License Manager Version 7 Using License Manager Installation and Security Information for Vision Solutions® Products on IBM System i®
Notices Using License Manager User Guide March 2015 Version: 7.1.26.00 © Copyright 1999, 2015 Vision Solutions®, Inc. All rights reserved. The information in this document is subject to change without notice and is furnished under a license agreement. This document is proprietary to Vision Solutions, Inc., and may be used only as authorized in our license agreement. No portion of this manual may be copied or otherwise reproduced without the express written consent of Vision Solutions, Inc. Vision Solutions provides no expressed or implied warranty with this manual. The following are trademarks or registered trademarks of their respective organizations or companies: • MIMIX and Vision Solutions are registered trademarks and AutoGuard, Data Manager, Director, Dynamic Apply, ECS/400, GeoCluster, IntelliStart, Integrator, iOptimize, iTERA, iTERA Availability, MIMIX AutoNotify, MIMIX Availability, MIMIX Availability Manager, MIMIX DB2 Replicator, MIMIX Director, MIMIX dr1, MIMIX Enterprise, MIMIX Global, MIMIX Monitor, MIMIX Object Replicator, MIMIX Professional, MIMIX Promoter, OMS/ODS, RecoverNow, Replicate1, RJ Link, SAM/400, Switch Assistant, Vision AutoValidate, and Vision Suite are trademarks of Vision Solutions, Inc. • Double-Take Share, Double-Take Availability, and Double-Take RecoverNow—DoubleTake Inc. • AIX, AIX 5L, AS/400, DB2, eServer, IBM, Informix, i5/OS, iSeries, OS/400, Power, System i, System i5, System p, System x, System z, and WebSphere—International Business Machines Corporation. • Adobe and Acrobat Reader—Adobe Systems, Inc. • HP-UX—Hewlett-Packard Company. • Teradata—Teradata Corporation. • Intel—Intel Corporation. • Java, all Java-based trademarks, and Solaris—Sun Microsystems, Inc. • Linux—Linus Torvalds. • Internet Explorer, Microsoft, Windows, and Windows Server—Microsoft Corporation. • Mozilla and Firefox—Mozilla Foundation. • Netscape—Netscape Communications Corporation. • Oracle—Oracle Corporation. • Red Hat—Red Hat, Inc. • Sybase—Sybase, Inc. • Symantec and NetBackup—Symantec Corporation. • UNIX and UNIXWare—the Open Group. All other brands and product names are trademarks or registered trademarks of their respective owners. If you need assistance, contact Vision Solutions’ CustomerCare team at: CustomerCare Vision Solutions, Inc. Telephone: 1.800.337.8214 or 1.949.724.5465 Email:
[email protected] Web Site: www.visionsolutions.com/Support/Contact-CustomerCare.aspx
Contents Who this book is for..................................................................................................... 6 The MIMIX documentation set .................................................................................... 6 The iTERA Availability documentation set .................................................................. 7 The iOptimize documentation set................................................................................ 8 Sources for additional information............................................................................... 9 How to contact us...................................................................................................... 10 Chapter 1
What is License Manager 11 Supported products ............................................................................................. 11
Chapter 2
Preparing to install 12 Choosing a method of installing ................................................................................ 13 Default installation library names .............................................................................. 14 Understanding product naming conventions ............................................................. 15 Software requirements for installing or upgrading..................................................... 17 MIMIX® Availability™ software requirements ...................................................... 17 iTERA Availability™ software requirements......................................................... 18 iOptimize™ Software Requirements .................................................................... 19 Checking systems for recommended IBM PTFs ....................................................... 20 New installations using a 5250 emulator when License Manager is not installed..... 21 System values required for installing......................................................................... 23 Library considerations when installing products........................................................ 24 Considerations for changed command defaults ........................................................ 24 Using best practices to set up a library list ................................................................ 26 Setting up the system portion of the library list.................................................... 26 Procedure for adding libraries to the system library list................................. 26 Setting up the user portion of the library list ........................................................ 27 Displaying a product’s install history and installed fixes............................................ 28 Working with Vision Solutions product commands.................................................... 29
Chapter 3
Install process checklists 30 Checklist: new product installs .................................................................................. 31 Checklist: upgrading products ................................................................................... 33 Checklist: fix installs .................................................................................................. 35
Chapter 4
Supporting procedures 36 Prepare your environment by ending MIMIX products .............................................. 37 Prepare your environment by ending iOptimize ........................................................ 38 Prepare your environment by ending iTERA............................................................. 39 Installing products ..................................................................................................... 40 Obtaining the INSPRD command when License Manager is not installed.......... 43 INSPRD restrictions for specifying the installation library (INSTLIB)................... 43 Installing fixes............................................................................................................ 45 Bring up your MIMIX environment by starting products ............................................ 47 Updating and starting Vision Solutions Portal on IBM i ............................................. 47 Bring up your iOptimize environment by starting product.......................................... 49 User Authorities ............................................................................................. 49 Instructions .................................................................................................... 49 Updating and starting Vision Solutions Portal on IBM i ............................................. 50 Bring up your iTERA environment by starting products ............................................ 52 Setting up Vision Solutions Portal ............................................................................. 53
3
Installing or upgrading VSP server using a product installation wizard - IBM i.... 53 Installing or upgrading VSP server from a stream file - IBM i.............................. 54 Installing or upgrading VSP server and portal application - Windows ................. 55 Completing the VSP setup for a new installation ................................................ 56 Accessing the License Manager Main Menu............................................................. 57 Accessing the Vision Solutions Installed Products display........................................ 58 Updating the installed products file ........................................................................... 59 Removing an installed product .................................................................................. 60 Chapter 5
Working with license keys 61 Information about license keys and identifiers .......................................................... 62 Codes for MIMIX features ................................................................................... 63 Obtaining license keys through a product’s installation wizard ................................. 64 Manually obtaining and applying license keys using an installation wizard......... 64 Obtaining license keys using UPDLICKEY command............................................... 66 Obtaining license keys when using 5250 emulator to install ..................................... 67 Displaying maintenance expiration and license key information ............................... 68 Changing or displaying license key expiration message defaults ............................. 69
Chapter 6
General security considerations 70 Security for user profiles created by installed products............................................. 71 MIMIX-specific security for MIMIXOWN and MIMIXCLU..................................... 73 iOptimize-specific security for IOPTOWNER and ITIDGUI ................................. 73 Security for LAKEVIEW user profile .......................................................................... 75 Additional security considerations for products ......................................................... 76 User profile restrictions........................................................................................ 76 MIMIX-specific system security considerations ................................................... 76 System security ......................................................................................................... 77 System security level........................................................................................... 77 User profile password system values .................................................................. 77 User profile authorities ........................................................................................ 77 Protecting your assets from unauthorized use .......................................................... 79
Chapter 7
Vision Solutions-provided security functions 81 About the provided security functions ....................................................................... 83 Product authority ................................................................................................. 83 Command authority ............................................................................................. 83 Security for common functions ............................................................................ 84 Authority level descriptions........................................................................................ 85 Changing product-level security ................................................................................ 86 Displaying authorities for authorized user profiles..................................................... 87 Changing product authority ....................................................................................... 88 Using group profile support ................................................................................. 88 Group profile examples ................................................................................. 88 Granting a user authority to a product ................................................................. 89 Revoking product authority for a user ................................................................. 90 Displaying the authority level of commands for Vision products ............................... 91 Changing command authority ................................................................................... 92 Changing the authority level for Vision-supplied commands............................... 93 Displaying commands known to License Manager ................................................... 94 Authority levels for commands .................................................................................. 95
4
Chapter 8
Index
Remote system support 97 Accessing Lakeview Technology support functions .................................................. 98 Configuring the Lakeview Technology support connection ................................. 98 Starting Lakeview Technology support ............................................................... 98 Disconnecting from Lakeview Technology support ................................................. 100 Ending the Lakeview Technology support connection ...................................... 100 Deleting Lakeview Technology support objects ................................................ 100 101
5
Who this book is for
Who this book is for The Using License Manager book is for MIMIX® Availability™ and iTERA Availability™ operators and administrators. This book supports: •
Operators who must use the installation and license key support provided by License Manager on System i instead of using Vision AutoValidate™ and the MIMIX Installation Wizard.
•
Administrators who need to set up system security and implement additional security features available through License Manager. Some Vision Solutions products that run on System i can take advantage of these additional security features.
The MIMIX documentation set The following documents about MIMIX® Availability™ products are available: Using License Manager License Manager currently supports MIMIX® Availability™, iTERA Availability™, and iOptimize™. This book describes software requirements, system security, and other planning considerations for installing software and software fixes for Vision Solutions products that are supported through License Manager. The preferred way to obtain license keys and install software is by using Vision AutoValidate™ and the product’s Installation Wizard. However, if you cannot use the wizard or AutoValidate, this book provides instructions for obtaining licenses and installing software from a 5250 emulator. This book also describes how to use the additional security functions from Vision Solutions which are available for License Manager and MIMIX and implemented through License Manager. MIMIX Administrator Reference This book provides detailed conceptual, configuration, and programming information for MIMIX® Enterprise™ and MIMIX® Professional™. It includes checklists for setting up several common configurations, information for planning what to replicate, and detailed advanced configuration topics for custom needs. It also identifies what information can be returned in outfiles if used in automation. MIMIX Operations with IBM i Clustering This book is for administrators and operators in an IBM i clustering environment who either use the basic support for IBM i clustering provided within MIMIX or who use MIMIX® Global™ to integrate cluster management with MIMIX logical replication or supported hardware-based replication techniques. This book focuses on addressing problems reported in MIMIX status and basic operational procedures such as starting, ending, and switching. MIMIX Operations - 5250 This book provides high level concepts and operational procedures for managing your high availability environment using MIMIX® Enterprise™ or MIMIX® Professional™ from a 5250 emulator. This book focuses on tasks typically
6
The iTERA Availability documentation set
performed by an operator, such as checking status, starting or stopping replication, performing audits, and basic problem resolution. Using MIMIX Monitor This book describes how to use the MIMIX Monitor user and programming interfaces available with MIMIX® Enterprise™ or MIMIX® Professional™. This book also includes programming information about MIMIX Model Switch Framework and support for hardware switching. Using MIMIX Promoter This book describes how to use MIMIX commands for copying and reorganizing active files. MIMIX Promoter is available with MIMIX® Enterprise™ and as nocharge feature for MIMIX® Professional™. MIMIX for IBM WebSphere MQ This book identifies requirements for the MIMIX for MQ feature which supports replication in IBM WebSphere MQ environments. This book describes how to configure MIMIX for this environment and how to perform the initial synchronization and initial startup. Once configured and started, all other operations are performed as described in the MIMIX Operations - 5250 book.
The iTERA Availability documentation set The following documents about the iTERA product are available: iTERA Availability v6.1 Reference Guide This guide provides descriptions of the screens encountered in iTERA, including field definitions, options, functions, and commands. iTERA Availability v6.1 User Guide This guide provides high level concepts and operational procedures for iTERA, including instructions for configuring the product, initiating replication, and implementing the required processes that are critical in monitoring, auditing, and maintaining your replication environment. The Role Swap Checklist and Virtual Role Swap Checklist contained within this guide are also available as separate downloads. iTERA Availability v6.1 Advanced Features Guide This guide provides conceptual information and procedural instructions for advanced capability in the product. iTERA Availability v6.1 Upgrade Guide This guide contains instructions for performing a v6.0 to v6.1 upgrade using either the installation wizard or a 5250 emulator using License Manager. Installation Resources Initial product installations are performed only by Certified Business Partners and Professional Services. The iTERA Availability v6.1 Installation Guide is available only to these groups and provides instructions for obtaining license keys and
7
The iOptimize documentation set
installing software using either the iTERA Installation Wizard or a 5250 emulator. (If needed, the Using License Manager book provides additional instructions for obtaining licenses and installing software from a 5250 emulator and other installation-related procedures associated with the product.) Readme - Service pack installation The Readme document is updated and released in conjunction with each iTERA service pack product update and includes instructions for updating any iTERA v6.1 version to the latest service pack using the installation wizard, descriptions of new features in the release, service pack release highlights, system requirements. If you are unable to use the installation wizard to install the service pack, the Using License Manager book provides additional instructions for obtaining licenses and installing software updates from a 5250 emulator and other installation-related procedures associated with the product.
The iOptimize documentation set The following documents about iOptimize are available: Using License Manager License Manager currently supports MIMIX® Availability™, iTERA Availability™, and iOptimize™. This book describes software requirements, system security, and other planning considerations for installing software and software fixes for Vision Solutions products that are supported through License Manager. The preferred way to obtain license keys and install software is by using Vision AutoValidate™ and the product’s Installation Wizard. However, if you cannot use the wizard or AutoValidate, this book provides instructions for obtaining licenses and installing software from a 5250 emulator. iOptimize Portal Application User Guide This book provides instruction for the user to configure and implement optimization activities using a GUI interface. This interface provides the most robust capabilities for system management and optimization. iOptimize User Guide This book introduces iOptimize and helps you begin to configure basic optimization functions as well as provide detailed instructions for using the product via a 5250 Emulator. iOptimize Job Accounting User Guide This book describes how to set up and use the Job Accounting functionality in iOptimize, including configuring job accounting as well as information on monitoring job accounting in the iOptimize portal application in Vision Solutions Portal.
8
Sources for additional information
Sources for additional information This book may refer to other published information. The following information, plus additional technical information, can be located on the IBM i and System i Information Center at: http://publib.boulder.ibm.com/iseries/ From the Information Center you can access IBM i topics, books, and redbooks.
9
How to contact us
How to contact us For contact information, visit our Contact CustomerCare web page. If you are current on maintenance, support for MIMIX products is also available when you log in to Support Central. It is important to include product and version information whenever you report problems.
10
What is License Manager
CHAPTER 1
License Manager is a set of functions installed with Vision Solutions products on System i that do the following: •
Provide a common location from which to access and maintain multiple installations of Vision Solutions products.
•
Manage license keys for installed Vision Solutions products.
•
Install software and fixes for Vision Solutions products using secondary processes from a command line.
•
Control user access to Vision Solutions products by setting product authority and command or interface level authority for products which include this capability.
Supported products This version of License Manager supports: •
MIMIX® Availability™ version 7.1 or earlier (MIMIX® Professional™, MIMIX® Enterprise™, or MIMIX® Global™) A typical MIMIX Enterprise installation also includes MIMIX Monitor and MIMIX Promoter. Similarly, a MIMIX Professional installation includes MIMIX Monitor.
•
MIMIX DR
•
iTERA Availability™ 6.1
•
iOptimize 7.1.15.00
This version of License Manager includes runtime support for MIMIX Availability Manager. Vision Solutions Portal replaces MIMIX Availability Manager for MIMIX version 7.0 and higher. If you previously installed version 6 of License Manager on a system that has been subsequently upgraded to the current version of License Manager, you can continue to use MIMIX Availability Manager to manage only version 5 or version 6 MIMIX replication environments.
11
CHAPTER 2
Preparing to install
The processes available for installing Vision Solutions product software using License Manager are the same regardless of whether you are installing MIMIX® Availability™, iOptimize™, or iTERA Availability™. This chapter describes the necessary requirements and best practices that should be in place prior to installing products in your environment. The following topics are included: •
“Choosing a method of installing” on page 13 identifies available methods of installing software and describes benefits of the preferred method.
•
“Default installation library names” on page 14 identifies the default names of the libraries into which products are installed and identifies other naming convention information.
•
“Understanding product naming conventions” on page 15 describes the significance of the software naming convention, such as 7.0.01.00, with respect to installing software.
•
“Software requirements for installing or upgrading” on page 17 identifies the minimum requirements for installing this software version.
•
“Checking systems for recommended IBM PTFs” on page 20 describes how to use the CHKIBMPTF command to determine whether all Vision-recommended IBM PTFs are installed on a system.
•
“New installations using a 5250 emulator when License Manager is not installed” on page 21 describes the method for installing software with a 5250 emulator when License Manager is not already installed.
•
“System values required for installing” on page 23 identifies system values that need to be set on each system.
•
“Library considerations when installing products” on page 24 identifies what should and should not be in the libraries associated with License Manager and Vision Solutions products.
•
“Using best practices to set up a library list” on page 26 identifies how to set up the system and user portions of the library list when using MIMIX.
•
“Considerations for changed command defaults” on page 24 describes the impact of changing default values for shipped commands.
•
“Displaying a product’s install history and installed fixes” on page 28 describes how to identify the level of currently installed software.
•
“Working with Vision Solutions product commands” on page 29 describes how to library-qualify commands.
12
Choosing a method of installing
Choosing a method of installing The following methods of installing supported product software are available: •
The product’s Installation Wizard
•
5250 emulator command line processes
Product Installation Wizard recommended: It is strongly recommended that you use the product’s Installation Wizard to install products. The wizard provides a simple method for downloading, distributing, and installing products on a single system or to multiple systems simultaneously. In addition, the wizard also does the following: •
Easily and automatically obtains and applies license keys via Vision AutoValidate™.
•
For products that provide a portal application, the wizard automatically installs the Vision Solutions Portal server and the portal application. The server provides support for browser-based user interfaces to Vision Solutions products which provide portal applications.
