Missing images in dashboards

The images defined in the theme object for dashboards are not displayed in reports and dashboards until

Central Governance is restarted. After installing, configuring and starting Central Governance the first time, restart it.

Monitoring lifecycle in dashboards

The state order for displaying the transfer lifecycle is incorrect in the view all flows report in dashboards.

General issues

Logins do not update when importing partner in overwrite mode

When a partner is already used in a flow and you try to import the partner in overwrite mode, logins fail to update.

Updating Transfer CFT, SecureTransport or partner might affect flows

When you update the configuration of an instance of Transfer CFT or SecureTransport or a partner that is used in a flow, Central Governance does not warn that the flow might be affected by the configuration change. Check the flow status when you update a configuration for Transfer CFT, SecureTransport or a partner.

Adding a product to empty application causes incorrect flow status

If there is a flow that uses an application group with at least one application in the group that does not have a product and to this empty application you add a product, the flow status becomes saved not deployed but should be saved. To get the correct status, edit and save the flow after it has been updated.

User-defined alerts not triggered

If you copy a predefined alert to create a user-defined alert, subscribe to it and activate it, you won't receive any notifications. As a work-around, activate the corresponding predefined alert, too.

Conflict when logging on to two versions of Central Governance in same browser

If you log on to Central Governance 1.0.3 and then in the same browser log on to Central Governance 1.1.0, you are redirected continuously to the log-on page. To resolve, first log out of 1.0.3 before logging on to 1.1.0.

Force stop action is grayed-out but works

If you try to force stop Transfer CFT on the Product List page, the action appears to be grayed-out, indicating the action is unavailable. However, you can select the action and it does work.

Identity and access management limitations

  • The user interface only supports ASCII characters. You cannot use non-ASCII characters.
  • You cannot rename an organization.
  • When you rename a role that has been assigned to users, the privileges associated with the role are suspended until a user accesses the User List page.
  • There can be up to a one minute delay before changing user roles becomes effective.
  • When using an identity store of type Active Directory, group hierarchy is not supported. This means when mapping an internal role to an external super-group, the user linked indirectly to the super-group does not inherit the rights. As a work-around, map the internal role to the sub-group directly linked to the user.
  • After accessing the separate user interfaces for Central Governance services — Access and Security, Visibility and Dashboards — there is no way to log out of those UIs like you can log out of the Central Governance UI. You can exit the other UIs individually by closing their browser tabs or closing the browser to end all UI sessions. Logging out of Central Governance also makes the other UIs inactive.

Incorrect dates when filtering reports with Internet Explorer

When using Internet Explorer and attempting to filter a web dashboard report, the default start and end date values display as [object]. Replace the default values with actual dates and the filter works normally.

Filter issue on Chrome

When using Google Chrome, clicking the pencil icon of a saved filter does not open the filter for editing. To enable editing, click the filter name.

Redundant audit entries

Redundant audit entries are generated when a client communication profile is added in a flow.

Related documentation

Central Governance has documentation covering all aspects of the product. This includes:

  • Central Governance Installation Guide
  • Central Governance online help
  • Central Governance User's Guide
  • Capacity Planning Guide, which focuses on managing Transfer CFTs with Central Governance

Documentation is available on the Help Center tab in the Central Governance user interface. Documentation also is available on the Axway documentation portal.

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.
Email support@axway.com or visit support.axway.com.

 

Related Links