Bye M3

Dear readers,

After 18 years having worked with M3, I left the world of M3 in June 2017, and I made a career change for the world of cyber security; visit my work on M3 security. I am excited.

It has been a great adventure working with M3 since 1999, through four acquisitions between Intentia, Symphony, Lawson, Infor, and Ciber, learning about 30 M3 products, living in three countries, France, Sweden, and the US, traveling 20 countries in five continents for about 100 customers, seeing M3 evolve through big changes, from RPG to Java, from Movex to M3, from AS/400 to Windows to Linux, from on-premise to the multi-tenant cloud, from guarded documentation to open documentation. I wish some day I will see M3 provide open source code.

I had been writing ideas in various systems since the beginning of my M3 career: Intentia 2000, Intentia’s The Wire, the Movex E-Business Forum,, Lawson’s SharePoint Communities of Interest, Lawson’s Yammer, and eventually I moved my content to my own blog here so it survives through acquisitions and changes. Since its inception in 2011, this blog has amassed 300 subscribers, and 300,000 views, thanks to you, reader.

I will keep this blog alive for a few years until further notice. I invite all of you to keep reading and commenting to keep it alive. Also, I invite you to come write new posts; contact me, and I will make you author. Also, visit the other M3 blogs. As a backup, I submitted this blog to the Internet Archive’s Wayback Machine for the domain and the previous domain

Thank you for your continued support through all these years.


Infor Grid on CryptDB

I made a proof of concept of the Infor ION Grid running on CryptDB, a database that computes on encrypted data.

Fully homomorphic encryption

Let’s suppose Alice is a client that is computationally bounded, she has an input X, she wants to compute an arbitrary program P on her input X and get the result where P is computationally intensive, she wants to delegate her computation to a powerful server (e.g. cloud provider) while preserving the privacy of her input (untrusted cloud). The way to do this is to encrypt the input, do the computation on the cipher text, and output the encryption of the result. A fully homomorphic encryption (FHE) is an encryption scheme that achieves that. It is currently still impractical in its full form because the algorithms take exponential time, but it is generating a lot of research in both academia and the industry, and they are bringing variants that make it practical.


CryptDB is a practical database server that allows SQL queries on encrypted data using SQL-aware encryption schemes (e.g. deterministic encryption for joins, order-preserving encryption for comparison predicates, homomorphic encryption for sums). The threat model for CryptDB is to ensure the privacy of the data in the face of a compromise of the database server.

I learned about CryptDB during the MIT cyber security courseMicrosoft Always Encrypted with SQL Server is another implementation.

Proof of concept

I made a proof of concept of the Grid running on CryptDB. I have not followed the guidelines to optimize the encryption schemes for the Grid; I just used the default CryptDB with the goal to spark interest in homomorphic encryption. The ideal would be to apply homomorphic encryption to M3.

1. Preparation

Install Ubuntu 12.04 (as required by CryptDB), Ruby, Git, and JDK 7 (minimum requirement for the Grid):

sudo apt-get install ruby git openjdk-7-jdk

2. Install CryptDB

  1. Download and build CryptDB; it will take some time:
    git clone -b public git://
    cd cryptdb/cd cryptdb/
    sudo scripts/install.rb .

  2. It will install MySQL on default port 3306; for the root password, enter CryptDB’s default letmein
  3. Start the CryptDB proxy (e.g. on default port 3307; change the EDBDIR accordingly):
    export EDBDIR=/home/thibaud/cryptdb/
    cd $EDBDIR
    bins/proxy-bin/bin/mysql-proxy \
     --plugins=proxy --event-threads=4 \
     --max-open-files=1024 \
     --proxy-lua-script=$EDBDIR/mysqlproxy/wrapper.lua \
     --proxy-address= \

3. Install the Grid

  1. Install the Grid on MySQL (see part 8), but via CryptDB (i.e. port 3307 instead of 3306):
    mysql -u root -pletmein -h -P 3307
    create database InforIONGrid;
    use InforIONGrid;

  2. Change the Grid’s config/ to use CryptDB instead of MySQL (i.e. port 3307 instead of 3306):
  3. Fix the CryptDB proxy query parser (it fails on column aliases and on the USER() function):
    if string.find(query, "auto_increment_increment AS auto_increment_increment") then
        return -- fix for MySQL JDBC driver ConnectionImpl.loadServerVariables
    if query == "SELECT USER()" then
        query = "SELECT CURRENT_USER()" -- fix for Grid Agent

4. Start the Grid

Start the Grid as usual (see part 8).


The result is a Grid running transparently on CryptDB, unaware that the underlying data is encrypted, while CryptDB does the computation on the encrypted data on behalf of the Grid:

The CryptDB proxy intercepts the queries (QUERY), it parses them and encrypts them (NEW QUERY), it executes them on MySQL, it decrypts the result and returns the clear text to the Grid:


The advantages are that the Grid data is encrypted which preserves its privacy in case the database server is compromised, and the Grid application did not have to be rewritten for it.

If someone were to compromise the database server, they would only see encrypted table names and columns and encrypted data that does not reveal information about the actual data:


I hope this proof of concept inspires Infor Product Development to consider this type of security for their applications that run on the multi-tenant cloud, such as M3. Secure multi-party computation and homomorphic encryption are the future direction for the security of multi-tenant clouds and a potential market not yet realized.

