Overview of Process and Steps
This document describes how to migrate (move/duplicate) all the information contained in the PTNSLIB and the Network Security IFS /PowerTech/NetworkSecurity/ directory from one IBM i system to another. These steps assume the Target system does not have Network Security Installed.
The procedure includes the following general steps:
- Save the PowerTech/NetworkSecurity/ IFS directory, subdirectories and all contents to a SAVE file.
- Save the PTNSLIB Library to a SAVE file.
- Transfer the two save files to the ‘Target’ system using FTP.
The Target system will require a complete installation of Network Security identical to the save version on the Source system to install the required objects both inside and outside the product libraries. Using different product versions is not supported. Object types installed: Libraries, User Profiles, Commands, Exit Points, IFS directories, Job queues, and Authorization lists.
After installation on the Target system, instructions are provided to clear the PTNSLIB library and the IFS directory, and restore the Library and the IFS directory from the two save files transferred earlier.
The final steps include correcting a single known issue with Journal Receiver authorities, adding the license appropriate for the target system, then activating the product.
Object Locks Consideration
Object locks may interfere with saving the library objects. Whether the locks will actually interfere with the save depends on the job and whether the object is active at the moment a save is started. In order to save the objects on the Source system, complete the following two steps, which (one or both) ensure there are no locks on the PTNSLIB and IFS objects. (Both steps are intrusive.)
- Deactivate the Network Security exit programs and stop the subsystem PTWRKMGT. Note that other Powertech products using this subsystem may no longer function until the subsystem is brought back to a running state.
- An alternative to ending the subsystem PTWRKMGT, if it cannot be ended, is to remove specific Job Queue entries connected to Network Security. The job queue entries will have to be added back after the save is completed. See Appendix A at the end of this document for the commands.
- Place the system into a restricted state. Any exit point traffic may place object locks in the product library and could interfere with a complete save. Profiles used in the process on Source and Target systems require a profile with*ALLOBJ authority.
Important Note: Please read the Activation/Deactivation procedure in the Administrator’s Guide for information on the potential intrusiveness of this process. It is also prudent to consider the impact and implications on auditing and access control of deactivating the Network Security exit programs.
Source System Save File Creation
- On the Source system, create the ‘empty’ SAVFs for the Library PTNSLIB and the IFS directory ‘PowerTech/NetworkSecurity’. These will be used for transporting the data to the Target system.
Create the Library save file - CRTSAVF QGPL/NS65SSAV
Create the IFS Directory save file – CRTSAVF QGPL/NSIFSSAV
- To save the /PowerTech/NetworkSecurity/ directory to your save file, use the IBM i Save Object (SAV) command and the supplied parameters. For native IBM I objects such as save files, this means that you have to specify QSYS.LIB as part of the backup media location;
IFS directory save command:
SAV DEV('/QSYS.LIB/QGPL.LIB/NSIFSSAV.FILE') OBJ(('/powertech/NetworkSecurity*' *INCLUDE))
PTNSLIB library save command:
SAVLIB LIB(PTNSLIB) DEV(*SAVF) SAVF(QGPL/NS65SAV) PVTAUT(*YES)
Target System Save File Creation
On the Target system, create the ‘empty’ SAVFs for the Library PTNSLIB and the IFS directory ‘PowerTech/NetworkSecurity’.
CRTSAVF QGPL/NSIFSSAV (the IFS save file)
CRTSAVF QGPL/NS65SAV (the PTNSLIB save file)
Source System FTP File Transfer Steps to Target System
Send the IFS Save Files from the Source to the Target system via FTP (or you can move the save files with whatever method you are familiar with).
- FTP <yourtargetsystem>
- You will be prompted for: Login <user name> and <password>
- QUOTE SITE NAMEFMT 1
- /QSYS.LIB/QGPL.LIB/NSIFSSAV.SAVF /QSYS.LIB/QGPL.LIB/NSIFSSAV.SAVF
Send the PTNSLIB Library Save File to the ‘Target’ iSeries via FTP:
- FTP <yourtargetsystem>
- Login user name and password
- QUOTE SITE NAMEFMT 0
- PUT /QGPL/NS65SAV.SAVF /QGPL/NS65SAV.SAVF
Target System - Final Steps and Restoration Procedure
On the Target system, do a complete installation of Network Security of the same version (including Release and Build). This will create the User Profiles, Authorizations lists, jobqs, etc. that are needed for the product to work but are not in the product library.
***Do not activate exit program or License the product at this time***
Once Network Security installation is complete, clear the previously installed PTNSLIB library with the following clear library command:
Note - You may see messages relating to unsaved journal receivers (I, C) Choose I to ignore.
Clear the previously installed /powertech/NetworkSecurity IFS directory of objects with the following steps:
- Use command: wrklnk '/powertech/NetworkSecurity'
- Choose 2=Edit
- Choose 9=Recursive Delete for *DIR objects
- Choose 4=Delete File for all other objects
- Do not delete the /NetworkSecurity directory itself
Steps to restore the library and the IFS directory from the SAVFs file you moved to the new system in previous steps:
RSTLIB SAVLIB(PTNSLIB) DEV(*SAVF) SAVF(QGPL/NS65SAV) MBROPT(*ALL) ALWOBJDIF(*ALL)
rst dev('/qsys.lib/qgpl.lib/NSIFSSAV.file') obj(('/PowerTech/NetworkSecurity*' *INCLUDE)) SUBTREE(*ALL) ALWOBJDIF(*ALL)
The restore process may alter the journal receiver CAPJRN* authorization list values. The newest attached receiver will need to have the Authorization list PTNSDTA assigned.
- Use the command:
- Identify the most current journal receiver
- Take option 2=Edit authority
- Change the authorization list from *NONE to PTNSDTA and save the change
Add product license key using the following steps:
To enter the new code for Network Security:
- Add the library to your library list with this command:
- Call the security code program with this command:
- Press F6 to add license
- Copy and paste the license into the supplied fields
If using the Web User Interface, run the following command. (If you do not intend to use the WUI interface skip the following command.)
Commands to remove Network Security Job Queue entries from PTWRKMGT subsystem
RMVJOBQE SBSD(PTWRKMGT/PTWRKMGT) JOBQ(PTNSLIB/PTNSGMSTR)
RMVJOBQE SBSD(PTWRKMGT/PTWRKMGT) JOBQ(PTNSLIB/PTNSCAPSUM)
Commands to add Network Security Job Queue entries to PTWRKMGT subsystem. Note: The sequence number may conflict with others so may need to be changed (SEQNBR 50x) is randomly chosen.
ADDJOBQE SBSD(PTWRKMGT/PTWRKMGT) JOBQ(PTNSLIB/PTNSGMSTR) SEQNBR(501)
ADDJOBQE SBSD(PTWRKMGT/PTWRKMGT) JOBQ(PTNSLIB/PTNSCAPSUM) SEQNBR(502)