Professional Documents
Culture Documents
cover
Front cover
Student Notebook
ERC 14.1
Trademarks
IBM® is a registered trademark of International Business Machines Corporation.
The following are trademarks of International Business Machines Corporation in the United
States, or other countries, or both:
Active Memory™ AIX 5L™ AIX®
AS/400® BladeCenter® C/400®
DB™ DB2 Universal Database™ DB2®
Distributed Relational Domino® DRDA®
Database Architecture™
Electronic Service Agent™ EnergyScale™ eServer™
FlashCopy® Focal Point™ Initiate®
iSeries® i5/OS™ i5/OS®
Lotus® Micro-Partitioning® Notes®
OfficeVision® Operating System/400® POWER Hypervisor™
Power Systems™ POWER® PowerPC®
PowerVM™ POWER4™ POWER5™
POWER6® POWER7® Rational Team Concert™
Rational® Redbooks® RPG/400®
ServerProven® Service Director™ System i®
System p® System Storage® System x®
System z® Tivoli® WebSphere®
xSeries® z/OS® 400®
Adobe is either a registered trademark or a trademark of Adobe Systems Incorporated in
the United States, and/or other countries.
Intel and Pentium are trademarks or registered trademarks of Intel Corporation or its
subsidiaries in the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or
both.
Microsoft, Windows and Windows NT are trademarks of Microsoft Corporation in the
United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of
Oracle and/or its affiliates.
IA® is a trademark or registered trademark of Cast Iron Systems, Inc. (or its affiliates), an
IBM Company.
Other product and service names might be trademarks of IBM or other companies.
TOC Contents
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxv
Agenda . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxix
TOC Solution for planned and unplanned IBM Power Systems with IBM i server outages
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-118
For more information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-119
Topic 5: Additional topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-120
Alternate installation device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-121
Uninterruptible power supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-122
UPS: System values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-124
UPS: When power fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-126
UPS: Time line of QUPSDLYTIM function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-127
UPS: Power loss controlled shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-128
UPS: Power handling program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-129
Availability: Dual systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-130
Checkpoint (1 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-131
Checkpoint (2 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-132
Checkpoint (3 of 3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-133
Unit summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-134
TMK Trademarks
The reader should recognize that the following terms, which appear in the content of this
training document, are official trademarks of IBM or other companies:
IBM® is a registered trademark of International Business Machines Corporation.
The following are trademarks of International Business Machines Corporation in the United
States, or other countries, or both:
Active Memory™ AIX 5L™ AIX®
AS/400® BladeCenter® C/400®
DB™ DB2 Universal Database™ DB2®
Distributed Relational Domino® DRDA®
Database Architecture™
Electronic Service Agent™ EnergyScale™ eServer™
FlashCopy® Focal Point™ Initiate®
iSeries® i5/OS™ i5/OS®
Lotus® Micro-Partitioning® Notes®
OfficeVision® Operating System/400® POWER Hypervisor™
Power Systems™ POWER® PowerPC®
PowerVM™ POWER4™ POWER5™
POWER6® POWER7® Rational Team Concert™
Rational® Redbooks® RPG/400®
ServerProven® Service Director™ System i®
System p® System Storage® System x®
System z® Tivoli® WebSphere®
xSeries® z/OS® 400®
Adobe is either a registered trademark or a trademark of Adobe Systems Incorporated in
the United States, and/or other countries.
Intel and Pentium are trademarks or registered trademarks of Intel Corporation or its
subsidiaries in the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or
both.
Microsoft, Windows and Windows NT are trademarks of Microsoft Corporation in the
United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other
countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of
Oracle and/or its affiliates.
IA® is a trademark or registered trademark of Cast Iron Systems, Inc. (or its affiliates), an
IBM Company.
Other product and service names might be trademarks of IBM or other companies.
Purpose
This course explains how to plan for, implement, and manage the
ongoing operations of the Power System with IBM i. Emphasis is on
security, system availability, backup and recovery, system software
management, and problem determination. You are also introduced to
the architecture and terminology of IBM i and the Power Systems with
IBM i.