That’s it!

Please like, comment, share, subscribe, and come write the next idea.

Building an Infor Grid Lab – Part 8

As a corollary to building my Infor ION Grid laboratory for learning purposes, today I will setup the Grid on MySQL on Ubuntu; it involves re-compiling the Grid.


MySQL was a popular free/libre software database from Sweden from the glory days of LAMP, then Sun Microsystems acquired it, then Oracle acquired Sun, then the community forked MySQL into MariaDB to protect its freedom.

Why bother, given the community moved away from MySQL, and given the Infor Grid does not need or even support MySQL? Well, I am building a proof-of-concept of the Infor Grid on CryptDB, and that requires Ubuntu and MySQL. You will probably never need to know any of this, so I won’t put too much emphasis. I will use what I learned in parts 2, 2bis, and 6.

1. Install MySQL + JDK

Install MySQL and the Java Development Kit:

sudo apt-get install mysql-server default-jdk

2. Database tables

Create the InforIONGrid database and tables:

mysql -u root -p
create database InforIONGrid;
use InforIONGrid;
CREATE TABLE APPMAPPINGS (GRID varchar(256) NOT NULL, NAME varchar(256) NOT NULL, HOST varchar(256) NOT NULL, ID varchar(64) NULL, PENDINGID varchar(64) NULL, STATE varchar(32) NOT NULL, LOGNAME varchar(256) NULL, PROFILENAME varchar(64) NULL, PROFILEDATA BLOB NULL, JVMID varchar(64) NULL);
INSERT INTO GRIDCONF (GRID, TYPE, NAME, TS, DATA, SEQID) VALUES ('InforIONGrid', 'runtime', 'null', 0, '<?xml version="1.0" ?><runtime xmlns=""><bindings /><sessionProviders developer="true" /><routers><router name="Default Router" host="localhost" httpsPort="50000" httpPort="50001" /></routers><contextRoots /><propertySettings /></runtime>', 0);
INSERT INTO GRIDCONF (GRID, TYPE, NAME, TS, DATA, SEQID) VALUES ('InforIONGrid', 'topology' , 'null', 0, '<?xml version="1.0" ?><topology xmlns=""><hosts><host name="localhost" address="" gridAgentPort="50003" /></hosts><registry host="localhost" port="50004" /><administrativeRouter host="localhost" port="50005" webStartPort="50006" httpsPort="50007" /></topology>', 0);


  1. Download the JDBC driver for MySQL:

  2. Test the connection with a JDBC client such as SQuirreL:

4. Grid files & folders

Create the Grid files and folders as before:

5. Re-compile the Grid

The Grid is hard-coded to only support a few database servers (e.g. Microsoft SQL Server), and MySQL is NOT one of them. However, given the Grid uses Liquibase for database abstraction, and given Liquibase supports MySQL, with some re-compilation of the Grid, it should work on MySQL. Let’s do that.

  1. Open the file grid-core.jar and de-compile the following Java class:

  2. Re-write the code to add support for MySQL:
    static String DB_TYPE_MYSQL = "mysql";
    static String JAR_NAME_MYSQL = "mysql-connector-java";
    static String CLASS_NAME_MYSQL = "com.mysql.jdbc.Driver";
    static String URL_TEMPLATE_MYSQL = "jdbc:mysql://host:port/database";
    public static String getDbTypeFromConnectionString(String s) {
        if (... || type.equals(DB_TYPE_MYSQL))
    public String getJarNameFromType() {
        if (type.equals(DB_TYPE_MYSQL))
            return JAR_NAME_MYSQL;
    public static String getDriverClassFromType(String type) {
        if (type.equals(DB_TYPE_MYSQL))
            return CLASS_NAME_MYSQL;
    public static String getUrlTemplateFromType(String type) {
        if (type.equals(DB_TYPE_MYSQL))
            return URL_TEMPLATE_MYSQL;
  3. The Java Decompiler failed in a few places, and with the help of Krakatau decompiler we can fix them:
    public long getPooledCons() {
        synchronized(pool) {
            return pool.size();
    public static void setDefault(JDBCProperties instance) {
        JDBCProperties.instance = instance; // fixed scope
    private static void removeDriverManagerReferences(Driver d) {
        if (isMatchingDriverClass((Class<? extends Driver>)oo.getClass(), d.getClass())) // fixed cast
    public void releaseConnection(Connection con) {
        this.pool.add(new ConnectionWrapper(con)); // fixed null
    public GridDatabaseException getSuspendedCause() {
        synchronized(this.suspendedCause) {
            return suspendedCause[0];
  4. Re-compile the code, and replace the classes in grid-core.jar with the new ones:
    javac -cp resources/grid-core.jar com/lawson/grid/jdbc/
    jar uf resources/grid-core.jar com/lawson/grid/jdbc/JDBC*.class

