HCL Workload Automation, Version 9.4

Localopts details

# comment
Treats everything from the indicated sign (#) to the end of the line as a comment.
appserver auto restart = yes|no
Requests the appservman process to automatically start WebSphere Application Server if it is found down. The default is Yes.
appserver check interval = minutes
Specifies the frequency in minutes that the appservman process is to check that WebSphere Application Server is still running. The default is 5 minutes.
appserver count reset interval = hours
Specifies the time interval in hours after which the restart count is reset from the last WebSphere Application Server start. The default is 24 hours.
appserver max restarts = number
Specifies the maximum number of restarting attempts the appservman process can make before giving up and exiting without restarting WebSphere Application Server. The counter is reset if WebSphere Application Server runs for longer than the appserver count reset interval value. The default is 5.
appserver min restart time = minutes
Specifies in minutes the minimum elapsed time the appservman process must wait between each attempt to restart the WebSphere Application Server if it is down. If this value is less than the appserver check interval, the WebSphere Application Server is restarted as soon as it is found down. If it is found down before this time interval (min restart time) has elapsed, appservman exits without restarting it. The default is 10 minutes.
appserver service name = name
Only in Windows environments. Specifies the name of the WebSphere Application Server windows service if different from the standard name. This field is generally not used.
autostart monman = yes|no
Used in event rule management. Restarts the monitoring engine automatically when the next production plan is activated (on Windows also when HCL Workload Automation is restarted). The default is Yes.
bm check deadline = seconds
Specify the minimum number of seconds Batchman waits before checking if a job has missed its deadline. The check is performed on all jobs and job streams included in the Symphony file, regardless of the workstation where the jobs and job streams are defined. Jobs and job streams with expired deadlines are marked as late in the local Symphony file. To obtain up-to-date information about the whole environment, define this option on the master domain manager. Deadlines for critical jobs are evaluated automatically, independently of the bm check deadline option. To disable the option and not check deadlines, enter a value of zero, the default value.
bm check file = seconds
Specify the minimum number of seconds Batchman waits before checking for the existence of a file that is used as a dependency. The default is 120 seconds.
bm check status = seconds
Specify the number of seconds Batchman waits between checking the status of an internetwork dependency. The default is 300 seconds.
bm check until = seconds
Specify the maximum number of seconds Batchman waits before reporting the expiration of an Until time for job or Job Scheduler. Specifying a value below the default setting (300) might overload the system. If it is set below the value of Local Option bm read, the value of bm read is used in its place. The default is 300 seconds.
bm look = seconds
Specify the minimum number of seconds Batchman waits before scanning and updating its production control file. If you install the 9.4, FP1 version as a fresh installation, the default value is automatically set to 5 for improving product performance. The previous default value was 15 seconds and is maintained if you perform a product upgrade.
bm read = seconds
Specify the maximum number of seconds Batchman waits for a message in the intercom.msg message file. If no messages are in queue, Batchman waits until the timeout expires or until a message is written to the file. If you install the 9.4, FP1 version as a fresh installation, the default value is automatically set to 3 for improving product performance. The previous default value was 10 seconds and is maintained if you perform a product upgrade.
bm stats = on|off
To have Batchman send its startup and shut down statistics to its standard list file, specify on. To prevent Batchman statistics from being sent to its standard list file, specify off. The default is off.
bm verbose = on|off
To have Batchman send all job status messages to its standard list file, specify on. To prevent the extended set of job status messages from being sent to the standard list file, specify off. The default is off.
bm late every = minutes
When an every job does not start at its expected start time, bm late every specifies the maximum number of minutes that elapse before HCL Workload Automation skips the job. This option applies only to jobs defined with every option together with the at time dependency, it has no impact on jobs that have only the every option.
can be event processor = yes|no
Specify if this workstation can act as event processing server or not. It is set by default to yes for master domain managers and backup masters, otherwise it is set to no.
cli gsk tls10 cipher=DFLT|<cipher>
Only used if SSL is defined using GSKit (ssl fips enabled="yes"). Specify the cipher to be used with the TLS 1.0 protocol in association with GSKit when using the HCL Workload Automation command line. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
cli gsk tls11 cipher=DFLT|<cipher>
Only used if SSL is defined using GSKit (ssl fips enabled="yes"). Specify the cipher to be used with the TLS 1.1 protocol in association with GSKit when using the HCL Workload Automation command line. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
cli gsk tls12 cipher=DFLT|<cipher>
Only used if SSL is defined using GSKit (ssl fips enabled="yes"). Specify the cipher to be used with the TLS 1.2 protocol in association with GSKit when using the HCL Workload Automation command line. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
cli ssl tls10 cipher=HIGH|<cipher>
Only used if SSL is defined using OpenSSL (ssl fips enabled="no"). Specify the cipher to be used with the TLS 1.0 protocol in association with SSL when using the HCL Workload Automation command line. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
cli ssl tls11 cipher=HIGH|<cipher>