Audience
This course is designed for IT managers and their staff who are
responsible for:
• Designing and implementing a security plan
• Implementing a backup and recovery plan
• Implementing a system availability plan
• Performing problem determination procedures and activities
This course is not recommended for system operators or end users.
Prerequisites
Before attending this course, students should:
• Attend the System Operator Workshop for System i (AS24 -
classroom / OV24 - ILO (Instructor Lead Online)) or have the
equivalent knowledge and experience on the system
• Have a basic understanding of security concepts on the Power
System with IBM i
• Have a working knowledge of how to perform backup and recovery
activities on the system
Objectives
After attending this class, the student should be able to:
Curriculum relationship
This course can be substituted by attending two other courses:
• IBM i Security Concepts and Implementation (OL50/OV50)
• IBM i Recovery and Availability Management (OL51/OV51)
pref Agenda
Day 1
Welcome, course administration, introductions, lab setup
Unit 1: IBM i overview and concepts
Lab 1: Establishing a user environment
Unit 2: Management Central overview
Lab 2: Management Central inventory and system values
Unit 3: Security concepts and overview
Unit 4: Security-related system values
Unit 5: User security - Topic 1
Lab 3: Working with user profiles
Day 2
Unit 5: User security - Topic 2
Lab 4: Working with group profiles
Unit 5: User security - Topics 3 - 4
Unit 6: Resource security - Topics 1 - 3
Lab 5: Working with authorization lists
Unit 6: Resource security - Topics 4 - 5
Lab 6: Working with object authority and adopted authority
Unit 7: Security auditing
Unit 8: Designing security
Day 3
Unit 9: IBM Power Systems with IBM i: Availability overview
Unit 10: Disk management
Unit 11: Backup and recovery strategy using save/restore - Topics 1 - 2
Lab 7: Media devices and virtual tape
Unit 11: Backup and recovery strategy using save/restore - Topics 3 - 4
Day 4
Lab 8: Save/restore
Unit 11: Backup and recovery strategy using save/restore - Topics 5 - 6
Unit 12: Journal management - Topics 1 - 6
Lab 9: Journal management
Unit 12: Journal management -Topics 7 - 8
Unit 13: Commitment control overview
Lab 10: Commitment control
Unit 14: Backup and recovery planning
Day 5
Unit 15: Problem determination
Lab 11: Problem determination
Unit 16: Introduction to Backup Recovery and Media Services
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit objectives
IBM i
Notes:
Uempty
Notes:
Many functions that have traditionally been performed by system control programs or
add-on programs are integrated into the system licensed internal code (SLIC) so that they
can be performed more efficiently. SLIC and i together provide efficient use of system
hardware resources.
This architectural feature is known as the technology-independent machine interface
(TIMI).
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Programs
TIMI
SLIC
Notes:
IBM Power Systems with IBM i are atypical in that they are defined by software, not by
hardware. When a program presents instructions to the machine interface for execution, it
thinks that the interface is the system hardware, but it is not. The instructions presented to
TIMI pass through a layer of microcode before they are understood by the hardware itself.
TIMI and SLIC allow Power Systems with IBM i to take technology in stride. New
architectural features can be used to fully accommodate post reduced instruction set
computer (RISC) technologies, which might incorporate 96-bit or 128-bit processors or
shifts to different processor technologies.
Uempty
POWER Hypervisor
IBM i
TIMI
POWER Hypervisor
Notes:
IBM Power Systems with IBM i work with a different structure when compared to the
previous technologies used with AS/400 and iSeries servers. Above the POWER5
technology-based hardware is a code layer called the POWER Hypervisor. This code is
part of the firmware shipped with the Power Systems with IBM i hardware. The POWER
Hypervisor resides in flash memory on the Service Processor. This firmware performs the
initialization and configuration of the Power Systems with IBM i hardware, as well as the
virtualization support required to run up to 254 partitions concurrently on the IBM Power
Systems with IBM i. Partition Licensed Internal Code (PLIC) allows for management of
multiple partitions of the Power Systems with IBM i hardware. It is included as part of the
POWER Hypervisor.