  5. Test the re-compiled JAR with the following code (change the InforIONGrid path accordingly), it will dump the config/ and the GRIDCONF topology and runtime XML:
    javac -cp resources/grid-core.jar
    java -cp resources/grid-core.jar:drivers/mysql-connector-java-5.1.42-bin.jar:. Test
    import java.util.List;
    import java.sql.Connection;
    import java.sql.ResultSet;
    import java.sql.Statement;
    import com.lawson.grid.jdbc.JDBCProperties;
    import com.lawson.grid.jdbc.config.ConfigurationConnector;
    import com.lawson.grid.config.ConfigAreaRuntime;
    import com.lawson.grid.config.JDBCConfigAreaRuntime;
    import com.lawson.grid.config.JDBCUtil;
    public class Test  {
        public static void main(String[] args) throws Exception {
            JDBCProperties p = new JDBCProperties();
            JDBCUtil.initFromGridDirectory(p, new File("/home/ubuntu/InforIONGrid"));
            p.toPrintStream(System.out); // dumps config/
            ConfigAreaRuntime car = new JDBCConfigAreaRuntime(p);
            Connection c = p.getConnection();
            Statement s = c.createStatement();
            ResultSet r = s.executeQuery("SELECT DATA FROM GRIDCONF");
            while ( {
                System.out.println(r.getString("DATA")); // dumps XML
            ConfigurationConnector db = new ConfigurationConnector(p);
            System.out.println(db.getGrids()); // [InforIONGrid]

6. Start the Grid

Start the various Grid nodes (change the InforIONGrid path accordingly):

# variables
export CLASSPATH=drivers/mysql-connector-java-5.1.42-bin.jar:resources/bcmail-jdk16.jar:resources/bcprov-jdk16.jar:resources/commons-fileupload-1.2.2.jar:resources/grid-core.jar:resources/grid-jaxrs2-1.13.77.jar:resources/grid-webapp-1.13.77.jar:resources/grid.httpclient.jar:resources/grid.liquibase.jar:resources/hk2-api-2.2.0.jar:resources/hk2-locator-2.2.0.jar:resources/hk2-utils-2.2.0.jar:resources/jackson-core-asl-1.9.13.jar:resources/jackson-jaxrs-1.9.13.jar:resources/jackson-mapper-asl-1.9.13.jar:resources/javassist-3.18.1-GA.jar:resources/javax-websocket-client-impl-9.1.1.v20140108.jar:resources/javax-websocket-server-impl-9.1.1.v20140108.jar:resources/javax.annotation-api-1.2.jar:resources/javax.inject-2.2.0.jar:resources/javax.servlet-api.jar:resources/javax.websocket-api-1.0.jar:resources/
export CONFIG=/home/ubuntu/InforIONGrid
# Registry
java -cp $CLASSPATH com.lawson.grid.Startup -registry -configDir $CONFIG -host localhost -logLevel ALL &
# Default Router
java -cp $CLASSPATH com.lawson.grid.Startup -router "Default Router" -configDir $CONFIG -host localhost -logLevel ALL &
# Administrative Router
java -cp $CLASSPATH com.lawson.grid.Startup -router "Administrative Router" -configDir $CONFIG -host localhost -logLevel ALL &
# Grid Agent
java -cp $CLASSPATH com.lawson.grid.agent.GridAgent -configDir $CONFIG -host localhost -logLevel ALL &
# Grid Management Client
java -jar resources/grid-core.jar localhost 50004 &
# Configuration Manager
java -cp $CLASSPATH com.lawson.grid.config.client.ui.Launch -griddir $CONFIG -ui &
# Import XML
java -cp $CLASSPATH com.lawson.grid.config.JDBCConfigAreaRuntime $CONFIG


The result is a Grid as usual, running on MySQL:


That was how to run the Infor ION Grid on MySQL after re-compiling the Grid Java classes to make it support MySQL. I will use it in my next proof-of-concept to run the Grid on CryptDB.

That’s it!

Related posts

Developing H5 Client scripts – Part 2

I am learning to develop H5 Client scripts for a customer; see my previous post for the beginning.

To give back

My customer Chris Bullock thought client side scripts are pretty awesome, and said it would be cool if there was a library of what other M3 users have done. I proposed to post the script here with his permission, and he agreed for the love to give back.

Functional requirement

The requirement is to develop a script for M3. Purchase Order. Receive Goods – PPS300/E in H5 Client that pulls values from a related field in M3 and populates it in another field. Basically getting attribute values from purchase order line, concatenating their values, then populate that in the Lot number field on the purchase order receipt screen.

More specifically, when the user is receiving goods for a purchase order in PPS300/E, the script should automatically set the Location (WHSL) and Lot number (BANO) with the correct values to not let the user enter incorrect values by accident even with the F4-Browse:


Here is the preliminary script I developed:

