Introduction

• JS7 is a rewrite from scratch of the JobScheduler components. The motivation for the JS7 is not to improve the existing branch 1.x (JS1) but to create something better.
•  The code base of JS1 partly dates back some 12 years, major parts had been written in C++ for an object oriented design. This makes three reasons to rewrite JS7:
  • A code base needs a redesign from time to time, you cannot indefinitely continue to add bells and whistles: for example, if the code was not designed for more elaborate security requirements that were not known or evident at the time of writing. The JS7 is designed to meet up-to-date requirements for performance, resilience and security.
  • The C++ code base requires a number of software packages that have to be installed in the operating system. In addition, it does not allow perfect platform independence. The JS7 makes use of Java for the purpose of guaranteed platform independence and minimum installation requirements.
  • The object oriented design of JS1 is not a perfect match for ongoing development of the product. You can design an object oriented model with future development of a product in mind for a foreseeable time only, maybe for some two to four years, but you cannot design a model that is stable for a product life cycle of eight years. For the JS7 Controller and Agent SOS switched to the Scala programming language using a functional design for most parts. This is due to the fact that functional programming is free from side effects, whereas an object oriented approach tends to add more and more relationships to objects that makes ongoing product development increasingly complex.
• The first release of JS7 is focused on new users of the product. Existing users of JobScheduler find migration tools that are improved in the course of JS7 releases, See JS7 - Migration of JobScheduler 1.x job configuration.

Architecture Changes

Database

Run-time Database dropped

• The JS1 requires use of a run-time database by the Master to store job results and logs immediately after execution of a job.
• This database is dropped as the JS7 - History Service performs this task asynchronously.

Inventory/Reporting Database

• The JS1 Reporting Database exists in a similar way for JS7.
• However, the JS7 - Database stores inventory information and deployment information for job-related configuration. This database is not required at run-time but at design-time and at deploy-time only. Therefore high availability requirements to this database are considered being more relaxed by a number of users.

Controller / Agent

Agent Assignment

• In JS1 an Agent can be accessed by a number of Master instances.
• With JS7 Agents are dedicated to a Controller and cannot be shared between Controllers.

Agent Cluster Configuration

• For JS1 any number of Agent Clusters can be configured that reference the same Agent as they represent a logical layer on top of the installation.
• With JS7 there is a unique registration of an Agent during JS7 - Initial Operation.

Configuration Changes

Job-related Configuration Format

XML format migrated to JSON

• The JS1 stores job-related configuration in XML files. The problem with XML is that many parsers are inherently insecure due to the many capabilities of XML. One more problem is the fact that a number of XML parser projects are not actively maintained. This results in an increasing number of XML vulnerabilities and inacceptable delays for security fixes.
• The JS7 makes use of JSON as the storage format for job-related configuration. In fact JSON capabilities are by far inferior to what is available from XML, e.g. when it comes to validation. At the same time JSON is more focused and offers less attack surface.

File based Configuration migrated to the Database

• The file based configuration of JS1 is not perfectly cloud usable. This is why branch 1.13 dropped the JOE job editor and introduced browser based management of job-related configuration stored with the database. However, JS1 allows modifications of job-related configuration by files for users with access to the operating system. From a security perspective this is not a perfect design as technical permissions of a system administrator to modify files at operating system level are not related to role based permissions that determine who should be entitled to modify and to deploy jobs.
• The JS7 follows a role based access model that excludes users with technical permissions such as a root account. Instead, digital signatures are used to prove to a Controller and Agent that a specific user is entitled to deploy certain workflows and jobs. This adds non-repudiability to job-related deployment that is not based on trust relationships of JS7 components but on use of certificates only, e.g. an Agent does not trust a Controller or JOC Cockpit, it trusts available certificates only.
• For lovers of the straightforward option available from JS1 to push/pull job-related configuration files to/from a version control system, the good news is: the JS7 includes direct support for Git based repositories, see JS7 - Roadmap. Support for additional version control products becomes available from file based exports of the JS7 inventory.

Job Dependencies

Job dependencies migrated to workflow patterns

• The JS1 preferably implements forward dependencies and a few options for backward dependencies by additional JITL jobs and JITL based monitors.
  • For example, the How to split and join jobs in a job chain article explains JITL job templates that have to be added to a job chain in addition to business related jobs and that are parameterized in a somewhat sophisticated way.
  • For example, the How To Synchronize Job Execution Across Job Chains article explains the JITL Job JobSchedulerSynchronizeJobChains that makes orders in a number of job chains wait for each other.
• The JS7 implements a larger number of workflow patterns, see JS7 - Workflow Patterns that are available from JS7 - Workflow Instructions.
  • For example, the JS7 includes a native JS7 - Fork / Join Instruction that does not require use of additional JITL jobs and that works without parameterization.
  • For example, the JS7 offers use of JS7 - Notice Boards with the JS7 - ExpectNotice Instruction and the JS7 - PostNotice Instruction to synchronize workflows.

