Activating Powertech Network Security

Network Security uses several exit programs that interact with the various servers on IBM i. For the servers to use the exit programs, the exit programs must be registered. The Network Security activation process uses the Add Exit Program (ADDEXITPGM) command to add the exit programs to the system registry. (You can use the Work with Registration Info [WRKREGINF] command to see a list of registered exit programs.)

You can select from either of two methods to register the exit programs:

  • The Silent method (performed during an IPL)
  • The Interactive method

Network Security provides several activation/deactivation options and information on your activation/deactivation setup.

Compliance Monitor Users: Interactive Activation of Network Security will stop Compliance Monitor. End Compliance Monitor prior to interactive activation, and then restart it after activation.

To activate Powertech Network Security

  1. From the Network Security Main Menu, select option 81, Configuration Menu.
  2. On the Configuration Menu, select option 2, Work with Activation, to display the Work with Network Security Activation panel.
    NOTE: The Interactive method stops and starts QCMN and QSERVER. If you want to use the interactive method on a production system, you should plan it at a time when it will not interfere with your critical business processes.
  3. Enter a 1 next to a server to mark it for activation.
    WARNING: Registering any exit program over the *SQLSRV server can impact system performance since this server is called for each SQL request. High SQL traffic environments, or systems known to be underpowered, can experience significant delays when processing these requests. Consider object level security before Activating *SQLSRV in Network Security.
  1. When you press Enter, *ACTIVATE displays in the Pending Change column on the Work with Activation panel.

    Pending Activate request

  1. After you set the Pending Change field to *ACTIVATE, you must run the activation request to apply the Network Security exit program to each selected exit point. You can select to run an Interactive activation request (F20, Run activation) or a Silent activation request (F18, Add silent activation).
    NOTE: To activate all exit points, press F3 (Set all to Activate).
    NOTE: The *DDM and *DRDA servers, as well as the four ShowCase servers (see Servers and Functions), are physically the same server and are activated (or deactivated) together. If you choose to activate one, both/all are activated. They appear as separate servers in the list so that you can define different rules for each, and are interpreted as different servers at run time.

    To activate all exit points, press F3 (Set all to Activate). The *DDM and *DRDA servers, as well as the four ShowCase servers (see Servers and Functions), are physically the same server and are activated (or deactivated) together. If you choose to activate one, both/all are activated. They appear as separate servers in the list so that you can define different rules for each, and are interpreted as different servers at run time.

Using Silent Activation (F18)

For Network Security to activate itself at the next IPL, it changes the QSTRUPPGM system value to LNUROO4, which is a Network Security-supplied program. This program does the following at IPL, or when the controlling subsystem next starts:

If not a conversion from NS6, or conversion but no product library rename is to occur:

  1. Registers all Network Security exit programs to the associated exit point.
  2. Restores the QSTRUPPGM system value to the name of your original startup program.
  3. Calls your startup program.

If a conversion from NS6 and the product library is to be changed to PTNSLIB:

  1. Before powering down, all exit programs are deregistered and the TCP attribute STRTCP is set to *NO.
    WARNING: PWRDWNSYS must be used to IPL. Bringing the system into and out of restricted state is not enough, nor is ENDSYS or ENDSBS(*ALL).
  2. After powering up, when the IPL has completed and QCTL is started:
    1. Sets the IPL attribute STRTCP to *YES if it was *YES before.
    2. Swaps the library PTNSLIB07 name to PTNSLIB and puts NS6 in PTNSLIB06.
    3. Registers all Network Security exit programs to the associated exit point.
    4. Restores the QSTRUPPGM system value to the name of your original startup program.
    5. Calls your startup program.

If you decide you don't want to use Silent Activation, display the Work with Activation panel and press F19, Remove silent activation.

Do not delete the Network Security product library after selecting Silent Activation without canceling the activation.

  • Network Security activation recognizes the presence of an existing exit program and gives you the option to register it as a supplemental exit program. You do not need to do this, but you should be aware of the consequences if the current exit programs are being used for other processes on your system.
  • A Powertech Network Security exit program cannot be made supplemental to itself.

Verify the IBM i NetServer is Running

Due to time-sensitive interactions with IBM i system processes, there is a small possibility the IBM i NetServer will not be running after activation. Use the Work with Active Jobs command to verify there is a QZLSSERVER job running under the QSERVER subsystem.

WRKACTJOB SBS(QSERVER) JOB(QZLSSERVER)

If the QZLSSERVER job is not active, the IBM i NetServer must be started:

STRTCPSVR *NETSVR

 

Related Topics

 

Copyright © HelpSystems, LLC.
All trademarks and registered trademarks are the property of their respective owners.
7.17 | 201803210423