Before You Install
For information on installation and setup in an HA environment, contact Technical Support.
This is the version of Network Security prior to the release of 7.04. Version 7.04 introduced Insite web browser support (which replaced the former web server of v6.54 - v7.03). For information on installing the latest version of Network Security, see Installing or Updating Network Security 7 (v7.04).
Network Security requires that you enter a valid license key in order to protect your servers. Contact firstname.lastname@example.org if you need to request a new license key.
It is Powertech’s goal not to change system values on customer systems because we recognize that security-conscious organizations have rigorous change control processes in place for even small changes to system values. Therefore, we ask you to make any system value changes that are needed. However, the Network Security installation process could change a system value to allow the install to proceed if a system value is not set as specified below. If the Installation Wizard changes a system value during install, it changes it back to its original value when the install completes.
To install Powertech Network Security on your system, the following system values that control object restores must be configured as shown.
- Set QALWOBJRST to *ALWPGMADP (at a minimum) to allow the system to restore programs that adopt authority. Many Powertech Network Security programs adopt the authority of the product owner, rather than forcing you to give authority directly to administrators and end users. (Note: For some system configurations, *ALL is required temporarily.)
- QALWUSRDMN controls which libraries on the system can contain certain types of user domain objects. You should set the system value to *ALL or include the name of the Network Security product library (PTNSLIB and QTEMP as a minimum) for the product to function properly.
- Set QVFYOBJRST to 1, 2, or 3. This allows Network Security to restore all objects regardless of their signature. (Note: If you normally check signatures, remember to check this system value after the Network Security install process completes.)
- Set QFRCCVNRST (Force conversion on restore) to 0, 'Do not convert anything.'
- Set QALWJOBITP (Allow jobs to be interrupted) to 1. This allows jobs to be interrupted to run user-defined exit programs. All new jobs that become active will default to be uninterruptible.
If you are installing Network Security on a new system that does not yet include IBM's QAUDJRN audit journal, run the command CHGSECAUD to create one automatically. This is the default journal used to record Network Security’s transaction auditing data.
Network Security requires the following:
- IBM i (i5/OS, OS/400) version V6R1 or higher
- Java 1.6 32-bit (required minimum)
- 256 MB of disk space
- PASE (Portable Applications Solutions Environment), option 33
- CCA Cryptographic Service Provider, option 35
- Current IBM-supported PTF level
ShowCase version 220.127.116.11 or greater is required to use Network Security's ShowCase exit points.
Network Security's installer file is available for download directly from the Powertech Website. (The "Trial" download is the full product, which can be unlocked with a valid License Key). The installation process is completely automated.
Ensure the following servers are available and running prior to installation:
- FTP Server
- Remote Command Server
Do the following to perform the installation:
- Download the Network Security Installer to your PC.
- Double-click the .exe file to start the Installation Wizard. When prompted, enter the name of the system on which you want to install Network Security, a user ID, and password. Note: Make sure the user profile is a member of the user class *SECOFR and has at least the following special authorities: *ALLOBJ, *SECADM, *JOBCTL, *IOSYSCFG, and *AUDIT. The user profile should have Limit capabilities set to *NO.
- The Wizard installs Network Security on your System i and places a copy of the User Guide on your PC desktop. When the installation completes, click Finish to remove the Wizard from your PC.
The installation process displays the job log name, user, and job log number. Use the WRKSPLF command to display the job log for complete information on the Network Security install. (The job log file name is JLOGn, where "n" equals a six digit number, e.g. JLOG144620).
To verify that Network Security installed successfully, enter the following command to display the Powertech Network Security window, which shows the release and modification level of the product:
Network Security installs the following product libraries, profiles, authorization lists, commands,objects, and exit points on your system.
|Installed on System||Description|
(All these profiles are set to Password = *NONE so that they can’t be used to sign on to the system.)
Note: The Network Security installation program places these commands in the PTNSLIB/PTNSLIB07 library. They are copied to QGPL when you activate Network Security.
Network Security Web User Interface (Web UI)
The Network Security Web User Interface (WUI, or Web UI) allows security administrators to work with rules and most other Network Security features directly from a browser. The following browser versions (or later) are required to use Network Security's WUI:
- Internet Explorer 9
- Firefox 11
- Chrome 21
- iOS 6
- 4.0 using Chrome
Web UI Commands:
The Web UI is not installed during Network Security's installation procedure, because it is generally only required on the Central Management System.
To install the Web UI, use the following command:
To start/stop the web server job, use these commands:
Start - PTNSSTRWEB
End - PTNSENDWEB
This will start/stop the QP0ZSPWT job with the user of PTWEB in the PTWRKMGT subsystem.
To configure web server ports, and remove the web server, use the following commands:
Configure web server ports - PTNSCFGWEB
Remove web server - PTNSRMVWEB
Dashboard Showing Transaction Counts
A feature of Network Security’s Web UI is the Dashboard.
The Dashboard displays a count of all transactions monitored or controlled by Network Security. The Dashboard displays the totals for the servers based upon the criteria selected by the user (today's totals, yesterday's totals, last 7 days or last 30 days). You can also select to see the individual server's counts for the past 24 hours. To activate this feature, start the Dashboard Data Summarization job.
To start/end the Dashboard Data Summarization job, use the following commands:
Start - PNSSTRDASH
End - PNSENDDASH
Execution of the Dashboard Data Summarization job can be controlled with the following commands:
PNSHLDDASH - Use this command, Hold Dashboard Collection, to set the system in a state such that data collection to support the web interface Dashboard will not run.
PNSRLSDASH - Use this command, Release Dashboard Collection, to release the Hold Dashboard Collection command, allowing data collection to occur.
After You Are Done
After you install Network Security, see Activating Powertech Network Security in the Administrator's Guide for instructions on how to activate Network Security.
The Network Security Administrator's Guide is also installed as part of the product installation in the following directory: C:\Program Files\PowerTech\Network Security