The layers above the POWER Hypervisor are different for each supported operating
system. The layers of code supporting Linux and AIX 5L consist of system firmware and
Run Time Abstraction Services (RTAS).
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
We have had innovative technology built into IBM i throughout its life cycle. Here are some
aspects of this technology. These are the things that make our operating system better
than the other operating systems out there.
Innovative IBM i technology includes single level storage, object-based architecture,
operating system integration, work management and a technology independent machine
interface.
Uempty
AS/400
System i
Figure 1-6. Power Systems with IBM i expand rich heritage OL1914.1
Notes:
Twenty years ago, IBM introduced the AS/400, bringing together two of IBM's most
successful platforms of the time: S/36 and S/38. It was the first of a new generation of
servers with a revolutionary virtualized operating system. It allowed companies to simply
write business applications that used its integrated database.
In 1995, we moved to 64-bit technology; then, in 2000, we delivered Linux for POWER,
extending the platform to open applications. In 2004, we delivered POWER5 and support
for AIX. Finally, in 2007, we began our rollout of POWER6 with the Power 570.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
BladeCenter
Simplify data center
complexity.
System z
The flagship for IBM
Systems innovation and the
heart of a highly secure,
resilient and integrated
infrastructure.
IBM Power Systems
Install faster, maintain easier.
Get the power to do more,
spend less.
System x
Innovation comes standard. System Storage
Connected. Protected. Complete.
Notes:
All of IBM's systems and storage, along with the microelectronics upon which they are built,
are part of the same group today; the same management structure. The best of IBM's
technology is freely shared among all of the product lines. As a result, we have the most
comprehensive and competitive systems and storage products in the industry today.
Although many common technologies are shared among the various products, each
remains distinct in the markets they serve. Each grew out of separate beginnings.
• System z is the class if the industry in mainframes.
• BladeCenter leads the industry in its category, and System x, our Intel-based offering, is
gaining share against Dell and HP.
• System p leads the industry for UNIX-based servers.
• System Storage has forged ahead with storage virtualization technologies.
Power Systems with IBM i are in a class by themselves. Their beginnings (their roots) are
in business computing. It does not require the technical expertise of a mainframe, though it
functions with mainframe characteristics. Its roots are not in personal computing, where
Uempty Intel-based solutions began, nor are they in engineering or scientific computing, where
UNIX-based solutions began.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
780
8-64 way
770
8-64 way
755
1-4 way
750
1-4 way Mid-sized to large
enterprises
Small to mid-sized
enterprises
All models also support integration with System x
and BladeCenter running Windows or Linux.
Figure 1-8. The Power Systems with IBM i product line OL1914.1
Notes:
In 2000, we delivered Linux for POWER, extending the platform to open applications.
Then, in 2004, we delivered POWER5 and support for AIX. Step by step, we are moving
away from a platform that many consider exemplifies unique and proprietary, to one that is
mainstream and based on open technology.
In 2007, we began our rollout of POWER6 with the 570.
In 2009, we began our rollout of POWER7.
Uempty
CPU models
IBM i
• System i models
– Machine type (xxxx)
• 9402, 9404, 9406, Power Systems
with IBM i
– Model (aaa)
• Bxx, Cxx, Dxx,
• Exx, Fxx, 3xx, 5xx, 6xx
• nnS, Sxx, 150, 170
• 250, 270, 7xx, 8xx
• i825, i830, i840,
• i870, i890
• 515, 520, 525, 550, 570, 596, POWER6 (520, 570, 595)
• POWER7 (710, 720, 730, 740, 750, 755, 770, 780, 795)
• Each with different throughput
– Capacities
• Measured by commercial processing workload (CPW) 1995 2006
1995 2010
– Largest CPW is 399.200 on model 795
Cobra
Cobra POWER 7
• Processor architecture
– Speeds of up to 4.25 GHz Transistor count 4.7M 1,2B
– Cache size (level-1, 2, 3) Frequency 50 MHz Up to 4.25 GHz
– Parallel threads management Logical partitions None Up to 1000
Notes:
Processor CPW: The commercial processing workload (CPW) represents maximum
relative performance running commercial processing workloads for a processor
configuration. Use this value to compare relative performance between models with the
same or different number of processors.
