Aa 7 3 RL

Alliance Access 7.
Release Letter
This document contains release information for Alliance Access 7.3.
21 September 2018
Alliance Access 7.3 Table of Contents
Release Letter
Table of Contents
Practical Information.........................................................................................................................................4
1 Release Overview.................................................................................................................................... 6
1.1 Enhancements.........................................................................................................................................6
1.2 Other Changes...................................................................................................................................... 13
1.3 Resolved Problems................................................................................................................................14
1.4 Software Distribution..............................................................................................................................14
1.5 Support Duration................................................................................................................................... 15
1.6 System Requirements........................................................................................................................... 15
1.7 Documentation...................................................................................................................................... 19
1.8 Warnings and Known Issues................................................................................................................. 20
2 Installing Alliance Access 7.3.............................................................................................................. 22

2.1 Prerequisites..........................................................................................................................................22
2.2 Alliance Access on AIX, Linux, or Oracle Solaris.................................................................................. 22
2.3 Alliance Access on Windows................................................................................................................. 23
2.4 Alliance Web Platform Server-Embedded............................................................................................. 24
2.5 Fallback Activities.................................................................................................................................. 24
3 Support...................................................................................................................................................25
Appendix A Routing Keyword Extraction and Verifiable Fields................................................................ 26
Appendix B Switch-over Planning for Standards MT................................................................................. 40

B.1 Actions to be Taken Now................................................................................................................................. 40
B.2 Actions to be Taken as Soon as Possible........................................................................................................ 40
B.3 Actions to be Taken Before 17 November 2018...............................................................................................40
B.4 Actions to be Taken on 14, 15, or 16 November 2018 (Last Business Day of the Week)................................40
B.5 Actions to be Taken Before Your First Log In on 18 or 19 November 2018..................................................... 41
B.6 Actions to be Taken after the First Login..........................................................................................................41
Appendix C Standards Switch-over Planning for InterAct Services......................................................... 42

C.1 Actions to be Taken When You Are Notified of a Service Change...................................................................42
C.2 Get Ready for Testing...................................................................................................................................... 42
C.3 Migrate to the New Standards......................................................................................................................... 43
C.4 Wind Down Use of the Old Standards............................................................................................................. 43
21 September 2018 2
Alliance Access 7.3 Table of Contents
Release Letter
C.5 Stop Using the Old Standard........................................................................................................................... 44
Legal Notices................................................................................................................................................... 45
21 September 2018 3
Alliance Access 7.3 Practical Information
Release Letter
Practical Information
Installation type Optional
Customer installation path For Alliance Access:
7.3
For Alliance Web Platform Server-Embedded GUI packages:
7.3
Customer upgrade paths For Alliance Access:
Release 7.2 - [7.2.10] - [Security Update 2018-02] - [Security Update

2018-05] - [7.2.50] - [Security Update 2018-08] - 7.3
or
Release 7.1.40 - [7.1.43] - [Security Update 2018-02]- [Security

Update 2018-05] - [Security Update 2018-08] - 7.3
For Alliance Access GUI packages (on Alliance Web Platform

Server-Embedded):
Release 7.2 - [7.2.10] - [7.2.50] - 7.3
or
Release 7.1.40 - 7.3
Operating system requirements For AIX, Oracle Solaris, and Windows, same as Alliance Access 7.2
For Red Hat Enterprise Linux, 7.4 is required before installing

Alliance Access 7.3.
See System Requirements on page 15.
Software support lifetime Alliance Access 7.3 as a release will be supported until the end of
April 2021.
This delivery, Alliance Access 7.3.00, will be supported until the 2019
standards update becomes mandatory in November 2019.
Product dependencies This release has dependencies on other products:
• Alliance Web Platform Server-Embedded 7.3

• Alliance Gateway 7.2 or higher
• Alliance Gateway 7.3 or higher, when using Personal Token-
based authentication
See also SWIFTNet Requirements on page 17 and Other

Requirements on page 18.
For more information about product compatibility, see Knowledge

Base tip 5022764.
21 September 2018 4
Alliance Access 7.3 Practical Information
Release Letter
Digest value
The SHA-256 digest values of the software packages associated
with this release letter are:
• Alliance Access:
- AIX:
be80978dc0071a30a77ee55b10f764053caa903042c81
3f298b5a4efce1a5e7c
- Linux:
29d98311c3a2d72ed27ab7498265d7bf0d4c951123040
e7c6c6afa0d1e74102b
- Oracle Solaris:
43984b16e53a04207b557e0967b1322a8307019f05817
456d5c928bd28c34718
- Windows:
519210ff35b9735e04a275c26b09827cdd774ca493f04
63046dc125747755022
• Embedded database:
- AIX:
499309950f06a1a3105a37796de3f305d3db6dcf5c6c5
db258e3a17dde5b155a
- Linux:
c621f49e8cdf52232160dc76a84526ed9f8b93666a88c
5d360556d8126c4ff3c
- Oracle Solaris:
932df023b7f8b564fcf855862d1e11c5490766c5e84d8
bb221faf6f5280bd390
- Windows:
f0611120d5ee12ac82defad95b5f57e7489be48c452e4
65285f6ffee478ecec8
For more information about the security mechanism used for this
validation, see Knowledge Base tip 5021288.
Purpose of this Document

This document contains release information for Alliance Access 7.3 (including Alliance Web
Platform GUI packages). Alliance Access 7.3 introduces new security features and supports the
Standards MT November 2018 release that will be effective as of 18 November 2018, the
scheduled release date of FIN. This document is intended for the system administrators of the
Alliance Access systems. It clarifies the changes in this update, the product dependencies,
installation instructions, and last minute information.
First read this Release Letter, and then use the other documentation provided for more detailed
information.
For a complete list of documents, see section Documentation on page 19.
The problems resolved in this update can be found in Resolved Problems on page 14.
21 September 2018 5
Alliance Access 7.3 Release Overview
Release Letter
1 Release Overview
Alliance Access 7.3 is a minor update containing the following enhancements, features, and
functionalities.
• updates for Standards MT November 2018
• automatic addition of UETR on MT 103, MT 202, and MT 205
• SWIFT gpi adoption made easier
• new operator authentication methods
• AES-GCM for Direct FileAct
• AES-GCM for FileTransfer
• CREST over SWIFTNet enhancements
• monitoring session changes
• absolute session timeout
• Security Best Practices tool updated
• automatic software update check
• enhancements to support SWIFT CA renewal
See Knowledge Base tip 5022617 for a detailed list of all functional enhancements addressed in
this release.
Alliance Access 7.3 includes all changes introduced since release 7.2.00:
• Alliance Access 7.2.10 (December 2017)
• Security Update 2018-02 (February 2018)
• Security Update 2018-05 (May 2018)
• Alliance Access 7.2.50 (July 2018)
• Security Update 2018-08 (September 2018)
1.1 Enhancements
1.1.1 Updates for Standards MT November 2018

Alliance Access 7.3 introduces the Standards MT November 2018 and implements all required
changes to support the new Standards. For more information, see the Standards page on
www.swift.com.
Note As Standards MT 2018 contains new messages, it is important to load an ASP file
from June 2018 or later to make sure that the correct messages carry authentication.
21 September 2018 6
Release Letter
1.1.2 Automatic Addition of UETR on MT 103, MT 202, and MT

205
As described in the Standards MT Release 2018 specifications, the UETR (Unique End-to-end
Transaction Reference) header field (121) in block 3, will be mandatory for the following message
types:
• MT 103
• MT 103 REMIT
• MT 103 STP
• MT 202
• MT 202 COV
• MT 205
• MT 205 COV
This applies to all users, including non-SWIFT gpi participants.
Automatic generation of the UETR

Alliance Access has been enhanced to automatically generate the UETR for messages that are
created without that 121 header field, and where the field is mandatory. A random UETR will be
added to the messages created manually or through STP at the time the messages are saved in
the database if they do not contain the header field 121.
This behaviour can be disabled using the BSS configuration parameter Message - Auto-generate
UETR.
MT 202 COV reconciliation with MT 103 for payment initiators (optional)

The Standards MT Release 2018 specifies that the UETR in an MT 202 COV message must be the
same as the related MT103.
To ease the adoption of this rule, Alliance Access has some basic reconciliation logic for MT202
COV messages created without a UETR. This can be activated via a configuration parameter.
With the MT 103 look-up parameter activated, when an MT202 COV without UETR is saved in the
database (whether manually entered or through STP), Alliance Access will search for a matching
MT103 message. This will be based on the sender BIC and the transaction reference (field 20). If a
matching MT 103 is found, Alliance Access will populate the UETR field in the MT202.COV with the
same value as found in the MT 103. If no message is found, or if multiple ones match the criteria,
the MT202.COV will be routed to the _MP_mod_text queue for manual intervention/repair.
In order for this feature to work correctly, it is important that:
• Standards usage guidelines for field 20/21 are correctly used in the MT103 and MT 202 COV
messages as the reconciliation with the MT103 will be done based on field 20 field as well as on
the BIC.
• the value of field 20 in the MT 103 must be unique and quoted unchanged in field 21 of the
related MT 202 COV.
• the MT 202 COV messages are sent systematically after the MT 103.
• you are using a single Alliance Access instance.
• the MT 103 messages are not archived before the reconciliation occurs.
If these conditions are not respected with the reconciliation option activated, many messages may
be routed to the _MP_mod_text queue, generating significant manual work.
21 September 2018 7
Release Letter
It is therefore important to assess whether this feature is useful in the way you handle these
messages.
Note When message partners are set to No Validation, the MT 103 look-up feature for the
MT 202 COV will not work, and the MT 202 COV will be sent to the network without
UETR. The No Validation feature must only be used when you are sure that the back-
office provides valid messages in all cases.
Protecting back-offices that are not ready to receive