The MIMIX Installation Wizard does not support installing into a library located on an independent ASP. For more information about requirements for using MIMIX Installation Wizard, see Support Central. In order to prevent problems when installing on multiple systems, run only one instance of the iOptimize Installation Wizard at a time. Wait until the installation wizard has completed before initiating it again. Secondary procedures: If you cannot use the product’s installation wizard, this book (Using License Manager) provides secondary path procedures and supporting information for installing products using the 5250 emulator. When installing MIMIX, the 5250 emulator processes will restore the MIMIX portal application to the system but these processes do not install the Vision Solutions Portal server or make the application known to the server. The preferred way to install Vision Solutions Portal is to use the MIMIX Installation Wizard and select the option “MIMIX portal application only”, which will install or upgrade the VSP server as needed. If you cannot use the wizard, you can install Vision Solutions Portal from a downloadable stream file.
13
Default installation library names
Default installation library names Table 1 identifies the default names of installation libraries for the products that can be installed using procedures in this document. Table 1.
Names of libraries where products are installed
Product
Default Library Name
Notes
License Manager
LAKEVIEW
This name cannot be changed. License Manager is installed automatically if it is not on the system. License Manager is upgraded automatically if the installed level is lower than the level included in media for the product being installed.
MIMIX products
MIMIX
A different name can be specified when installing new installations. The maximum length of a specified name 10 characters. Note: Do not end library names for MIMIX configurations in the letter “i”. Library names ending in the letter “i” are reserved for an INTRA configuration for MIMIX.
If you will use an INTRA configuration for MIMIX, the name of the first library can be up to 9 characters in length. For the second library, the name must be in the form nnnnnnnnni, where nnnnnnnnn is the name of the first library and the letter “i” identifies it as INTRA. INTRA is a unique configuration that is not commonly used. For more information, see the MIMIX Administrator Reference book. iTERA
ITERA
A different name can be specified when installing new installations. The maximum length of a specified name is 6 characters. When Services personnel perform a 6.0 to 6.1 upgrade, the previous “base library” name (usually ITHA) is selected during install. After the upgrade completes, you will see multiple installation libraries, one for each CRG (ITHAA1, ITHAA2, etc.), with library names based on the CRG library names.
iOptimize
IOPT
A different name can be specified when installing new installations. The maximum length of a specified name is 10 characters. When an upgrade from iOptimize 7.1.01.00 through 7.1.05.00 is performed to 7.1.14.00 (or later), the existing installation is automatically upgraded and its configuration retained. The legacy library name of IOPT71 is retained.
14
Understanding product naming conventions
Understanding product naming conventions The terms and naming conventions used to identify the product provide a convenient means of referencing the level of software installed. Table 2 shows the naming convention in use. This convention is indicated by V.U.SP.FX(R). Table 2.
Product naming convention for shipped software media
Identifier
Description
Version number
V.U.SP.FX(R), where V is the version number. Example: • 7.0.00.00 (initial version 7 release)
Update level
V.U.SP.FX(R), where U is the update level. Examples: • 7.0.00.00 (initial version 7 release) • 7.1.00.00 (first major update of version 7)
Service pack (SP)
V.U.SP.FX(R), where SP is the SP level. Examples: • 7.0.01.00 (first SP release for version 7) • 7.2.06.00 (sixth SP release for version 7.2)
Cumulative fixes
V.U.SP.FX(R), where FX is the cumulative fix level. Examples: • 7.0.04.03 (third cumulative fix for the fourth SP on version 7) • 7.2.06.01 (first cumulative fix for the sixth SP on version 7.2)
Restricted fix
V.U.SP.FX(R), where (R) is the restricted fix. For software media, restricted fixes are always associated with a service pack. Otherwise the field is left blank. Examples: • 7.0.04.03R (third available restricted fix for the fourth SP on version 7) • 7.2.06.01R (first available restricted fix for the sixth SP on version 7.2) Note: When viewing the Vision Solutions Installed Products display, R indicates that one or more restricted fixes have been applied to the indicated service pack level. Cumulative fixes for the service pack level may also be present. For example, 7.0.04.03R on this display indicates that the third cumulative fix as well at least one restricted fix for the fourth SP have been applied.
The following are descriptions of the product terminology used: Version number New version of a product. In order to install a product with a new version number, you must be current on maintenance.
15
Understanding product naming conventions
Update level New functionality available within the current version. In order to install a product with a new update level, you must be current on maintenance. Service pack (SP) A collection of product changes that are packaged together for the purpose of distribution. Installing a service pack brings all products up to the specified level. An SP is released approximately once per month. Cumulative fixes Changes to a service pack that correct a specific problem. Additional fixes are cumulative to ensure that they are applied to the correct service pack and in the correct order. These fixes are released on an as-needed basis only. Restricted fix Changes to a specific service pack. Restricted fixes are not cumulative and may or may not be integrated into the next service pack. If two restricted fixes are available for the same service pack, the first restricted fix does not need to be applied before the second is installed. Restricted fixes are released on an as-needed basis only. Note: Restricted fixes require caution and should only be applied with assistance from a CustomerCare representative.
16
Software requirements for installing or upgrading
Software requirements for installing or upgrading The products that License Manager can install or upgrade require the minimum software identified in this topic.
MIMIX® Availability™ software requirements Table 3 identifies the software required in order to install version 7.1 MIMIX products for the first time or to upgrade MIMIX from 7.0 to version 7.1. Each system in the replication environment must have this software installed and be current with the recommended PTFs and service packs applied. Note: Upgrades to version 7.1 of MIMIX are supported from any version 7.0 service pack level. Table 3.
Software requirements for version 7.1 of MIMIX® Availability™
Software
Minimum level
Notes
IBM i
IBM i 5.4 (V5R4M0)
Required for new installs and upgrades
License Manager
7.0.00.00 or above for upgrades
3
MIMIX® Global™
7.0.00.00 or above for upgrades
1, 2
7.1.14.00
Upgrades to version 7.1 MIMIX DR are only supported from versions 7.1.14.00 or above.
MIMIX® Enterprise™ MIMIX® Professional™ MIMIX Promoter MIMIX DR
1. Upgrades are valid only when maintenance is current. Customers not current on maintenance will only be able to re-install the same version, update, and service pack level (V.U.SP) and install fixes for that level. See “Displaying maintenance expiration and license key information” on page 68. 2. Upgrades to version 7.1 require license keys that are for version 7.1. New installs of version 7.1 can be completed with no license keys present, although a valid license key is required before using any product. For information about obtaining license keys, see “Working with license keys” on page 61. 3. If a version of License Manager earlier than 7.0 exists on the system at the time of the install or upgrade, then License Manager must be upgraded to at least 7.0 (using the appropriate installation media) before installing MIMIX. (Installation media for earlier versions of MIMIX include License Manager and are available on Support Central.)
17
Software requirements for installing or upgrading
iTERA Availability™ software requirements Table 4 identifies the software required in order to install version 6.1 iTERA products for the first time or to upgrade iTERA from 6.0 to version 6.1. Each system in the replication environment must have this software installed and be current with the recommended PTFs and service packs applied. Note: Upgrades to version 6.1 are supported from any version 6 service pack level. New installations are performed by Vision Solutions Services personnel or business partners. Table 4.
Software requirements for version 6.1 of iTERA Availability™
Software
Minimum level
Notes
IBM i operating system
IBM i 5.4 (V5R4M0)
1, 2
• Option 30, QSHELL
*COMPATIBLE or *INSTALLED
3, 4
• Option 33, Portable App Solutions Environment
*COMPATIBLE
5722JV1 *BASE IBM Developer Kit for Java
*COMPATIBLE
5
License Manager
6.0.00.00 or above for upgrades
6
iTERA Availability™
v6.0 or above for upgrades
7, 8, 9, 10
18
Software requirements for installing or upgrading
Table 4.
Software requirements for version 6.1 of iTERA Availability™
Software
Minimum level
Notes
1. Required for new installs and upgrades. iTERA can now be installed or upgraded on system where the name starts with a numeric value. 2. Vision Solutions recommends that all nodes run the same OS level. However, iTERA does support replication for up to two version level differences. Vision always recommends that the backup node run the higher OS. For additional information, see the “Running the primary and target nodes on different levels of the IBM OS” topic in the iTERA Availability User Guide. 3. Both are required for IFS Replication. 4. QSHELL cannot be in the SYS portion of the library list. When upgrading from v6.0, QSHELL will be added to the E2JOBD and must remain there, even if not replicating IFS. 5. Required for iTERA Alert. 6. Required for new installs and upgrades. When installing or upgrading iTERA, License Manager is automatically installed first at the correct version (7.0.20.00 or above). If a version of License Manager earlier than 6.0 exists on the system at the time of the install or upgrade, then License Manager must be upgraded to at least 6.0 (using the appropriate installation media) before installing iTERA. (Installation media for earlier versions of MIMIX include License Manager and are available on Support Central.) 7. Upgrades from iTERA v6.0 are supported. If you are upgrading and are not at version 6.0 or above, you must upgrade to 6.0 before upgrading to version 6.1. 8. Upgrades are valid only when maintenance is current. Customers not current on maintenance will only be able to re-install the same version, update, and service pack level (V.U.SP) and install fixes for that level. See “Displaying maintenance expiration and license key information” on page 68. 9. Upgrades to version 6.1 require license keys that are for version 6.1. New installs of version 6.1 can be completed with no license keys present, although a valid license key is required before using any product. For information about obtaining license keys, see “Working with license keys” on page 61. 10.Service Pack 27 (or later) is strongly recommended for v6.0 upgrades in order to run the Upgrade Readiness Report (U2UPRPT) utility.
iOptimize™ Software Requirements Table 5 identifies the operating environment requirements that must be met in order to install and use iOptimize version 7.1.15.00 and later for the first time or to upgrade iOptimize from 7.1.01.00 through 7.1.05.00 to version 7.1.15.00 and later. The system must have this software installed and be current with the recommended PTFs and service packs applied. Upgrades to version 7.1.15.00 and later are supported from any version 7.1.01.00 through 7.1.05.00 service pack level. Table 5.
Software requirements for version 7.1.15.00 and later of iOptimize
Software
Minimum level
Notes
IBM i operating system • Option 30, QSHELL • Option 33, Portable App Solutions Environment
IBM i 5.4 (V5R4M0) *COMPATIBLE or *INSTALLED *COMPATIBLE
Required for new installs and upgrades
19
Checking systems for recommended IBM PTFs
Table 5.
Software requirements for version 7.1.15.00 and later of iOptimize
Software
Minimum level
Notes
Java components
V5R4 • 5722JC1 *BASE - IBM Toolbox for Java • 5722JV1 *BASE - IBM Developer Kit for Java • Option 8 - J2SE 5.0 32 bit
Option 7 is permitted for base iOptimize installations, but option 8 is required if also using VSP.
V6R1 • 5761JC1 *BASE - IBM Toolbox for Java V6R1 and V7R1 • 5761JV1 *BASE - IBM Developer Kit for Java • Option 11 - Java SE 6 32 bit
Java 5 is supported for V6R1 and V7R1, but Java 6 is recommended.
License Manager
7.0.00.00 or above for upgrades
4
iOptimize
7.1.01.00 through 05 or above for upgrades
1, 2, 3
1. Upgrades are valid only when maintenance is current. Customers not current on maintenance will only be able to re-install the same version, update, and service pack level (V.U.SP) and install fixes for that level. See “Displaying maintenance expiration and license key information” on page 68. 2. Upgrades to version 7.1.15.00 requires new license keys. New installs of version 7.1.15.00 can be completed with no license keys present, although a valid license key is required before using any product. For information about obtaining license keys, see “Working with license keys” on page 61. 3. iOptimize must be installed on System ASP 1. It cannot be installed on a User ASP or an IASP. 4. If a version of License Manager earlier than 7.0 exists on the system at the time of the install or upgrade, then License Manager must be upgraded to at least 7.0 (using the appropriate installation media) before installing iOptimize. (Installation media for earlier versions of MIMIX include License Manager and are available from Support Central.)
Checking systems for recommended IBM PTFs Vision Solutions recommends that certain IBM PTFs be applied on all systems or LPARs where you plan to install or previously installed a supported version of MIMIX, iOptimize, or iTERA. Vision Solutions provides the Check IBM PTF (CHKIBMPTF) command to simplify the method of determining whether the recommended PTFs are applied. The command is delivered1 in these ways: •
As part of License Manager, which is installed when MIMIX or iOptimize products are installed. Use this version any time after installing software, but be aware that the PTF list in this version represents the recommended PTFs at the time the
20
New installations using a 5250 emulator when License Manager is not installed
installed version of License Manager was released. The list in this version is only updated when you install a more recent service pack. This version of the command is located in the LAKEVIEW library. •
In the iTERA product. Use this version any time after installing software, but be aware that the PTF list in this version represents the recommended PTFs at the time the installed version of the product was released. The list in this version is only updated when you install a more recent service pack.
•
Packaged in a downloadable stream file attached to Knowledgebase article 45894. This version is updated approximately monthly with the latest list of recommended PTFs. Use this version before installing on a new system or any time you need to check for the latest recommended PTFs. Always restore the command to the CHKIBMPTF library as indicated in the knowledgebase article.
IMPORTANT! If you download the command from the Knowledgebase, always restore it to the location identified in the Knowledgebase article. The downloaded version does not update the version in the LAKEVIEW library or the iTERA product library. Never attempt to restore the downloaded version to the LAKEVIEW library or the iTERA product library as doing so may adversely affect subsequent software installs. The CHKIBMPTF command runs on a single system. Run the command on all systems where MIMIX, iOptimize, or iTERA is or will be installed. Running the command checks that system for recommended IBM PTFs and generates two QPRINT outputs. One output file lists the status of only the PTFs that require attention or corrective action. The other output file lists all the recommended PTFs and their status on the system. You can also use the release-specific PTF list in the knowledgebase article to link to PTF cover letters for additional details about a PTF. To run the command within License Manager, use the following command from each system: LAKEVIEW/CHKIBMPTF. To run the command within iTERA, sign on with the iTERA Admin profile and run the command on an iTERA command line: CHKIBMPTF To download and run the Knowledgebase version of the command, use the instructions in the Knowledgebase article to run the command on each system.
New installations using a 5250 emulator when License Manager is not installed The Install Vision Product (INSPRD) command is required for creating a new installation using 5250 emulator (command line) processes. This command is only applicable when License Manager is not already installed on the system. Also, if you
1. The downloadable stream file in the Knowledgebase became available in December 2014 and is supported for MIMIX, iOptimize, and iTERA. The version of the command packaged with License Manager is available beginning with service pack 7.1.25.00 for MIMIX and iOptimize products only. On systems with only iTERA installed the command is available in iTERA beginning with service pack 6.1.20.00 and is packaged in the main product library (it is not included with the version of License Manager shipped with iTERA).
21
New installations using a 5250 emulator when License Manager is not installed
are installing using a product’s installation wizard (recommended), you do not need the INSPRD command. Note: If you are upgrading and License Manager is already installed on the system, but the INSPRD command does not exist in the LAKEVIEW library, you can use the INSMMX command instead. To use the command, you must download the INSPRD streamfile (STMF) from Support Central and transfer it to your system. The installation procedures in this book describe how to make the INSPRD command ready to use and when to use it. (For new installations of iTERA Availability™, your services representative does this for you.)
22
System values required for installing
System values required for installing Before you install a Vision Solutions product, you need to ensure that the following system values are set as indicated on each system: •
The system security level specified in the QSECURITY system value. This is important for products that function between systems when assessing security requirements. See “System security level” on page 77 for additional details.
•
The QALWOBJRST system value must be set to *ALWPGMADP or *ALL in order for the software installation and fix installation processes to function correctly.
•
The QLIBLCKLVL system value must be set to 1 on all systems used by MIMIX in order for MIMIX processes to complete successfully.
The product you install may automatically set additional system values as needed to support running the product. Refer to the product documentation for details.
23
Library considerations when installing products
Library considerations when installing products Before installing products into a library, consider the following guidelines: •
To ensure your library list is set up properly. use the instruction in “Using best practices to set up a library list” on page 26.
•
Only one product family from Vision Solutions is allowed in a library. Consider these detailed examples: – Only License Manager is allowed in the LAKEVIEW library. This library name cannot be changed. – Within the MIMIX® Availability™product family, MIMIX® Enterprise™ and MIMIX® Professional™ cannot be installed in the same library. However, MIMIX Global can be installed in the same library as MIMIX® Enterprise™, MIMIX® Professional™, or in a library by itself. – MIMIX dr1 cannot be installed in the same library as a MIMIX® Availability™ product. – Only one instance of iOptimize is allowed per system.
•
Do not place user created objects or programs in the LAKEVIEW, MIMIXQGPL, or VSI001LIB libraries or in the IFS location /visionsolutions/http/vsisvr. Any user created objects or programs in these locations will be deleted during the installation process. Move any such objects or programs to a different location before installing software. The one exception is that job descriptions, such as the MIMIX Port job, can continue to be placed into the MIMIXQGPL library.
•
Only user created objects or programs that are related to a product installation should be placed within the product’s installation library or a data library. Examples of related objects for MIMIX® Availability™products include user created step programs, user exit programs, and programs created as part of a MIMIX Model Switch Framework implementation.
For information about what libraries should not be replicated by Vision Solutions product, refer to the product’s documentation.
Considerations for changed command defaults Every command is replaced each time a version, update, or service pack (SP) upgrade of the product is applied. Also, if commands are included in cumulative fixes or restricted fixes, the installation process replaces the existing copy of the commands. As a result, any changes you make to default values of commands shipped with Vision Solutions products and License Manager are not preserved.