5250 CPW: This represents the relative performance available to perform 5250 online
transaction processing (OLTP) (interactive) workloads.
EnergyScale technology allows POWER7 processors to operate at a higher frequency for
increased performance and, consequently, more performance per watt. Alternatively, if
workloads permit, the processor clock frequency can be dramatically reduced to save
energy while maintaining required application performance.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Single-level storage
IBM i
Main Auxiliary
storage storage
Notes:
All system storage (whether main storage or disk storage) is addressed in the same way.
This single, device-independent addressing mechanism means that objects are referred to
by name or name and library, never by disk location. All objects are created as if they
reside in a 18,446,744,000,000,000,000-byte address space. That is 18.4 quintillion bytes!
The IBM i's virtual addressing is independent of an object's physical location and also the
type, capacity, and number of disk units on the system.
What this means is that application programs do not require modification in order to take
advantage of new storage technologies. Users can leave all storage management entirely
to the machine.
Uempty
Processing
unit
Notes:
The following devices can be attached to your Power Systems with IBM i:
• Printers
• Workstations
• Tape units
• CD-ROMs
• Remote controllers
• Personal computers (PCs)
Your system receives data (input) from several devices including each workstation, disk,
tape, and CD-ROM attached to the system. The processing unit (which is contained in the
system unit) processes the data (that is, it performs operations on the input, such as adding
numbers together or comparing two values to determine if they are the same). The IBM i
then saves the data (output) to disk or tape, or it sends the output to a printer or
workstation.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Sample configuration
IBM i
Workstation
controller LAN adapter Tape unit Diskette unit CD-ROM unit
Accounting Display
Display
Printer Printer
Printer Printer
© Copyright IBM Corporation 2012
Notes:
This visual shows a sample Power System with IBM i configuration, which is the physical
and logical arrangement of devices and programs that make up a data processing system.
This configuration is simple so that it can be easily understood and read. Every Power
System with IBM i configuration varies depending on the needs of the business.
Uempty
Software overview
IBM i
Application
support
Programming
support
IIBM
BM i
Licensed internal
code
Notes:
In addition to knowing which devices are attached to your system and how to operate them,
you should also be familiar with your system software (or programs). A program contains a
set of instructions that allows you to perform one or more related tasks.
There are four primary categories of programs in the IBM i which build on each other.
These are illustrated in the graphic in the visual, and they are (from top to bottom) the
application support, the programming support, IBM i (operating system), and finally, the
Licensed internal code (LIC).
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Licensed internal code (LIC) is provided by IBM and is preinstalled on your Power Systems
with IBM i before the system is shipped.
Uempty
Notes:
You can think of IBM i as the brain of the Power Systems with IBM i. It is a group of system
programs that control the overall operation of the Power System with IBM i. For example,
IBM i allows multiple interactive and batch jobs to run concurrently. It provides the interface
which allows operator control of those jobs and allows security to be set up on your system.
i is provided by IBM and comes preinstalled on your Power System with IBM i.
Although not all IBM i functions are needed in every installation, the full range of functions
is available on every Power System with IBM i.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Programming support
IBM i
Java
ILE ILE
RPG C
HATS ILE
COBOL
Rational WebFacing
Developer for
Power Systems
SQL
Notes:
In addition to languages, such as Java, ILE RPG, ILE C, and ILE COBOL, there are tools
that assist you with the edit of source programs, the design of screen displays and menus,
and the deployment of web-based applications.