var PPS300E_BANO = new function () {
	var color = 'rgb(250, 255, 189)';
	this.Init = function (scriptArgs) {
		var controller = scriptArgs.controller;
		var content = controller.GetContentElement();
		var IBITNO = content.GetElement('IBITNO')[0]; // Item number
		var IBPUNO = content.GetElement('IBPUNO')[0]; // Purchase order number
		var IBPNLI = content.GetElement('IBPNLI')[0]; // Purchase order line
		var WLWHSL = content.GetElement('WLWHSL')[0]; // Location
		var WRBANO = content.GetElement('WRBANO')[0]; // Lot number
		// ensure the Item group is MAT
		ScriptUtil.ApiRequest('/execute/MMS200MI/Get;returncols=ITGR?ITNO=' + encodeURIComponent(IBITNO.value), response => {
			var ITGR = response.MIRecord[0].NameValue[0].Value.trim();
			if (ITGR !== 'MAT') {
			if (!WLWHSL.readOnly && WLWHSL.value === '') {
				// hard-code the Location to YARD
				WLWHSL.value = 'YARD';
				// color the field = color; = color;
			// get the Attribute number
			ScriptUtil.ApiRequest('/execute/PPS200MI/GetLine;returncols=ATNR?PUNO=' + encodeURIComponent(IBPUNO.value) + '&PNLI=' + encodeURIComponent(IBPNLI.value), response => {
				var ATNR = response.MIRecord[0].NameValue[0].Value.trim();
				// get the attributes
				ScriptUtil.ApiRequest('/execute/ATS101MI/LstAttributes;returncols=AALF?ATNR=' + encodeURIComponent(ATNR), response => {
					// calculate the Lot number
					var BANO = '';
					response.MIRecord.forEach(e => BANO += e.NameValue[0].Value.trim());
					if (!WRBANO.readOnly && WRBANO.value === '') {
						// set the Lot number
						WRBANO.value = BANO;
						// color the field = color; = color;
				}, (error, message) => MainController.Current.ShowDialog([error, message]));
			}, (error, message) => MainController.Current.ShowDialog([error, message]));
		}, (error, message) => MainController.Current.ShowDialog([error, message]));

Development time

When I develop the script, I alternate between pieces of code in Chrome’s JavaScript console and debugger, and the assembled script in a text editor, iteratively until it’s ready, testing along the way with ScriptName.Init({ 'controller': getActiveController() }):


The result is the following, the script sets the Location and Lot number, and highlights them in yellow with the same color as the web browser’s autofill color to indicate that it autofilled the values:

At this point, the user can verify the values and click Next (or press ENTER) to persist the values in M3.


There are several problems with this script:

  1. The script is not able to tell apart whether the user entered the record with Option 1-Create or with Option 2-Change. In the former case, the script should set the values because the values have never been set; but in the latter case, the script should not set the values because they have already been set. I tried controller.Response.ControlData.Bookmark.Opt but it returns "2" for both Options 1-Create and 2-Change which is wrong. We are running M3 UI Adapter version In a thread with Reah, she said if we upgrade M3 UI Adapter to version, I will be able to use controller.GetMode() instead. To be continued.
  2. To make M3 API calls, I use ScriptUtil.ApiRequest. But as of M3 UI Adapter version, that method is deprecated and replaced by MIService. See my thread with Reah. To be continued.


There is this corner case in usability, unrelated to H5 Client scripts:

Initially, the customer wanted me to set the fields and disable them, no matter what. That works if the user creates a new record with Option 1-Create. But if the user enters an existing record with Option 2-Change and there are already values that another user has previously set, what should the script do? Should the script assume the values are correct and let it be? In which case the script could have guessed incorrectly and leave incorrect values behind (false negative). Or should the script assume the values are incorrect and reset them? In which case the script could have guessed incorrectly and contradict the intention of the previous user (false positive). Furthermore, if the script does reset the values, how will the user know those are new values to persist? Will highlighting in yellow be enough? Or will the user incorrectly assume those are the values currently persisted in M3? I have to read more about WebKit’s autofill design decisions and learn from it. For now, I apply the weakest enforcement: if the field is blank, set it; otherwise, do not; and never disable it.


There are several pending issues:

  • Upgrade M3 UI Adapter to the latest version
  • Use controller.GetMode() to tell apart Option 1-Create and 2-Change
  • Replace ScriptUtil.ApiRequest by MIService
  • Usability: disable the two fields while calling the M3 API, indicate activity (spinning wheel), revert when done, cancel if gone (ENTER, F3, F5, F12)
  • Add exception handling: if == null, try/catch, if response.Message, if !response.MIRecord
  • Compose the promises sequentially with request1.then(request2).then(request3) or Promise.all([request1, request2, request3]) instead of nesting them with request1({ request2({ request3() }) })
  • Use JavaScript async/await for ease of source code reading
  • Use Visual Studio and TypeScript as recommended by the M3 H5 Development Guide (H5 Script SDK)


That was my preliminary script for H5 Client while I am learning how to develop them. I still have to learn more about H5 scripts and autofill, solve current problems, and address pending issues.

Special thanks to my customer Chris Bullock.

Building an Infor Grid Lab – Part 7

Continuing to build an Infor ION Grid laboratory for my learning purposes, today I will install the Grid on a $10/month virtual [private] cloud, with DigitalOcean. Random fact: DigitalOcean is headquartered a few blocks from Infor’s headquarters down the Avenue of the Americas in New York.


There are various cloud hosting service providers for Infor M3 that compete with Infor. Some use cloud computing platforms other than Amazon Web Services. Competition is good to foster innovation, to drive prices down for customers, and to resist vendor lock-in. But it is a tough market as cloud infrastructure is a commodity, and unless those providers can differentiate themselves with a competitive advantage, they will be unable to survive against the utter economies of scale and expertise of Infor and Amazon and their thousands of employees dedicated to the cloud. As a laboratory for learning purposes, however, DigitalOcean or any other cloud platform are sufficient.