Message Partner configuration allows you to control the reception of the UETR by back-office.
This can be done by setting the Transfer UETR parameter. This feature does not exist for XMLv2
based message partners.
In addition, a new routing keyword has been added to allow routing decisions based on the
presence or absence of a UETR.
Impact on IPLA Custom Code

When IPLA Custom Code is used for the processing of FIN messages, for which Field 121 (UETR)
became mandatory, the auto-generation of UETR done by Alliance Access cannot be used in some
cases and changes to custom code will be necessary. Without these modifications, the processing
of the affected FIN messages might fail. If you have Custom Code delivered by SWIFT, please
request an assessment by logging a support case via swift.com
Additional details
Knowledge Base tip 5022378 provides more information regarding the impact of the UETR on
Alliance Access.
For more information, see "UETR and SLA ID Fields in Alliance Access" in the Configuration Guide
or Message Management Guide.
1.1.3 SWIFT gpi Adoption Made Easier

The speed at which an institution can adopt SWIFT gpi is typically dependent on the speed at
which back office applications can be adapted to add field 111 (Service Type Identifier) and field
121 (UETR) into block 3.
In order to allow institutions wishing to join SWIFT gpi as an Instructing Agent only (that is, not
forwarding payments), Alliance Access offers a new feature to automatically add, for a specific BIC,
the Service Type Identifier in field 111 for every MT 103 and MT 202 COV. This feature is enabled
by the configuration parameter Message: Auto-generate SLA ID. This helps banks in the role of
Instructing Agent to become a SWIFT gpi member very fast without the need to change the back-
office to add UETR and Service Type Identifier immediately. Banks in this case should, however,
enhance their back-office to create the UETR and Service Type Identifier at their earliest
convenience, to take the full benefits from the SWIFT gpi service.
Banks joining SWIFT gpi in another role (that is, as an Intermediary Agent) will, however, have to
implement additional changes in the back-office as of the start. Typically, after receiving an MT 103,
MT 202 COV, MT 205 COV where they act as an intermediary bank, they will have to use the same
UETR in the forwarded MT 103 and (if applicable) MT 202 COV and MT 205 COV. Alliance Access
does not provide such features.
Adding the field 111 configuration option must only be used by gpi member banks and BICs that
are configured in the gpi Closed User Group. Use of this option by non-gpi member banks will
result in the messages being NAKed due to the presence of field 111.
For more information, see "UETR and SLA ID Fields in Alliance Access" in the Configuration
Guide.
21 September 2018 8
Release Letter
1.1.4 Additional Operator Authentication Methods

Credential theft is the first step of almost all attempts to compromise a system. That is why the
SWIFT Customer Security Controls Framework puts multi-factor authentication as a mandatory
control (control 4.2).
With release 7.3, SWIFT extends the options that you have to provide multi-factor authentication to
your operators.
With release 7.3, the following additional authentication types are available:
• using a SWIFT-provided personal token
• using your own identity provider (IDP) server based on the SAML protocol
1.1.4.1 SWIFT Personal Token

Alliance Access 7.3 introduces personal token authentication for operators using the Alliance
Access GUIs in Alliance Web Platform Server-Embedded 7.3.
The SWIFT personal token is a small USB-based hardware device that an operator can use to
authenticate access to Alliance Access. Each token stores a PKI certificate identifying the operator
through a Distinguished Name (DN) assigned by your SWIFTNet security officers.
The tokens can be ordered from SWIFT in a pack of 10 units. The SWIFTNet security officers
create a PKI certificate for each operator. The certificate issued by the SWIFT Certification
Authority is stored on the token and the operator sets a password to protect access to it. Access to
the certificate requires possession of the token and knowledge of the associated password,
therefore providing multi-factor authentication.
The benefit of this type of multi-factor authentication is that the solution is entirely provided by
SWIFT. With a SWIFT personal token, you do not need any other user devices or to deploy and
manage any specific infrastructure. Personal token, unlike TOTP, LDAP, or RADIUS, does not
require use of a smart phone or authentication server.
With a SWIFT personal token, your SWIFTNet security officers have the control over the
assignment of the PKI certificate stored on the token to each operator. If required, they can revoke
all accesses for a particular operator in a single action, through the SWIFTNet Online Operations
Manager, based on the Certificate Revocation List check embedded in the Alliance applications.
Customers already using SWIFT-provided personal tokens for other SWIFT applications, such as
Sanctions Screening, can re-use the same tokens for GUI access to the Alliance products.
If you want to use a SWIFT personal token to login to Alliance Access, then the Alliance Access 7.3
GUI packages must be deployed on Alliance Web Platform Server-Embedded 7.3. SWIFTNet Link
also needs to be upgraded to 7.3. Personal token authentication is not supported when using
Alliance Remote Gateway.
Note SWIFT CA root key renewal will occur in January 2020 and the personal tokens that
will be provisioned and activated after the root key renewal will have a certificate
issued by the new root key. Release 7.3 supports personal token certificates that are
issued either by the current CA or by the future CA.
For general information about the personal tokens, see swift.com. A range of videos is also
available from Knowledge Base tip 5022495.
For more information, see "SWIFT Personal Token Authentication" in the Configuration Guide.
21 September 2018 9
Release Letter
1.1.4.2 Using Identity Provider Systems (SAML 2.0)

Alliance Access 7.3 introduces identity provider authentication for operators using the Alliance
Access GUIs on Alliance Web Platform Server-Embedded 7.3.
The benefit of identity provider authentication is that you can fully out-source the authentication of
Alliance Access GUI operators to a centrally managed identity and access management system,
on which you can use your own multi-factor authentication methods. Credentials are managed on
the identity provider system, with full flexibility on the number and type of authentication
technologies that can be used, compared to those natively supported by Alliance Access.
This model uses the latest identity federation technology, offering users a single sign-on access to
all their applications with the same credential.
If you want to use identity provider authentication to login to Alliance Access, then the Alliance
Access 7.3 GUI packages must be deployed on Alliance Web Platform Server-Embedded 7.3.
Personal token authentication is not supported when using Alliance Remote Gateway.
For more information, see "Configure Identity Provider Authentication" in the Configuration Guide
and "User Management" in the Security Guide.
1.1.5 AES-GCM for Direct FileAct

Direct FileAct is a connection method that is supported in Alliance Access since Release 7.0. Due
to its design, where you drop the payload in a directory, and configure everything through a
message partner, it was deemed impossible to secure this type of flow farther than relying on the
directory permissions.
As from Alliance Access Release 7.3, Direct FileAct flows between Alliance Access and the back
office can be secured using symmetric bidirectional authentication and the cryptographic standard
AES256-GCM.
Alliance Access with Direct FileAct using AES256-GCM covers not only Authenticity and Integrity of
the data, but also confidentiality as the data is encrypted.
With this, SWIFT continues to harden Alliance Access and enable customers to maintain their
systems to a high level of protection. Extending current LAU capabilities with AES256-GCM is part
of the strategic security evolution roadmap to increase end-to-end transaction protection, and also
ease its adoption by customers, due to the nature of the solution involving a fully standard protocol.
In order to facilitate the integration at the back-office side that creates the file, Alliance Access
provides both C and Java-based sample code as reference for back office implementation, which
can be found in the following location %ALLIANCE%\MXS\code_samples\AesGcm (on Windows)
$ALLIANCE/MXS/code_samples/AesGcm (on UNIX/Linux).
For more information, see "Message Partner Details Window: Configuration Tab" in the Monitoring
Guide and "Connection Methods" in the Configuration Guide.
1.1.6 AES-GCM for File Transfer

File Transfer is a connection method defined on Message Partners. As of Alliance Access Release
7.3, this is enhanced to support symmetric bidirectional authentication between the back office
application and Alliance Access, protected with the cryptographic standard AES256-GCM.
Use of the FileTransfer connection method with Cryptographic standard AES256-GCM is a step
forward to extend current Local Authentification (LAU) capabilities in Alliance Access.
In order to facilitate the integration at the back-office side that creates the file, Alliance Access
provides sample code as reference for back office implementation, which can be found in the
21 September 2018 10
Release Letter
following location %ALLIANCE%\MXS\code_samples\AesGcm (on Windows) $ALLIANCE/MXS/

code_samples/AesGcm (On UNIX/Linux).
For more information, see "Message Partner Details Window: Configuration Tab" in the Monitoring
Guide and "Connection Methods" in the Configuration Guide.
1.1.7 CREST over SWIFTNet

Alliance Access 7.3 includes the following enhancements for CREST over SWIFTNet customers:
New interface for IBM MQ