Only used if SSL is defined using OpenSSL (ssl fips enabled="no"). Specify the cipher to be used with the TLS 1.1 protocol in association with SSL when using the HCL Workload Automation command line. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
cli ssl tls12 cipher=HIGH|<cipher>
Only used if SSL is defined using OpenSSL (ssl fips enabled="no"). Specify the cipher to be used with the TLS 1.2 protocol in association with SSL when using the HCL Workload Automation command line. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
gsk tls10 cipher=DFLT|<cipher>
Only used if SSL is defined using GSKit (ssl fips enabled="yes"). Specify the cipher to be used with the TLS 1.0 protocol in association with GSKit. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
gsk tls11 cipher=DFLT|<cipher>
Only used if SSL is defined using GSKit (ssl fips enabled="yes"). Specify the cipher to be used with the TLS 1.1 protocol in association with GSKit. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. f you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
gsk tls12 cipher=DFLT|<cipher>
Only used if SSL is defined using GSKit (ssl fips enabled="yes"). Specify the cipher to be used with the TLS 1.2 protocol in association with GSKit. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. When specified, it overrides the default option. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
ssl tls10 cipher=HIGH|<cipher>
Only used if SSL is defined using OpenSSL (ssl fips enabled="no"). Specify the cipher to be used with the TLS 1.0 protocol in association with SSL. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
ssl tls11 cipher=HIGH|<cipher>
Only used if SSL is defined using OpenSSL (ssl fips enabled="no"). Specify the cipher to be used with the TLS 1.1 protocol in association with SSL. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
ssl tls12 cipher=HIGH|<cipher>
Only used if SSL is defined using OpenSSL (ssl fips enabled="no"). Specify the cipher to be used with the TLS 1.2 protocol in association with SSL. Restart the agent to make the changes effective. This keyword is optional and must be manually inserted in the localopts file. If you set more parameters with different versions of the same protocol, the protocol with the lowest version is used.
cli ssl certificate keystore label = string
Only used if SSL is defined using GSKit (ssl fips enabled="yes") Supply the label which identifies the certificate in the keystore when the command-line client is using SSL authentication to communicate with the master domain manager. The default is IBM TWS 8.6 workstation, which is the value of the certificate distributed with the product to all customers. This certificate is thus not secure and should be replaced with your own secure certificate. See Configuring the SSL connection protocol for the network.
cli ssl keystore file = file_name
Only used if SSL is defined using GSKit (ssl fips enabled="yes"). Specify the name of the keystore file used for SSL authentication when the command-line client is using SSL authentication to communicate with the master domain manager. The default is TWA_home/TWS/ssl/TWSPublicKeyFile.pem. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network.
cli ssl keystore pwd = file_name
Only used if SSL is defined using GSKit (ssl fips enabled="yes"). Specify the password file of the keystore used for SSL authentication when the command-line client is using SSL authentication to communicate with the master domain manager. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network.
cli ssl cipher = cipher_class
Only used if SSL is defined using OpenSSL (ssl fips enabled="no") Specify the cipher class to be used when the command-line client and the server are using SSL authentication. Use one of the common cipher classes listed in Table 1. The default is MD5.
If you want to use an OpenSSL cipher class not listed in the table, use the following command to determine if your required class is supported:
openssl ciphers <class_name>
where class_name is the name of the class you want to use. If the command returns a cipher string, the class can be used.
Table 1. Valid encryption cipher classes
Encryption cipher class Description
SSLv3 SSL version 3.0
TLS Only for HCL Workload Automation, version 9.3. users: before enabling SSL communication, manually modify this value to TLSv1, as described in Setting local options. For users with V9.3 Fix Pack 1 or later, no manual intervention is required. The default value is TLSv1.
TLSv1 TLS version 1.0
EXP Export
EXPORT40 40-bit export
MD5 Ciphers using the MD5 digest, digital signature, one-way encryption, hash or checksum algorithm.
LOW Low strength (no export, single DES)
MEDIUM Ciphers with 128 bit encryption
HIGH Ciphers using Triple-DES
NULL Ciphers using no encryption
cli ssl server auth = yes|no
Only used if SSL is defined using OpenSSL (ssl fips enabled="no") Specify yes if server authentication is to be used in SSL communications with the command line client. The default is no.
cli ssl server certificate = file_name
Only used if SSL is defined using OpenSSL (ssl fips enabled="no") Specify the file, including its full directory path, that contains the SSL certificate when the command-line client and the server use SSL authentication in their communication. There is no default. See Configuring the SSL connection protocol for the network.
cli ssl trusted dir = directory_name
Only used if SSL is defined using OpenSSL (ssl fips enabled="no") Specify the directory that contains an SSL trusted certificate contained in files with hash naming (#) when the command-line client and the server are using SSL authentication in their communication. When the directory path contains blanks, enclose it in double quotation marks ("). There is no default.
composer prompt = prompt
Specify the prompt for the composer command line. The prompt can be of up to 10 characters in length. The default is dash (-).
conman prompt = prompt
Specify the prompt for the conman command line. The prompt can be of up to 8 characters in length. The default is percent (%).
date format = 0|1|2|3
Specify the value that corresponds to the date format you require. The values can be:
  • 0 corresponds to yy/mm/dd
  • 1 corresponds to mm/dd/yy
  • 2 corresponds to dd/mm/yy
  • 3 indicates usage of Native Language Support variables