The Grid bundled installer is available for internal use only, not for production use. ** Infor M3 only supports Red Hat Enterprise Linux (see the announcement thing), not CentOS. ** I am not revealing any internal information as Infor made the Installation Guide available online, and the rest can be achieved by inductive reasoning as I am doing. ** I will use Cygwin for the Unix tools on my Windows computer.

1. Create Droplet

In this step we will create a droplet in DigitalOcean:

  1. Click Create Droplet, choose the CentOS distribution, and chose the $10/month size, it has the necessary and sufficient amount of memory (in my local virtual machine of 512 Mb RAM the Grid ran fine, but strangely in a droplet of the same 512 Mb RAM there was not enough memory and the Grid kept crashing, so I upgraded to the next bigger size; 1 Gb of RAM is sufficient as we do not need more):
  2. Generate an SSH key pair on your computer, if you do not already have one:

  3. Add your public key to the droplet (copy/paste):
    cat ~/.ssh/

  4. Set the hostname, e.g. droplet2, and click Create:
  5. Get the IP address of your droplet:
  6. SSH into it:
    ssh root@

  7. Create a new user, e.g. thibaud, with administrative privileges (the built-in group wheel is allowed sudo), and switch to it:
    adduser thibaud
    passwd thibaud
    gpasswd -a thibaud wheel
    su thibaud
    cd ~

  8. Setup SSH for that user (I will use the same key setup earlier):
    mkdir ~/.ssh/
    chmod 700 ~/.ssh/
    sudo cp /root/.ssh/authorized_keys .ssh/
    sudo chown thibaud .ssh/authorized_keys
    chmod 600 ~/.ssh/authorized_keys

  9. Disallow SSH as root (uncomment PermitRootLogin, and change it from yes to no):
    sudo vi /etc/ssh/sshd_config
    PermitRootLogin no

    Note: to use vim, move with the cursor until you reach the desired location, press INSERT to enter edit mode, change the text as desired, press ESC to return to command mode, type :wq and press ENTER to write your changes to file and quit.
  10. Restart the SSH service:
    sudo systemctl reload sshd

We now have a droplet ready to use.

2. Preparation

In this step, we will install the JDK, PostgreSQL, and the Grid database, as shown in part 6bis.

  1. Install the JDK:
    sudo yum install java-1.8.0-openjdk-devel

  2. Install PostgreSQL:
    sudo yum install postgresql-server

    sudo postgresql-setup initdb

  3. Setup password authentication (change these two host lines from ident to md5):
    sudo vi /var/lib/pgsql/data/pg_hba.conf

  4. Start PostgreSQL, and enable it on reboot:
    sudo systemctl start postgresql
    sudo systemctl enable postgresql

  5. Change the password of user postgres and create the InforIONGrid database:
    sudo -i -u postgres psql -c "ALTER USER postgres with encrypted password 'password123';"
    sudo -i -u postgres createdb InforIONGrid

  6. Create the user and group for the Grid service:
    sudo groupadd grid
    sudo useradd -g grid grid

The droplet is now ready to install the Grid.

3. Install the Grid

In this step, we will install the Grid in unattended installation mode as shown in part 4bis.

  1. Copy the Grid installer to somewhere in the droplet, e.g. ~/Downloads/:
    mkdir ~/Downloads/
    scp ~/Downloads/installer-1.13.77.jar thibaud@
    ssh thibaud@

  2. Create a template file
    java -jar ~/Downloads/installer-1.13.77.jar -console -options-template ~/Downloads/

  3. Set the following properties (change the IP address and hostname accordingly; use a text editor, e.g. vim):

  4. Install the Grid in silent mode:
    sudo java -jar ~/Downloads/installer-1.13.77.jar -console -options ~/Downloads/

  5. Check the log files if needed.
  6. Ensure all the Grid nodes are listening:
    netstat -an | grep :5000 | grep LISTEN

  7. Verify the Grid status is Started:
    curl http://localhost:50002/status


The result is a usual Grid, on a cloud:


To setup the firewall to block all incoming connections except SSH and Grid https port 50000:

sudo systemctl start firewalld
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-port=50000/tcp
sudo firewall-cmd --reload
sudo systemctl enable firewalld
sudo systemctl status firewalld


The droplet is publicly available on the Internet. At this point you should secure it as per your needs, for example with DMZ and VPN. Here are Infor’s installation topology considerations, recommended installation scenarios, and network topology considerations. To make your cloud private, set it up in a private subnet.


I put it all together in the script on my GitHub.

Future work

  • Install Grid session providers
  • Install GDBC
  • Install Grid applications
  • Grid pentesting
  • Proof-of-concept of Grid database on homomorphic encryption with CryptDB or Microsoft’s Always Encrypted SQL Server


That was an illustration of how to install the Infor ION Grid on a virtual [private] cloud as a laboratory for learning purposes, using DigitalOcean as the cloud provider. The installation is remote with SSH, no graphical user interface.

Related posts

Building an Infor Grid Lab – Part 6bis

More building an Infor ION Grid laboratory for my learning purposes. Today, I will install the Grid on CentOS Linux, a free/libre Linux distribution based on Red Hat which the Grid supports (see previous post).