Alliance Access 7.3 introduces a new connection method: CRnet MQ Interface (CRMI). As of
Alliance Access 7.3, the following connection methods are supported: CRnet File Interface (CRFI),
CRnet Programming Interface (CRPI), and CRnet MQ Interface (CRMI). The new MQ Interface
allows the back-office to send and receive CREST traffic using IBM MQ.
The operator which will be used to exchange CREST data through the CRMI application has to
have the CRnet File Transfer role.
For more information, see the Customer Application Integration Guide (AIX, Linux, and Oracle
Solaris or Windows).
CRMI applications can be configured in the CREST application GUI. Please refer to the
Configuration Guide which explains the different parameters. New entitlement and permissions are
added to control which operators can perform the different actions in the CRMI application. CRMI
entitlements and permissions are not automatically granted to existing operators.
For more information, see the Security Guide.
Local authentication on CRnet applications

Local Authentication can now be enabled on CRnet applications (CRFI, CRPI, CRMI). This allows
for message authentication between the back-office application and Alliance Access. The HMAC-
SHA256 type of checksum is supported.
For more information, see the Configuration Guide and Security Guide.
Command line CRnet commands

Many of the CRnet commands are now available on the command line, for UNIX and RHEL
platforms.
This allows to execute scripts, for instance to start and stop CRnet or to list the active CREST GUI
connections. The script must be run as the Alliance Access administrative user.
For more information, see the Customer Application Integration Guide.
Enabling and disabling the CREST applications

As of Alliance Access 7.3 it is possible to Enable/Disable the CREST applications (CRFI, CRPI,
and CRMI).
When an application is disabled, no CREST traffic is allowed. The CRnet component will not
handle traffic to and from the back-office any longer.
The Hold/Release application queue capability remains available. When an application queue is on
status Held and the application is Enabled, the CRnet component will continue to receive traffic
from the back-office that will remain queued in Alliance Access and will not be transmitted to
CREST.
For more information, see the Configuration Guide and Security Guide.
Release Letter
4 eyes mechanism support for CRnet applications (CRFI, CRPI, CRMI)

During the migration to 7.3, the Enable and Disable permissions are automatically assigned to the
operator profile having the Configure permissions (valid for CRFI and CRPI).
With 7.3, the CREST applications are created as disabled. Once an operator has created a CREST
application, a different operator is required to enable it.
Similarly, to remove the CREST application requires the action of two different operators: one to
disable the CREST application and a different one to remove it.
Applications need to be disabled before they can be updated. Once updated, a different operator is
required to re-enable the application.
The 4 eyes mechanism is activated by default, and allows the implementation of stricter change
control.
For more information, see the Configuration Guide.
1.1.8 Monitoring Session Changes

As of Release 7.3, monitoring becomes single-instance. An operator will only be able to monitor the
Alliance Access upon which they have logged-in (same as Message Management, Configuration,
and Relationship Management).
Monitoring multiple Alliance Access instances in parallel remains available through the Alliance
Web Platform Server-Embedded feature “Make new Connection”. This feature allows, from the
monitoring application instance A to log on to instance B. One single tree view instance status
result will be displayed at the time.
With Release 7.3, the Monitoring application times out in the same way as the other GUI
applications. This to prevent malicious abuse of sessions that stay open too long without human
interaction.
For more information, see "Getting Started with Alliance Access Monitoring" in the Monitoring
Guide.
1.1.9 Absolute Session Timeout

Alliance Access provides configuration possibilities to control when an operator is allowed to log on.
It also provides the Inactivity Session Timeout security parameter to define how long an
unused session can stay open.
In order to give you more flexibility to harden your environment, Alliance Access 7.3 introduces an
Absolute Session Timeout value in a security parameter. Absolute Session Timeout
mandates that the operator re-authenticates itself after a defined period of time (even if the
operator is active).
For more information, see "Sign Off" in the Configuration Guide or Security Guide.
1.1.10 Security Best Practice Check Tool Enhancements

The Security Best Practice Check Tool has been updated to align it with the Alliance Security
Guidance (January 2018).
As of release 7.3 the report created by the Security Best Practice Check Tool mentions the version
of the Alliance Security Guidance document that it refers to.
Release Letter
Release 7.3 inludes the following additional checks:

• A user must not use just the password as the only type of authentication.
• The software files that can be modified by other OS users other than the Alliance Access
software owner.
• A Message Partner configured with Direct FileAct must be configured with LAU.
For more information, see the Administration Guide for AIX, Linux, Oracle Solaris, or Windows.
1.1.11 Software Update Check

Keeping all systems deployed at your premises up-to-date can be a challenging task. Your system
administrators are not always subscribed to the appropriate SWIFT communication channels to be
aware of new updates and end-of-support dates. Using only supported software is a critical step in
keeping your systems well protected. That is why the SWIFT Customer Security Controls
Framework has mandatory control 2.2 on using only supported software.
To help system administrators with this task, SWIFTNet and Alliance products check how the
current update level matches with mandatory updates or more recent updates for product software
as well as related security updates.
For more information, see the section "Software Update Check" in the Security Guide.
1.1.12 Support for SWIFT CA Root Key Renewal

The SWIFTNet Certification Authority (CA) processes all customer requests to issue PKI
certificates under the customer's responsibility. SWIFT plans to renew the root key for the
SWIFTNet CA during the month of June 2019, after which the renewed root CA certificate will be
made available for distribution and the renewed root key will be activated in Jan 2020.
SWIFTNet and Alliance products on release 7.3 supports certificates that are issued either by the
current CA or by the future CA.
Alliance Access uses the root key if you are using Alliance Remote Gateway and Personal Tokens.
1.2 Other Changes

See Knowledge Base tip 5022617 for additonal changes in Alliance Access 7.3.
1.2.1 Archive Conversion Tool

A new version of the Archive Conversion Tool is provided for Alliance Access 7.3.
The installation media of Alliance Access 7.3 includes executables to install Archive Conversion
Tool 7.3. The file names are:
• act-install (Unix)
• act-install.exe (Windows)
Note Previous versions of the Archive Conversion Tool are not compatible with Alliance
Access 7.3 and must be removed before installing the new version.
Archive backups converted with Archive Conversion Tool 7.2 are readable by Alliance
Access 7.3.
Release Letter
For installation instructions, please consult the appropriate version of the Installation Guide (AIX,
Oracle Solaris, Linux, or Windows).
1.3 Resolved Problems

See Knowledge Base tip 5022615 for a detailed list of all change requests addressed in this
update.
Significant fixes
CR number Tip Number Description
50009927 5022027 Routing keyword not validated before adding record.
50016211 5022432 CREST over SWIFTNet
Automatic LAU key renewal for CRnet component.
50017677 - CREST over SWIFTNet
User password change enforcement.
1.4 Software Distribution

This Release of Alliance Access is available on the Download Centre on www.swift.com.
From the Download Centre, the following is required:
• a .tar or .zip file (Access7300_AIX64.tar, Access7300_RHEL.tar, Access7300_SunOS64.tar,
Access7300_win64.zip) containing the following:
- Alliance Access 7.3 software bundle
Note Security Update 2018-08 is included and will be automatically installed if not
already present when upgrading from 7.2.00, 7.2.10, or 7.2.50.
- Alliance Access 7.3 GUI package
• a .tar or .zip file (EmbeddedDatabaseFootprint7300_AIX.tar,
EmbeddedDatabaseFootprint7300_RHEL.tar, EmbeddedDatabaseFootprint7300_SunOS.tar,
EmbeddedDatabaseFootprint7300_win64.zip) containing the Oracle embedded database file
Note This file is only required for a new installation of Alliance Access or the Archive
Conversion tool or migrating from another system. It does not need to be
downloaded if upgrading from 7.2.00, 7.2.10, or 7.2.50 or when using the Hosted
Database setup.
CREST components
The software for the CRnet Programming Interface (CRPI), Network Security Layer (NSL), and
Tuxedo are available on the Download Centre on www.swift.com as separate packages.
Release Letter
1.4.1 Validating Downloads from the SWIFT Download Centre

For all software products that are available for download on the SWIFT Download Centre, SWIFT
publishes security information that allows customers to verify the data integrity of the downloaded
product.
For more information about the security mechanism used for this validation, see Knowledge Base
tip 5021288.
1.5 Support Duration

Alliance Access 7.3 as a release will be supported until the end of April 2021.
This delivery, Alliance Access 7.3.00, will be supported until the 2019 standards update becomes
mandatory in November 2019.
1.6 System Requirements
1.6.1 Operating System Requirements
1.6.1.1 Alliance Access