24
Considerations for changed command defaults
The exceptions to this behavior are listed in Table 6. Table 6.
Commands with parameter values that are preserved by installation processes.
Command
Preserved Parameter
Used In Product MIMIX® Availability™
iTERA Availability™
CRTTFRDFN Create Transfer Definition
System 1 port number or alias (PORT1)
X
X
System 2 port number or alias (PORT2)
X
X
ENDSVR End Lakeview TCP Server
Port number or alias (PORT)
X
X
MIMIX MIMIX
Assistance level (ASTLVL)
X
–
RUNCMD Run Command
Port number or alias (PORT)
X
X
RUNCMDS Run Command
Port number or alias (PORT)
X
X
STRSVR Start Lakeview TCP Server
Port number or alias (PORT)
X
X
25
Using best practices to set up a library list
Using best practices to set up a library list A library list contains a system portion and a user portion. When modifying a library list, following best practices ensures consistent and predictable results. Best practices dictate that specific libraries must exist in your system library list. Similarly, certain product-related libraries should not be kept within the system portion of the library list, while other product-related libraries should not be added to the user portion of the library list.
Setting up the system portion of the library list Table 7 lists which libraries must be added to the system portion of the library list, and which libraries must not be added to the system portion. Table 7.
Setting up the system portion of the library list
Library
Add to system portion
QSYS2
X
QSOC
X
Do not add to system portion
Notes
1
Product-installation-library
X
LAKEVIEW
X
QTEMP
X
MIMIXQGPL
X
2
1. Used only for OptiConnect/400 communications within MIMIX® Availability™, OptiConnect is no longer a supported communications protocol. Vision Solutions will only assist customers to determine possible workarounds with issues arising from the use of OptiConnect (or SNA) for communication. 2. Indicates the library in which the Vision Solutions product is installed.
Procedure for adding libraries to the system library list Do the following to add the appropriate library to the system library list: 1. On a command line, type WRKSYSVAL SYSVAL(QSYSLIBL). The Work with System Values display appears. 2. Type option 2 next to the QSYSLIBL system value and press Enter. The Change System Value display appears. 3. Add the appropriate library and Press Enter.
26
Using best practices to set up a library list
Setting up the user portion of the library list Table 8 lists which libraries must be added to the user portion of the library list, and which libraries must not be added to the user portion of the library list. Table 8.
Setting up the user portion of the library list
Library
Add to user portion
QSHELL
X
QTEMP
X
Do not add to user portion
Notes 2
LAKEVIEW
X
1
MIMIXQGPL
X
1
1. For these libraries, the best practice is to add the library to the job’s library list as needed. Alternatively, you can qualify the command name with the library name when calling a command from within the library. 2. Needed for iTERA Availability™ only.
27
Displaying a product’s install history and installed fixes
Displaying a product’s install history and installed fixes Do the following to determine the level of an installed product and identify any installed fixes: 1. From the License Manager Main Menu, select option 2 (Work with Products) and press Enter. See “Accessing the License Manager Main Menu” on page 57. 2. From the Vision Solutions Installed Products display, type a 13 (Display history) next to the product and library that you want and press Enter. 3. The Display Product History display appears with a list of updates made to the product in the library. The updates listed identify when product updates were performed. 4. To check for when any fixes were installed, press F9 (Fixes). 5. The Work with Installed Fixes display appears with a list of fixes that have been applied to the product in the library indicated. •
To see when the fix was installed, press F11 (Date/Time).
•
To see a description of a fix, type a 5 (Display Description) next to the fix you want and press Enter.
28
Working with Vision Solutions product commands
Working with Vision Solutions product commands Several procedures in this document instruct you to use commands provided by a Vision Solutions product. You must either library-qualify each product command or add the library to a library list from which all product commands will run in a given session. Library-qualifying a command - If you know the name of the installation library for the product you want, you can use the name to library-qualify each command, as follows: Type the command library-name/product-command and press Enter. Adding a library to the library list - If you do not know the name of the product installation library or would like to run multiple commands from a specific library in one session, do the following: 1. Type the command LAKEVIEW/WRKPRD and press Enter. 2. Type a 9 (Display product menu) next to the product in the library you want on the Vision Solutions Installed Products display and press Enter. 3. Until the session is ended or you exit from the product’s main menu, you can run any product command for that installation without library-qualifying it first.
29
CHAPTER 3
Install process checklists
This chapter provides checklists that guide you through the steps for different types of software installs using the 5250 emulator. Product’s Installation Wizard recommended: These checklists and the installation procedures in this book (Using License Manager) are considered secondary path procedures. It is strongly recommended that you use the product’s Installation Wizard to install products. License Manager uses the same installation process for new installs, upgrades, and service packs. The naming convention reflects these in its V, U, and SP portions. During the installation process, all products in an installation library are refreshed. Cumulative and restricted fixes provide changes to correct a specific problem and are released on an as-needed basis only. They do not refresh the entire product, and are reflected by the FX(R) portion of the naming convention. For related information, see “Understanding product naming conventions” on page 15. The checklists included are: •
“Checklist: new product installs” on page 31 will guide you through the steps of installing a new installation of a product.
•
“Checklist: upgrading products” on page 33 will guide you through the steps to upgrade an existing product installation.
•
“Checklist: fix installs” on page 35 will guide you through the steps of installing fixes for an existing product installation.
30
Checklist: new product installs
Checklist: new product installs If you cannot use the product’s Installation Wizard, use this checklist to install a product (MIMIX or iOptimize) into a library on a system for the first time using command line processes. Note: Do not use this checklist for iTERA. New installations of iTERA are always installed and configured by Vision Solutions Services personnel or business partners. To perform a new install of a product, do the following on all participating systems: (iOptimize is installed on a single system.) 1. To check the check the contents of the system library list, type the command DSPSYSVAL SYSVAL(QSYSLIBL) and press Enter. Verify that the IBM-supplied library QSYS2 is in the system library list. If necessary, add the appropriate library to the system library list using “Using best practices to set up a library list” on page 26. 2. Download the Readme documentation associated with the software level you are installing from Support Central. Check the readme for any special “Before Installing” instructions and perform any that are necessary for your environment. 3. If any Vision Solutions products that require License Manager already exist on a system where you plan to install the new product, those products must be ended. See one of the following: •
“Prepare your environment by ending MIMIX products” on page 37
•
“Prepare your environment by ending iOptimize” on page 38
If the software installation process finds a lower level of License Manager on a system than what is on the installation media, it will automatically upgrade License Manager before installing the new product. For that reason, the products need to be ended. Vision Solutions recommends synchronizing Vision Solutions System i product upgrades based on the schedule for your high availability or disaster recovery product. 4. Install a product from streamfile (STMF) or CD using the instructions in “Installing products” on page 40. 5. Check the Readme documentation for any special “After Installing” instructions and perform any that are required for your environment. 6. If you received cumulative or restricted fixes, install them using the instructions in “Installing fixes” on page 45. 7. After you have installed the products, sign off the system. 8. Sign back on to the system. 9. Do the following to secure your MIMIX environment: a. To protect the system from misuse, turn on product-level security for product which support it. Use the procedure “Changing product-level security” on page 86.
31
Checklist: new product installs
b. Control access to products through the use of authorization levels for user profiles. Grant authority to user profiles as necessary using the procedure “Changing product authority” on page 88. 10. Configure, then start the product. •
For MIMIX products, use the appropriate new configuration checklist for the environment you want to configure in the MIMIX Administrator Reference book. The new configuration checklist will direct you when and how to start replication for the first time.
•
For iOptimize, use the iOptimize Portal Application User Guide and the iOptimize User Guide.
11. For products that provide portal applications for Vision Solutions Portal (VSP), use “Setting up Vision Solutions Portal” on page 53.
32
Checklist: upgrading products
Checklist: upgrading products If you cannot use the product’s Installation Wizard, use this checklist to upgrade products on a system. This checklist is valid for version, update, and service pack (SP) upgrades. Note: If you need to upgrade iTERA from version 6.0 to 6.1, use the iTERA Availability 6.1 Upgrade Guide. iTERA customers should use this checklist only after version 6.1 has been installed. To upgrade a product, do the following on all participating systems: Note: iOptimize is installed and used on a single system. 1. To check the contents of the system library list, type the command DSPSYSVAL SYSVAL(QSYSLIBL) and press Enter. Verify that the IBM-supplied library QSYS2 is in the system library list. If necessary, add the appropriate library to the system library list using “Using best practices to set up a library list” on page 26. 2. Download the Readme documentation associated with the software level you are installing from Support Central. Check the readme for any special “Before Installing” instructions and perform any that are necessary for your environment. 3. Prepare for the upgrade by ending products. The instance of the product you are upgrading, additional instances of the product, and any other Vision Solutions products which require License Manager that exist on the same systems must be ended. Whenever the level of License Manager on a system is lower than the level that is on the installation media, the product upgrade process will automatically upgrade License Manager. Products cannot be active when that occurs. Vision Solutions recommends synchronizing Vision Solutions System i product upgrades based on the schedule for your high availability or disaster recovery product. •
For MIMIX products, use “Prepare your environment by ending MIMIX products” on page 37.
•
For iTERA, use “Prepare your environment by ending iTERA” on page 39.
•
For iOptimize, use “Prepare your environment by ending iOptimize” on page 38.
4. Install the product on a system using the instructions in “Installing products” on page 40. 5. Check the Readme documentation for any special “After Installing” instructions and perform any that are required for your environment. 6. If you received cumulative or restricted fixes, install them using the instructions in “Installing fixes” on page 45. 7. After you have updated all the installations you want, sign off the system. 8. Sign back on to the system. 9. Start up your environment again.
33
Checklist: upgrading products
•
For MIMIX products, use “Bring up your MIMIX environment by starting products” on page 47.
•
For iTERA, use “Bring up your iTERA environment by starting products” on page 52.
•
For iOptimize, use “Bring up your iOptimize environment by starting product” on page 49.
34
Checklist: fix installs
Checklist: fix installs If you cannot use the product’s Installation Wizard, follow this checklist to apply fixes to your installed Vision Solutions products. Cumulative and restricted fixes are provided on an as-needed basis. A cumulative fix is also integrated into the next service pack (SP) for that product. License Manager provides the interface for working with fixes for all products that it supports. Use the procedures in this section to install cumulative fixes and restricted fixes. Also refer to “Understanding product naming conventions” on page 15. To install a fix, do the following on all participating systems: 1. Download the Readme documentation associated with the software level you are installing from Support Central. Check the readme for any special “Before Installing” instructions and perform any that are necessary for your environment. 2. End the product. If the fix being installed is for License Manager, end all Vision Solutions products which require License Manager that are on the same systems. •
For MIMIX products, use “Prepare your environment by ending MIMIX products” on page 37.
•
For iTERA, use “Prepare your environment by ending iTERA” on page 39.
•
For iOptimize, use “Prepare your environment by ending iOptimize” on page 38.
3. Install the fix using “Installing fixes” on page 45. 4. Check the Readme documentation for any special “After Installing” instructions and perform any that are required for your environment. 5. After you have installed the fix, sign off the system. 6. Sign back on to the system. 7. Start up your environment again. •
For MIMIX products, use “Bring up your MIMIX environment by starting products” on page 47.
•
For iTERA, use “Bring up your iTERA environment by starting products” on page 52.
•
For iOptimize, use “Bring up your iOptimize environment by starting product” on page 49.
35
CHAPTER 4
Supporting procedures
This chapter contains the procedures referenced by steps in the checklists for new installs, upgrades, and fix installs. Use these topics as directed by the checklist appropriate for your install type. This chapter also includes additional topics associated with adding or removing software. The following topics are included: •
“Prepare your environment by ending MIMIX products” on page 37 describes how to end products before installing the MIMIX software.
•
“Prepare your environment by ending iTERA” on page 39 describes how to end products before installing the iTERA software.
•
“Prepare your environment by ending iOptimize” on page 38 describes how to end products before installing the iOptimize software.
•
“Installing products” on page 40 describes how to install software using the 5250 emulator process. This process is used when installing or upgrading a version, update, or service pack.
•
“Installing fixes” on page 45 describes how to install cumulative or restricted fixes using the 5250 emulator process.
•
“Bring up your MIMIX environment by starting products” on page 47 describes what to do to get MIMIX running again following a software install.
•
“Bring up your iTERA environment by starting products” on page 52 describes what to do to get iTERA running again following a software install.
•
“Bring up your iOptimize environment by starting product” on page 49 describes what to do to get iOptimize running again following a software install.
•
“Updating and starting Vision Solutions Portal on IBM i” on page 47 describes how to make the portal application available to the VSP server and start the server.
•
“Setting up Vision Solutions Portal” on page 53 is for users who have installed their product via 5250 processes and describes how to install the VSP server on IBM i or Windows platforms and make the product's portal application available to the VSP server.
•
“Accessing the License Manager Main Menu” on page 57 identifies how to access functions provided by License Manager.
•
“Updating the installed products file” on page 59 describes how to correct the installed products file when directed to by a CustomerCare representative.
•
“Removing an installed product” on page 60 describes how to remove an installation of a MIMIX product.
36
Prepare your environment by ending MIMIX products
Prepare your environment by ending MIMIX products This procedure ends products for a MIMIX installation and is required before upgrading or installing in an environment that currently has products installed. This procedure is valid whether you are installing from the MIMIX Installation Wizard or 5250 emulator. Use this procedure when you are instructed to by procedures in this book or when the MIMIX Installation Wizard prompts you to end MIMIX. Note: If there are multiple installations of MIMIX or other Vision Solutions products which require License Manager that are installed on the same systems, those installations and products must also be ended before installing. When the level of License Manager on a system is lower than the level that is on the installation media of the product being installed or upgraded, the installation process will automatically upgrade License Manager before installing or upgrading the product. Do the following to prepare your environment for the install: 1. Use the following command on the management system to end replication processes, audits, and supporting processes for the MIMIX installation: installation-library/ENDMMX ENDOPT(*CNTRLD)
Note: Based upon your environment and the parameters you specified, it may take some time for the ENDMMX command to complete. For optimal availability, do not end the remote journal links as part of ending MIMIX. 2. Repeat Step 1 for each additional MIMIX installation. 3. If you are not using MIMIX to schedule audits, ensure that your scheduling mechanism does not start audits during the installation process. 4. If you are using Vision Solutions Portal (VSP), end the VSP server on the system where it runs. This prevents object locking issues that can interfere with the install process when subscriptions are used or when VSP users are logged in. •
If the VSP server runs on an IBM i platform, use the command: VSI001LIB/ENDVSISVR
•
If the VSP server runs on a Windows platform, from the Windows Start menu, select All Programs > Vision Solutions Portal > Stop Server and click Stop Server.
5. Ensure that all MIMIX jobs are ended before performing this step. Use the following command on all systems to end the MIMIX subsystem: ENDSBS SBS(MIMIXSBS) OPTION(*IMMED)
37
Prepare your environment by ending iOptimize
Prepare your environment by ending iOptimize This procedure ends an iOptimize installation (and related products) and is required before upgrading an environment that currently has version 7.1.01 up through 7.1.05 installed. Use this procedure when you are instructed to by procedures in this book or when the Installation Wizard prompts you to end iOptimize. This procedure is valid whether you are installing from the product’s Installation Wizard or 5250 emulator. Note: If there are other Vision Solutions products which require License Manager that are installed on the same system, those installations and products must also be ended before installing. When the level of License Manager on a system is lower than the level that is on the installation media of the product being installed or upgraded, the installation process will automatically upgrade License Manager before installing or upgrading the product. 1. End iOptimize: installation-library/ENDID *ALL
2. Verify that all iOptimize jobs are ended. 3. If you are using Vision Solutions Portal (VSP), end the VSP server on the system where it runs. This prevents object locking issues that can interfere with the install process when subscriptions are used or when VSP users are logged in. •
If the VSP server runs on an IBM i platform, use the following command: VSI001LIB/ENDVSISVR
•
If the VSP server runs on a Windows platform, from the Windows Start menu, select All Programs > Vision Solutions Portal > Stop Server and click Stop Server.
4. Verify that VSP jobs are ended. 5. Check for and reply to any inquiry messages sent to the system operator that contain the following message: 'Error message CPF4101 appeared during OPEN for file IDENTM6 (C S D F)'. Specify C to cancel the message. 6. Your environment may have installations of both iOptimize 7.1 and MIMIX Director 8.1 on different systems. Both installations versions can be managed through the iOptimize 7.1 portal application. Remove the MIMIX Director portal application from VSP: VSI001LIB/RMVVSIAPP APP(DIRECTOR)
38
Prepare your environment by ending iTERA
Prepare your environment by ending iTERA This procedure ends an iTERA installation (and related products) and is required before upgrading an environment that currently has version 6.1 installed. Use this procedure when you are instructed to by procedures in this book or when the Installation Wizard prompts you to end iTERA. This procedure is valid whether you are installing from the product’s Installation Wizard or a 5250 emulator. Note: If there are multiple installations of iTERA or other Vision Solutions products which require License Manager that are installed on the same systems, those installations and products must also be ended before installing. When the level of License Manager on a system is lower than the level that is on the installation media of the product being installed or upgraded, the installation process will automatically upgrade License Manager before installing or upgrading the product. Do the following to prepare your environment for the upgrade: 1. Use the following command to end the iTERA subsystems on all nodes of the installation you are upgrading: E2ENDSBS SYSTEM(*ALL)
2. If you have multiple product installations (CRGs), end operations on all installations before installing. Repeat Step 1 for each additional product installation on the same nodes. 3. If you are not using iTERA to schedule audits, ensure that your scheduling mechanism does not start audits during the installation process.