The Grid bundled installer is available for internal use only, not for production use. Infor M3 only supports Red Hat Enterprise Linux (see announcement thing).


I will user the latest CentOS Linux 7:

1. Install PostgreSQL

Install PostgreSQL (see part 5 and part 6):

sudo yum install postgresql-server
sudo postgresql-setup initdb

Setup password authentication of hosts from ident to md5:


Start and enable PostgreSQL:

systemctl start postgresql
systemctl enable postgresql

Verify the connection and change the password:

sudo -i -u postgres
select version();

2. Create the Grid database

Create the InforIONGrid database and verify:

sudo -i -u postgres
createdb InforIONGrid
psql -d InforIONGrid

3. Install the Grid

Launch the Grid bundled installer and follow the installation wizard (see part 4):

sudo java -jar installer-1.13.77.jar

Create the user and group for the Grid service:

sudo groupadd grid
sudo useradd -g grid grid


The result is a usual Grid, in CentOS:

Future work

  • Install Grid on a virtual private cloud
  • Install Grid session providers
  • Install GDBC
  • Install Grid applications
  • Grid pentesting
  • Proof-of-concept of Grid database on homomorphic encryption with CryptDB or Microsoft’s Always Encrypted SQL Server


That was an illustration of how to install the Infor ION Grid on CentOS, a Red Hat based Linux distribution, for learning purposes.

Related posts

Building an Infor Grid Lab – Part 6

Further building my Infor ION Grid laboratory for learning purposes, today, I will install the Grid on Ubuntu Linux, a Debian-based Linux distribution.


I will use what I learned in part 5 for the PostgreSQL database, in part 4bis for the console installation mode, in part 2 for the manual installation, and in part 3 for the cryptographic key material. And I will install the latest Grid version, on the latest Ubuntu Desktop 16.04.2 with Long Term Support (LTS).

1. Install PostgreSQL

Install PostgreSQL on Linux, verify the connection, and set the password for user postgres:

sudo apt-get update
sudo apt-get install postgresql postgresql-contrib
sudo -i -u postgres

2. Grid installer – FAILED!

The Grid bundled installer (as in part 4bis) throws the following error:

You are installing on an unsupported platform (001)
Console installation FAILED!

Apparently, it is hard-coded to only support Red Hat and Suse, not Ubuntu.

Nonetheless, the Grid is just Java and SQL, so it should work on Ubuntu as well. Let’s try installing it manually instead.

3. Create the database manually

Create the Grid database in PostgreSQL as in part 5, and create the Grid tables as in part 2 with a few changes for the binary data type:

sudo -i -u postgres
createdb InforIONGrid
psql -d InforIONGrid
 GRID varchar(64) NOT NULL,
 TYPE varchar(32) NOT NULL,
 NAME varchar(128) NOT NULL,
 TS numeric(20, 0) NOT NULL,
 DATA bytea NULL,
 SEQID numeric(5, 0) NOT NULL
INSERT INTO GRIDCONF (GRID, TYPE, NAME, TS, DATA, SEQID) VALUES ('InforIONGrid', 'runtime' , 'null', 0, '<?xml version="1.0" ?>
<runtime xmlns="">
 <bindings />
 <sessionProviders /> 
 <routers />
 <contextRoots />
 <propertySettings />
</runtime>', 0);
INSERT INTO GRIDCONF (GRID, TYPE, NAME, TS, DATA, SEQID) VALUES ('InforIONGrid', 'topology' , 'null', 0, '<?xml version="1.0" ?>
<topology xmlns="">
 <host name="localhost" address="" gridAgentPort="50003" />
 <registry host="localhost" port="50004" />
</topology>', 0);

Verify with a JDBC client:

4. Install the Grid manually

Install the Grid manually as in part 2:

Create the file and folder structure, with the JAR files, and JDBC driver:


Create the cryptographic key material as in part 3:

java -cp resources/grid-core.jar:resources/bcprov-jdk16.jar:resources/bcmail-jdk16.jar -create=gridcert -gridname InforIONGrid -gridpassword password123 -gridkeystore secure
java -cp resources/grid-core.jar:resources/bcprov-jdk16.jar:resources/bcmail-jdk16.jar -create=hostcert -gridname InforIONGrid -gridpassword password123 -hostname localhost -gridkeystore secure -hostkeystore secure -role grid-admin -address localhost -address ::1 -address -address -unresolved
java -cp resources/grid-core.jar:resources/bcprov-jdk16.jar:resources/bcmail-jdk16.jar -create=symkey -gridname InforIONGrid -gridkeystore secure -gridpassword password123 -symkeypath secure -hostkeystore secure -hostname localhost

Start the Grid:

java -cp resources/grid-core.jar:resources/bcprov-jdk16.jar:resources/bcmail-jdk16.jar:resources/grid.liquibase.jar:drivers/sqljdbc42.jar:resources/javax.servlet-api.jar:resources/grid.httpclient.jar com.lawson.grid.Startup -registry -configDir . -host localhost -logLevel ALL


The result is a Grid as usual, in Ubuntu:


I put the script on my GitHub. I tested it with a stock Ubuntu Live DVD, and it works like a charm, installing and launching a Grid in less than a minute.