Operating system (OS) versions
Release 7.3 software has been qualified using the English language version of the following
operating systems:
Operating system Support version
AIX AIX v7.2 with TL01 and SP01. TL01 can be installed after the base AIX
v7.2 installation. SP01 must be installed after the TL01 installation.
Linux Red Hat Enterprise Linux 7.4
Oracle Solaris Oracle Solaris 11.3.7.5.0
Windows Windows Server 2016 Standard Edition (Server with Desktop Experience)
SWIFT provides support for higher versions of these operating systems, as outlined in the
knowledge base tip, Can you install SWIFT products on Operating System or third-party software
versions that are different from those on which they have been qualified? (1212959).
For an upgrade of Alliance Access 7.2 on RHEL 7.2 to Alliance Access 7.3 on RHEL 7.4, the
upgrade path is to first upgrade RHEL 7.2 to RHEL 7.4, followed by the upgrade of Alliance Access
7.2 to Alliance Access 7.3. The RHEL upgrade and the Alliance Access upgrade can be done on
different days, because Alliance Access 7.2 is supported with RHEL 7.4.
For information on changing operating systems, see how to migrate the database to a different
operating system in the Installation Guide for AIX, Linux, Oracle Solaris, or Windows.
Release Letter
For information on moving to a different version of an operating system, see the Installation Guide
for AIX, Linux, Oracle Solaris, or Windows.
For more information, see the OS Levels and Patches Baseline, dated September 2018.
Hardening supported operating system

SWIFT requires hardening of your operating system. For more information, see Information for
Hardening Supported Operating Systems.
1.6.1.2 IBM MQ
If you want to use the MQ Host Adapter or CREST CRMI interface integrated in Alliance Access
7.3, then the following IBM MQ client software version must be installed:
• IBM MQ Client 8.0.0.6 or higher (for AIX, RHEL, and Oracle Solaris)
• IBM MQ Client 8.0.0.8 or higher (for Windows 2016 Server)
1.6.1.3 LDAP Packages

Client LDAP packages are required if you want to use the LDAP functionality.
Please refer to the OS Levels and Patches Baseline document, dated August 2018, for the list of
necessary packages.
1.6.1.4 More information

Please consult the following:
• OS Levels and Patches Baseline, dated September 2018
• Alliance Product Family - Compatibility Matrix
• Release 7.3 Migration Guide for SWIFTNet Link and Alliance Products (Knowledge Base tip
5022675).
1.6.2 Web Browsers
Web browsers
Release 7.3 software has been qualified using the English language version of the following
browsers:
• Internet Explorer 11
• Firefox ESR 52.6
• Microsoft Edge 41
• Chrome 63
Release Letter
Browsers must be running on Windows operating system and must be configured with TLS 1.2
enabled. Release 7.3 GUI has been qualified using the English language version of the following
operating systems and browsers:
Windows version Web browser Browser version
Windows 7 Professional, 32-bit Internet Explorer 11 32-bit or 64-bit

or 64-bit (client)
Firefox ESR 52.6 32-bit or 64-bit
Windows 10 Enterprise, 64-bit Internet Explorer 11 32-bit or 64-bit

(client)
Firefox ESR 52.6 32-bit or 64-bit
Microsoft Edge 41 only in 64-bit
Chrome 63 only in 64-bit
SWIFT provides support for higher versions of these web browsers, as outlined in the Knowledge
Base tip, Can you install SWIFT products on Operating System or third-party software versions that
are different from those on which they have been qualified? (1212959).
Web browser versions when using personal tokens for user authentication
When using personal tokens only the following browsers can be used:
• Internet Explorer 11 32-bit or 64-bit
• Firefox ESR 52.6 32-bit or 64-bit
1.6.3 Memory Requirements

The memory requirements for Alliance Access 7.3 are the same as for Alliance Access 7.2, and are
available on the Release 7.2 hardware reference page on swift.com.
On UNIX and Linux, the system should be configured to have at least 8 GB of swap space before
you start an installation or upgrade for Alliance Access 7.3.
1.6.4 System Requirements on UNIX and Linux

Same as Alliance Access 7.2.
1.6.5 SWIFTNet Requirements

Alliance Access 7.3 has the following SWIFTNet requirements:
• Alliance Web Platform Server-Embedded 7.3
• Alliance Access connects to SWIFTNet through Alliance Gateway 7.2 (or higher) using relaxed
mode.
• In order to use the SWIFT personal token for authentication, SWIFTNet Link 7.3, Alliance
Gateway 7.3, and Alliance Web Platform Server-Embedded 7.3 are required.
1.6.6 Alliance Requirements
Release Letter
1.6.6.1 GUI packages on Alliance Web Platform Server-Embedded

Alliance Access 7.3 has been qualified using the Alliance Access 7.3 GUI package deployed on
Alliance Web Platform Server-Embedded 7.3.
Note The Alliance Access 7.3 GUI packages are not compatible with earlier versions of
Alliance Web Platform Server-Embedded.
The Alliance Access 7.2 GUI packages are not compatible with Alliance Access 7.3.
The Alliance Web Platform Server-Embedded 7.3 is compatible with Alliance Access
7.2 GUI packages to connect to Alliance Access 7.2.
The packages have been qualified using the following operating systems and browsers:
• Microsoft Edge 41
• Google Chrome 63
• Microsoft Internet Explorer 11
• Mozilla Firefox ESR 52.6
1.6.7 Other Requirements
1.6.7.1 Network Time Protocol Server

Usage of an NTP (Network Time Protocol) server is recommended when using time-based one-
time passwords. This allows a minimal time drift between the server and the client authenticator
applications.
When using an NTP server, it must be configured in slew mode to ensure that the time stays
monotonic.
For more information, see Knowledge Base tip 5017825.
1.6.7.2 NTFS Compression and Encryption (Windows)

Alliance Access cannot be installed in a folder or drive with NTFS compression or encryption
enabled.
1.6.7.3 File System Type for High-throughput Systems (AIX)

On the AIX platform, the file system(s) for Alliance Access must be jfs2 (and not jfs with large file
option) on high-throughput systems.
1.6.7.4 Software from Oracle for Hosted Database Option

The installation of Alliance Access 7.3 with the hosted database option requires an Oracle
database with one of the following versions:
• Oracle 12.1, or higher
1.6.7.5 Alliance Access and Network Drives

SWIFT has not qualified Alliance Access/Gateway/Web Platform Server-Embedded whereby
software or database files reside on an NFS-mounted or mapped network drive.
Release Letter
See Knowledge Base tip 5020267 for for more detail.
1.6.7.6 CREST over SWIFTNet

When using Alliance Access for the CREST service it is required to deploy Oracle Tuxedo on the
same system.
Alliance Access 7.3 for CREST has the following requirements:
• Tuxedo 12cR2 must be installed together with patch RP098 or higher. The patch is available
from the Download Centre on www.swift.com.
• When using the new MQ interface, IBM MQ Client 8.0.0.8 (or higher) must be installed.
• CRnet File Interface (CRFI), CRnet MQ Interface (CRMI), and CRnet Programming Interface
(CRPI): local authentication (LAU) between the back-office application and Alliance Access can
now be configured.
• CRPI 7.2 and NSL 7.2 can connect to Alliance Access 7.3.
• After upgrading Alliance Access, validate the configuration in the CRnet GUI and start the
CRnet component to ensure that the system is fully operational.
• Verify that the message partners which will be used to exchange CREST data through the
CRPI, CRFI and CRMI applications are enabled.
1.6.7.7 Supported Encryption Algorithms in TLS, SOAP and IPLA IBM MQ

All TCP/IP connections use TLS version 1.2. These are the supported cryptographic algorithms:
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
1.7 Documentation
The complete Alliance Access 7.3 documentation set is available on Documentation (User
Handbook) A-Z on www.swift.com.
The following documents have been updated to describe additional functionality and change
requests addressed in Alliance Access 7.3:
• Alliance Access Administration Guide - AIX
• Alliance Access Administration Guide - Linux
• Alliance Access Administration Guide - Oracle Solaris
• Alliance Access Administration Guide - Windows
• Alliance Access Configuration Guide
• Developers Toolkit for Alliance Access Developer Guide
• Alliance Access Installation Guide - AIX
• Alliance Access Installation Guide - Linux
• Alliance Access Installation Guide - Oracle Solaris
• Alliance Access Installation Guide - Windows
• Alliance Access Message Management Guide
• Alliance Access Monitoring Guide
Release Letter
• Alliance Access Relationship Management Guide

• Alliance Access Security Guide
• Alliance Security Guidance
• Alliance Access T2S Web Services Developer Guide
• Alliance Access Web Services Developer Guide
• ADK GUI REST API Developer Guide (limited distribution)
• IBM PowerHA SystemMirror Standard Edition - Installation and User Guide - AIX
This document is licence restricted and can be requested from customer support by customers
who have the 11:DUAL HARDWARE option in their licence sheet.
Documentation for CREST over SWIFTNet Users

The following guides are specifically for CREST over SWIFTNet users:
• CREST over SWIFTNet Customer Application Integration Guide - UNIX and Linux
• CREST over SWIFTNet Customer Application Integration Guide - Windows
1.8 Warnings and Known Issues

See Knowledge Base tip 5022613 for the latest detailed list of all warnings and known issues with
Release 7.3.
1.8.1 Changes to File Locations for CREST over SWIFTNet

Prior to Alliance Access 7.3, the location of the log files was different between UNIX and Windows.
All the log files are now located under CRS/log and all the configuration files under CRS/data.
When CRnet is first started after installation, the log and configuration files are migrated to the new
locations and naming conventions.
The following table shows the old (prior to Alliance Access 7.3) and new locations (as of Alliance
Access 7.3) and the old and new names. (U) stands for UNIX/Linux and (W) for Windows.
File Old location Old name New location New name
CRNet log file (U) /tmp U:CRNET.log (U) CRNet.log