39
Installing products
Installing products If you cannot use a product’s Installation Wizard, use these procedures to install products from a streamfile (STMF) or CD using the 5250 emulator. These steps are valid for new installs or upgrades. Use these steps when directed from the appropriate checklist. Starting the install process: Use Step 1 though Step 8 for all new installs and any upgrade (Version, Update, or SP). You only need to perform these steps once per install per system. Do the following: 1. Sign on to the system using the QSECOFR user profile or a user profile that has security officer classification and all special authorities. The end of the installation process automatically generates a job log. By signing on just before starting the installation, you limit the job log to only the installation process. 2. Load the installation media. Do one of the following: •
If installing from streamfile (STMF), skip to Step 4.
•
If installing from CD, continue with Step 3.
3. Load the CD into the system’s optical device. Using the name of the device from which you are installing for device-name, type the command LODRUN DEV(device-name) and press Enter to install it on your system. Then skip to Step 8. 4. Download the STMF for the software you will be installing. 5. Do one of the following to install from the STMF using the INSPRD command: •
If License Manager exists on the system, type LAKEVIEW/INSPRD and press Enter. If the LAKEVIEW/INSPRD command does not exist, use the LAKEVIEW/INSMMX command.
•
If License Manager is not installed on the system, follow the instructions in “Obtaining the INSPRD command when License Manager is not installed” on page 43. You will be directed when to return to this procedure.
6. The Install Vision Product display appears. At the Stream file prompt, specify the name of the STMF you downloaded in Step 4. 7. At the Installation library prompt, do one of the following: •
Accept the default value, *SELECT, and press Enter. (Most users will need this choice.) Then continue with Step 8.
•
Specify a library name and press Enter. No additional steps are required. When processing ends, a message is returned indicating success or failure. For more information about this prompt and when other values are allowed, see “INSPRD restrictions for specifying the installation library (INSTLIB)” on page 43.
Installing the product: Use Step 8 through Step 14 to install a product on a system. 8. The Vision Solutions Common Install display appears with a list of products displayed. Do one of the following:
40
Installing products
•
To install a new installation of a product, type 1 (Install/upgrade) next to the *NEW line for the product and press Enter.
•
To upgrade an existing product, type 1 (Install/upgrade) next to the existing product installation you want and press Enter. Note: When upgrading, only one product within an installation library should be selected for the upgrade. Selecting that product upgrades all products in the installation library.
•
To install or upgrade only License Manager, type 1 (Install/upgrade) next to License Manager and press Enter. Note: You only need to select License Manager when it is the only software you want to install or upgrade. When products are installed or upgraded, License Manager is also installed or upgraded as needed. You do not have to enter a license key when installing only License Manager.
9. If the Vision Solutions License Agreement appears, it is recommended that you read through all pages. Press F16 to accept the agreement. Note: If you decline the agreement (F12), a cancellation message is displayed and you are returned to the Vision Solutions Common Install display. 10. If the License Key Failure display appears, follow the procedures in “Obtaining license keys when using 5250 emulator to install” on page 67 to get a License Key Package (LKP). Notes: •
If the LKP contains valid license keys for the product you are installing, the install process continues. If the license keys are not valid, the install process is cancelled.
•
If you do not have valid license keys for the product version being installed and are performing a new install, the New Install without License Keys display appears. Follow the options provided. Although you can obtain license keys before continuing the install or afterwards, a valid license key is required before attempting to use any product in the library.
11. The Install Lakeview Product (INSLKVPRD) display appears. Do the following: a. Confirm the value of the Product prompt. Note: If you selected a new or existing product in Step 8 but the value *LICMGR appears, License Manager will be installed or upgraded first because either the installation process determined it was required or you also selected License Manager. Verify that the values of the prompts on this display are appropriate for License Manager. Pressing Enter will start the install. At the appropriate time, this display will appear again and then you can specify values for the MIMIX product. b. At the Installation library prompt, verify that the value is set correctly. For more information, see “Default installation library names” on page 14. c. At the Keep current configuration data prompt, accept the default value *YES. Otherwise, specify the value you want.
41
Installing products
d. The value *CRTDFT appears in the Auxiliary storage pool ID prompt. This value uses the command default from the system command Create Library (CRTLIB) to specify the auxiliary storage pool (ASP) from which the system allocates storage for the library. If you need to use a different user ASP, specify the value you want. Note: License and Availability Manager must be installed in ASP1. e. To start the installation process, press Enter. 12. The system checks to see if there are locks on any objects. If locks are found, you will see message LVE1005 “Product installation is in use.” To determine which objects have locks, refer to message LVE1019 in the job log. 13. Depending on your choice for Step 8, you may see one of the following additional displays. •
If you selected to install multiple products, the Vision Solutions License Agreement for the next product is displayed. Return to Step 9.
•
If you selected a product but License Manager was installed as a prerequisite and the product license keys are not present, you will see the License Key Failure display. Return to Step 10 to obtain the keys and continue with the install.
•
If you selected a product but License Manager was installed as a prerequisite and the product license keys are present, you will see the Install Lakeview Product (INSLKVPRD) display. Return to Step 11 to specify the information for the product.
14. When all of the selected products have been installed, the Vision Solutions Common Install display appears and completion message LMC0002 appears at the bottom of the display. For the installed or upgraded installation library, you will see one line on the display for each installed product with valid license keys. If valid license keys are not present, you will see only one line for MIMIX until valid license keys are installed.
42
Obtaining the INSPRD command when License Manager is not installed When using 5250 emulator processes for a new install of a Vision Solutions product when License Manager is not installed on the system, you must obtain the INSPRD command using the INSPRD STMF. 1. If you have not done so already, download the INSPRD STMF from Support Central and transfer it to your system. 2. From a command line, type the IBM command CPYFRMSTMF and press F4 (Prompt). 3. At the From stream file prompt, enter the name of the stream file you transferred in Step 1. 4. At the To file member or save file prompt, enter the following and press Enter: /QSYS.LIB/QTEMP.LIB/SAVF.FILE
Note: This step converts the stream file to the QTEMP/SAVF save file. 5. Type the IBM command RSTOBJ and press F4 (Prompt). 6. At the Objects prompt, specify *ALL. 7. At the Saved library prompt, specify QTEMP. 8. At the Device prompt, specify *SAVF. 9. At the Save file prompt, specify SAVF in library QTEMP. 10. At the Restore to library prompt, specify QTEMP as the name of the library into which the objects should be restored and press Enter. This step restores all the objects from the save file. 11. Type QTEMP/INSPRD and press Enter. Continue with Step 6 in “Installing products” on page 40.
INSPRD restrictions for specifying the installation library (INSTLIB) The Install Vision Product (INSPRD) command allows you to start the installation process for Vision Solutions software. When using this command, be aware of the following restrictions and conditions, which apply to the Installation Library (INSTLIB) prompt: •
Specifying the default, *SELECT, allows you to display the list of product libraries from which to select on the INSPRD command. You must choose this option if any of the following conditions apply: – You are adding a new product to a library (new installation). – You are upgrading to a higher Version number (V) or a higher Update level (U). – You do not want to retain configuration data during the install. In this case, you must also specify KEEPCFG(*NO) for Step 11c in “Installing products” on page 40. – You are installing a lower Service pack (SP) on an existing installation.
•
Specifying a name for the installation library allows you to install the product
43
update into the specified library without additional user intervention. This option is valid only when the following conditions apply: – You are installing the same level or a higher level of a product. – You do not have any license key issues that would prevent the install. – It is acceptable to refresh all products within the installation library.
44
Installing fixes
Installing fixes You can choose specific fixes to install or you can install all fixes from the media to the product library you specify. You must repeat this procedure for each system in the installation in which you need to apply the fix. Note: Before performing this procedure, complete the steps in “Checklist: fix installs” on page 35. Do the following to install a cumulative or restricted fix: 1. Sign off the system to ensure that library QTEMP is appropriately cleared and that the installation library does not exist in the library list of the job prior to running the command in Step 4. 2. Sign on the system using the QSECOFR user profile or a user profile that has the same security officer classification and all special authorities. 3. Load the installation media. Do one of the following: •
If installing from stream file (STMF), skip to Step 5.
•
If installing from CD, continue with Step 4.
4. Load the CD into the system’s optical device. Using the name of the device from which you are installing for device-name, type the command LAKEVIEW/INSPRD STMF(‘/QOPT/VISION/VISION.STM’)and press Enter. Skip to Step 9. 5. Download and transfer the STMF to your system. 6. Type LAKEVIEW/INSPRD and press Enter. 7. The Install Vision Product display appears. At the Stream file prompt, specify the name of the STMF you downloaded in Step 5. 8. At the Installation library prompt, specify whether or not to display a list of libraries containing products from which you can select to install the product update. See the information provided in “INSPRD restrictions for specifying the installation library (INSTLIB)” on page 43. Do one of the following: •
Specify a library name and press Enter. In this case, no additional steps are required. A message is returned indicating success or failure.
•
Specify the default, *SELECT and press Enter. Continue with Step 9.
9. The Vision Solutions Common Install display appears with a list of products displayed. 10. You should repeat the following steps for every product in the installation library for which the value FIXES appears in the Version on Media column. a. To select a product that has available fixes, type a 1 in the Opt column next to the product and library and press Enter. b. The Vision Solutions Fix Installation display appears with a list of the fixes available on the media. Type a 1 in the Opt column next to the fixes that you want to apply.
45
Installing fixes
• If the media contains a fix that is already installed, the value *YES appears in the Installed column. If the fix is not superseded by another fix, you can install the fix again. • If the value *SUP appears in the Installed column, a fix is installed and has been superseded by another installed fix. You cannot reinstall a superseded fix. c. Press Enter. The items you selected are applied to all products in the library you selected. 11. After you have updated all desired installations with the fix, sign off the system. 12. Sign back on to the system.
46
Bring up your MIMIX environment by starting products
Bring up your MIMIX environment by starting products Perform the following procedure after you have successfully installed MIMIX on all systems. This procedure is valid whether you are installing from the MIMIX Installation Wizard or 5250 emulator. Do the following to bring up your environment after the install: 1. Do the following to secure your environment: a. To protect the system from misuse, turn on product-level security. Use the procedure “Changing product-level security” on page 86. b. Control access to products through the use of authorization levels for user profiles. Grant authority to user profiles as necessary using the procedure “Changing product authority” on page 88. 2. Use the following command to start the MIMIX subsystem on all systems: STRSBS SBSD(MIMIXQGPL/MIMIXSBS)
3. Ensure that your communications servers are started on all systems. Use the WRKACTJOB SBS(MIMIXSBS) to confirm that ports have been started by any autostart jobs. If necessary, start the servers. For example, use the following command for TCP: installation-library/STRSVR HOST(system) PORT(nnnn)
4. On each installation, use the following command on the management system to start all system managers, journal managers, collector services, application groups, and data groups: installation-library/STRMMX
5. Repeat Step 3 and Step 4 for each additional MIMIX installation. 6. As needed, make any known configuration changes on any installation that was upgraded. 7. Check MIMIX status using the information provided in the Using MIMIX book. 8. For Vision Solutions Portal, do one of the following: •
If you use Vision Solutions Portal from a supported Windows® platform, use “Installing or upgrading VSP server and portal application - Windows” on page 55 to install the latest portal application.
•
If you use Vision Solutions Portal from an IBM i platform, use “Updating and starting Vision Solutions Portal on IBM i” on page 47.
•
If Vision Solutions Portal is not installed on the IBM i system where you want it to run, install it and complete its setup using the procedures in “Setting up Vision Solutions Portal” on page 53
Updating and starting Vision Solutions Portal on IBM i The procedures in this book for upgrading Vision Solutions products use commands that run in a 5250 emulator. The command-based procedures restore the latest portal
47
Updating and starting Vision Solutions Portal on IBM i
application but do not automatically make it available for use and do not upgrade Vision Solutions Portal. If you upgraded a product that provides a portal application for Vision Solutions Portal, do the following: 1. Do one of the following: •
To make the latest portal application for the product known to the VSP server and available for use. use the command: VSI001LIB/ADDVSIAPP
If the command fails with message VSE100A, you must upgrade the VSP server to a compatible level before you can use the latest portal application. For instructions, see “Setting up Vision Solutions Portal” on page 53. •
To continue using the version of the portal application that existed before you upgraded the product, continue with Step 2. You may not be able to access the latest features for product.
2. Start the server using the command: VSI001LIB/STRVSISVR
3. To access the VSP server in a browser, specify the IP address or host name where the VSP server is installed and the configured port in the following URL. The default port is 8410. http://server:port
If the VSP server has been changed to use SSL, specify: https://server:port
Note: When connecting with HTTPS, if your browser warns you of an untrusted certificate, choose the option that allows you to continue. 4. Log in using your IBM i user ID and password.
48
Bring up your iOptimize environment by starting product
Bring up your iOptimize environment by starting product User Authorities Prior to starting iOptimize, ensure that you have a user profile set up on the system on which you require access. Note: Upon installation, the profile that installed the product is the only way to set up authority for a system administrator or other users. Full security authorization is only given to the user profile that installed the product, therefore user authority for other system administrators or users must be set up using this profile. If desired, define another user as a system administrator who can set up all user access and authorities. After the iOptimize subsystem is started, authorization for the system administrator or other users can be set via the Authorized Users portlet on the Administration tab in Vision Solutions Portal. If a user attempts to access a portlet for which they are not authorized, a message is displayed indicating the authorization issue. See the iOptimize Portal Application User Guide for instructions on configuring users through the Authorized Users portlet.
Instructions The following steps must be performed after successfully installing on all systems: 1. Before starting iOptimize, review the cross-reference information in the iOptimize Portal Application User Guide. Many iOptimize inquiries depend on the completion of the initial cross-reference which may take several hours depending on the system setup. Note: It is recommended to start iOptimize for the first time during a period when general activity is low. Also, further configuration to improve performance or streamline operations can be done after the initial cross-reference completes. The following system values are set by iOptimize:
System Value
Value
Description
QAUDCTL
*NOQTEMP
Suggested, but not required
QAUDCTL
*OBJAUD
Required for real-time cross-reference
QAUDCTL
*AUDLVL
Required for real-time cross-reference
QAUDLVL
*CREATE
Required for real-time cross-reference
QAUDLVL
*DELETE
Required for real-time cross-reference
QAUDLVL
*SECCFG
Required for real-time cross-reference (profiles)
QAUDLVL
*SECRUN
Required for real-time cross-reference (profiles)
QAUDLVL
*SECVLDL
Required for real-time cross-reference (profiles)
49
Updating and starting Vision Solutions Portal on IBM i
QAUDLVL
*OBJMGT
Required for real-time cross-reference
QAUDLVL
*SAVRST
Required for real-time cross-reference
QAUDLVL
*SPLFDTA
Required for real-time spool file cross-reference
Note: Cross-reference activity will change an object's auditing value from *NONE to *CHANGE for all objects on the system except for files and the following object types: *DTAARA, *DTAQ, *FILE, and *USRSPC (the cross-reference will leave their values at *NONE). However, if the object audit value was set to *CHANGE or *ALL prior to running the cross-reference, that object auditing value remains for all object types. The value of *CHANGE (or *ALL) is subsequently used by the real-time cross-reference to pick up object changes. (See the iOptimize User Guide for information on the cross-reference capability.) 2. Use the following command to start the iOptimize subsystem on all systems: installation-library/STRID *ALL
3. For Vision Solutions Portal, do one of the following: •
If you use Vision Solutions Portal from a supported Windows® platform, use “Installing or upgrading VSP server and portal application - Windows” on page 55 to install the latest portal application.
•
If you use Vision Solutions Portal from an IBM i platform, use “Updating and starting Vision Solutions Portal on IBM i” on page 50.
•
If Vision Solutions Portal is not installed on the IBM i system where you want it to run, install it and complete its setup using the procedures in “Setting up Vision Solutions Portal” on page 53
Updating and starting Vision Solutions Portal on IBM i The procedures in this book for upgrading Vision Solutions products use commands that run in a 5250 emulator. The command-based procedures restore the latest portal application but do not automatically make it available for use and do not upgrade Vision Solutions Portal. If you upgraded a product that provides a portal application for Vision Solutions Portal, do the following: 1. Do one of the following: •
To make the latest portal application for the product known to the VSP server and available for use. use the command: VSI001LIB/ADDVSIAPP
If the command fails with message VSE100A, you must upgrade the VSP server to a compatible level before you can use the latest portal application. For instructions, see “Setting up Vision Solutions Portal” on page 53.
50
Updating and starting Vision Solutions Portal on IBM i
•
To continue using the version of the portal application that existed before you upgraded the product, continue with Step 2. You may not be able to access the latest features for product.
2. Start the server using the command: VSI001LIB/STRVSISVR
3. To access the VSP server in a browser, specify the IP address or host name where the VSP server is installed and the configured port in the following URL. The default port is 8410. http://server:port
If the VSP server has been changed to use SSL, specify: https://server:port
Note: When connecting with HTTPS, if your browser warns you of an untrusted certificate, choose the option that allows you to continue. 4. Log in using your IBM i user ID and password.