I made a demo here: I boot the stock Ubuntu Live DVD, I download the Grid and the script, I execute the script, it installs the Grid (the minimal version of part 2), and it launches the Grid:


From here, you can finish the rest of part 2 for the Configuration Import & Edit and Topology View, and continue to part 2bis for the Default Router, Developer Session Provider, Administrative Router, Configuration Manager, web user interface, and Grid Agent.

Future work

  • Install Grid on CentOS Linux
  • Install Grid on a virtual private cloud
  • Install Grid session providers
  • Install GDBC
  • Install Grid applications
  • Grid pentesting
  • Proof-of-concept of Grid database on homomorphic encryption with CryptDB or Microsoft’s Always Encrypted SQL Server


That was an illustrated guide on how to install the Infor ION Grid manually on Ubuntu Linux and PostgreSQL, for learning purposes. I had to use everything I learned in this series so far.

That’s it! Thanks for reading until here.

Related posts

Building an Infor Grid Lab – Part 5

To further build my Infor ION Grid laboratory for learning purposes, today I will install the Grid on the PostgreSQL database, on Windows.

Special note

I have a special appreciation for PostgreSQL. It is free/libre software. It is the successor of Postgres which is the successor of Ingres, two pioneering database systems in the heydays of Edgar F. Codd’s relational model. It originated at the University of California at Berkeley, a remarkable institution of computer science, near San Francisco where I live. And Ingres and Postgres were written by professor Michael Stonebraker, who is another recipient of the ACM Turing Award for his extensive contribution to database systems, and whom was my professor in the MIT Big Data course.


The Infor ION Grid bundled installer has built-in support for PostgreSQL (see part 4), but it is for your internal use only, not for production use. Anyhow, Infor M3 only supports EnterpriseDB Postgres Plus Advanced Server (see the announcement thing).

1. Install PostgreSQL

Download PostgreSQL for Windows:

Follow the installation wizard:

Verify it is started and listening:

2. Create the database

Create the Grid database, e.g. InforIONGrid, and verify the connection:

cd C:\Program Files\PostgreSQL\9.6\
createdb --username=postgres InforIONGrid
psql --username postgres -d InforIONGrid

Verify with a JDBC client such as SQuirreL (the Grid bundled installer ships with a PostgreSQL JDBC driver):


You can also verify with pgAdmin:

C:\Program Files\PostgreSQL\9.6\pgAdmin 4\bin\pgAdmin4.exe

3. Install the Grid

Now install the Grid as usual, select PostgreSQL support, enter Schema public:


The result is a Grid as usual, running on the PostgreSQL database:

Future work

  • Install Grid on Linux
  • Install Grid on a virtual private cloud
  • Install Grid session providers
  • Install GDBC
  • Install Grid applications
  • Grid pentesting
  • Proof-of-concept of Grid database on homomorphic encryption with CryptDB or Microsoft’s Always Encrypted SQL Server


That was an illustration of how to install the Infor ION Grid on PostgreSQL on Windows, for learning purposes. The installation is quite intuitive.

Special thanks to the Infor ION Grid team in Sweden for making the Grid available on PostgreSQL.

Related posts

Infor M3 open source platform announcement thing

Let’s talk about the Infor M3 open source platform announcement thing.


In 2015, Infor announced: “The latest Infor M3 solution now features an open source based Linux platform as a deployment choice to reduce total cost of ownership for customers.”

It is admirable to support open source software, so please join us in congratulating Infor.

What about free/libre software?

It would have been more admirable to support free/libre software. The open source movement and the free/libre software movement are related but distinct; freedom is more important than open source.

Supported platform

The following documentation, M3 Core 13.4 Installation Guides Red Hat Linux > M3 Core Installation Planning Guide – RHEL > Introduction and overview > Installation Scenarios > Recommendations, says M3 Core is now available as an option on “Red Hat Enterprise Linux as operating system and Postgres Plus Advanced Server as database […] If the M3 Database Server is installed on Red Hat Enterprise Linux, the Postgres Plus Advanced Server must be used.”

Red Hat Enterprise Linux

Red Hat Enterprise Linux is a commercial product. Its source code is open and provided at no cost, but it is not provided in compiled form. To use it, we have to either buy it or go through the difficult compilation and derivative processes.

As a side note, Red Hat has controversy in the community with their non-free/libre licensing and inclusion of binary blobs [1] and as such is not endorsed by the Free Software Foundation [2].

EnterpriseDB Postgres Plus Advanced Server

EnterpriseDB Postgres Plus Advanced Server is also a commercial product, even though based on the open source PostgreSQL, it is provided at cost, and its source code is not available:

Technical reason?

Besides understandably not being able to support every combination of platform, are there any technical reasons for M3 to HAVE TO use Red Hat Enterprise Linux and EnterpriseDB Postgres Plus Advanced Server, and not Fedora, CentOS, Debian, Ubuntu, Suse, PostgreSQL?

Business collaboration?

Does it have anything to do with Infor’s joint collaboration with Red Hat and EnterpriseDB for Infor LN?

Wasn’t there something similar with the Intentia and IBM alliance [3] [4], where Movex Workplace HAD TO use the Enterprise Edition of IBM WebSphere Application Server for no apparent technical reason?

What about the community?