$ALLIANCE/CRS
(W) %TEMP% W:CRNET.LOG
/log
(W) %ALLIANCE%
\CRS\log
Tuxedo ULOG file (U) /tmp log.mmddyy (U) ulog.mmddyy

$ALLIANCE/CRS
(W) W:%TEMP%
/log
(W) %ALLIANCE%
\CRS\log
Release Letter
File Old location Old name New location New name
Tuxedo ALOG file (U) access.mmddyy (U) alog.mmddyy

$ALLIANCE/CRS $ALLIANCE/CRS
/bin/$ARCH /log
(W) %ALLIANCE% (W) %ALLIANCE%
\CRS\bin \CRS\log
\win64
CRFI log file (U) $ALLIANCE/ LOGFILE_yymmd (U) CRFI_log.mmdd

CRFI/log d.DAT $ALLIANCE/CRS yy
/log
(W) %ALLIANCE%
\CRFI\log (W) %ALLIANCE%
\CRS\log
CRMI log file - - (U) CRMI_log.mmdd

$ALLIANCE/CRS yy
/log
(W) %ALLIANCE%
\CRS\log
CRFI configuration (U) $ALLIANCE/ CONFIG.DAT (U) CRFI_config

file CRFI/data/ $ALLIANCE/CRS
$ARCH /data/$ARCH
(W) %ALLIANCE% (W) %ALLIANCE%
\CRS\data \CRS\data
\win64 \win64
CRMI - - (U) CRMI_config

configuration file $ALLIANCE/CRS
/data/$ARCH
(W) %ALLIANCE%
\CRS\data
\win64
Alliance Access 7.3 Installing Alliance Access 7.3
Release Letter
2 Installing Alliance Access 7.3

Alliance Access 7.3 can be installed as follows:
• As an upgrade for Alliance Access 7.2 (7.2.00, 7.2.10, or 7.2.50)
See the following sections for instructions.
• As a migration from Alliance Access 7.1 (7.1.40 or higher)
Refer to the appropriate version of the Installation Guide (AIX, Linux, Oracle Solaris, Windows)
for detailed instructions to guide through the migration to Alliance Access 7.3.
• As a new base installation (for new customers)
Refer to the appropriate version of the Installation Guide (AIX, Linux, Oracle Solaris, Windows)
for detailed instructions to guide you through the installation of Alliance Access 7.3.
2.1 Prerequisites
This section describes the prerequisites for installing Alliance Access 7.3 as an upgrade for
Alliance Access 7.2 (7.2.00, 7.2.10, or 7.2.50).
Before installing the update:
1. It is recommended to take a system backup, with the database stopped.
2. Make sure that the temporary folder has at least 3 GB of free space (folder is TMP or TEMP on
Windows, TMPDIR (if defined), or /var/tmp on AIX, Red Hat Enterprise Linux, and Oracle
Solaris, or the folder specified in the -tempdir option).
3. Make sure the installation directory of Alliance Access has at least 6.5 GB of free space if
upgrading from Alliance Access 7.2.xx or 20 GB for fresh installations or upgrading from 7.1.xx.
4. If you perform a silent installation, then prepare a response file. See "Prepare the Response
File for Silent Installation" in the Alliance Access Installation Guide for AIX, Oracle Solaris,
Linux, or Windows.
5. Ensure that Alliance Access server is shut down (saa_system stop command and
saa_bootstrap stop command) and that all Alliance Access applications (including the
System Administration window) are closed.
2.2 Alliance Access on AIX, Linux, or Oracle Solaris

Alliance Access 7.3 must be installed by either the Alliance Access owner account or by root.
Procedure
1. Download the installation media to a temporary folder (for example, /tmp).
2. Extract the software from the downloaded tar file and navigate to the folder (AIX, RHEL, or
SunOS) of the platform on which you are installing.
3. If you are working remotely, export the display to your local machine where the installation
windows are displayed.
4. If the disk space requirements for the temporary files for the install program cannot be satisfied,
the installer option -tempdir <TMPDIR> can be used to specify an alternate temporary
directory.
Release Letter
5. Run the executable ./saa-install

If you run the installation in silent mode, execute the command as follows:
./saa-install -silent <path to file silent.properties.update>
Note The installation media contains samples of the files to be used for silent
installation:
• silent.properties.upgrade.saa.embedded
• silent.properties.upgrade.saa.hosted
The file to be used must be updated before being used. Please have a look at the
content of the file for instructions.
The files can be found under the installation software on the temporary folder,
where it was copied (/tmp).
Note After installing update 7.3, you must validate what security updates are available and
install them as per your security update policy.
2.3 Alliance Access on Windows

The installer must be launched by the same account with administrator privileges that installed
Alliance Access 7.2.xx (7.2.00 or higher).
Procedure
1. Download the installation media to a temporary folder (for example, C:\Temp).
2. Log in with an account with administrator privileges.
3. Extract the software from the downloaded zip file and navigate to the win64 folder.
4. Double-click saa-install.exe to launch the installation.
If you run the installation in silent mode, execute the command as follows:
saa-install -silent <path to file silent.properties.update>
Note The installation media contains samples of the files to be used for silent
installation:
• silent.properties.upgrade.saa.embedded
• silent.properties.upgrade.saa.hosted
The file to be used must be updated before being used. Please have a look at the
content of the file for instructions.
The files can be found under the installation software on the temporary folder,
where it was copied (C:\TEMP).
Note After installing update 7.3, you must validate what security updates are available and
install them as per your security update policy.
Release Letter
2.4 Alliance Web Platform Server-Embedded
2.4.1 Overview
See the Alliance Web Platform Server-Embedded Installation Guide (AIX, Linux, Oracle Solaris,
Windows) for information about the installation and configuration of the GUI packages.
To locate the packages in the downloaded file, navigate to the GUIPackages directory. The
packages are locate in a single .war file: access_7_3.war.
2.4.2 Installation procedure

1. Copy the content of the downloaded file to a local path.
2. Deploy release 7.3 (access_7_3.war), which is cumulative, by running the swp_config -
packages -install command. The configuration from any previous GUI packages will be
migrated.
2.5 Fallback Activities

If you experience problems while installing Alliance Access, then restore the system backup that
was taken before the installation (or update) was attempted.
The GUI package can be removed using the swp_config -packages -uninstall command.
Alliance Access 7.3 Support
Release Letter
3 Support
Support for SWIFT customers
By default, SWIFT Support is the single point of contact to report all problems and queries that
relate to SWIFT services and products. Support is available to all SWIFT customers.
Individuals within a customer organisation must register on swift.com to use the Support service.
For more information about the different services that SWIFT offers as part of the support
packages and the procedure to order support, see Comparison of support packages on swift.com.
SWIFT provides support for SWIFT services and products only. For example, SWIFT does not offer
support for the underlying hardware and software systems (operating system, third-party
messaging middleware) which are used in conjunction with the SWIFT product. In case of problems
or queries that relate to those third-party hardware or software systems, customers must contact
the responsible vendor.
Related information
For more information about Support services, see the service description related to the applicable
support package:
Support documentation
Alliance Access 7.3 Routing Keyword Extraction and Verifiable Fields
Release Letter
Appendix A Routing Keyword Extraction and

Verifiable Fields
The following table lists the Standards MT November 2018 routing keywords and verifiable fields for
each message in this Deployment Package.
The first set of columns, entitled "Keyword", lists per Message Type (MT) the fields that are
extracted for the default keywords, Currency/Amount, and Date. These keywords, which are verified
against operator permission, are used to facilitate search criteria and sorting functions in GUI
applications, such as the Message Approval application.
Note For repetitive fields, and unless specified otherwise, keywords are always extracted
from their first occurrence, and in the case of repetitive sub sequences, only the first
instance is considered.
A message is scanned top-down and the first field that matches the table is extracted.
The second set of columns, entitled "Verifiable", lists those fields that need to be re-entered by an
operator for message approval. Unless specified otherwise, all occurrences of repetitive fields are
verified.
MT Keyword Verifiable
TRN Currency Amount Value Date Currency Amount Date
101 Seq A.F20 Seq B.F32B Seq B.F32B F32B,F33B F32B,F33B
102 Seq A.F20 Seq C.F32A Seq C.F32A Seq C.F32A F32A,F32B,F33B, F19,F32A,F3 F32A
2B,F33B,
F71F,F71G F71F,F71G
102.STP Seq A.F20 Seq C.F32A Seq C.F32A Seq C.F32A F32A,F32B,F33B, F19,F32A,F3 F32A
2B,F33B,
F71F,F71G F71F,F71G
103 F20 F32A F32A F32A F32A,F33B,F71F, F32A,F33B,F F32A