51
Bring up your iTERA environment by starting products
Bring up your iTERA environment by starting products Perform the following procedure after you have successfully installed products on all systems. This procedure is valid whether you are installing from the Installation Wizard or 5250 emulator. Do the following to bring up your environment after the install: 1. Use the following command to start the iTERA subsystem on all systems: E2STRSBS SYSTEM(*ALL)
2. As needed, make any known configuration changes to any installation that was upgraded.
52
Setting up Vision Solutions Portal
Setting up Vision Solutions Portal The Vision Solutions Portal (VSP) server enables the use of enhanced web-based user interfaces to Vision Solutions products that provide portal applications (MIMIX Availability, MIMIX DR, and iOptimize). When 5250 emulator install processes in this book are used to install a new Vision Solutions product on an IBM i platform, the VSP server is not installed even though the portal application has been restored on the system. Do the following. 1. The VSP server can be installed on several server platforms. Choose the platform where Vision Solutions Portal will run and use one of the following to install VSP: •
To install the VSP server on an IBM i platform, use either “Installing or upgrading VSP server using a product installation wizard - IBM i” on page 53 or “Installing or upgrading VSP server from a stream file - IBM i” on page 54.
•
To install the VSP server on a supported Windows® platform, use “Installing or upgrading VSP server and portal application - Windows” on page 55.
2. Complete the setup of the VSP environment using “Completing the VSP setup for a new installation” on page 56. Note: You can install the server on any IBM i node in your network that can communicate with the node or nodes where the product which provides a portal application is installed. Installing the server on a second node is recommended for high availability. Also, you can install the VSP server and portal applications on a system where the base product is not installed. See the Vision Solutions Portal (VSP) User’s Guide book for information about which products provide portal applications, VSP runtime requirements for each supported server platform, the location of installed software on each server platform, and additional details for setting up VSP.
Installing or upgrading VSP server using a product installation wizard IBM i Regardless of the installation method you used to install a Vision Solutions product, that product’s installation wizard is the preferred way to install Vision Solutions Portal. The wizard supports an option to install or upgrade the portal application, which will also install or upgrade the VSP server as needed to the software level needed to support the portal application. Do the following: 1. Download the product’s Installation Wizard from Support Central. 2. Run the wizard, selecting the “portal application only” choice from its Select Product panel. When prompted, accept defaults to automatically start Vision Solutions Portal after the install process completes. (If you do not allow this, you will need to manually make portal applications known to the server and start the server.) 3. Do one of the following to access the VSP server in a browser.
53
Setting up Vision Solutions Portal
•
If you installed VSP using the product installation wizard and the wizard is still open, you can click the link on the Summary panel to open a browser window.
•
If the wizard is no longer open, specify the IP address or host name where the VSP server is installed and the configured port in the following URL. The default port is 8410. http://server:port
If the VSP server has been changed to use SSL, use the following URL. If your browser warns you of an untrusted certificate, choose the option that allows you to continue. https://server:port
4. Log in using your IBM i user ID and password. After you have logged in, the portal opens to the Home page. 5. If this is the first time Vision Solutions Portal has been installed on the node, complete the setup using “Completing the VSP setup for a new installation” on page 56.
Installing or upgrading VSP server from a stream file - IBM i The preferred method of installing Vision Solutions Portal is to use the product’s installation wizard. However, if you must use the native install process to install or upgrade a product, after the install process completes, you can use this procedure to install or upgrade Vision Solutions Portal from a separate VSP stream file. This installation process does not install any portal applications. Note: This process is supported for MIMIX (7.1.09.00 or higher) and iOptimize (7.1.15.00 or higher) environments and requires that License Manager is already installed. After the install or upgrade of the product completes, do the following: 1. Download the latest VSP stream file from the product’s download page on Support Central. 2. From a command line, type VSI001LIB/INSVSISVR and press F4 (Prompt). The Install Vision Sol. Server (INSVSISVR) display appears. 3. At the Stream file prompt, specify the name of the downloaded VSP stream file. Names are case-sensitive and are specified with forward slashes (/). 4. For the remaining prompts, most users can accept default values that will end the VSP server before installing, start the VSP server when the install completes, and deploy the latest version of all available portal applications on the system. Optionally, you can specify different values: a. Reinstall VSP - If you want to end the install request if the currently installed version is the same as the version in the stream file, specify *NO. b. End VSP server, if active - If you want to end the install request if the VSP server is active, specify *NO. c. Start VSP server after install - If you want to prevent VSP from starting after the install completes, specify *NO.
54
Setting up Vision Solutions Portal
d. Deploy latest portal application - If you want to prevent deploying the latest versions of portal applications, specify *NONE. Any currently available portal applications will remain available at their present software levels after the install completes. 5. Press Enter. 6. If you specified *NO for Start VSP server after install, you must manually start the server after the install process completes using the STRVSISVR command. 7. To access the VSP server in a browser, specify the IP address or host name where the VSP server is installed and the configured port in the following URL. The default port is 8410. http://server:port
If the VSP server has been changed to use SSL, use the following URL. If your browser warns you of an untrusted certificate, choose the option that allows you to continue. https://server:port
8. Log in using your IBM i user ID and password. After you have logged in, the portal opens to the Home page. 9. If this is the first time Vision Solutions Portal has been installed on the node, complete the setup using “Completing the VSP setup for a new installation” on page 56.
Installing or upgrading VSP server and portal application - Windows The command-based procedures documented in this book for installing Vision Solutions products do not automatically install the product’s portal application or Vision Solutions Portal on any Windows platform. If you choose to run Vision Solutions Portal on a supported Windows server, after you install the product, you must take additional action to install or update the portal application and the VSP server on the Windows server. Do the following: 1. Download the Vision Solutions Portal & Portal Application Installation Wizard for Windows from the product’s download page on Support Central. 2. Ensure that your client workstation meets the minimum requirements for using this wizard. The user who runs this wizard must have administrator privileges for the system on which it is run. For a complete list of wizard requirements and details about where the software is installed, see the More info link in the wizard’s Welcome panel, or on the download page in Support Central. 3. Run the wizard. 4. If you did not use default options in the wizard to automatically start the VSP server, start it now. From the Windows Start menu, select All Programs > Vision Solutions Portal > Start Server and click Start Server. 5. Open a browser window to VSP. From the Windows Start menu, select All Programs > Vision Solutions Portal > Vision Solutions Portal and click Vision Solutions Portal
55
Setting up Vision Solutions Portal
6. Log in to VSP using your Windows user ID and password. 7. If this is the first time Vision Solutions Portal has been installed on the Windows server, complete the setup using “Completing the VSP setup for a new installation” on page 56.
Completing the VSP setup for a new installation Use this procedure to complete the VSP setup on a new installation. 1. A default portal connection exists for the node on which you logged in. If you are hosting the VSP portal server on a different node than where your Vision Solutions product is installed, or if you want redundancy for your instance, do the following to configure additional portal connections: a. From the Portal Connections portlet, select Add. b. The Add Portal Connection dialog opens. Specify a name for the node used for this portal connection, the Host name or IP address of the node, the user ID to use to connect to the node, password preferences, and a description of the connection. Then click OK. 2. Configure an instance of your Vision Solutions product. From the Instances portlet, select Add. The wizard will prompt you to identify a portal connection, the product library that you want to manage, and the instance domain. The instance domain defines the association between the portal connection and the nodes on which the identified product runs. When the instance is added, you will see the instance name and status appear in the navigation area. 3. Optionally, you can log in as VSP administrator to configure an e-mail server and define groups of users who can share a configured instance and be subscribed to be informed of product events when they occur. For details, see the Vision Solutions Portal (VSP) User’s Guide book.
56
Accessing the License Manager Main Menu
Accessing the License Manager Main Menu To access the License Manager Main Menu, do the following: Type LAKEVIEW/LICMGR and press Enter. If you use MIMIX products, you can also do the following: From the MIMIX Main Menu, type 31 (Product management menu) and press Enter. If you use iTERA, you can also do the following: 1. From the iTERA Main Menu, type 10 (Tools Menu) and press Enter. 2. The Mirroring Tools Menu appears. Type 44 (Product Information) and press Enter. 3. The Vision Solutions Installed Products display appears. Type 9 (Display product menu) next to License Manager and press Enter.
57
Accessing the Vision Solutions Installed Products display
Accessing the Vision Solutions Installed Products display To access the Vision Solutions Installed Products display, do the following: Type LAKEVIEW/WRKPRD and press Enter. You can also do the following from within MIMIX® Availability™ products: 1. From the MIMIX Main Menu, type 31 (Product management menu) and press Enter. 2. The License Manager Main Menu appears. Type 2 Work with products) and press Enter. You can also do the following from within iTERA Availability™products: 1. From the iTERA Main Menu, type 10 (Tools Menu) and press Enter. 2. The Mirroring Tools Menu appears. Type 44 (Product Information) and press Enter.
58
Updating the installed products file
Updating the installed products file The installed products file is a file within License Manager that tracks what Vision Solutions products are installed on the system. If your Vision Solutions product libraries or License Manager are inadvertently deleted, a CustomerCare representative may direct you to perform this procedure. 1. Type the command LAKEVIEW/UPDINSPRD and press F4 (Prompt). 2. At the Library prompt, specify the name of the library you want to update or specify *ALL to update all product libraries on the system. 3. To start the update, press Enter. License Manager updates the list of products on the system and verifies that the product libraries in the installed product file exist.
59
Removing an installed product
Removing an installed product The following describes how to remove a product from a system. This process removes the product from the library and removes any associated data libraries for the product. Notes: •
If you need a batch-capable command for this function, use the Delete Product (DLTPRD) command in the LAKEVIEW library.
•
In any environment, you should delete the product from the associated library on each system.
Do the following to remove an installed product: 1. Before you remove a product, ensure that the product has been shut down. Use one of the following procedures: •
For MIMIX, use “Prepare your environment by ending MIMIX products” on page 37.
•
For iTERA, use “Prepare your environment by ending iTERA” on page 39.
•
For iOptimize, use “Prepare your environment by ending iOptimize” on page 38.
2. Verify that all users have exited from the product interfaces, including menus, commands, and displays. 3. The library that you want to delete cannot be in the library list of any active user profiles if you intend to delete the library as well. Check the locks on the product library before you attempt to remove the product. 4. From the License Manager Main Menu, select option 2 (Work with Products) and press Enter. 5. The Vision Solutions Installed Products display appears. Do one of the following: •
To remove only the product, type 4 (Uninstall) next to product’s library and press Enter. When the Confirm Uninstall of Product display appears, press Enter to remove the product.
•
To remove the product and its library, type 4 (Uninstall) next to product’s library and press F4 (Prompt). At the Delete library prompt, specify *YES and press Enter. (When deleting multiple products in a library, the last product removed deletes the library if *YES is specified.)
When the product removal successfully completes, you will see completion message ISC0005.
60
CHAPTER 5
Working with license keys
License keys control which product functions you are able to use. Before you can configure any Vision Solutions product that License Manager manages, you must enter a unique license key on each of the systems on which the product is installed. License keys can be obtained through the product’s Installation Wizard, the 5250 emulator installation process, or the Update License Keys (UPDLICKEY) command. The preferred method to use is the Vision AutoValidate™ through the product’s installation wizard, which allows you to easily and automatically obtain and apply license keys. All methods of obtaining license keys involve two basic processes. First, required system information is gathered and packaged into a License Request Package (LRP) and sent to the Vision Solutions portal (website). Second, the Vision Solutions portal generates a License Key Package (LKP), which is applied to your systems. When using Vision AutoValidate™ through the product’s Installation Wizard, these steps are automatically done for you. Note: If you are performing an upgrade to a higher version or release, you must obtain license keys during the upgrade process. This chapter includes the following topics: •
“Information about license keys and identifiers” on page 62 identifies the two character product prefix used in license keys.
•
“Obtaining license keys through a product’s installation wizard” on page 64 describes how the wizard uses Vision AutoValidate™ to obtain and apply license keys. This topic also includes instructions for how to obtain license keys manually so they can be applied while using the product’s installation wizard.
•
“Obtaining license keys using UPDLICKEY command” on page 66 describes an alternative method of obtaining and applying license keys through the 5250 emulator.
•
“Obtaining license keys when using 5250 emulator to install” on page 67 describes how to obtains keys if you are installing using the 5250 emulator and the installation process indicates that you do not have a valid license key.
•
“Displaying maintenance expiration and license key information” on page 68 describes how to see when your current maintenance agreement expires and when the product will stop working.
•
“Changing or displaying license key expiration message defaults” on page 69 describes how to view or change the number of days at which the product will begin sending warning messages that product’s license keys are about to expire.
61
Information about license keys and identifiers
Information about license keys and identifiers To enable products or particular functionality within products, a 37-character license key is required. This applies in all cases: using Vision AutoValidate™ to obtain license keys through a product’s Installation Wizard, updating license keys through the 5250 emulator installation process, or using the Update License Keys (UPDLICKEY) command. License keys begin with a product identifier followed by a set of characters and hyphens, for example: H1-nnnnnn-nnnnnn-nnnnnn-nnnnnn-nnnnnn. Hyphens are a required part of the license key when entering them. Table 9 provides a list of valid product identifiers. Table 9.
License key product identifiers
Product identifier
Name
Description
Notes
H1
MIMIX® Enterprise™
MIMIX® Enterprise™ includes MIMIX, MIMIX Monitor, and MIMIX Promoter
HT
MIMIX® Professional™
MIMIX® Professional™ includes MIMIX and MIMIX Monitor
MD
MIMIX DR
MIMIX DR
IT
iTERA
iTERA Availability™
IO
iOptimize™
iOptimize™
C1
MIMIX® Global™
Multi-management support. Requires either MIMIX® Enterprise™ or MIMIX® Professional™.
MC
MIMIX® Global™IASP Edition
Support for switchable independent auxiliary storage pool (IASP) technologies.
C3
MIMIX® Global™ SAN Edition
Support for SAN high availability technologies.
D1
MIMIX dr1
M4
MIMIX DB2 Replicator
MIMIX DB2 Replicator is one of the two components of MIMIX
1
MO
MIMIX Object Replicator
MIMIX Object Replicator is one of the two components of MIMIX
1
MM
MIMIX Monitor
MP
MIMIX Promoter
1
1. These license keys are issued only when a subset of the MIMIX® Enterprise™ or MIMIX® Professional™ product is authorized. Most users will receive MIMIX® Enterprise™ or MIMIX® Professional™ license keys.
62
Information about license keys and identifiers
Codes for MIMIX features Table 10 provides a list of valid MIMIX feature identifiers. A feature is defined as functionality within a product that requires a unique and separate license key from the product in which it is contained. Table 10.
License key feature identifiers
Feature identifier
Name
Description
MZ
MIMIX Optimization
iOptimize–MIMIX Edition
R3
MIMIX for SAP R/3
MIMIX for SAP R/3 for IBM Power™ Systems
WQ
MIMIX for MQ
MIMIX for IBM WebSphere MQ
63
Obtaining license keys through a product’s installation wizard
Obtaining license keys through a product’s installation wizard To prevent users from having to request and enter license keys manually, functionality within a product’s installation wizard automatically obtains and applies new license keys through Vision AutoValidate™. The wizard uses Vision AutoValidate to collect the required system information and package it in a License Request Package (LRP). Using a product’s installation wizard to obtain and apply license keys requires the coordination between the system, the wizard, and Support Central. As such, it is possible that your environment may prevent these tools from working properly. Common restrictions include fire wall issues or lack of an Internet connection. If Vision AutoValidate cannot complete, an error notification appears within the wizard and the process needs to be completed manually. Note: If you experience problems during this process, follow the instructions provided in “Manually obtaining and applying license keys using an installation wizard” on page 64.
Manually obtaining and applying license keys using an installation wizard You must use this procedure in the event that Vision AutoValidate cannot complete through the product installation wizard. If Vision AutoValidate cannot complete, an error dialog appears. the wizard collects the required system information and packages it in a License Request Package (LRP) on your PC. The wizard then displays the location of this LRP that you need to upload to the Vision Solutions Portal. Do the following: 1. Make note of the LRP name displayed and transfer the file to a PC capable of communicating with the Internet. 2. On that PC, bring up the Vision Solutions portal (website) at www.visionsolutions.com/licensekeys. 3. Log in to the portal using your Support Central login information. 4. The LRP Upload page appears. At Upload License Request Packages, click Browse to navigate to the location of your LRP. 5. Select the LRP file and click Open. 6. Click Add. 7. At Generate License Keys, click Generate license keys to generate your LKP. 8. At Download License Key Package, click Download LKP to save the LKP to your PC. 9. Transfer the LKP from the PC where it was downloaded to the PC running the installation wizard.
64
Obtaining license keys through a product’s installation wizard
10. On the Product-Name Installation Wizard dialog, you are prompted for the location of the LKP you saved. The wizard will validate and apply the license keys within the LKP and continue automatically if the license keys are valid.
