Adding and Configuring Managed Systems

You can start Network Security from the IBM i Main Menu.

To Start Network Security

  1. From the IBM i Main Menu, enter POWERTECH.
  2. Enter 2 to view the Powertech Network Security Main Menu.

To start Network Security from the Command Line

  • Type PTNSLIB07/WRKPTNS or PTNSLIB/WRKPTNS depending on your product library.

Adding Managed Systems (Endpoints)

The following instructions explain how to add systems for management by Network Security either from the green screen or the HelpSystems Insite web browser interface. Once managed systems have been configured in Network Security, they can be connected to Insite in order to be managed from a web browser. For details on adding systems to HelpSystems Insite, see IBM i Connections in the Insite Server Settings Help.

Each system to be managed requires a licensed Network Security installation. Once an Endpoint to be managed has been installed, it can be licensed from within the Management System. After adding systems, assign them to System Groups in order to manage them together.

If you intend to use Network Security on the Management System only, you can skip the instructions in this section.

Defining Systems

NOTE: When a system is defined as an Endpoint and connected to the Management System, Network Security is also accessible by an administrator by logging in to the Endpoint directly. Changes made to an Endpoint directly are not reflected in Network Security's configuration on the Management System. Use Audits to identify discrepancies between the Management System and Endpoints (see Auditing Network Security Rules).

Before you begin, select the system you would like to use as the Management System. This is the system that will be used to manage Network Security across your network. Then, identify the systems to be managed, or Endpoints. Then, proceed with the following instructions:

On Each Endpoint

  1. Install Network Security on each system for which you want to manage user rules. At installation, each system is a Management System for itself.
  2. To allow one system to be the Management System, sign on to each Endpoint system and do the following: Type POWERTECH on a command line and then take menu option 80, Central Administration.
  3. On the Central Administration Main Menu, select option 3, Network Configuration Menu.
  4. On the Network Configuration Menu, select option 1, Work with Systems.
  5. Enter option 2, Change, next to the endpoint system.
  1. Pick a port number to use on both the Endpoint and Management System.
    • Each Endpoint can use the same port number (recommended).
    • Each Endpoint can have a different port.
    • On the Change System panel, enter a description, the IP address or the name by which the system is known, and the port number that will be used to communicate with the Central Administration Management System. You will use this port number when you add the system to the network from the Management System. It is recommended that you set all the ports to the same number so that it is easily remembered, but this is not required. The same port number is required for the Management System and the Endpoint. If you change to a different port number, you will need to do so for the Management System and the Endpoint.
  2. Start the Central Administration monitor jobs using the command PPLSTRMON. This starts four monitor jobs in the PTWRKMGT subsystem: PPLCMNMON, PPLCMNSVR, PPLEVTMON, and PNSEVTMON.
NOTE: PNSEVTMON must be running in order to add user profile rules in Network Security. If for some reason PNSEVTMON gets shut down, you can issue PTNSLIB07/PNSSTRMON (or PTNSLIB/PNSSTRMON, depending on your product library) to restart the monitors, restoring the ability to add user profile rules.

On the Management System

  1. Sign on to the system designated as the Management System and do the following: Type POWERTECH on a command line and then take menu option 80, Central Administration.
  2. On the Central Administration Main Menu, select option 3, Network Configuration Menu.
  3. Start the monitor jobs: PPLSTRMON
  4. On the Network Configuration Menu, select option 1, Work with Systems. The Work with Systems panel lists all systems that have been defined in Central Administration.
  5. Press F6 to add a new system. Enter a brief description of the system on the Create System panel. Specify the address (either the IP address or the name by which the system is known) and the port number you entered on the endpoint system that is used to communicate with the system.
  6. Press Enter to include the Endpoint as a managed system. The system name and system information (serial number, model number, and whether the system is the Central Administration Management System) display on the panel.
    NOTE: The monitor jobs must be running on the Endpoint in order for it to be included as a managed system.
  1. You also can enter product license information for an Endpoint. Enter option 7, Licenses next to the system name to display the Work with Licenses for System panel. Select the product for which you want to enter the license code with option 2. Use the License Entry panel to enter the license code.

Configuring Network Security Product Security Roles

A Product administrator on the PTADMIN Authorization list has unencumbered access to all aspects of both Network Security and Central Administration. This high level of authority may be excessive if a Powertech user does not require access to every function in order to perform their required administrative tasks. To delegate access to the required subset of product functions, define Product Security Roles. A Role overrides the global authorities provided by the PTADMIN authorization list and defines the user's authority over the managed systems. For example, if a user is Report Personnel, and does not require access to non-report-related functions, you can define a "Report" Role, then assign this Role to the individual responsible for running reports in order to issue them access to only report-related functions.

Switching Systems

After you have installed and licensed Network Security on one or more Endpoints, you can log in to the Management System to manage any of these systems.

Press F7 in the green screen (in any panel that includes this option) to open the Select Systems panel, which allows you to choose a new system to work with.

In HelpSystems Insite, click the name of the system in the Navigation Pane.

 

Copyright © HelpSystems, LLC.
All trademarks and registered trademarks are the property of their respective owners.
7.17 | 201803210423