71F,
F71G F71G
103.REMIT F20 F32A F32A F32A F32A,F33B,F71F, F32A,F33B,F F32A

71F,
F71G F71G
103.STP F20 F32A F32A F32A F32A,F33B,F71F, F32A,F33B,F F32A

71F,
F71G F71G
Release Letter
104 Seq A.F20 Seq C.F32B Seq C.F19 F30 F32B,F33B,F71F, F19,F32B,F3 F30
3B,F71F,
F71G F71G
105 F20
107 Seq A.F20 Seq B.F32B Seq C.F19 F30 F32B,F33B,F71F, F19,F32B,F3 F30
3B,F71F,
F71G F71G
110 F20 F32A,F32B F32A,F32B F32A F32A,F32B F32A,F32B F32A
190 F20 F32C,F32D F32C,F32D F32C,F32D F32C,F32D F32C,F32D F32C,F32D
191 F20 F32B F32B F32B F32B
192 F20
195 F20
196 F20
198 F20
199 F20
200 F20 F32A F32A F32A F32A F32A F32A
201 F20 F32B F19 F30 F32B F19,F32B F30
202 F20 F32A F32A F32A F32A F32A F32A
202.COV F20 F32A F32A F32A F32A,F33B F32A,F33B F32A
203 F20 F32B F19 F30 F32B F19,F32B F30
204 Seq A.F20 Seq B.F32B Seq A.F19 Seq A.F30 F32B F19,F32B F30
205 F20 F32A F32A F32A F32A F32A F32A
205.COV F20 F32A F32A F32A F32A,F33B F32A,F33B F32A
210 F20 F32B F32B F30 F32B F32B F30
291 F20 F32B F32B F32B F32B
Release Letter
292 F20
295 F20
296 F20
298 F20
299 F20
300 Seq A.F20 Seq B1.F32B Seq B1.F32B Seq B.F30V F32B,F33B,F71F F32B,F33B,F Seq B.F30V
71F
304 Seq A.F20 Seq B1.F32B Seq B1.F32B Seq B.F30V F32B,F32G,F33B F32B,F32G, Seq B.F30V
F33B
305 F20 F32B F32B F32B,F33B,F34P, F32B,F33B,F F34P,F34R

34P,
F34R F34R
306 Seq A.F20 Seq B1.F34B Seq B1.F34B Seq B.F30X F32B,F33B,F33E, F32B,F33B,F Seq B.F30X
33E,
F34B,F71F,F32H F34B,F71F,F
32H
320 Seq A.F20 Seq B.F32B Seq B.F32B Seq B.F30V F32B,F32H,F33B, F32B,F32H,F Seq B.F30V
33B,
F33E,F34E,F71F F33E,F34E,F
71F
321 Seq Seq Seq Seq Seq B.F19A:PRIN, Seq Seq

A.F20C:SEM B.F19A:PRIN B.F19A:PRIN B.F98A:VAL B.F19A:PRIN B.F98A:VAL
E , Seq , Seq U , Seq U
B.F19A:NINT B.F19A:NINT B.F19A:NINT
Seq B.F19A:NINT
330 Seq A.F20 Seq B.F32B Seq B.F32B Seq B.F30V F32B,F32H,F33B, F32B,F32H,F Seq B.F30V
33B,
Seq B.F32H Seq B.F32H F33E,F34E F33E,F34E
340 Seq A.F20 Seq B.F32B Seq B.F32B Seq B.F30F F32B,F71F,F32H F32B,F71F,F Seq
32H B.F30F,Seq
F.F30F
341 Seq A.F20 Seq B.F32B Seq B.F32B Seq B.F30F F32B,F34E F32B,F34E Seq B.F30F
350 Seq A.F20 Seq B.F32B Seq B.F32B Seq B.F30V F32B,F33B,F33E, F32B,F33B,F Seq B.F30V
33E,
Release Letter
F34B,F71F F34B,F71F
360 Seq A.F20 Seq A.F32B Seq A.F32B Seq A.F30V F32B,F32M,F32U, F32B,F32M, Seq A.F30V
F32U,
F71F F71F
361 Seq A.F20 Seq A.F32B Seq A.F32B Seq A.F30V F32B,F32M,F32U, F32B,F32M, Seq A.F30V
F32U,
F33B,F71F F33B,F71F
362 Seq A.F20 Seq B.F33F Seq B.F33F Seq A.F30V F32H,F32M,F33E, F32H,F32M, Seq A.F30V
F33E,
F33F F33F
364 Seq A.F20 Seq A.F32B Seq A.F32B Seq A.F30V F32B,F32G,F32M F32B,F32G, Seq A.F30V
F32M
365 Seq A.F20 Seq A.F32B Seq A.F32B Seq A.F30V F32B,F32G,F32M, F32B,F32G, Seq A.F30V
F32M,
F33B,F33E F33B,F33E
370 Seq A.F20C Seq B.F19A Seq B.F19A Seq B.F98A Seq B.F19A Seq B.F19A Seq B.F98A
380 Seq Seq B.F19B Seq B.F19B Seq Seq

A.F20C:SEM B.F98A:RVA B.F98A:RVA
E L L
381 Seq A.F20C Seq B.F19B Seq B.F19B Seq Seq

B.F98A:VAL B.F98A:VAL
U U
391 F20 F32B F32B F32B F32B
392 F20
395 F20
396 F20
398 F20
399 F20
400 F20 F32A,F32B,F F32A,F32B,F F32A F32A,F32B,F32K, F32A,F32B,F F32A,F33A

32K 32K 32K,
F33A F33A
Release Letter
410 F20 F32A,F32B,F F32A,F32B,F F32A F32A,F32B,F32K F32A,F32B,F F32A

32K 32K 32K
412 F20 F32A F32A F32A F32A F32A F32A
416 Seq A.F20 Seq B.F32A, Seq B.F32A, Seq B.F32A F32A,F32B,F32K, F32A,F32B,F F32A
32K,
Seq B.F32B, Seq B.F32B, F71F F71F
Seq B.F32K Seq B.F32K
420 F20 F32A,F32B,F F32A,F32B, F32A F32A,F32B,F32K F32A,F32B,F F32A

32K 32K
F32K
422 F20 F32A,F32B,F F32A,F32B,F F32A F32A,F32B,F32K F32A,F32B,F F32A

32K 32K 32K
430 Seq A.F20 Seq A.F32A, Seq A.F32A, Seq A.F32A F32A,F32K, F32A,F32K, F32A,F33A
Seq A.F32K, Seq A.F32K, F33A,F33K F33A,F33K
Seq A.F33A, Seq A.F33A,
Seq A.F33K Seq A.F33K
450 F20 F32A F32A F32A F32A F32A F32A
455 F20 F32A F32A F32A F32A,F33C,F33D F32A,F33C,F F32A,F33C,F

33D 33D
456 F20 F32A,F32B F32A,F32B F32A F32A,F32B,F33D F32A,F32B,F F32A,F33D

33D
491 F20 F32B F32B F32B F32B
492 F20
495 F20
496 F20
498 F20
499 F20
500 Seq A.F20C Seq B.F98A,
Seq B.F98C
Release Letter
Seq B.F98C
502 Seq A.F20C Seq Seq

B.F19A:ORD B.F19A:ORD
R, Seq R, Seq
B.F19A:CAN B.F19A:CAN
C(1) C(1)
503 Seq Seq Seq

A.F20C:SEM B.F19B:COV B.F19B:COV
E A A
504 Seq Seq Seq

A.F20C:SEM B.F19B:COV B.F19B:COV
E A A
505 Seq
A.F20C:SEM
E
506 Seq
A.F20C:SEM
E
507 Seq
A.F20C:SEM
E
508 Seq
A.F20C:SEM
E
509 Seq A.F20C
510 Seq A.F20C Seq

B.F98A:RRE
G,
Seq
B.F98C:RRE
G
513 Seq A.F20C Seq C.F19A, Seq C.F19A, Seq

C.F98A:TRA
D,
Seq Seq Seq

D3.F19A:SE D3.F19A:SE C.F98C:TRA
TT TT D, Seq
C.F98E:TRA
D
Release Letter
514 Seq A.F20C Seq Seq Seq

B.F19A:SET B.F19A:SET B.F98A:TRA
T, T, D,
Seq Seq Seq

C3.F19A:SE C3.F19A:SE B.F98C:TRA
TT TT D, Seq
B.F98E:TRA
D
515 Seq A.F20C Seq C.F19A, Seq C.F19A, Seq

C.F98A:SET
T, Seq
C.F98C:SET
T
Seq Seq
D3.F19A:SE D3.F19A:SE
TT TT
516 Seq A.F20 Seq B.F32A, Seq B.F32A, Seq B.F32A F32A,F32B F32A,F32B F32A
Seq B.F32B Seq B.F32B
517 Seq A.F20C
518 Seq A.F20C Seq B.F19A, Seq B.F19A, Seq

B.F98A:SET
T, Seq
B.F98C:SET
T
Seq Seq
C3.F19A:SE C3.F19A:SE
TT TT
Seq B.F98C
Seq B.F98C
526 Seq A.F20
527 Seq Seq Seq Seq

A.F20C:SEM B.F19A:TRA B.F19A:TRA A.F98A:EXR
E A A Q
Seq
A.F98C:EXR
Q
Release Letter
530 Seq A.F20C
535 Seq A.F20C
536 Seq A.F20C
537 Seq A.F20C
538 Seq A.F20C
540 Seq A.F20C Seq