The default is 1.

default ws = manager_workstation
The default workstation when you are accessing using a command line client. Specify the domain manager workstation.
DownloadDir = directory_name
Defines the name of the directory where the fix pack installation package or upgrade eImage is downloaded during the centralized agent update process. If not specified, the following default directory is used:
On Windows operating systems:
<TWA_home>\TWS\stdlist\JM\download
On UNIX operating systems:
<TWA_home>/TWS/stdlist/JM/download
er load = yes|no
For UNIX and Linux operating systems only. If set to yes, specifies that the HCL user profile should be loaded when running a GenericAction EventRule. The default value is no.
host = hostname_or_IP_address
The name or IP address of the host when accessing using a command line client.
is remote cli = yes|no
Specify if this instance of HCL Workload Automation is installed as a command line client (yes).
jm interactive old = yes|no
Only for Windows operating systems starting from Vista and later versions. To comply with security restrictions introduced with the Vista version of Windows operating systems, only for fault-tolerant agents, HCL Workload Automation runs interactive jobs only if the streamlogon user has a valid, interactive session. Specify yes to allow jobman to start interactive jobs even if there are no active sessions for the streamlogon user. Specify no to allow jobman to start interactive jobs only if there are active sessions for the streamlogon user. The default is no.
jm job table size = entries
Specify the size, in number of entries, of the job table used by Jobman. The default is 1024 entries.
jm load user profile = on|off
Only on Windows operating systems. Specify if the jobman process loads the user profile and its environment variables for the user specified in the logon field of each job, before starting the job on the workstation. Specify on to load the user profile on the workstation before running jobs for the logon user; otherwise specify off. Roaming profiles are not supported. The default is on.
jm look = seconds
Specify the minimum number of seconds Jobman waits before looking for completed jobs and performing general job management tasks. The default is 300 seconds.
jm nice = nice_value
For UNIX and Linux operating systems only, specify the nice value to be applied to jobs launched by Jobman to change their priority in the kernel's scheduler. The default is zero.

The nice boundary values vary depending upon each specific platform, but generally lower values correspond to higher priority levels and vice versa. The default depends upon the operating system.

Applies to jobs scheduled by the root user only. Jobs submitted by any other user inherit the same nice value of the Jobman process.