The Rational Developer for Power Systems software product consists of the following
workstation tools:
• Source editing support for RPG, COBOL and DDS
• Remote access to files, members, objects, libraries and IFS files on the Power System
with IBM i
• Integration with Rational Team Concert for source control and collaborative application
development
• Debugging support for threads and variable changing and monitoring
• WebFacing
• Host Access Transformation Services (HATS)
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Application software
IBM i
• Traditional applications
– Workload
• Interactive, character-based (5250 or green screen)
– Interactive capacity (ICPW)
• Batch (no ongoing user interaction)
– Total capacity (CPW)
– Support through specific IBM i jobs
• Application users are IBM i users
– More detail covered in the work management unit
• Client/server applications
– Workload
• Information processing
– Interactive
– Batch
• Database serving
– Native IBM i server applications
– Third-party, pre-written server applications
• Interaction with IBM i jobs
– Application users might or might not be known to IBM i
> For example, SAP R/3: Specific users known only to the application
> For example, BaanERP: Specific users known to IBM Power Systems with IBM i
Notes:
Uempty
Notes:
To see a listing of the IBM licensed program products (LPP) installed on a system, you can
use both a 5250 green screen interface or the System i Navigator.
To display this information using a 5250 emulation session, issue the command Go
LICPGM, and then select option 10, (Display installed software). The command that is
being called by this menu option is Display Software Resources (DSPSFWRSC).
To display this information using System i Navigator:
1. Expand the system folder under My Connections.
2. Expand Configuration and Service.
3. Expand Software.
4. Click Installed Products.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
CL command structure
IBM i
CRTLIB LIB(PAYLIB)
Action Item Keyword Value
abbrev.
Notes:
All IBM i functions are controlled with a single language called control language (CL). CL
commands have a special structure and parameters to tell the system how to perform
requested functions.
Individual commands can be executed on the command line, within a job stream or a
program, and in any type of job by anyone authorized to use a command. Even when a
menu option is used to perform a system function, one or more CL commands are
executed by IBM i. There are over 1200 commands available on the Power Systems with
IBM i.
Each command consists of a command name followed by zero, one, or several (up to 75)
optional parameters.
• A command name consists of two abbreviated parts: an action and an object on which
the action is performed.
• A parameter also has two parts: a keyword followed by a value in parentheses.
Uempty Commands can be entered from the command line, through the command entry display, or
by a program.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Library
IBM i
PROGA
FILEC
DSPJOB
Notes:
A library is a special type of object which contains a named set of objects and is used to
group objects. Basically, it is a directory to other objects. It is not an allocation of space as
on some other systems.
The only way an object can be located and used is through the library which points to it.
The objects to which a library points are not physically in the library. In fact, they are not
necessarily stored next to one another (contiguously) on disk.
There are many libraries on the IBM i. Objects are normally organized by library (either by
IBM or the administrator) based upon their relationship to one another. Here are some
examples of how objects can be organized:
• For security
• For backup
• By application
• By owner
• By object type (program versus files)
• By use (production versus test)
Uempty
Object identification (1 of 2)
IBM i
Library
QSYS
Library Library
PAYROLL OPRLIB
Notes:
Every IBM i object has a name, occupies storage, and is stored within a library. Each object
can be created and deleted with CL commands. There are many types of objects on the
system. Each object type has its own identifier.
IBM i uses the object name plus the library name plus the object type to uniquely identify
objects on the Power System with IBM i. The graphic in the visual demonstrates this. There
are two objects named MASTER in library PAYROLL. One is a program (*PGM) and the
other is a file (*FILE).
A library is an object used to group related objects and to find objects by name. Thus, a
library is a directory to a group of objects.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Object identification (2 of 2)
IBM i
Notes:
The screen captures in the visual show the name, type, properties, and other
characteristics of each object.
When using a 5250 emulation screen, you can use the WRKLIB command to display the
information.
The alternative is to use the System i Navigator interface. The QSYS.LIB file system
supports the Power Systems with IBM i server library structure. This file system gives you
access to database files and all of the other IBM i object types that the library support
manages within the system and basic user auxiliary storage pools (ASPs).
Uempty
versus
Notes:
When an object is referred to simply by its name, the system uses the library list to locate
the object.
When an object is qualified, by also using the library name, the system is able to go directly
to the object without searching the library list.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Library list
IBM i
Notes:
The IBM i uses a library list to find the files and programs you need when you run
applications. The library list is a list of libraries that the system searches sequentially for
objects needed by the user. It has two parts: the system portion and the user portion.