65
Obtaining license keys using UPDLICKEY command
Obtaining license keys using UPDLICKEY command The Update License Keys (UPDLICKEY) command provides an alternative method of obtaining and applying license keys through the 5250 emulator. Do the following: 1. On each system for which you want to obtain license keys, do the following: a. From the License Manager Main Menu, select option 1 (Update license keys) and press Enter. b. The Update License Keys (UPDLICKEY) command appears. Press Enter. c. The Update License Keys (UPDLICKEY) display appears, which describes how to obtain license keys. Make note of the LRP name displayed and transfer the file to a PC capable of communicating with the Internet. 2. On that PC, bring up the Vision Solutions portal (website) at www.visionsolutions.com/licensekeys. 3. Log in to the portal using your Support Central login information. 4. The LRP Upload page appears. At Upload License Request Packages, click Browse to navigate to the location of your LRP. 5. Select the LRP file and click Open. 6. Click Add. 7. At Generate License Keys, click Generate license keys to generate your LKP. 8. At Download License Key Package, click Download LKP to save the LKP to your PC. 9. Transfer the LKP from your PC to the system. It is recommended that you save it into the /VisionSolutions/LicenseKeys directory on your system. Make note of the full path name while saving. 10. Press F16 (Continue) on the Update License Keys wizard panel. The Apply License Keys (APYLICKEY) display appears. 11. At the LKP path and file name prompt, specify the location of the LKP file you saved in Step 9 and press Enter. The License Manager Main Menu reappears. 12. You should see message LVI0902 that indicates the change was complete. Note: If you see error message LVE100B, position the cursor on the message and press F1 (Help) to see information about the cause of the error.
66
Obtaining license keys when using 5250 emulator to install
Obtaining license keys when using 5250 emulator to install If you are performing an install using the 5250 emulator and you do not have a valid license key, the License Key Not Valid display appears. See Step 10 in “Installing products” on page 40. In this case, you will have to follow these instructions for obtaining and applying license keys. Do the following: 1. When the License Key Not Valid display appears, it describes how to obtain license keys. For each system on which the License Key Not Valid display appears during the install process, make note of the LRP name displayed and transfer the file to a PC capable of communicating with the Internet. 2. On that PC, bring up the Vision Solutions portal (website) at www.visionsolutions.com/licensekeys. 3. Log in to the portal using your Support Central login information. 4. The LRP Upload page appears. At Upload License Request Packages, click Browse to navigate to the location of your LRP. 5. Select the LRP file and click Open. 6. Click Add. 7. At Generate License Keys, click Generate license keys to generate your LKP. 8. At Download License Key Package, click Download LKP to save the LKP to your PC. 9. Transfer the LKP from your PC to the system. It is recommended that you save it into the /VisionSolutions/LicenseKeys directory on your system. Make note of the full path name while saving. 10. Press F16 (Continue) on the Update License Keys panel. The Apply License Keys (APYLICKEY) display appears. 11. At the LKP path and file name prompt, specify the location of the LKP file you saved in Step 9 and press Enter. The License Manager Main Menu reappears. 12. You should see message LVI0902 that indicates the license keys were applied successfully. Note: If you see error message LVE100B, position the cursor on the message and press F1 (Help) to see information about the cause of the error.
67
Displaying maintenance expiration and license key information
Displaying maintenance expiration and license key information The Change License Key (CHGLICKEY) display allows you to display the product expiration date and maintenance expiration date from the license key. The product expiration date provides information about when the product will stop working and the maintenance expiration date is helpful when upgrading, as upgrades are only valid if you are current on maintenance. Do the following: 1. From a command line, type LAKEVIEW/CHGLICKEY and press F4 (Prompt). 2. The Change License Key command appears. Specify the value for the product or feature you want in the Product prompt. Press Enter. 3. The Expiration date and Maintenance expiration date are displayed for the license key for the product or feature. 4. The License key prompt displays the license key that was used for this product or feature.
68
Changing or displaying license key expiration message defaults
Changing or displaying license key expiration message defaults Each Vision Solutions product is shipped with default values for notification of expiring license keys. To display or change the number of days that License Manager should begin sending warning messages about license key expiration, do the following: 1. From a command line, type LAKEVIEW/CHGLMMSG and press F4 (Prompt). 2. The Change License Manager Messaging display appears. Specify the value you want for the Product prompt and press Enter. 3. The Change License Manager Messaging display appears. The values displayed are the current settings for all libraries that contain this product. 4. To change the license key expiration message default values for all installation libraries containing the specified product, do the following: a. For the Enable message handling prompt, specify whether to send warning messages to the specified message queues when the license key is about to expire. b. For the Enable on new license key prompt, specify whether to enable message handling when the license key is updated. c. Specify the number of days before expiration to begin sending warning messages in the Days before expiration prompt. d. Specify the name and library of the primary message queue to which to send warning messages. e. Specify the name and library of the secondary message queue to which to send messages. If you do not want to have messages sent to a secondary message queue, specify *NONE and press Enter.
69
CHAPTER 6
General security considerations
The following sections describe security provided within the IBM i operating system. For MIMIX® Availability™ and the Vision Audits components within iTERA Availability™, most commands run under the MIMIXOWN user profile, which is enabled with *ALLOBJ authority. Also, it is important to pair IBM i security with the security functions you can implement within License Manager, as described in “Vision Solutions-provided security functions” on page 81. This chapter includes the following topics: •
“Security for user profiles created by installed products” on page 71 identifies the minimum security requirements for these user profiles.
•
“Security for LAKEVIEW user profile” on page 75 identifies the minimum security requirements for the LAKEVIEW user profile provided with License Manager.
•
“Additional security considerations for products” on page 76 identifies additional considerations for multi-system environments, special authority requirements for environments that use clustering support within MIMIX or MIMIX® Global™, and restrictions on user profiles.
•
“System security” on page 77 describes considerations for the QSECURITY, QALWUSRDMN, and QPWDLVL system values, as well as for authority levels of user profiles within your environment.
•
“Protecting your assets from unauthorized use” on page 79 describes additional practices that can help you protect your environment.
70
Security for user profiles created by installed products
Security for user profiles created by installed products This information describes the minimum security requirements for the MIMIXOWN, MIMIXCLU, ITERAOWNER, IOPTOWNER, and ITIDGUI user profiles provided with the products that use them. Each enterprise is unique. Your enterprise may require exceptions to the information provided here. Note: The MIMIXCLU user profile is created when the first application group which specifies *CLU for the application group type is created in a MIMIX® Availability™ installation. This user profile is not created or used in other MIMIX configurations or by other products. Table 11 shows the profiles discussed in this chapter and the associated products that require them. Table 11.
User profiles by product.
Profile
MIMIX
iTERA
iOptimize
MIMIXOWN
Y
Y
N
MIMIXCLU
Y
N
N
ITERAOWNER
N
Y
N
IOPTOWNER
N
N
Y
ITIDGUI
N
N
Y
The MIMIXOWN, MIMIXCLU, ITERAOWNER, IOPTOWNER and ITIDGUI user profiles are created with an initial menu of *SIGNOFF so that they cannot be used to sign on to the system, as well as a preset password so that it is consistent on all systems. Within MIMIX® Availability™ products, the MIMIXOWN user profile owns all objects in a MIMIX installation and has access to all the objects that make up the MIMIX. Within iTERA Availability™, the MIMIXOWN user profile owns all objects within the Vision Audits. All processes for the products run under the MIMIXOWN user profile. User interface objects, such as commands, command processing programs, display panels, menus, and help, have a public authority (*PUBLIC) of use (*USE). For products that provide additional product-level security, all product user interfaces are protected by the product-level security provided by Vision Solutions when that function is set to “On”. The MIMIXOWN, MIMIXCLU and ITERAOWNER user profiles are created by default as a security officer class (*SECOFR) user profile with all special authorities, including all object authority (*ALLOBJ). The MIMIXOWN and ITERAOWNER user profiles need this level of authority to access information needed for products to perform their operations. The MIMIXOWN system directory entry is required for DLO replication and should not be removed. Note: *ALLOBJ authority is a very useful authority but it must be used with care because it leaves your system vulnerable to misuse. “Protecting your assets
71
Security for user profiles created by installed products
from unauthorized use” on page 79 describes considerations for changing this authority. Table 12 identifies the special authorities for user profiles and the operations for which the MIMIXOWN, MIMIXCLU, and ITERAOWNER user profiles require a special authority. Table 12.
Product operations that require special authorities
Special Authority
Product operations that require special authority
*ALLOBJ
Required by replication processes to access, create, delete, and alter a variety of object types used in replication, including: • Database files (*FILE objects) to be replicated. • User profiles (*USRPRF objects). Replication of user profiles requires all the special authorities of the user profiles being replicated. Attempts to replicate user profiles will fail if replication processes do not have access to the same special authorities. Also required for: • Audits, which are controlled by a job that starts and ends with the master monitor and runs under the MIMIXOWN user profile. • Additional functionality in MIMIX® Availability™ products, as described in “MIMIX-specific security for MIMIXOWN and MIMIXCLU” on page 73.
*AUDIT
Required so that replication processes can change the object auditing level on objects to ensure that they are properly replicated.
*IOSYSCFG
Required in all product environments where TCP/IP is the transfer protocol between systems. Also required for: • Replication of communications-related object types, such as: line descriptions (*LIND), controller descriptions (*CTLD), device descriptions (*DEVD), or mode descriptions. (*MODD). • Access to cluster resource service APIs used by the MIMIXCLU user profile within MIMIX.
*JOBCTL and *SPLCTL
Required for manipulation of spooled files (*SPLF) used internally by Vision Solutions products.
*SAVSYS
Required for save and restore operations that are performed during replication. Also required for synchronizing some types of configuration information within MIMIX.
*SECADM
Required for replicating user profiles (*USRPRF), documents (*DOC), or folders (*FLR).
*SERVICE
Required for replicating user profiles (*USRPRF).
72
Security for user profiles created by installed products
MIMIX-specific security for MIMIXOWN and MIMIXCLU In addition to the general requirements for TCP/IP, replication, auditing, and internal spooled files listed in Table 12, MIMIX products have the following additional requirements for the MIMIXOWN and MIMIXCLU user profiles. Procedures and step programs for application group operations In environments configured with application groups, replication is started, stopped, and switched at the application group level using procedures that run a series of step programs. These procedures and steps run under the MIMIXOWN user profile. Model switch framework programs for switching In environments configured with data groups only, customized programs for switching the direction of replication through an implementation of MIMIX Model Switch Framework or MIMIX Switch Assistant run under the MIMIXOWN user profile. Monitors MIMIX® Availability™ products use monitors for supporting functions. These monitors may be shipped with the product or created when needed. MIMIX also supports usercreated monitors. All monitors run under the MIMIXOWN user profile which is shipped with special authority to all objects (*ALLOBJ). *ALLOBJ authority is needed so that each monitor has access to all objects that it watches, such as journals and message queues. *ALLOBJ is also needed for access to the job scheduler and to any interface exit programs, condition programs, and event programs called by the monitor. If you create a monitor, the user profile creating that monitor must have authority to the interface exit program, condition program, or event program that is defined to the monitor. Temporary journaling environments MIMIX® Enterprise™ includes functionality that creates temporary journaling environments while copying or reorganizing active files. This activity can occur as part of replication or can be initiated manually from commands. Requests to copy or reorganize active files in this manner are submitted using the default job description for the MIMIXOWN user profile.
iOptimize-specific security for IOPTOWNER and ITIDGUI The IOPTOWNER and ITIDGUI profiles are automatically created within iOptimize at installation. IOPTOWNER is *USER class and requires the following special authorities: *ALLOBJ, *AUDIT, *JOBCTL, *IOSYSCFG, *SAVSYS, *SECADM, *SERVICE, and *SPLCTL. ITIDGUI is *USER class and does not require special authorities. Ensure that the iOptimize user profile ITIDGUI is not blocked from running SQL commands (Select, Insert, Update, Delete) through JDBC. This can occur when running third party security products that use Exit Point controls.
73
Security for user profiles created by installed products
74
Security for LAKEVIEW user profile
Security for LAKEVIEW user profile This information describes the minimum security requirements for the LAKEVIEW user profile provided with License Manager, which is installed with the MIMIX, iTERA, and iOptimize products. Each enterprise is unique. Your enterprise may require exceptions to the information provided here. The LAKEVIEW user profile is created with an initial menu of *SIGNOFF so that it cannot be used to sign on to the system. The LAKEVIEW user profile owns all of the objects in the LAKEVIEW and MIMIXQGPL libraries and has access to all the objects that make up the License Manager product. User interface objects, such as commands, command processing programs, display panels, menus, and help, have a public authority (*PUBLIC) of use (*USE). All product user interfaces are protected by Vision Solutions product-level security when that function is set to “On”. The LAKEVIEW user profile is created by default as a programmer class (*PGMR) user profile with selected special authorities, including all object authority (*ALLOBJ). Unless the user profile running the install has *ALLOBJ authority, the LAKEVIEW user profile needs this level of authority to access information needed for install operations. Notes: •
*ALLOBJ authority is a very useful authority but it must be used with care because it leaves your system vulnerable to misuse. “Protecting your assets from unauthorized use” on page 79 describes considerations for changing this authority.
•
The following table identifies the special authorities and the operations for which the LAKEVIEW user profile requires a special authority:
Table 13.
License Manager operations that require special authorities
Special Authority
License Manager operations that require special authority
*ALLOBJ
In License Manager this authority is needed to access all stream files required for installing updates to Lakeview products and the objects within the product libraries.
*SAVSYS
Required for save and restore operations during installation of updates.
75
Additional security considerations for products
Additional security considerations for products If applicable, you should also address the security measures described in the following topics.
User profile restrictions Vision Solutions products cannot call any user exit program that is owned by one of the following user profiles. Because of this, you should ensure that your user exit programs are not owned by any of the following user profiles: Table 14.
User profiles restricted from owning user exit programs
User profile that is disabled
QFNC
QSNADS
User profile with an expired password
QGATE
QSNX
QAUTPROF
QLPAUTO
QSPL
QCOLSRV
QLPINSTALL
QSPLJOB
QDBSHR
QMSF
QSYS
QDBSHRDO
QNETSPLF
QTCP
QDFTOWN
QNFSANON
QTFTP
QDIRSRV
QRJE
QTSTRQS
QDOC
QSECOFR
MIMIX-specific system security considerations When application groups are configured for clustering, the user profile used to run CRG exit programs must exist on all nodes in the recovery domain for the CRG and must have *IOSYSCFG special authority.
76
System security
System security You need to be aware of the following security considerations for the IBM System i systems on which Vision Solutions products are installed:
System security level You need to consider the security level as defined by the QSECURITY (system security level) system value on each system. Vision Solutions strongly recommends that QSECURITY be set to 30 or higher. For either product family to function on a system with the security level set at 30 or above, the QALWUSRDMN (allow user domain objects in libraries) system value must be set to *ALL or have the product library and any data library names added to the list of libraries for the system value. The installation process will add the product library and data library names to the system QALWUSRDMN value if it is not set to *ALL.
User profile password system values IBM i supports multiple system values that affect passwords for user profiles on a system. These system values, which begin with the characters QPWD, ideally must be set to the same values on each system. Some products, such as iTERA, require they be set to the same values. Other products may strongly recommend the values be the same. If the values are more restrictive on the target system than on the source system, replication failures can occur for user profiles with replicated passwords. Installation processes for Vision Solutions software do not automatically set these system values. The QPWDLVL (password level) system value determines the level of password support on a system and requires an IPL to become effective. Changing the password level on the system requires careful consideration. If a system is configured for longer passwords and it communicates with other systems, then all the systems must be configured for longer passwords. Before you change this system value, you should be familiar with the information in “Planning Password Level Changes” in the Security section of the IBM i and System i Information Center at http://publib.boulder.ibm.com/iseries/ Changes to other QPWD* system values take effect immediately.
User profile authorities Regardless of whether you choose to replicate user profile objects, existing user profiles should have the same level of authority on each system to ensure consistency in their ability to access other objects. This will ensure that user access remains the same when the roles of the production and backup system are switched. Some products from Vision Solutions include two commands (RUNCMD and RUNCMDS) that enable the product or users to run commands on a remote system. When these commands are run internally by MIMIX® Availability™ or Vision Audits, they are run under the MIMIXOWN user profile. For these commands to function
77
System security
when invoked by a user, the same user profile must exist on the local system and the remote system and its password must be the same on both systems.
78
Protecting your assets from unauthorized use
Protecting your assets from unauthorized use By taking some additional actions, you can protect your replication environments from access by unauthorized users. Use available security provided with Vision products: If the Vision Solutions product you are installing supports product-level security, use it. Product-level security can be turned on immediately after installing software by using commands shipped in License Manager. Note: Product-level security is available for License Manager and MIMIX® Availability™. When product-level security is turned on, user profiles must be authorized to a product before they can access its functions. You can control public authority access as well as access for individual or group user profiles. Then, only users that have security access to the product can use its functions. You can also further limit access to areas within the product, such as commands and displays. For example, if you do not use product-level security, an unauthorized user could create a journal monitor within MIMIX. The user could then receive partial information about journal transactions from a journal to which the user is not authorized. Without product-level security, an unauthorized user could also use License Manager to delete an installation of a Vision Solutions product. For detailed information and examples, see “Vision Solutions-provided security functions” on page 81. Modify authority to user profiles provided by Vision: If your business environment requires, you can limit the special authorities given to user profiles associated with Vision Solutions products. Be aware that you may also need to change object authority to other objects to ensure that the Vision Solutions products have the necessary access to operate as expected. Removing *ALLOBJ authority from the LAKEVIEW user profile will degrade performance for all install-related processes because of the overhead of additional operating system authority look-ups. Removing *ALLOBJ authority may also cause product upgrades to fail if the LAKEVIEW user profile lacks the authority necessary to use the objects needed for updates or product installation objects. Removing *ALLOBJ authority from the MIMIXOWN user profile will degrade performance for all MIMIX processes because of the overhead of additional operating system authority look-ups. Removing *ALLOBJ authority may also cause files to go on hold and may cause failed requests if the MIMIXOWN user profile lacks the authority necessary to operate on the defined files and objects. If you have an extreme business need to remove *ALLOBJ authority, you have these options: •
For the LAKEVIEW user profile, explicitly grant authorization to the LAKEVIEW user profile for every stream file for software updates and all objects in each product installation library.