See also jm promoted nice.

jm file no root = yes|no
For UNIX and Linux operating systems only, specify yes to prevent Jobman from executing commands in file dependencies as root. Specify no to allow Jobman to execute commands in file dependencies as root. The default is no.
jm no root = yes|no
For UNIX and Linux operating systems only, specify yes to prevent Jobman from launching root jobs. Specify no to allow Jobman to launch root jobs. The default is yes.
jm promoted nice = nice_value
Used in workload service assurance. For UNIX and Linux operating systems only, assigns the priority value to a critical job that needs to be promoted so that the operating system processes it before others. Applies to critical jobs or predecessors that need to be promoted so that they can start at their critical start time.

Boundary values vary depending upon each specific platform, but generally lower values correspond to higher priority levels and vice versa. The default is -1.

Be aware that:
  • The promotion process is effective with negative values only. If you set a positive value, the system runs it with the -1 default value and logs a warning message every time Jobman starts.
  • An out of range value (for example -200), prompts the operating system to automatically promote the jobs with the lowest allowed nice value. Note that in this case no warning is logged.
  • Overusing the promotion mechanism (that is, defining an exceedingly high number of jobs as mission critical and setting the highest priority value here) might overload the operating system, negatively impacting the overall performance of the workstation.
You can use this and the jm nice options together. If you do, remember that, while jm nice applies only to jobs submitted by the root user, jm promoted nice applies only to jobs that have a critical start time. When a job matches both conditions, the values set for the two options add up. For example, if on a particular agent the local options file has:
jm nice= -2
jm promoted nice= -4
when a critical job submitted by the root user needs to be promoted, it is assigned a cumulative priority value of -6.
jm promoted priority = value
Used in workload service assurance. For Windows operating systems only, sets to this value the priority by which the operating system processes a critical job when it is promoted.

Applies to critical jobs or predecessors that need to be promoted so that they can start at their critical start time.

The possible values are:
  • High
  • AboveNormal (the default)
  • Normal
  • BelowNormal
  • Low or Idle

Note that if you a set a lower priority value than the one non-critical jobs might be assigned, no warning is given and no mechanism like the one available for jm promoted nice sets it back to the default.

