Please review the following information before upgrading Compliance Monitor. If you are updating Compliance Monitor from, for example, version 3.15 to 3.19, see Updating Compliance Monitor 3.
When upgrading Compliance Monitor in an HA environment
- Stop the replication of user profiles from production to HA system by either ending the replication software or ending the replication of the user profiles.
- Stop the replication of objects in the product libraries (PTCMT2 and PTCMT3).
- Upgrade Compliance Monitor on the HA and production systems.
- Setup Compliance Monitor replication per the HA Setup instructions. To view these instructions, download Compliance Monitor 3 HA Setup
- Start replication (including the user profiles and objects in the product libraries).
Before starting your upgrade
- End the Compliance Monitor Consolidator and Endpoints using the following commands:
- Consolidator: ENDPTCMCSL
- Endpoint: ENDPTCMEPT
- Enter the following command to check for locks on the Compliance Monitor library or objects in the library. Resolve any locks before proceeding with the upgrade.
WRKOBJLCK PTCMT2 *LIB
- Back up the Compliance Monitor 2 Consolidator library, PTCMT2, either as part of a full system save or by using the following command to back up the licensed program:
SAVLICPGM LICPGM(1PLCMT2) DEV(*SAVF) SAVF(QGPL/CM2BACKUP)
- It is Powertech’s goal not to change system values on customer systems because we recognize that security-conscious organizations have rigorous change control processes in place for even small changes to system values. Therefore, we ask you to make any system value changes that are needed. However, the Compliance Monitor upgrade process could change a system value to allow the upgrade to proceed if a system value is not set as specified below. If the Installation Wizard changes a system value during the upgrade, it changes it back to its original value when the upgrade completes.
- To upgrade Powertech Compliance Monitor on your system, the following system values that control object restores must be configured as shown.
- Set QALWOBJRST to *ALL or *ALWPGMADP (at a minimum) to allow the system to restore programs that adopt authority. Many Powertech Compliance Monitor programs adopt the authority of the product owner, rather than forcing you to give authority directly to administrators and end users. Note: The upgrade will work if QALWOBJRST is set to *ALL, but Powertech does not recommend using this value.
- QALWUSRDMN controls which libraries on the system can contain certain types of user domain objects. You should set the system value to *ALL or include the name of the Compliance Monitor product libraries (PTCMT2 [Consolidator], PTCMT3 [Endpoint], and QTEMP as a minimum) for the product to function properly.
- Set QVFYOBJRST to 1, 2, or 3. This allows Compliance Monitor to restore all objects regardless
of their signature.
- Set QFRCCVNRST (Force conversion on restore) to 0, Do not convert anything.
Compliance Monitor requires the following:
- IBM i (i5/OS, OS/400) version V7R1 or higher
- Java 1.6 32-bit (required minimum)
- Java 1.7 32-bit for V7R3
- Library QICU – International Components for Unicode for V7R2 and V7R3, option 39
- PASE (Portable Applications Solutions Environment), option 33
- IBM i V6R1: PTF Group SF99562 (level 6 or greater) installed
- IBM i V7R1: PTF Group SF99572 (level 8 or greater) installed
- IBM V6R1: PTF SI46809
- IBM V7R1: PTF SI46876
- IBM V7R1: PTF SI49916
- IBM V7R2: PTF SI54166
- 256 MB of disk space
Upgrading to Compliance Monitor 3
Ensure the following servers are available and running prior to upgrading:
- FTP Server
- Remote Command Server
Do the following to upgrade to Compliance Monitor 3:
- Download the Compliance Monitor 3 Upgrade Installer. To do so, go to the HelpSystems website and click My Account.
- Double-click the .exe file to start the Installation Wizard. When prompted, enter the name of the system on which you want to upgrade Compliance Monitor, a user profile, and password. Note: Make sure the user profile is a member of the user class *SECOFR and has at least the following special authorities: *ALLOBJ, *SECADM, *JOBCTL, *IOSYSCFG, and *AUDIT. The user profile should have Limit capabilities set to *NO.
- Specify how you want to load Compliance Monitor on your system, from the following:
- Consolidator only
- Endpoint only
- Both (Installs both the Consolidator and Endpoint programs on the same system; this is the default selection. Note: The Consolidator does not have to be an Endpoint.)
When the confirmation window displays, click Start to upload and upgrade Compliance Monitor on your system.
- The Compliance Monitor Consolidator and Endpoint upgrade processes run pre-checker programs that evaluate your system to verify that the upgrade can proceed, including that you have the proper authority, that the operating system and PTFs are at the correct level, and that the default port (3035) used by Compliance Monitor is available. If the pre-checkers find any problems, you should review the message logs (CM2INSTP for the Consolidator, PCMINSTP for the Endpoint) for more information.
- When the upgrade completes on the system, you can view the install log or select “Restart and load another system” to upgrade another system. Follow the instructions to upgrade the Endpoint program on your Endpoint systems.
- When you are finished upgrading all systems, click Finish to remove the Wizard from your PC.
The Compliance Monitor Installer displays the job log name, user, and job log number. Use the WRKSPLF command to display the job log for complete information on the Compliance Monitor upgrade.
Setting Up Compliance Monitor 3
After you’ve upgraded to Compliance Monitor 3 on your system, do the following to complete the setup:
On the Consolidator System
- Add the Compliance Monitor Consolidator library to your library list:
- Enter the following command to display the License Setup panel:
Enter your Compliance Monitor license code.
- Enter the following command to start the Compliance Monitor monitor job, QP0ZSPWT, in the PTWRKMGT subsystem:
On the Endpoint Systems
Sign on to each Endpoint system and do the following:
- Add the Compliance Monitor Endpoint library to your library list:
- Enter the following command to display the License Setup panel for the Endpoint:
Enter the Endpoint license code. The Endpoint license code is different from the Consolidator license code.
From Your Browser
Enter the following to connect to the Consolidator system:
- sysname is the name of the system where the Consolidator is installed
- 3035 is the default port number used by Compliance Monitor
After You Upgrade
The users (and groups) and reports (and groups) you defined in Compliance Monitor 2 are available in Compliance Monitor 3. If you want to add or change any report definitions, or add or remove users,display the online help for complete information.