The system portion is specified in the QSYSLIBL system value. The system portion is used
for i libraries. The default for this system value does not need to be changed.
The user portion is provided by the QUSRLIBL system value, the initial library list specified
in the user's job description, or commands after the user is signed on. If you have an initial
library list, it overrides the QUSRLIBL system value. Application libraries should be
included in the user portion of the library list.
Uempty
}
QSYSLIBL QSYS
QSYS2 System
QSYS
QSYS2
QHLPSYS
QUSRSYS
} QHLPSYS
QUSRSYS
part
Program
} product
part
QUSRLIBL FREDLIB Current
USER PROFILE
library
QGPL
QTEMP } CURLIB(FREDLIB)
}
QGPL User
1 2
QTEMP part
Job Descr INLLIBL
PAYLIB
}
QGPL SIGN ON
QTEMP
PAYLIB CURRENT LIBRARY FREDLIB
Notes:
The library list is not a permanent structure. A library list is built for a job when it starts and
is deleted at end of job (EOJ).
Note
A job is any piece of work accomplished on the Power System with IBM i.
Your library list can be modified after sign-on through the use of CL commands:
CHGSYSLIBL (Change System Library List) Changes the system libraries
CHGCURLIB (Change Current Library) Changes the current library
ADDLIBLE (Add Library List Entry) Changes the user libraries
RMVLIBLE (Remove Library List Entry) Changes the user libraries
CHGLIBL (Change Library List) Changes the user libraries
EDTLIBL (Edit Library List) Changes the user libraries
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Finding an object
IBM i
Notes:
Which copy of the program PAY02 is run when it is called using the simple name?
This graphic illustrates how a library list dictates the system's search for objects. Program
object PAY02 from the PAYLIB library would be executed instead of PAY02 from the
PAYTSTLIB library because of the sequence of the libraries in the library list.
Uempty
Types of jobs
IBM i
User jobs
Interactive
System jobs
Batch Autostart
Spooling
Communication
Notes:
A job is the basic unit of work on the system. Every job has a unique name, made up of a
system assigned sequential number, the name of the user running the job, and a
user-assigned job name.
Spooling jobs are system-provided print programs (writers) that run similar to batch jobs
and print-spooled printer output. Using work management, you can control these writers.
Interactive jobs are workstation jobs, started when an operator signs on the workstation
display and ended when the user signs off the workstation display.
Traditionally, batch jobs are run by submitting requests for processing of data by programs
that do not need to interact with the user. These requests are placed on a job queue and
run when system resources become available.
Communication jobs are those which are started by a request made over a communication
line from another system.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Autostart jobs are specified to start automatically when their associated subsystem is
started. Autostart jobs typically do such things as set up or clean up after an application,
perform backups of data files, start devices, or vary on or off communication lines.
Every job on the Power System with IBM i must be associated with a job description.
Uempty
Notes:
Different types of jobs start and end in different ways.
Each time a user signs on to a workstation, a new interactive job begins. That job continues
until the user signs off.
A batch job begins when the job leaves the job queue.
An autostart job begins when its associated subsystem is started and ends when the job
ends.
A communication job begins with a request from a remote system and, depending upon
whether it is an interactive or batch job, ends when the user signs off or the job ends.
A spooling job begins when the printer writer is started and ends when the printer is ended.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
SBMJOB
JOBQ
BATCH
INTERACTIVE
CALL
WRKJOBQ WRKACTJOB WRKOUTQ WRKWTR
WRKSPLF
WRKUSRJOB
WRKSBMJOB
or
System i Navigator
© Copyright IBM Corporation 2012
Notes:
On this visual, the term job means user jobs, active batch and interactive jobs, jobs on job
queues, and jobs on output queues. After a job has started, you can locate that job, monitor
its status and activity, and change the way it processes, as well as change some of its
printing characteristics now and in the future.