Infor uses a lot of free/libre software on free/libre licenses such as BSD, GPL and Apache. For example, this is the (not cleaned-up) list of about 100 projects used by one of the components of M3, the Infor Grid:

antlr antlr-runtime aopalliance-repackaged asm asm-commons asm-tree bcmail-jdk16 bcprov-jdk16 commonj.sdo commons-daemon commons-fileupload commons-logging commons-math3 ctivation cxf-api cxf-rt-bindings-soap cxf-rt-bindings-xml cxf-rt-core cxf-rt-databinding-jaxb cxf-rt-databinding-xmlbeans cxf-rt-frontend-jaxws cxf-rt-frontend-simple cxf-rt-management cxf-rt-transports-http cxf-rt-ws-addr cxf-rt-ws-policy cxf-rt-ws-rm cxf-rt-ws-security decision-trees derbyclient drools-compiler drools-core ecj eclipselink ehcache-core geronimo-javamail_1.4_spec groovy-all hk2-api hk2-locator hk2-utils izpack-api izpack-tools jackson-core-asl jackson-jaxrs jackson-mapper-asl jackson-xc javassist javax-websocket-client-impl javax-websocket-server-impl javax.annotation-api javax.el javax.inject javax.persistence javax.servlet-api javax.servlet.jsp javax.servlet.jsp-api javax.servlet.jsp.jstl javax.websocket-api jcommander jersey-client jersey-common jersey-container-servlet jersey-container-servlet-core jersey-core jersey-guava jersey-json jersey-media-json-jackson jersey-media-multipart jersey-multipart jersey-server jersey-servlet jetty-annotations jetty-continuation jetty-http jetty-io jetty-jndi jetty-jsp jetty-plus jetty-schemas jetty-security jetty-server jetty-servlet jetty-servlets jetty-util jetty-webapp jetty-xml jna jna-platform joda-time jsr166 jt400_jdk16 knowledge-api knowledge-internal-api linked-binaries liquibase log-viewer mail maven-shared-utils mimepull mockito-all mvel2 neethi ojalgo ojdbc6 org.apache.taglibs.standard.glassfish org.eclipse.jdt.core osgi-resource-locator postgresql scripting-client slf4j-api slf4j-grid sqljdbc4 stax2-api stringtemplate tasks validation-api websocket-api websocket-client websocket-common websocket-server websocket-servlet windowsjnasecurity woodstox-core-asl wsdl4j wss4j xml-resolver xmlbeans xmlschema-core xmlsec

Does Infor contribute back to the free/libre software community? Individual Infor developers probably contribute to free/libre software with bug fixes and documentation (congratulations). But I have not seen Infor as a company officially sponsor events, fund projects, contribute code, or provide developers to free/libre software. I do not know that they do or that they do not. If you know, please leave me a comment.


It is admirable that Infor provides M3 based on an open source platform as an option, it illustrates Infor’s commitment to the cloud and open platforms. However, the narrative is not clear as the required “open source” platform actually requires commercial products, at cost, that have restrictive licenses, with closed source code, possibly due to a business collaboration. For-profit corporations can choose to be commercial, closed source, and collaborate with partners, to fund product development and to protect intellectual property, but then the narrative should be made clear. Is there a technical reason? Is Infor misappropriating “open source”? Is Infor giving back to the free/libre software community? What do you think? Let me know in the comments below.

Building an Infor Grid Lab – Part 4bis

Continuing from part 4 building an Infor ION Grid laboratory for my learning purposes, today I will do alternative installations using the IzPack console and unattended installation modes. Most probably, you will never need to know any of this, except if you maintain a large cloud environment.


The Grid bundled installer is available publicly as part of the Grid deliverable, but it is for internal use only, not for production use.

Console mode

The Grid installer uses IzPack for the installation wizard, which comes with a text console installation mode, to have a command line interface instead of the graphical user interface:

To use it, create the empty database as usual, start a command prompt as administrator, execute the following command, and answer the prompts:

java -jar installer-1.13.77.jar -console

Refer to the log file if needed. The result is the same as in part 4, with database tables, files and folders, Grid registry, administrative router, user interface, Windows Service, etc.

Unattended mode

Furthermore, IzPack has an unattended installation mode, for a silent install.

To use, create an empty file with the following command:

java -jar installer-1.13.77.jar -console -options-template

Open the resulting file in a text editor, set the desired property values, with the proper escaping where necessary (e.g. install.path=C:\\Infor\\InforIONGrid):

And execute the silent install with the following command, there will be no prompts:

java -jar installer-1.13.77.jar -console -options

The resulting Grid is the same as usual.

Future work

  • Install the Grid on Linux and PostgreSQL
  • Install Grid on a virtual private cloud
  • Install Grid session providers
  • Install GDBC
  • Install Grid applications
  • Penetration testing
  • Proof-of-concept of Grid database on homomorphic encryption with CryptDB or Microsoft’s Always Encrypted SQL Server


That was an illustration of alternative installations of the Infor ION Grid using the IzPack text console installation mode for a command line interface, and the unattended installation mode for a silent install. Most probably, you will never need to know any of this. It shows Infor’s commitment to transition, from graphical user interfaces and customer on-premise installations, to migrating products to a multi-tenant cloud, the new direction.

That’s it! Please like, comment, subscribe, share, participate.

Related posts