Security enhancements made in Profound.js/API 7 require some small configuration changes in order to allow configurations used with earlier versions to work with version 7.

What is Changing?

• Versions 7 and higher require a new license key. License keys for older versions will not work with version 7 and higher. This does NOT require a new purchase for existing customers.

• In previous versions, built-in file encryption utilities (such as for DB credentials and Profound API data files) worked using an encryption key that was built into the product. Starting in version 7 these utilities work with a user-defined encryption key that needs to be generated and configured.

• In previous versions, authentication for PJSCALL and proxy program connections worked using built-in encryption keys. Starting in version 7, Profound.js will only accept connections from IBM i systems identified by a security key that is unique to each IBM i system.

• The pjs.sendRequest() API is removed in this release. Any applications still using it will need to be adjusted to use pjs.httpRequest() instead.

Why is This Changing?

The changes were made to enhance security.

Migration Process

1. Before upgrading, obtain a license key that is compatible with Profound.js/API 7 for each of your target systems by contacting your Profound Logic account representative, or keys@profoundlogic.com
   
   To generate new keys, your account representative will need a copy of your existing license keys. To retrieve the license keys, you can use the License Key UI on each target system:
   
   http://your_system:port/key
   
   
   

   Open

   

   
   
   Copy/paste the license keys and send along with your request. If the target system doesn’t yet have a license key applied, provide the machine identifier instead.
   
   If you haven’t yet purchased a license, you can use the Request Trial Key button to request a temporary key after upgrading.
   
   

2. Upgrade to version 7 in a test environment first to test the new configuration before upgrading any production instances.
   
   

3. If connecting to IBM i instances from off platform using Remote Connector or connecting from IBM i to Profound.js via PJSCALL or proxy programs, upgrade the IBM i instances and associated Connector libraries first using steps 1-8, before upgrading your other instances.
   
   

4. Upgrade the instance to version 7 using the standard installation process.
   
   

5. If using file encryption features (such as for DB connections and/or PAPI data files):

   1. Generate and configure an encryption key as described in File Encryption.

   2. Regenerate any encrypted credentials files using the store_credentials or store_options tools.
      
      

6. If using PJSCALL and/or Profound.js proxy programs to connect to Profound.js, add the security key(s) for any IBM i systems that need to connect to the instance to the configuration file, as described in Security for PJSCALL Command and Proxy Programs.
   
   

7. Start your version 7 instance, go to the License Key interface, and apply your version 7 license key.
   
   

8. Restart your version 7 instance.
   
   

9. Check applications for any use of pjs.sendRequest(), replace with pjs.httpRequest() and retest. In many cases (unless using advanced request options), pjs.httpRequest() will work as a simple drop-in replacement.

10. NOTE: An issue was identified that caused the dashboard users file (api-dashboard.dat) to be created and used from the current working directory. As of version 7.8.0, the system has been changed to create and use this file in the installation directory, but it will continue to use this file in the current working directory if one isn't found in the installation directory and will only create a new one if it isn't found in either location.

Here is our video that elaborates on some things that you should know before upgrading to Profound.js 7.0: