Green Screens Release 2022.Q1
Happy new year to all! The new year just started, and we are already preparing a new release with a lot of new features and improvements from the last update, making Green Screens Server even more robust. Check below for all new changes that are coming within next 10 days...
Web Terminal UI improvements
- Clipboard handling improved - using copy-paste from browser is trickier than from native apps as there are some security limitations and requirements. We added better clipboard handling and user notifications.
- Chrome OS Fn keys improvements - Chromebooks does not have a full F1..F12 keys on their keyboards. We added alternative mapping for easier usage on such keyboards.
- Better browser extension integration. Now, some features automatically applies to a browser extension from UI shortcuts.
Server improvements
- Update agent improved by adding sha1 hash URL along existing sha1 hash value used for download verification.
- Update agent support for Java 17 features added, including TLS 1.3 support.
- Cluster auto-sync feature added for sensitive data storage - OTP, WebAuth (biometric) and API keys through symbolic links.
- Performance improvements by switching some parts of the synchronized code to the non-blocking operational mode.
- Escape sequences inside the screen data support added to telnet data stream.
- Improved SSO Kerberos logging for easier configuration issues detection.
- Screen and printer sessions now supports Job Identifiers for fast API access.
- Printing facility improvements.
- Deployment optimization.
New Simple Cluster Sync
If multiple Green Screens Servers instances are used in a cluster, new sync engine will auto-activate if storage folder is a symbolic link. Any change in one instance will be loaded in other instances automatically. For this to work, a shared folder must be mapped to a Green Screens Storage and used by all instances.
Storage format changes
To support simple cluster sync, we changed the way how sensitive data as WebAuthn, OTP and API Key credentials are stored. A new approach is more robust to failures. Every record is now encrypted and saved individually to a disk instead of using a single encrypted file.
We added special change tracking, keeping previous files for easier rollback of credentials. The system will monitor for changes and autoload individual records as needed.
SSO Kerberos improvements
We added a set of flags and parameters allowing to filter which group of users must use SSO to access the terminal session. Flags are disabled by default to enforce full security. Enabling flags, a sysadmin can allow workstations not on the domain to access the web terminal sign-on screen without blocking access completely.
A new parameter was added to define a network range of computers which will be asked for SSO tokens for automatic terminal entry.
Access to Green Screen Server through DNS name not defined in Kerberos SPN will allow non-SSO access when SSO bypass is enabled.
Printing improvements
When spool is released through our web writer, the system will read spool attributes required to properly render PDF to as close as possible to the original printouts. In some cases, used API does not work on some IBM servers due to the missing APARS or other technical issues. To overcome this, we added 3 more detection mechanisms, which can be turned ON/OFF through service settings.
A plain spool printing without using any additional APIs is added as an alternative solution when any other case is not working. Defaulted is to A4 page size, covering the most of the spool printing requirements.
Print client improvements
Implemented Green Screens spool writer is a spool2web writer allowing not only to use printer sessions through a web browser, but also through a programmable API using standard Web Sockets. Print client is one of such programs made for some clients which wants a single printing client for an office or remote branch without a need to run print instances inside web browser (web terminal session).
- We switched printer client to Java 11,
- Replaced external HTTP library to native HTTP/WebSocket client (Java 11+)
- Proxy network connection support is added
- Advanced network logging is added for better networking issue detection
Web Printing Security improvements
Standard remote printer sessions on IBM i do not have, neither require authorization, so starting a printer session is a security risk. Usually, IBM i sysadmins disables remote writers, especially if IBM i servers are exposed out of local network.
We added a special security feature available only in Green Screen Server, which prevents starting a printer session on an active web terminal session if the user is on sign-on screen.
The new feature can be enabled through WebAdmin console on the IBM server configuration page, Security tab.
Deployment optimizations
We changed our internal build facility to allow us to do a new type of builds without limiting types of servers used. Java servlet or Java Enterprise deployments. Also, changes are made in how we distribute dependency libraries, reducing updates from 130 MB in average to only 47 MB.
Improved integration library
We significantly improved integration library which allows integrating web 5250 terminal into other web apps/ projects. API is much easier to use, allowing the programmer to start / stop a terminal, send macros. And more...
UI changes
Significant UI changes for login, OTP, Biometric forms are made by moving to the latest Bootstrap 5, and WebComponents. As we announced earlier, we are slowly removing support for old browsers and migrating to the latest web technologies, which simplifies development and opens a lot of new possibilities.
For those still using Win XP, or Internet Explorer, we have a support through old GSv4 (frozen development). But you should consider upgrading your browsers and computers.
Next Gen UI library
We developed our own UI library based on WebComponents. It is our effort to create the best web terminal modernization engine. As technology progress, we also progress. With the latest web technology changes that opened new ways to solve problems, we were forced to replace previous version. The library itself is small, contains only 2 major classes for UI with about only 500 lines of code and several helper modules. This is the core of our latest engine. It is still in development for terminal screen modernization, however, first insight of the new technology can be seen in our UI changes described in previous paragraph. Our next step is to migrate WebAdmin console to the new UI library, which will be a good test before opening the library to the public and web terminal modernization.
Other improvements
- Server runtime updated to the latest version 25
- Docker installers updated to support Java 17
- Linux installer updated to support Java 17
Final word
Even the list itself is not extra long, there are thousands of hours behind all those changes and improvements. Again, we send a big thank you to our customers, giving us insight into their requirements, which helps us to add new features and to make the product even better, faster and more secure.