How To Guide

Moving Network Security 6.5x to a New System

Last Updated:
August 1, 2016

Overview of Process and Steps

This document describes how to migrate (move/duplicate) all the information contained in the PTNSLIB and the Network Security IFS /PowerTech/NetworkSecurity/ directory from one IBM i system to another. These steps assume the Target system does not have Network Security Installed.

The procedure includes the following general steps:

  1. Save the PowerTech/NetworkSecurity/ IFS directory, subdirectories and all contents to a SAVE file.
  2. Save the PTNSLIB Library to a SAVE file.
  3. Transfer the two save files to the ‘Target’ system using FTP.

The Target system will require a complete installation of Network Security identical to the save version on the Source system to install the required objects both inside and outside the product libraries. Using different product versions is not supported. Object types installed: Libraries, User Profiles, Commands, Exit Points, IFS directories, Job queues, and Authorization lists.

After installation on the Target system, instructions are provided to clear the PTNSLIB library and the IFS directory, and restore the Library and the IFS directory from the two save files transferred earlier.

The final steps include correcting a single known issue with Journal Receiver authorities, adding the license appropriate for the target system, then activating the product.

Object Locks Consideration

Object locks may interfere with saving the library objects. Whether the locks will actually interfere with the save depends on the job and whether the object is active at the moment a save is started. In order to save the objects on the Source system, complete the following two steps, which (one or both) ensure there are no locks on the PTNSLIB and IFS objects. (Both steps are intrusive.)

  1. Deactivate the Network Security exit programs and stop the subsystem PTWRKMGT. Note that other Powertech products using this subsystem may no longer function until the subsystem is brought back to a running state.
    1. An alternative to ending the subsystem PTWRKMGT, if it cannot be ended, is to remove specific Job Queue entries connected to Network Security. The job queue entries will have to be added back after the save is completed. See Appendix A at the end of this document for the commands.
  2. Place the system into a restricted state. Any exit point traffic may place object locks in the product library and could interfere with a complete save. Profiles used in the process on Source and Target systems require a profile with*ALLOBJ authority.

Important Note: Please read the Activation/Deactivation procedure in the Administrator’s Guide for information on the potential intrusiveness of this process. It is also prudent to consider the impact and implications on auditing and access control of deactivating the Network Security exit programs.

Migration Procedure

Source System Save File Creation

  1. On the Source system, create the ‘empty’ SAVFs for the Library PTNSLIB and the IFS directory ‘PowerTech/NetworkSecurity’. These will be used for transporting the data to the Target system.

    Create the Library save file - CRTSAVF QGPL/NS65SSAV

    Create the IFS Directory save file – CRTSAVF QGPL/NSIFSSAV

  1. To save the /PowerTech/NetworkSecurity/ directory to your save file, use the IBM i  Save Object (SAV) command and the supplied parameters. For native IBM I objects such as save files, this means that you have to specify QSYS.LIB as part of the backup media location;

    IFS directory save command:

    SAV DEV('/QSYS.LIB/QGPL.LIB/NSIFSSAV.FILE') OBJ(('/powertech/NetworkSecurity*' *INCLUDE))

    PTNSLIB library save command:


Target System Save File Creation

On the Target system, create the ‘empty’ SAVFs for the Library PTNSLIB and the IFS directory ‘PowerTech/NetworkSecurity’.  



Source System FTP File Transfer Steps to Target System

Send the IFS Save Files from the Source to the Target system via FTP (or you can move the save files with whatever method you are familiar with).

  1. FTP <yourtargetsystem>
  2. You will be prompted for: Login <user name> and <password>
  4. BIN                    
  5. PUT
  7. QUIT

Send the PTNSLIB Library Save File to the ‘Target’ iSeries via FTP:

  1. FTP <yourtargetsystem>
  2. Login user name and password
  4. BIN
  6. QUIT                                    

Target System - Final Steps and Restoration Procedure

On the Target system, do a complete installation of Network Security of the same version (including Release and Build). This will create the User Profiles, Authorizations lists, jobqs, etc. that are needed for the product to work but are not in the product library.

***Do not activate exit program or License the product at this time***

Once Network Security installation is complete, clear the previously installed PTNSLIB library with the following clear library command:


Note - You may see messages relating to unsaved journal receivers (I, C)   Choose I to ignore.

Clear the previously installed /powertech/NetworkSecurity IFS directory of objects with the following steps:

  1. Use command:  wrklnk '/powertech/NetworkSecurity'
  2. Choose 2=Edit
  3. Choose 9=Recursive Delete for *DIR objects
  4. Choose 4=Delete File for all other objects
  5. Do not delete the /NetworkSecurity directory itself

Steps to restore the library and the IFS directory from the SAVFs file you moved to the new system in previous steps:

RSTLIB SAVLIB(PTNSLIB) DEV(*SAVF) SAVF(QGPL/NS65SAV) MBROPT(*ALL) ALWOBJDIF(*ALL)                                                                        

rst dev('/qsys.lib/qgpl.lib/NSIFSSAV.file') obj(('/PowerTech/NetworkSecurity*' *INCLUDE)) SUBTREE(*ALL) ALWOBJDIF(*ALL)

Final steps

The restore process may alter the journal receiver CAPJRN* authorization list values. The newest attached receiver will need to have the Authorization list PTNSDTA assigned.

  1. Use the command:


  2. Identify the most current journal receiver
  3. Take option 2=Edit authority
  4. Change the authorization list from *NONE to PTNSDTA and save the change

Add product license key using the following steps:

To enter the new code for Network Security:

  1. Add the library to your library list with this command:


  2. Call the security code program with this command:

    CALL PLK280

  3. Press F6 to add license
  4. Copy and paste the license into the supplied fields

If using the Web User Interface, run the following command. (If you do not intend to use the WUI interface skip the following command.)


Appendix A

Commands to remove Network Security Job Queue entries from PTWRKMGT subsystem



Commands to add Network Security Job Queue entries to PTWRKMGT subsystem. Note: The sequence number may conflict with others so may need to be changed (SEQNBR 50x) is randomly chosen.



Related Products