•
For the MIMIXOWN user profile, add the QSECOFR user profile as the primary group profile. Because of the *ALLOBJ authority inherited from the QSECOFR
79
Protecting your assets from unauthorized use
user profile, this allows the MIMIXOWN user profile to access any objects for which it is not explicitly excluded. •
For the MIMIXOWN user profile, explicitly authorize every file and object used by the replication process on the source system and on the target system. For user journal-based replication, this includes every file, data area, data queue, or IFS object on the source system from which transactions will be replicated, every file on the target system that will receive replicated transactions, and any libraries to which the object replication process replicates a file and defines these objects for cooperative processing. For system journal-based replication, this includes every object on the source system that will be replicated, every library, folder, and directory (*LIB, *FLR, *DIR) on the target system that will receive replicated objects, and any library to which files are defined for cooperative processing.
If you change the authority level of the MIMIXOWN user profile, you must also explicitly authorize MIMIXOWN to the following: •
All objects of any type that are being replicated by MIMIX or being audited by Vision Audits within iTERA.
•
All objects of any type within an installation library which contains data groups that are enabled or disabled within iTERA when a roll swap occurs.
•
Any customized step programs and user created procedures for application group operations within MIMIX.
•
Access to files and temporary journaling environments used when copying or reorganizing active files within MIMIX.
•
All of the following items associated with switching the direction of replication for a data group-only MIMIX environment, using a model switch framework implementation or the MIMIX Switch Assistant: – Any customized user programs for the switch framework. – Any MIMIX libraries to be switched. – Any communications configuration to be switched. – Change authority (*CHANGE) to the output queues of user profiles submitting switching commands so that MIMIX can write to spooled files.
•
Any objects used by monitors which MIMIX uses for supporting functions. This includes the job scheduler, all objects that each monitor watches (such as journals and message queues), and to any interface exit programs, condition programs, and event programs called by each monitor.
80
Vision Solutions-provided security functions
CHAPTER 7
You can take advantage of security functions provided by Vision Solutions to protect your Vision products and License Manager. These functions provide an additional level of security beyond that available with the IBM i. Note: The Vision Solutions-provided security functions described in this chapter are available for License Manager and MIMIX® Availability™. All MIMIX products use product authority as set through License Manager. You must take explicit action to set product authority to “On” for each product. It is recommended that you take advantage of this additional security. Any authorization levels that you set for specific user profiles to control access to a product or MIMIX command are not enabled when product authority for the product is turned “Off”. “Product authority” on page 83 provides an overview of product authority. Once product authority is in place, additional security measures must be addressed, including security for common functions, system security levels, password considerations, user profiles, and product-level security. This chapter includes the following topics: •
“About the provided security functions” on page 83 describes the authority levels of installed software and describes the additional product authority and command authority functions available through License Manager. This topic also includes tips for securing functions that are common to multiple MIMIX products as well as the Run commands (RUNCMD and RUNCMDS).
•
“Authority level descriptions” on page 85 identifies the authority level which correspond to a security class that is assigned to product commands and functions.
•
“Changing product-level security” on page 86 describes how to change productlevel security to enforce the additional security available in the product authority and command authority functions. When enabled, an administrator can limit access to License Manager and MIMIX products and can change the authority level of MIMIX commands.
•
“Displaying authorities for authorized user profiles” on page 87 describes how to display a list of the user profiles that have been authorized to specific authority levels.
•
“Changing product authority” on page 88 describes how to grant and revoke authority to a product for a user or a group of users.
•
“Displaying the authority level of commands for Vision products” on page 91 describes how to display the authority level that is needed to run a MIMIX command when product authority is active.
•
“Changing command authority” on page 92 describes considerations for and how to change the authority level of a MIMIX command while product-level security is
81
in use. •
“Displaying commands known to License Manager” on page 94 describes how to complete list of all commands known by License Manager, along with the product with which they are associated.
•
“Authority levels for commands” on page 95 lists the commands and menu interfaces within MIMIX products that can be controlled with security functions provided by Vision Solutions. This includes the products in which the commands are available and the minimum authority level needed when you use the provided product authority or command authority functions.
82
About the provided security functions
About the provided security functions MIMIX products can take advantage of additional security functions for product authority and command authority. These functions are set through License Manager. MIMIX performs the following functions, automatically, during product installation: •
The user profile that is performing the installation is granted administrator (*ADM) authority.
•
Users in the public access class (*PUBLIC) are granted display (*DSP) authority.
•
Special user profiles for the product, such as the MIMIXOWN user profile, are granted management (*MGT) authority.
After installation completes, you can use License Manager to make product and command authority changes. Your changes are not effective until product-level security is enabled through the Change Product Level Security (CHGPRDSEC) command. When enabled, product-level security enforces product and command authority. Note: These security functions are available through License Manager and are accessible only through 5250 emulator interfaces on the system.
Product authority Product authority is a provided security function that allows an administrator to set or change the product authority level needed for a user profile or for public access to a specific MIMIX product. These authority levels are in addition to the standard IBM i security levels. Note: The QSECOFR user profile is not affected by the product authority function unless it is explicitly listed as a user within product authority. When product-level security is enabled, you can use the product authority function to do the following: •
Establish an authority level to access a product for the public access class (*PUBLIC). User profiles which are not explicitly assigned an authority level use this authority level when accessing the product.
•
Control access to the functions that a user profile can access within a product by assigning one of several authority levels to that user profile. Explicitly authorizing a user profile to an authority level limits access to functions requiring authority up to and including that level.
•
Exclude a user profile from accessing a product.
•
Authorize user profiles to different security levels for different products in the same library. For example, a user may have one authority level for MIMIX® Enterprise™ and another authority level for MIMIX Global.
Command authority Command authority is a provided security function that enables you to change the authority level of specific MIMIX commands. When product-level security is enabled,
83
About the provided security functions
you can use the command authority function to raise or lower the authority level for a command or to reset it to the shipped authority values. When you change the authority level of a command, it is changed for all products that use the command in all installations on the system.
Security for common functions MIMIX products can share common functions. Common functions make it easier for products in the same library to interact with each other. Common functions also require more careful consideration of your security needs when you use the supplied security functions for product authority and command authority. Common functions may give users access to functions within another product at a higher authority level than you intended. For example, you have a product library in which you have installed MIMIX® Enterprise™ and MIMIX Global and you have valid license keys for both products. You set the public authority for MIMIX® Enterprise™ to *DSP. You also turned on productlevel security for MIMIX Global and gave user profile OPER1 *MGT authority to MIMIX Global. Both products use a common function, for purposes of this example call it ABC function, which requires *OPR authority to run. User profile OPER1 can access function ABC in MIMIX® Enterprise™ because the function is common and OPER1 has *MGT authority to MIMIX Global in the same library which also uses function ABC. You need to carefully consider the authorization level you specify for public use of each product and consider setting all products within a library to the same authorization level. You should also determine which user profiles require access at specific authority levels. For more information about the minimum security level of the commands and interfaces in each product, see “Authority levels for commands” on page 95.
84
Authority level descriptions
Authority level descriptions Each authority level corresponds to a security class that is assigned to the commands and functions in a product. The following figure shows how each authority level includes the capabilities of the associated security class and all lower security classes. Table 15.
Authority level descriptions
Authority Level
Security Classes Included DSP
OPR
MGT
ADM X
*ADM
Administrator rights are required to create, change, or delete security classes for users.
X
X
X
*MGT
Management rights are required to create or change the configuration of the product.
X
X
X
*OPR
Operational rights are required to control operation of the product, such as starting or stopping readers and reissuing failed requests.
X
X
*DSP
Display rights are required to use menus and DSPxxx functions.
X
*EXCL
The user profile is excluded from using the product.
-
-
-
-
85
Changing product-level security
Changing product-level security Product-level security is a License Manager function that enforces additional product authority and command authority functions that may be available within an installed Vision Solutions product. When product-level security is turned on, an administrator can: •
Limit access to License Manager and any installed Vision product which supports additional authority functions by using the product authority function
•
Change the authority level of License Manager and product commands by using the command authority function.
For these authority levels are available for License Manager and MIMIX products. Product-level security must be turned on before any changes to product or command authority will take effect. Notes: •
The user profile you use to perform this procedure must have *ADM authority to License Manager.
•
Users running functions are not affected by a change until the next time they access a function that is protected by product authority.
To change product-level security for one or more product libraries, do the following: 1.From the License Manager Main Menu, select option 2 (Work with Products) and press Enter. 2. The Vision Solutions Installed Products display appears. Type 30 next to the product libraries that you want and press Enter. 3. On the Change Product Level Security display, specify the value you want for product authority at the State prompt, then press Enter. Note: If you selected multiple product libraries in the previous step, you will see the Change Product Level Security display for each of the libraries you selected. For information about displaying authorized user profiles for a product library, see “Displaying authorities for authorized user profiles” on page 87. For information about granting, revoking, or changing an authority level for a user profile, see “Changing product authority” on page 88.
86
Displaying authorities for authorized user profiles
Displaying authorities for authorized user profiles For each product library, you can display a list that shows the user profiles that have been authorized to specific authority levels. Note: If the security officer profile (QSECOFR) is not explicitly granted a product level security setting, it will have all authority. To display product authority for one or more product libraries, do the following: 1. From the License Manager Main Menu, select option 2 (Work with Products) and press Enter. 2. The Vision Solutions Installed Products display appears. Type a 5 (Display Product Authority) next to the product libraries that you want and press Enter twice. 3. The Display Product Authority display appears with a list of the user profiles that have been granted access to this product library. An “X” appears in the column for which the user profile has been authorized. The entry for *PUBLIC indicates the authority of all user profiles that are not explicitly listed.
87
Changing product authority
Changing product authority You can control access to License Manager and the Vision Solutions products that provide additional security functions through the use of authority levels. The installation process sets an authority level of *ADM for the installing user profile and sets an authority level of *DSP for *PUBLIC. User profiles that do not have an explicitly specified authority level will have the access authority as *PUBLIC. The procedures in this information enable you to set a different authority level for all explicitly listed user profiles and enable you to control access to function for specific user profiles by assigning an authority level.
Using group profile support The following License Manager commands support using group profiles for product authority: •
Grant Product Authority (GRTPRDAUT)
•
Revoke Product Authority (RVKPRDAUT)
Group profiles are frequently used as security and customization tools. This makes it easier to set up and control access to Vision products using License Manager’s product authority function. For example, you can use a group profile to authorize operators to a MIMIX product at the *OPR authority level. Note: To protect access to your MIMIX products and use the group profile support, product authority must be turned on for the products. When product authority is on and a user profile attempts to access a MIMIX function, License Manager checks for an entry in product authority. When a security entry exists for the user profile, access to the requested function is granted or denied based on the authorization set in the security entry. If the user profile is not specifically authorized through a security entry, License Manager checks the group profiles identified in the user profile and checks the *PUBLIC authority level. Access to the requested function is granted or denied based on the highest level identified in the group profiles and *PUBLIC authority.
Group profile examples The following examples illustrate how the group profile support works with product authority. The authorization levels to MIMIX products are, in descending order, as follows: 1. *ADM (administrator) 2. *MGT (management) 3. *OPR (operator) 4. *DSP (display) 5. *EXCL (exclude) These examples use the following assumptions: •
*PUBLIC access has been granted *DSP authority to a MIMIX product
88
Changing product authority
•
Group profile GRPA has *ADM authority to the same product
•
Group profile GRPM has *MGT authority to the same product
•
Group profile GRPO has *OPR authority to the same product
Case 1: Default authority User profile USERA has no associated group profiles and does not have a specific security entry for the MIMIX product. USERA is granted *DSP authority to the product because that is the *PUBLIC authority level. Case 2: Specific user authority User profile USERB has no associated group profiles but there is a specific security entry for the product specifying authority level *EXCL for USERB. USERB is granted *EXCL authority (in this case, denied access to the product). Case 3: User in multiple groups (1) User profile USERC has no specific security entry, but is a member of both group profiles GRPA and GRPO. Because the highest authorization level for GRPA, GRPO, and *PUBLIC is the *ADM authority associated with group profile GRPA, USERC is granted *ADM authority to the MIMIX product. Case 4: User in multiple groups (2) User profile USERD has no specific security entry, but is a member of both group profiles GRPM and GRPR. Group profile GRPR does not have a specific security entry. Because the highest authorization level for GRPM and *PUBLIC is the *MGT authority associated with group profile GRPM, USERD is granted *MGT authority to the MIMIX product. Case 5: User in multiple groups (3) User profile USERE has no specific security entry, but is a member of both group profiles GRPQ and GRPR. Because neither of these group profiles has a specific security entry, USERE is granted *DSP authority (the *PUBLIC authority level) to the product. Case 6: Attempting to exclude a group of users User profile USERF has no specific security entry but is a member of group profile BADDY. There is a security entry for group profile BADDY which is set to *EXCL authority to the MIMIX product. Because the highest authorization level for BADDY and *PUBLIC is *DSP, USERF is granted *DSP authority to the MIMIX product. Users must be specifically excluded from using a MIMIX product.
Granting a user authority to a product For your change to be effective, product-level security must be enabled. Note: To change the authority level for a user profile that already has been granted product authority, you must first revoke authority at the existing level. Then grant authority for the user profile at the desired level. To give a user profile authority to a product library, do the following: 1. From the License Manager Main Menu, select option 2 (Work with Products) and press Enter. 2. The Vision Solutions Installed Products display appears. Type a 31 (Grant Product Authority) next to the product library you want and press Enter. 3. The Grant Product Authority display appears. Do the following:
89
Changing product authority
a. At the User profile prompt, specify the name of the user profile for which you are granting authority. To set a default value for all user profiles, specify *PUBLIC. b. At the Authority Level prompt, specify the highest authority level that you want the user profile to access. Table 16 describes the valid values. Table 16.
Description of authority levels
*ADM
Authorization rights. Authorizes the user profile to function that can create, change, or delete security classes for users. This authorization level also has *MGT, *OPR, and *DSP rights.
*MGT
Management rights. Authorizes the user profile to function that creates or changes the configuration of the product. This authorization level also has *OPR and *DSP rights.
*OPR
Operational rights. Authorizes the user profile to function that controls the operation of the product, such as starting or stopping readers and reissuing failed requests. This authorization level also has *DSP rights.
*DSP
Display rights. Authorizes the user profile to use menus and other display functions.
*EXCL
Exclude. This authorization level prevents the user profile from accessing the product.
c. At the Minimum Lic. Mgr. auth. level prompt, specify the minimum authority level for the License Manager that the specified user profile should have. d. Press Enter, to grant authority to the user profile.
Revoking product authority for a user For your change to be effective, product-level security must be enabled. Do the following to revoke authority to a product for a specified user profile: 1.
From the License Manager Main Menu, select option 2 (Work with Products) and press Enter.
2. The Vision Solutions Installed Products display appears. Type a 32 (Revoke Product Authority) next to the product library you want and press Enter. 3. The Revoke Product Authority display appears. Do the following: a. At the User profile prompt, specify the name of the user profile for which you are revoking authority. b. At the Authority level prompt, specify the authority level that you want to revoke. c. Press Enter to revoke the authority level for the user profile.
90
Displaying the authority level of commands for Vision products
Displaying the authority level of commands for Vision products The Display Command Authority (DSPCMDAUT) command allows you to display the authority level that is needed to run a Vision-supplied command when product authority is active. You can display the authority level of a single command for a Vision product or for all commands for the product’s authority table. Note: When product authority is active, you must have *DSP authority to License Manager to run this command. To display the authority level for product commands, do the following: 1. From the command line, type DSPCMDAUT and press F4 (Prompt). 2. The Display Command Authority (DSPCMDAUT) display appears. At the Command prompt, specify the name of the MIMIX command for which you want to display the authority level. •
If you specify a generic name, you must include the first three characters.
•
The value *ALL displays all the commands in the product’s authority table. If you specify *ALL, only the value *PRINT is valid for the Output prompt.
3. At the Detail prompt, specify the level of detail you want to include in the displayed or spooled output. •
The value *CHANGED displays only the commands whose authority levels have been changed since they were shipped with the product.
•
The value *ALL displays all commands in the product’s authority table.
4. To create a spooled file that can be printed, specify *PRINT at the Output prompt. 5. To display the authority level, press Enter.