jm read = seconds
Specify the maximum number of seconds Jobman waits for a message in the courier.msg message file. The default is 10 seconds.
local was = yes|no
For master domain managers and backup masters connected to the HCL Workload Automation database. If set to yes, it improves the performance of Job Scheduler and job submission from the database The default is no.
merge stdlists = yes|no
Specify yes to have all of the HCL Workload Automation control processes, except Netman, send their console messages to a single standard list file. The file is given the name TWSmerge. Specify no to have the processes send messages to separate standard list files. The default is yes.
mm cache mailbox = yes|no
Use this option to enable Mailman to use a reading cache for incoming messages. In this case, only messages considered essential for network consistency are cached. The default is yes.
mm cache size = messages
Specify this option if you also use mm cache mailbox. The maximum value (default) is 512.
mm planoffset = HHMM
HHMM is an amount of time in the format hours and minutes. When HCL Workload Automation starts, this amount of time is used as an offset to check the Symphony plan validity according to this formula:
current_timestamp < (Symphony_end_timestamp - HHMM)
If the result is true, that is, the current time is earlier than the Symphony planned end time minus the offset, the Symphony plan is considered valid and HCL Workload Automation starts. If the result is false, HCL Workload Automation does not start and an error is logged. The default for this optional attribute is an empty value; in this case, no check is performed by HCL Workload Automation on the validity of the plan. This check might be necessary when a domain manager stops because of an unplanned outage and restarts later, when a new domain manager has been started in the meanwhile, because not all the correct recovery procedures were run to exclude it from the HCL Workload Automation network. As a consequence, there are two domain managers running at the same time on the same fault-tolerant agent creating scheduling issues on all the fault-tolerant agents.
mm read = seconds
Specify the maximum number of seconds Mailman waits for a connection with a remote workstation. The default is 15 seconds.
mm resolve master = yes|no
When set to yes the $MASTER variable is resolved at the beginning of the production day. The host of any extended agent is switched after the next JnextPlan (long term switch). When it is set to no, the $MASTER variable is not resolved at JnextPlan and the host of any extended agent can be switched after a conman switchmgr command (short- and long-term switch). The default is yes. When you switch a master domain manager and the original has mm resolve master set to no and the backup has mm resolve master set to yes, after the switch any extended agent that is hosted by $MASTER switches to the backup domain manager. When the backup domain manager restarts, the keyword $MASTER is locally expanded by Mailman. You should keep the mm resolve master value the same for master domain managers and backup domain managers.
mm response = seconds
Specify the maximum number of seconds Mailman waits for a response before reporting that a workstation is not responding. The minimum wait time for a response is 90 seconds. The default is 600 seconds.
mm retrylink = seconds
Specify the maximum number of seconds Mailman waits after unlinking from a non-responding workstation before it attempts to link to the workstation again. The default is 600 seconds. The tomserver optional mailman servers do not unlink non-responding agents. The link is repetitively checked every 60 seconds, which is the default retrylink for these servers.
mm sound off = yes|no
Specify how Mailman responds to a conman tellop ? command. Specify yes to have Mailman display information about every task it is performing. Specify no to have Mailman send only its own status. The default is no.
mm symphony download timeout = seconds
Specify the maximum number of minutes Mailman waits after attempting to initialize a workstation on a slow network. If the timeout expires without the workstation being initialized successfully, Mailman initializes the next workstation in the sequence. The default is no timeout (0).
mm unlink = seconds
Specify the maximum number of seconds Mailman waits before unlinking from a workstation that is not responding. The wait time should not be less than the response time specified for the Local Option nm response. The default is 960 seconds.
nm mortal = yes|no
Specify yes to have Netman quit when all of its child processes have stopped. Specify no to have Netman keep running even after its child processes have stopped. The default is no.
nm port = port
Specify the TCP port number that Netman responds to on the local computer. This must match the TCP/IP port in the computers workstation definition. It must be an unsigned 16-bit value in the range 1- 65535 (values between 0 and 1023 are reserved for services such as, FTP, TELNET, HTTP, and so on). The default is the value supplied during the product installation.

If you run event-driven workload automation and you have a security firewall, make sure this port is open for incoming and outgoing connections.

nm read = seconds
Specify the maximum number of seconds Netman waits for a connection request before checking its message queue for stop and start commands. The default is 10 seconds.
nm retry = seconds
Specify the maximum number of seconds Netman waits before retrying a connection that failed. The default is 800 seconds.
nm ssl full port = port
The port used to listen for incoming SSL connections when full SSL is configured by setting global option enSSLFullConnection to yes (see Configuring full SSL security for more details). This value must match the one defined in the secureaddr attribute in the workstation definition in the database. It must be different from the nm port local option that defines the port used for normal communication.
Note:
  1. If you install multiple instances of HCL Workload Automation on the same computer, set all SSL ports to different values.
  2. If you plan not to use SSL, set the value to 0.
There is no default.
nm ssl port = port
The port used to listen for incoming SSL connections, when full SSL is not configured (see Configuring full SSL security for more details). This value must match the one defined in the secureaddr attribute in the workstation definition in the database. It must be different from the nm port local option that defines the port used for normal communication.
Note:
  1. If you install multiple instances of HCL Workload Automation on the same computer, set all SSL ports to different values.
  2. If you plan not to use SSL, set the value to 0.
There is no default.
port = port
The TCP/IP port number of the protocol used when accessing using a command line client. The default is 31115.
protocol = http|https
The protocol used to connect to the host when accessing using a command line client.
proxy = proxy_server_hostname_or_IP_address
The name of the proxy server used when accessing using a command line client.
proxy port = proxy_server_port
The TCP/IP port number of the proxy server used when accessing using a command line client.
restricted stdlists = yes|no
Use this option to set a higher degree of security to the stdlist directory (and to its subdirectories) allowing only selected users to create, modify, or read files.

This option is available for UNIX workstations only. After you define it, make sure you erase your current stdlist directory (and subdirectories) and that you restart HCL Workload Automation. The default is no.