B.F98A:SET
T,
Seq
B.F98C:SET
T
541 Seq A.F20C Seq Seq Seq Seq E3.F19A:SETT Seq

E3.F19A:SE E3.F19A:SE B.F98A:SET E3.F19A:SE
TT TT T, TT
Seq
B.F98C:SET
T
542 Seq A.F20C Seq

B.F98A:SET
T,
Seq
B.F98C:SET
T

TT TT T, TT
Seq
B.F98C:SET
T
544 Seq A.F20C Seq

B.F98A:ESE
T, Seq
B.F98C:ESE
T

E3.F19A:ES E3.F19A:ES B.F98A:ESE
TT TT T, Seq
B.F98C:ESE
T
Release Letter
546 Seq A.F20C Seq

B.F98A:ESE
T, Seq
B.F98C:ESE
T

E3.F19A:ES E3.F19A:ES B.F98A:ESE
TT TT T, Seq
B.F98C:ESE
T

B.F19A:SET B.F19A:SET B.F98A:SET
T T T, Seq
B.F98C:SET
T
549 Seq A.F20C
558 Seq Seq Seq Seq

A.F20C:SEM B.F19A:TRA B.F19A:TRA A.F98A:EXR
E A A Q
Seq
A.F98C:EXR
Q
559 F20 F34A F19 F32G,F32M,F34A F19,F32G,F3 F34A

2M,
F34A
564 Seq
A.F20C:SEM
E
565 Seq Seq D.F98A,

A.F20C:SEM
E
Seq D.F98C
566 Seq Seq Seq Seq

A.F20C:SEM D2.F19B:PS D2.F19B:PS D1.F98A:PO
E TA TA ST,
Seq
D1.F98C:PO
ST
Release Letter
567 Seq
A.F20C:SEM
E
568 Seq
A.F20C:SEM
E
569 Seq A.F20C
575 Seq A.F20C
576 Seq A.F20C

TT TT T, TT
Seq
B.F98C:SET
T
581 F20 F34B F34B
586 Seq A.F20C
591 F20 F32B F32B F32B F32B
592 F20
595 F20
596 F20
598 F20
599 F20
600 Seq A.F20 F33G F33G Seq B.F34P F33G,F34P,F34R F34P,F34R F34P,F34R
601 F20 F32B F32F F31G F32B,F33B,F34P, F32B,F33B,F F34P,F34R,F

34P, 31G
F34R F34R
604 F20 F30
605 F20 F30
606 F20 F30
Release Letter
607 F20 F30
608 F20 F60F,F60M,F62F, F60F,F60M,F F60F,F60M,F

F62M,F64,F65 62F, 62F,
F62M,F64,F F62M,F64,F
65 65
620 F20 F32B F32B F30V F32B,F32H,F34E, F32B,F32H,F F30V

F33B,F33E,F71F 34E,
F33B,F33E,F
71F
670 Seq A.F20C
671 Seq A.F20C
691 F20 F32B F32B F32B F32B
692 F20
695 F20
696 F20
698 F20
699 F20
700 F20 F32B F32B F32B F32B
701 F20
705 F20 F32B F32B F32B F32B
707 F20 F32B,F33B,F F32B,F33B F32B,F33B F32B,F33B

34B
708 F20
710 F20 F32B F32B F32B F32B
711 F20
720 F20 F32B F32B F32B F32B
721 F20
730 F20 F32B,F32D F32B,F32D F32D F32B,F32D F32B,F32D F32D
732 F20 F32B F32B F32B F32B
Release Letter
734 F20 F32A F32A F32A F32A,F33A,F33B F32A,F33A,F F32A,F33A

33B
740 F20 F32B F32B F32B F32B
742 F20 F32B F32B F32B,F33B,F34A, F32B,F33B,F F34A

34A,
F34B F34B
744 F20 F34A,F34B F34A,F34B F34A F34A, F34B F34A,F34B F34A
747 F20 F32B,F33B,F F32B,F33B,F F32B,F33B, F32B,F33B,

34B 34B
F34B F34B
750 F20 F32B F32B F32B,F33B,F34B F32B,F33B,F

34B
752 F20 F32B,F33A,F F32B,F33A,F F32B,F33A,F33B F32B,F33A,F F33A

33B 33B 33B
754 F20 F32A,F32B F32A,F32B F32A F32A,F32B,F33B, F32A,F32B,F F32A,F34A

33B,
F34A,F34B F34A,F34B
756 F20 F32B F32B F32B,F33A F32B,F33A F33A
759 F20
760 F20
767 F20
768 F20 F32B,F32D F32B,F32D F32D
769 F20 F32B,F32D,F33B, F32B,F32D,F F32D

33B,
F34B F34B
791 F20 F32B F32B F32B F32B
792 F20
795 F20
796 F20
Release Letter
798 F20
799 F20
800 F20 Seq B.F32A Seq B.F32A Seq B.F32A F32A,F33B,F34B F32A,F33B,F F32A
34B
801 F20 F33B F33B F33B,F34B F33B,F34B
802 F20 F32A F32A F32A F32A F32A F32A
824 F20 F68A F19 F68A F19,F68A
891 F20 F32B F32B F32B F32B
892 F20
895 F20
896 F20
898 F20
899 F20
900 F20 F32A F32A F32A F32A F32A F32A
910 F20 F32A F32A F32A F32A F32A F32A
920 F20 F34F F34F
935 F20 F37H F30 F37H F30
940 F20 F62F,F62M F62F,F62M F62F,F62M F60F,F60M,F62F, F60F,F60M,F F60F,F60M,F

62F, 62F,
F62M,F64,F65 F62M,F64,F F62M,F64,F

65 65
941 F20 F62F F62F F62F F60F,F62F,F64,F65, F60F,F62F,F F60F,F62F,F

64,F65, 64,F65
F90C,F90D F90C,F90D
942 F20 F34F F34F F34F,F90C,F90D F34F,F90C,F

90D

62F, 62F,
F62M,F64 F62M,F64 F62M,F64
Release Letter

62F, 62F,
F62M,F64 F62M,F64 F62M,F64
971 F20 F62F F62F F62F F62F F62F F62F

62F, 62F,
F62M,F64 F62M,F64 F62M,F64
973 F20
985 F20
986 F20
991 F20 F32B F32B F32B F32B
992 F20
995 F20
996 F20
998 F20
999 F20
(1) The value with the CANC qualifier will be extracted only if the function of the message (F23G) is equal to CANC.
Alliance Access 7.3 Switch-over Planning for Standards MT
Release Letter
Appendix B Switch-over Planning for Standards MT

The information contained in this appendix will help you in your planning for the switch-over to the
Standards MT November 2018. It lists in chronological order the actions that need to be taken.
B.1 Actions to be Taken Now

Assess the impact of the changed standards for your company (for example: Check whether you
either use any of the changed messages or will use any of the new messages. Check whether
back-office systems need an upgrade (for example).
Important As Standards MT 2018 contains new messages, it is important to load an ASP file
from June 2018 or later to make sure that the correct messages carry authentication.
The ASP file can be downloaded from http://www.swift.com.
Install this new ASP file at your convenience before you start testing Standards
Release 2018.
For more information on loading ASP files, see "ASP/FINCopy Upload" in the
Configuration Guide and "User Management" in the Security Guide.
B.2 Actions to be Taken as Soon as Possible

Complete these actions:
• Update your Alliance Access server to release 7.3.
• Install the relevant Web Platform Server-Embedded GUI packages and deployment packages.
Note Customers must install the Standards Release 2018 Message Management
Deployment Package at the latest on 16th November 2018.
• If relevant, inform the Web Platform GUI packages users that they must use the new URL.
• load an ASP file from June 2018 or later to make sure that the correct messages carry
authentication.
• Assign the Standards MT November 2018 to your Test and Training logical terminals.
• Upgrade back-office systems where required.
B.3 Actions to be Taken Before 17 November 2018

For the new/changed messages, train your staff and test your back-office systems by sending
messages to the Test and Training network.
B.4 Actions to be Taken on 14, 15, or 16 November

2018 (Last Business Day of the Week)
• Send your business messages as soon as possible.
• At the end of your business week, make sure that all your pending messages are transmitted.
Alliance Access 7.3 Switch-over Planning for Standards MT
Release Letter
• When your business week is finished, log out from the SWIFT network and log back in for
reception only. In this way, you can still receive and correctly process messages from other
correspondents.
• Close all your "from" message partners and open all your "to" message partners. In this way, all
received messages can still follow automatic processing.
Note On 17 November 2018 at 16:00 GMT, SWIFT will disconnect all users and activate
the new Standards MT November 2018.
B.5 Actions to be Taken Before Your First Log In on 18

or 19 November 2018
• Make sure that as many messages as possible have been processed by Alliance Access. This
means that only a few or even no live messages must be left in the system.
• Assign the Standards MT November 2018 to all your live logical terminals.
• Log in to SWIFT and activate all the message partners that you use normally.
• Monitor your Alliance Access and back-office systems for correct behaviour (for example, check
all your templates for correct resolution).
B.6 Actions to be Taken after the First Login