91
Changing command authority
Changing command authority There may be times when it is necessary to change the authority level of a Visionsupplied command while product-level security is in use. For example, you may want to change the SWTDG command within MIMIX, which requires *OPR authority, to require *MGT authority instead. Command authority support enables you to change authorization to specific commands. Any changes that are made to authority for a command are effective when product-level security is activated for each product in which the command can be used. Command authority changes are retained when upgrades are performed on the system. The Change Command Authority (CHGCMDAUT) command allows you to modify the authority level of a Vision-supplied command when product-level security is in use. When product authority is active, you must have *ADM authority to License Manager to run this command. The authority levels for CHGCMDAUT, GRTPRDAUT, RVKPRDAUT, and CHGLICKEY cannot be changed. Note: Changes are effective for the products in all installation libraries on the system in which the command can be used. For example, you may have two installation libraries, where one contains MIMIX® Professional™, and the other contains MIMIX® Enterprise™ and MIMIX® Global™. If you change the Create System Definition authority from *MGT to a different value, this change is effective for all products in both installations and is enforced for the products which have enabled product-level security. Care must be used when changing command authority for commands that are used by multiple products and for commands that are called internally within multiple products. (RUNCMD and RUNCMDS are examples of commands available in multiple products that can be run by users as well as can be invoked by functions within products.) For example, you have a system with MIMIX products installed in three different libraries. Library A contains MIMIX licensed for MIMIX® Enterprise™. Library B contains MIMIX licensed for MIMIX® Enterprise™ and MIMIX Global. You have enabled product-level security for the products in libraries A and B. You have set up two group user profiles with product authority to control access to MIMIX functions in libraries A and B. One group has *OPR access and the other group has *MGT access. The members of the *OPR group are the same in both libraries, as are the members of the *MGT group. Library C contains MIMIX® Professional™ and you have not enabled product-level security for it. You have decided to use command authority to restrict authorization to the Start Lakeview TCP Server (STRSVR) and End Lakeview TCP Server (ENDSVR) commands to users with *MGT or higher authority. Because the command authority change is effective for every MIMIX product on the system but is only enforced for products that have enabled product-level security, the result of this decision will be: •
All users can use the STRSVR and ENDSVR commands from library C (MIMIX® Professional™) because command authority is not enforced when product-level security is disabled.
•
Members of the group profile with *OPR authority in libraries A and B cannot use the STRSVR and ENDSVR commands because the command authority changed
92
Changing command authority
to a level higher than that to which their group is authorized. •
Members of the group profile with *MGT authority can run the STRSVR and ENDSVR commands in libraries A and B because their group has the appropriate authority.
•
If product-level security is enabled for MIMIX® Professional™ in library C, only members of the group profile with *MGT authority can run the STRSVR and ENDSVR commands in library C.
Changing the authority level for Vision-supplied commands The shipped authority level of each command is identified in “Authority levels for commands” on page 95. Do the following to change the authority for a Vision-supplied command in a product that supports additional security functions: 1. From the command line, type LAKEVIEW/CHGCMDAUT and press F4 (Prompt). 2. The Change Command Authority (CHGCMDAUT) display appears. At the Command prompt, specify the name of the command for which you want to change the authority level. •
If you specify a generic name, you must include the first three characters.
•
The value *ALL resets all commands for the product to their original security setting. If you specify *ALL, you must specify *DFT for the Authority prompt. In this case, only the value *PRINT is valid for the Output prompt.
3. At the Authority prompt, specify the minimum authority level needed to use the command. Use F1 (Help) in this field to see descriptions of the possible values. 4. To create a spooled file that can be printed, specify *PRINT at the Output prompt. 5. To change the authority level, press Enter.
93
Displaying commands known to License Manager
Displaying commands known to License Manager You can use the Display Command Authority (DSPCMDAUT) command to display the complete list of all commands known by License Manager, along with the product with which they are associated. This list can be helpful when working with product-level security. Do the following: 1. From the command line, type LAKEVIEW/DSPCMDAUT press F4 (Prompt): 2.
The Display Command Authority command appears. At the Command prompt, select *ALL.
3. At the Detail prompt, select *ALL. 4. At the Output prompt, select *PRINT. This value is required when *ALL is specified for the Command prompt. 5. Press Enter. A successful message is issued. 6. To view the resulting list of commands, type the following on a command line and press Enter: WRKSPLF 7. The Work with All Spooled Files display appears. Next to the LMDSPCMDL file, type 5 (Display) and press Enter. 8. The Display Spooled File display appears, showing the current list of all commands known to License Manager.
94
Authority levels for commands
Authority levels for commands Table 17 shows the commands and menu interfaces within License Manager that can be controlled with security functions provided by Vision Solutions. The right side of the table shows the minimum authority level needed for the command when you use the provided product authority or command authority. Before using this information, you should note that: •
Product-level security must be enabled to enforce your choices for product authority and command authority.
•
The product authority function does not apply to the security officer user profile (QSECOFR). As long as valid license keys exist, the QSECOFR user profile can perform all functions. This allows the security officer to access a product when all other user profiles are excluded from access.
•
Commands that are not listed are not protected by product authority and cannot be modified with command authority.
•
All users with *ADM authority to a product in a library have access to the grant and revoke authority commands (GRTPRDAUT and RVKPRDAUT) for that instance of the product. These users have the ability to grant and revoke authority to that product even though they do not have *MGT authority to License Manager.
Authority levels for commands in MIMIX® Availability™ are identified in the MIMIX Administrator Reference book. Table 17.
License Manager commands and menu interfaces, showing their shipped minimum authority level settings when the provided security functions are used.
License Manager Commands and Menu Interfaces ABOUT ADDDIRVSIP APYLICKEY CFGLKVSPT CHGCMDAUT CHGLICKEY CHGLMMSG CHGMMXAMa CHGPRDLIB CHGPRDSEC CPYTOECS CRTMMXAM a CVTLKVSTMF DLTLKVSPT DLTMMXAM a DLTPRD DSPCMDAUT DSPPRDAUT DSPSYSINF ENDLKVSPT
Minimum Authority Level *ADM *MGT *OPR
*DSP X
X X X X X X X X X X X X X X X X X X X
95
Authority levels for commands
Table 17.
License Manager commands and menu interfaces, showing their shipped minimum authority level settings when the provided security functions are used.
License Manager Commands and Menu Interfaces ENDMMXAM a FORMBR FOROBJ GRTPRDAUT INSMMX INSPRD LICMGR LODLKVFIX PRDMGT RMVDIRVSIP RTVMMXAM a RVKPRDAUT SAVCFGDTA STRLKVSPT STRMMXAM a UPDINSPRD UPDLICKEY WRKPRDb a.
b.
Minimum Authority Level *ADM *MGT *OPR X X X X X X
*DSP
X X X X X X X X X X X X
MIMIX Availability Manager commands are included for backward compatibility only. MIMIX Availability Manager can only be started on systems that were at version 6 service pack 6.0.11.00 or higher before version 7.0 of License Manager was installed. If you change authority to the WRKPRD command using the Change Command Authority (CHGCMDAUT) command, you need to specify WRKPRD2 as the value of the Command (CMD) parameter.
96
CHAPTER 8
Remote system support
This section describes how to use the electronic access to remote support functions provided within License Manager. These capabilities, known as the Lakeview Technology Support function, use remote system support to assist you with problem determination for License Manager and Vision Solution products. Vision Solutions CustomerCare representatives can access your system over a switched point-to-point connection using Systems Network Architecture Distribution Services (SNADS). You can send and receive information between your system and the Vision Solutions support system. Note: Vision Solutions CustomerCare representatives may have better alternatives. Use this function only if directed to by CustomerCare. This chapter includes the following topics: •
“Accessing Lakeview Technology support functions” on page 98 describes how to configure and start the remote support connection.
•“Disconnecting from Lakeview Technology support” on page 100 describes how to end the remote support connection and delete configuration objects used by remote system support.
97
Accessing Lakeview Technology support functions
Accessing Lakeview Technology support functions Use Lakeview Technology support when you are asked to do so by your Vision Solutions product provider or by a Vision Solutions CustomerCare representative. To use remote system support, you must configure the connection and start the support. Typically, you will use the ECS line and modem already installed on your system.
Configuring the Lakeview Technology support connection Do the following to configure the connection for remote system support: 1. From the License Manager Main Menu, select option 21 (Configure Lakeview support) and press Enter. 2. The Configure Lakeview Support display appears. Your Lakeview Technology Support representative can assist you in providing the following information: a. At the Local connection ID prompt, specify the value to use to connect to the CustomerCare system. b. At the Resource name prompt, specify the hardware resource name to which the modem you plan to use is connected. You can find this name in the line description for the QESLINE. c. At the Station address prompt, specify the station address to use for the connection. d. At the Connection number prompt, specify the telephone number to dial to connect to the CustomerCare system. Typically CustomerCare will initiate the connection and this line is left blank. e. Press F10 (Additional parameters). f. At the Initial connection prompt, indicate which system initiates the connection. Specify *DIAL to initiate the connection. Specify *ANS to have the CustomerCare system initiate the connection. g. At the Force create prompt, indicate whether to force creation of configuration objects needed to establish the connection. 3. When you complete your selections, press Enter to configure the connection.
Starting Lakeview Technology support Do the following to start Lakeview Technology Support: 1. From the License Manager Main Menu, select option 22 (Start Lakeview support) and press Enter. Note: If you have not configured Lakeview Support, you will be prompted to provide the configuration information. 2. You can now send or receive network distributions from the CustomerCare system using Systems Network Architecture Distribution Services (SNADS). Network distributions that you send to the CustomerCare system should be sent
98
Accessing Lakeview Technology support functions
to User ID LKVECS at Address LAKEVIEW. Network distributions sent to your system from CustomerCare are sent to User ID LKVECS.
99
Disconnecting from Lakeview Technology support
Disconnecting from Lakeview Technology support Disconnecting from Lakeview Technology support consists of ending the connection and deleting the configuration objects used by the connection.
Ending the Lakeview Technology support connection Ending the connection to Lakeview Technology support varies off the communications line, controller, and device configuration objects used by remote system support. Do the following to end the connection: 1. From the License Manager Main Menu, select option 23 (End Lakeview support) and press Enter. 2. On the End Lakeview Support display, specify a value for the Forced end of active sessions prompt and press Enter. The value *NO does not force the ending of all sessions that may be active on the Lakeview Technology Support configuration objects.
Deleting Lakeview Technology support objects Delete the configuration objects used by remote system support when you no longer need the connection to the Lakeview Technology Support system. Do the following to delete the configuration objects: •
From the License Manager Main Menu, select option 24 (Delete Lakeview support) and press Enter.
If you want to start Lakeview Technology support again, you will have to reconfigure the connection.
100
Index A authority command, changing 92 command, displaying 91 levels 85 user profile 77 user profile, displaying 87 authority, product changing user profile access 88 authority, public (*PUBLIC) 71, 75 authority, special *ALLOBJ (all object) 72, 75 *AUDIT (audit) 72 *IOSYSCFG (system configuration) 72, 76 *JOBCTL (job control) 72 *SAVSYS (save system) 72, 75 *SECADM (security administrator) 72 *SERVICE (service) 72 *SPLCTL (spool control) 72 of MIMIXCLU user profile 71 of MIMIXOWN user profile 71 AutoValidate alternatives for, license keys 66 overview 64 requirements 64
B best practice library lists 26
C checklist fix installs 35 new product installs 31 upgrading products 33 command authority additional security techniques 83 changing 92 displaying 91 group profile support 88 commands changing shipped default values 24 displaying 94 library-qualifying 29 commands, by mnemonic CHGLICKEY 68 CHGLMMSG 69 CHGPRDSEC 86 CHKIBMPTF 20
DSPCMDAUT 94 DSPPRDAUT 87 GRTPRDAUT 88 INSLKVPRD 41 INSMMX 22 INSPRD 21, 43 LICMGR 57 RUNCMD 77 RUNCMDS 77 RVKPRDAUT 88, 90 UPDINSPRD 59 UPDLICKEY 66 WRKPRD 58 commands, by name Change License Key 68 Change License Manager Messaging 69 Change Product Level Security 86 Check IBM PTF 20 Display Command Authority 94 Display Product Authority 87 Grant Product Authority 88 Install Lakeview Product 41 Install MIMIX 22 Install Vision Product 21, 43 License Manager Main Menu 57 Revoke Product Authority 88, 90 Run Command 77 Run Commands 77 Update Installed Products File 59 Update License Keys 66 Work with Installed Products 58 contacting Vision Solutions 10 conventions, product naming 15 cumulative fix 16 CustomerCare 10
D default command values 24 displays License Key Failure 41 License Key Not Valid 67 New Install without License Keys 41 documents, iOptimize 8 documents, iTERA Availability 7 documents, MIMIX 6
E ECS (Electronic Customer Support) 98 ending products
101
ending MIMIX 37 fixes 45 starting iOptimize 49 starting iTERA 52 starting MIMIX 47 Vision Solutions Portal 53
iOptimize 38 iTERA 39 MIMIX 37 example, authority for group profiles 88
F feature identifiers, license key 63 fixes 15
G glossary, product terminology 15 group profiles authority support for 88 examples 88
I IBM PTFs, checking systems for 20 INSPRD command obtaining 43 requirements 21 INSPRD tool restrictions for INSTLIB prompt 43 Installation Wizard, product AutoValidate error 64 AutoValidate license key requirements 64 manually obtain license keys 64 recommended for install 30 installed fixes, identifying 28 Installed Products display, Vision Solutions 58 installed products file, updating 59 installing checklist for fixes 35 checklist for new product install 31 checklist for upgrade 33 choosing a method 30 default library names 14 history, product install 28 identifying fixes 28 INSPRD command required for new installs 21 recommended product Installation Wizard 13 required software 17 secondary procedures 13 Vision Solutions Portal from a STMF 54 Vision Solutions Portal from wizard 53 installing, procedures for common steps 40 ending iOptimize 38 ending iTERA 39
L LAKEVIEW library 24, 26 user profile 75 user profile security 79 libraries default names of product installation 14 objects in installation libraries 24 library list adding libraries 29 best practice 26 considerations when installing 24 LAKEVIEW library 24, 26 MIMIXQGPL library 26 system portion, setting up 26 user portion, setting up 27 library-qualifying commands 29 license agreement 41 license keys AutoValidate, requirements for 64 AutoValidate, using 64 displaying expiration dates 68 error message 64, 67 expiration message 69 feature identifiers 63 License Key Failure display 41 methods of obtaining 61 naming conventions for 62 product identifiers 62 UPDLICKEY command, using 66 license keys, obtaining during software install command-based install (5250 emulator) 67 Installation Wizard using AutoValidate 64 Installation Wizard using manual process 64 License Manager accessing 57 main menu, accessing 57 products supported by 11 what is 11
M maintenance, displaying expiration date 68
102
menu, License Manager Main Menu 57 messages license key error 64, 67 LMC0002 42 LVE1005 42 LVE1019 42 MIMIX Availability Manager, support for 11 MIMIXCLU user profile 71 MIMIX-specific considerations 73 MIMIXOWN user profile 71 MIMIX-specific considerations 73 security 79 MIMIXQGPL library 26
N naming conventions, product 15 New Install without License Keys display 41
P password level (QPWDLVL) system value 77 product authority additional security techniques 83 changing 88 product history, displaying 28 product identifiers, license key 62 product level security 86 products installing License Manager 40 naming conventions 15 removing 60 publications additional information 9
Q QALWOBJRST system value 23 QALWUSRDMN system value 77 QLIBLCKLVL system value 23 QPWDLVL system value 77 QSECOFR user profile 40 QSECURITY system value 23, 77 QSYSLIBL system value 26, 31, 33
R remote support 97 accessing 98 configuring 98 deleting objects 100 disconnecting 100 ending 100
requirements AutoValidate license keys 64 INSPRD command for new install 21 software, for installs or upgrades 17 system values for installing 23 restricted fix 16 restrictions, user profile 76 run commands 77
S security common functions 84 displaying commands 94 functions provided by Vision Solutions 81 MIMIX environments using clustering 76 prevent unauthorized use and exposure 79 product level 86 product restrictions 76 provided by IBM i operating system 70 System i5 77 system security level 77 user profile 79 security class table, product 95 security for user profile LAKEVIEW 75, 79 MIMIXCLU 71 MIMIXOWN 71, 79 running active file operations 73 running model switch framework 73 running monitors 73 running procedures and steps 73 running Switch Assistant 73 security functions, included authority descriptions 85 enabling 86 overview 83 products that provide 81 service pack (SP) 16 software requirements for installing or upgrading 17 iOptimize 19 iTERA Availability 18 MIMIX Availability 17 starting products iOptimize 49 iTERA 52 MIMIX 47 support, remote system 97 configuring 98
103
disconnecting 100 system library list 26 check before installing 31 check before upgrading 33 system value QALWOBJRST 23 QALWUSRDMN 77 QLIBLCKLVL 23 QPWDLVL 77 QSECURITY 23, 77 QSYSLIBL 26, 31, 33
T terminology 15 AutoValidate 64 cumulative fix 16 License Key Package (LKP) 61 License Request Package (LRP) 61 restricted fix 16 service pack (SP) 16 update level 16 version number 15
U unauthorized use, preventing 79 update level 16 upgrading considerations when 24 product checklist 33 software requirements 17 user library list 27 user profile authority level, changing 89 authority level, displaying 87 IOPTOWNER 71 ITERAOWNER 71 ITIDGUI 71 LAKEVIEW 75, 79 MIMIXCLU 71 MIMIXOWN 71, 79 password, system values for 77 QSECOFR 40, 45 restrictions 76 same authorities on systems 77
V version number 15
104