If the option is not present or if it is set to no, the newly created stdlist directory and its subdirectories are unaffected and their rights are as follows:
drwxrwxr-x  22 twsmdm staff          4096 Nov 09 12:12
drwxrwxr-x   2 twsmdm staff           256 Nov 09 11:40 2009.11.09
drwxrwxr-x   2 twsmdm staff          4096 Nov 09 11:40 logs
drwxr-xr-x   2 twsmdm staff          4096 Nov 09 11:40 traces
If the option is set to yes, these directories have the following rights:
drwxr-x--x  5 twsmdm staff             256 Nov 13 18:15
rwxr-x--x   2 twsmdm staff             256 Nov 13 18:15 2009.11.13
rwxr-x--x   2 twsmdm staff             256 Nov 13 18:15 logs
rwxr-x--x   2 twsmdm staff             256 Nov 13 18:15 traces
Do the following to define and activate this option:
  1. Change the line restricted stdlists = no to restricted stdlists = yes in your local options file.
  2. Stop HCL Workload Automation.
  3. Stop WebSphere Application Server if present.
  4. Remove the stdlist directory (or at least its files and subdirectories).
  5. Start HCL Workload Automation.
  6. Start WebSphere Application Server if present.
ssl auth mode = caonly|string|cpu
The behavior of HCL Workload Automation during an SSL handshake is based on the value of the SSL authentication mode option as follows:
caonly
HCL Workload Automation checks the validity of the certificate and verifies that the peer certificate has been issued by a recognized CA. Information contained in the certificate is not examined. The default value.
string
HCL Workload Automation checks the validity of the certificate and verifies that the peer certificate has been issued by a recognized CA. It also verifies that the Common Name (CN) of the Certificate Subject matches the string specified into the SSL auth string option. See ssl auth string = string.
cpu
HCL Workload Automation checks the validity of the certificate and verifies that the peer certificate has been issued by a recognized CA. It also verifies that the Common Name (CN) of the Certificate Subject matches the name of the workstation that requested the service.
ssl auth string = string
Used in conjunction with the SSL auth mode option when the "string" value is specified. The SSL auth string (ranges from 1 — 64 characters) is used to verify the certificate validity. The default string is "tws".
ssl ca certificate = file_name
Only used if SSL is defined using OpenSSL (ssl fips enabled="no") Specify the name of the file containing the trusted certification authority (CA) certificates required for SSL authentication. The CAs in this file are also used to build the list of acceptable client CAs passed to the client when the server side of the connection requests a client certificate. This file is the concatenation, in order of preference, of the various PEM-encoded CA certificate files.

The default is TWA_home/TWS/ssl/TWSTrustedCA.crt. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network.

ssl certificate = file_name
Only used if SSL is defined using OpenSSL (ssl fips enabled="no") Specify the name of the local certificate file used in SSL communication.

The default is TWA_home/TWS/ssl/TWSPublicKeyFile.pem. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network.

ssl certificate keystore label = string
Only used if SSL is defined using GSKit (ssl fips enabled="yes") Supply the label which identifies the certificate in the keystore when using SSL authentication.

The default is IBM TWS 8.6 workstation, which is the value of the certificate distributed with the product to all customers. This certificate is thus not secure and should be replaced with your own secure certificate. See Configuring the SSL connection protocol for the network.

ssl encryption cipher = cipher_class
Only used if SSL is defined using OpenSSL (ssl fips enabled="no") Define the ciphers that the workstation supports during an SSL connection.
Use one of the common cipher classes listed in Table 1. The default value is TLSv1. No manual intervention is required. If you want to use an OpenSSL cipher class not listed in the table, use the following command to determine if your required class is supported:
openssl ciphers <class_name>
where class_name is the name of the class you want to use. If the command returns a cipher string, the class can be used.
ssl fips enabled = yes|no
Determines whether your entire HCL Workload Automation network is enabled for FIPS (Federal Information Processing Standards) compliance. FIPS compliance requires the use of GSKit instead of the default OpenSSL for secure communications. If you enable FIPS (ssl fips enabled="yes") you must set values for all the SSL attributes that apply to GSKit. If you do not enable FIPS (ssl fips enabled="no"), set the values for OpenSSL. The default is no. See FIPS compliance for more details.
ssl key = file_name
Only used if SSL is defined using OpenSSL (ssl fips enabled="no") The name of the private key file.