Most of your FIN message templates will still be linked to the old Message Standards. Upon usage,
these templates will have to be resolved to be associated with the new standards, and might need
further changes before they are saved as templates again.
Alliance Access 7.3 Standards Switch-over Planning for InterAct Services
Release Letter
Appendix C Standards Switch-over Planning for

InterAct Services
The information contained in this appendix will help you in your planning for the switch-over to a
new version of ISO 20022 standards used by a specific InterAct service. It lists in chronological
order the actions that need to be taken.
Contrary to the FIN annual message standards cut-over, the introduction of new versions of ISO
20022 messages is not a big bang event, but provides a relatively long migration period, a period
which does not have the same length for every ISO 20022 InterAct service and is determined and
communicated by the service administrator.
To cater for this, ISO 20022 InterAct services typically support two versions of the standards in
parallel for a period of time.
The high level guidelines below can help you plan adoption of new versions for the ISO 20022
InterAct services, of which you are a member.
C.1 Actions to be Taken When You Are Notified of a

Service Change
If you are a member of an InterAct service that will adopt new ISO 20022 message standards, you
want to make an initial assessment of how this will impact your infrastructure. You should look into
the following areas, among others:
• Understand what messages or message versions are added/removed from the service, and how
you use them
• Establish if Alliance Access is used for manual processing of these messages (create, modify,
verify, authorise)
• Establish if your Alliance Access routes messages based on message types or message
keywords
• Validate the readiness of the impacted back office systems.
C.2 Get Ready for Testing

Normal practice on InterAct is to allow both the current version and the next version of a particular
message type for a particular service at the same moment in time.
It is important to understand that once a service is provisioned for a new version of a message
type, the service will accept from your correspondents both the new version of that message type
added to the service and the previous version of that message type allowed in the service, and will
send them to you. You cannot choose to not receive the new version of a message at the technical
level. In most cases however there will be a bilateral agreement or group guideline, about the date
as of which it is allowed to use the new version of the message, first for the pilot service and later
for the production service.
For message flows to or from your back-office, make sure that you have a clear view of when your
back-office will be capable of supporting the changes in message standards. By default Alliance
Access does not distinguish a new version of a message type from an old version and will process
all messages through the routing you set up to distribute the messages to your back office. So it is
important that you know how your back office will behave when receiving new message versions for
the pilot service.
Release Letter
In order to allow manual processing (create, modify, verify, authorise), and printing in human
readable format, you need to download the appropriate message standards Deployment Package
from the download centre on www.swift.com or from mystandards.swift.com. If you are using
specific usage guidelines for the service, also download the usage guideline specific deployment
package from mystandards.swift.com.
From the Alliance Access Configuration GUI package, install the new deployment packages. If a
previous version of the deployment package was installed, the installation process will mark all
messages types for that service as obsolete, and merge the message types from the new
deployment package with this. As a result of this process, all message types already loaded, and
no longer occuring in the latest deployment package will still be there and marked as obsolete,
while all messages in the latest deployment package will be marked as not obsolete and will be
available to the users. If there were some messages that should not be used by your users, you
can mark these manually as obsolete to prevent message creation. The release letters of the
deployment packages provide the details of what message versions are included in the deployment
package.
If you have usage guidelines installed, you need to do the same for each usage guideline linked to
the same service. It is possible that a specific usage guideline does not yet support the new
message standards version, and will not have an updated deployment package. For more
information, contact the publisher of the usage guideline.
In case you have created manually defined verifiable fields for a message in this service that got a
new version, you will need to configure the new version of the message to also have the
appropriate verifiable fields.
Once the deployment package is installed, the new message standard can be used both for the
production and all pilot/test versions of the service. If one of your users would create a message
using the new version before it has been activated on the SWIFT network a NACK will be returned.
If you try to create a message using a template that is linked to an obsolete message version,
Alliance Access will automatically try to convert it to the latest version available.
When no manual processing or human readable printing is required, the deployment package
installation is not necessary.
C.3 Migrate to the New Standards

Once the new message standards have been activated for the service you will typically be able to
use both the previously allowed version and the new version for a period of time. Keep in mind
however that while you can choose which versions you send (in agreement with your
correspondent), you may receive new versions of the messages on the production service.
You will need to inform your users who manually process messages about which message to use
and when.
C.4 Wind Down Use of the Old Standards

Once the new message version is in use you have entered a migration period where both versions
are available. When the end-of-support of an older message version is announced, you can start
monitoring usage to make sure that you have no business need for the old version by the time that
the message version reaches end-of-support.
In order to enforce the usage of the latest message version during manual processing you can use
the Alliance Access Configuration GUI package to configure the message version as obsolete.
Release Letter
During this period, however, your back-office systems are expected to still be capable of processing
older message versions until they are removed from the service.
C.5 Stop Using the Old Standard

Old versions of messages standards would typically be removed during a subsequent update of the
service, which would bring you back to Actions to be Taken When You Are Notified of a Service
Change on page 42.
As long as you add new deployment packages for a specific service, you will keep track of
obsoleted message versions which means you will still be able to see messages using that old
message version in a human readable form. If you remove the old deployment package before
adding the new one, you will lose the information on obsolete messages and an attempt to display/
print them would result in a printout that is in an XML style format.
Alliance Access 7.3 Legal Notices
Release Letter
Legal Notices
Copyright
SWIFT © 2018. All rights reserved.
Restricted Distribution
Do not distribute this publication outside your organisation unless your subscription or order
expressly grants you that right, in which case ensure you comply with any other applicable
conditions.
Disclaimer
The information in this publication may change from time to time. You must always refer to the
latest available version.
Translations
The English version of SWIFT documentation is the only official and binding version.
Trademarks
SWIFT is the trade name of S.W.I.F.T. SCRL. The following are registered trademarks of SWIFT:
the SWIFT logo, SWIFT, SWIFTNet, Sibos, 3SKey, Innotribe, the Standards Forum logo,
MyStandards, and SWIFT Institute. Other product, service, or company names in this publication
are trade names, trademarks, or registered trademarks of their respective owners.

Aa 7 3 RL

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Aa 7 3 RL

Caricato da

Copyright:

Formati disponibili

Alliance Access 7.

This document contains release information for Alliance Access 7.3.

2 Installing Alliance Access 7.3.............................................................................................................. 22

Appendix A Routing Keyword Extraction and Verifiable Fields................................................................ 26

Appendix B Switch-over Planning for Standards MT................................................................................. 40

Appendix C Standards Switch-over Planning for InterAct Services......................................................... 42

C.5 Stop Using the Old Standard........................................................................................................................... 44

Customer installation path For Alliance Access:

For Alliance Web Platform Server-Embedded GUI packages:

Customer upgrade paths For Alliance Access:

Release 7.2 - [7.2.10] - [Security Update 2018-02] - [Security Update

Release 7.1.40 - [7.1.43] - [Security Update 2018-02]- [Security

For Alliance Access GUI packages (on Alliance Web Platform

Release 7.2 - [7.2.10] - [7.2.50] - 7.3

Release 7.1.40 - 7.3

For Red Hat Enterprise Linux, 7.4 is required before installing

See System Requirements on page 15.

Product dependencies This release has dependencies on other products:

• Alliance Web Platform Server-Embedded 7.3

See also SWIFTNet Requirements on page 17 and Other

For more information about product compatibility, see Knowledge

Purpose of this Document

1.1.1 Updates for Standards MT November 2018

1.1.2 Automatic Addition of UETR on MT 103, MT 202, and MT

Automatic generation of the UETR

MT 202 COV reconciliation with MT 103 for payment initiators (optional)

Protecting back-offices that are not ready to receive

Impact on IPLA Custom Code

1.1.3 SWIFT gpi Adoption Made Easier

1.1.4 Additional Operator Authentication Methods

1.1.4.1 SWIFT Personal Token

1.1.4.2 Using Identity Provider Systems (SAML 2.0)

1.1.5 AES-GCM for Direct FileAct

1.1.6 AES-GCM for File Transfer

following location %ALLIANCE%\MXS\code_samples\AesGcm (on Windows) $ALLIANCE/MXS/

1.1.7 CREST over SWIFTNet

New interface for IBM MQ

Local authentication on CRnet applications

Command line CRnet commands

Enabling and disabling the CREST applications

4 eyes mechanism support for CRnet applications (CRFI, CRPI, CRMI)

1.1.8 Monitoring Session Changes

1.1.9 Absolute Session Timeout

1.1.10 Security Best Practice Check Tool Enhancements

Release 7.3 inludes the following additional checks:

1.1.11 Software Update Check

1.1.12 Support for SWIFT CA Root Key Renewal

1.2 Other Changes

1.2.1 Archive Conversion Tool

1.3 Resolved Problems

CR number Tip Number Description

50009927 5022027 Routing keyword not validated before adding record.

50016211 5022432 CREST over SWIFTNet

Automatic LAU key renewal for CRnet component.

50017677 - CREST over SWIFTNet

User password change enforcement.

1.4 Software Distribution

1.4.1 Validating Downloads from the SWIFT Download Centre

1.5 Support Duration

1.6 System Requirements

1.6.1 Operating System Requirements

1.6.1.1 Alliance Access

Operating system Support version