Individual Implementation of dependencies moved to workflow patterns

• Due to the limited capabilities of the JS1 for backward dependencies users might have implemented dependencies individually, e.g. by scripting. the Product Knowledge Base includes a number of such examples.
• The JS7 implements a larger number of workflow patterns as stated with the previous chapter. SOS does not consider it desirable to bury the logic of job dependencies in scripts. Instead such scripts should be migrated to use JS7 - Workflow Instructions and should be part of the configuration. This is manual work and is not supported by migration tools.

Pre-Post Processing

Support for Scripting Languages migrated to GraalVM

• JS1 includes support for a number of scripting languages:
  • Shell Jobs implemented with any scripting language are supported provided that the script interpreter, e.g. Python, Ruby etc., is available from the machine on which the job is executed.
  • API Jobs are supported for a number of scripting languages to which the JobScheduler Job API is exposed:
    • JavaScript (Nashorn)
    • JScript (Microsoft)
    • Perl (PerlScript)
    • PowerShell (Microsoft)
    • VBScript (Microsoft)
  • JavaScript is available from the Java Virtual Machine (JVM) implementation provided by the Nashorn JavaScript Engine.
    • Version 15 and newer of Java remove the Nashorn JavaScript engine.
  • The scripting languages JScript and VBScript are supported by the Windows JVM on 32bit systems only, see VBScript Jobs. The ScriptControl:VBScript job type introduced with JobScheduler release 1.10 acts as a replacement for VBScript jobs.
• JS7 includes support for the following scripting languages:
  • The option to run Shell Jobs for any scripting language for which the interpreter is available remains unchanged.
  • API Jobs are supported for scripting languages available with the GraalVM such as
    • JavaScript (Node.js)
    • Perl
    • Python
    • Ruby
  • At the same time JS7 API Jobs do not provide the same capabilities as for JS1. JS7 API Jobs are limited to receive arguments and to return a result. Actions on inventory objects such as adding orders, stopping jobs etc. are available from the JS7 REST Web Service API (see below).

Job API migrated to REST Web service

• The functionality of the JobScheduler Job API has been migrated to the JS7 - REST Web Service API.
• However, a number of differences have to be considered:
  • The JS1 Job API allows to modify objects of the current job such as the current task or order.
  • The JS7 REST Web Service API allows modification of any objects, but requires to identify objects such as jobs.
  • A number of operations of the JS1 Job API are not available, for example to modify the job configuration on-the-fly, e.g. by adding/dropping a setback configuration.
• A REST Client has to be used by jobs that access the JS7 REST Web Service API.

Object Changes

Jobs and Job Chains

Job Chains in JS1 correspond to JS7 - Workflows:

• The JS1 knows Jobs and Job Chains that implement a sequence of jobs.
  • A job is an object that can be modified individually and that can be re-used with a number of job chains.
  • A job is defined to be operated standalone or as a node in a job chain.
  • Any changes to jobs and job chains are immediately in effect.
• The JS7 is not limited to a sequence of JS7 - Jobs but introduces a number of JS7 - Workflow Patterns which is why the term workflow replaces job chain.
  • A job is available within a workflow only. A job is not an independent object and it cannot be re-used.
    • While users might consider this a limitation, in fact it guarantees a self-contained and consistent workflow configuration. Consider the fact that a JS1 job could be modified or removed at run-time leaving the job chain in a critical status. The JobScheduler Master had to check for updated versions of a job XML file and had to apply any modifications in good time. If modifications are not consistent, e.g. if the job parameterization changed, then this breaks a current order run as any changes to jobs are immediately applied.
    • Modifications of a JS7 job force a workflow to be deployed once again.
    • The JS7 - Bulk Operations for Jobs offer to modify a single job and to apply changes to a number of jobs across workflows.
  • There are no JS1 standalone jobs in JS7, instead such jobs are considered workflows with a single job.
  • Changes to workflows take effect for newly added JS7 - Orders only. The JS7 Controller keeps track of workflow versions as long as an order is assigned the workflow.
    • At the point of time of submission an order is associated with the current version of a workflow.
    • If the workflow changes later on then this has no impact on submitted orders, but affects new orders only that are submitted after this change.
    • This feature can be used to target changes of a workflow to a future date. Existing orders can be cancelled and re-submitted to be assigned the current version of a workflow from the Daily Plan view.

Orders

Orders in JS1 correspond to JS7 - Schedules:

...