The default is TWA_home/TWS/ssl/TWSPrivateKeyFile.pem. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network.

ssl key pwd = file_name
Only used if SSL is defined using OpenSSL (ssl fips enabled="no") The name of the file containing the password for the stashed key.

The default is TWA_home/TWS/ssl/TWSPrivateKeyFile.sth. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network.

ssl keystore file = file_name
Only used if SSL is defined using GSKit (ssl fips enabled="yes"). Specify the name of the keystore file used for SSL authentication.

The default is TWA_home/TWS/ssl/TWSKeyRing.kdb. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network.

ssl keystore pwd = file_name
Only used if SSL is defined using GSKit (ssl fips enabled="yes"). Specify the name of the keystore password file used for SSL authentication.

The default is TWA_home/TWS/ssl/TWSKeyRing.sth. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network.

ssl random seed = file_name
Only used if SSL is defined using OpenSSL (ssl fips enabled="no") Specify the pseudo random number file used by OpenSSL on some operating systems. Without this file, SSL authentication might not work correctly.

The default is TWA_home/TWS/ssl/TWS.rnd. This file is part of the SSL configuration distributed with the product to all customers. It is thus not secure and should be replaced with your own secure SSL configuration. See Configuring the SSL connection protocol for the network.

stdlist width = columns
Specify the maximum width of the HCL Workload Automation console messages. You can specify a column number in the range 1 to 255. Lines are wrapped at or before the specified column, depending on the presence of imbedded carriage control characters. Specify a negative number or zero to ignore line width. On UNIX and Linux operating systems, you should ignore line width if you enable system logging with the syslog local option. The default is 0 columns.
switch sym prompt = prompt
Specify a prompt for the conman command line after you have selected a different Symphony file with the setsym command. The maximum length is 8 characters. The default is n%.
sync level = low|medium|high
Specify the rate at which HCL Workload Automation synchronizes information written to disk. This option affects all mailbox agents and is applicable to UNIX and Linux operating systems only. Values can be:
low
Allows the operating system to handle it.
medium
Flushes the updates to disk after a transaction has completed.
high
Flushes the updates to disk every time data is entered.
The default is low.
syslog local = value
Enables or disables HCL Workload Automation system logging for UNIX and Linux operating systems only. Specify -1 to turn off system logging for HCL Workload Automation. Specify a number from 0 to 7 to turn on system logging and have HCL Workload Automation use the corresponding local facility (LOCAL0 through LOCAL7) for its messages. Specify any other number to turn on system logging and have HCL Workload Automation use the USER facility for its messages. The default is -1. See HCL Workload Automation console messages and prompts.
tcp connect timeout = seconds
Specify the maximum number of seconds that can be waited to establish a connection through non-blocking socket. The default is 15 seconds.
tcp timeout = seconds
Specify the maximum number of seconds that can be waited for the completion of a request on a connected workstation that is not responding. The default is 300 seconds.
this cpu = workstation_name
Specify the HCL Workload Automation name of this workstation. The name can be a maximum of 16 alphanumeric characters in length and must start with a letter. When a switch is made between the master domain manager and a backup domain manager, using the switchmgr command, the Symphony header value for this cpu is overwritten by the this cpu value in the localopts file. The default is the host name of the computer.
timeout = seconds
The timeout in seconds when accessing using a command line client. The default is 3600 seconds.
unison network directory = directory_name
This parameter applies only to versions of HCL Workload Automation prior to version 8.3. Defines the name of the Unison network directory. The default is <TWA_home>/../unison/network.
useropts = file_name
If you have multiple instances of HCL Workload Automation on a system, use this to identify the useropts file that is to be used to store the connection parameters for the instance in which this localops file is found. See Multiple product instances for more details.
wr enable compression = yes|no
Use this option on fault-tolerant agents. Specify if the fault-tolerant agent can receive the Symphony file in compressed form from the master domain manager. The default is no.
wr read = seconds
Specify the number of seconds the Writer process waits for an incoming message before checking for a termination request from Netman. The default is 600 seconds.
wr unlink = seconds
Specify the number of seconds the Writer process waits before exiting if no incoming messages are received. The minimum is 120 seconds. The default is 180 seconds.