Uempty
Job properties (1 of 2)
IBM i
Notes:
Job attributes from the job description and user profile appear in a job's properties. To view
this information follow these steps:
1. Expand the system you want to explore.
2. Expand Work Management.
3. Click Active Jobs.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Job properties (2 of 2)
IBM i
Notes:
The details of specific jobs can be found on the following tabs:
• General: The job description name being used by the job and the subsystem that is
controlling it
• Performance: The memory pool that the job is using and job performance statistics
• Printer Output: Properties that affect the printed output of the job (these can be viewed
or changed)
• Messages: List of messages sent to and from this job that are to be handled
• Job Log: Information detail to be kept for the job
• Server: Information about server jobs
• Security: User profile for the job
• Date/Time: Settings related to system time (these can be viewed or edited)
Uempty • International: Properties that relate to text, character format, and language associated
with the job (these can be viewed or changed)
• Threads: Properties that relate to threads for a currently active job or one that is in a job
queue (these can be viewed or changed)
• Resources: Information about system resources, such as memory pool and disk pool
group information for the job, as well as information on memory and processor affinity
• Other: Properties that relate to the accounting code, DDM connections, and switch
settings (these can be viewed or changed)
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
A job description is an object that contains a set of information (attributes) that specifies
how a job should be run on the Power System with IBM i. There are many job descriptions
on every Power System with IBM i.
Each job run on a Power System with IBM i must have a job description associated with it.
Each job description can have multiple jobs associated with it.
Uempty
Notes:
The job description holds properties that the job uses as it goes through the work
management life cycle.
These properties include the user profile the job starts to run under, the request data (which
tells the job what it should do), and the initial user portion of the library list, as well as
others.
The job description also holds information that tells the job which job queue to enter and
the routing data.
The routing data is later used by the subsystem to find the routing entry that contains
information needed for the job to start running.
The output queue is also defined within the job description. It tells where printer output
(also called spooled files) from a job goes.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Message summary
IBM i
• Messages
– Send, display, respond, and remove
– Informational, break, or inquiry
• Message queues
– Allocate and change delivery mode
– Break, notify, hold, and default
Notes:
Messages are used to communicate with the system or other users, monitor system
activity, and control jobs. The two main types of messages are informational and inquiry
messages.
A workstation can communicate with a lot of different message queues that exist on the
Power Systems with IBM i. The system has message queues for each device configured to
the system and a queue for the system operator (QSYSOPR), and application and system
programs have program and job message queues. Message queues are created when a
workstation device description is created, a user profile is created, or with the Create
Message Queue (CRTMSGQ) command.
Message queue modes determine how a message is delivered. There are four delivery
modes:
• Break mode (*BREAK): When a message is received that is equal to or exceeds the
severity filter, the terminal alarm sounds, and the message is displayed immediately.
Uempty • Notify mode (*NOTIFY): This is the default mode for workstation and user message
queues. The message is held in the message queue, and the message light comes on.
• Hold mode (*HOLD): The user is never notified of messages that arrive in the message
queue. It is the responsibility of the user to periodically look in the queue for messages.
• Default mode (*DFT): Any messages requiring a reply are answered with the default
reply set up for the message. Information only messages are ignored.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
PROFILE
DSP01 OPR01
CRTDEVDSP:
{ Workstation
message
DSP01
OPR01
User
}
message
queue
CRTUSRPRF
queue
Notes:
This visual depicts some of the commands that are associated with and use message and
message queue information.
Uempty
Job description
*USRPRF
Job's process
access group (PAG)
OUTQ ( name )
Program User profile
Output to
printer
Default
output queue
OUTQ (*WRKSTN
name
)
file
Device description
Printer *DEV
file
OUTQ ( name )
SPOOL(*YES) PRTDEV
(*SYSVAL
name )
*JOB
OUTQ
( name ) System value
PRT01
QPRTDEV ( name )
© Copyright IBM Corporation 2012
Notes:
As each job starts, work management checks the objects (job description, user profile,
workstation device description) and system value (QPRTDEV) in the order shown on the
visual to determine whether a valid output queue name or printer device is defined. Once a
valid output queue or printer device is encountered, the search ends.
If the job description, user profile, and workstation device description all contain default
entries for the output queue and printer device, the printer name in the QPRTDEV system
value is used. By default, this system value contains the name of the first printer configured
on the system (usually PRT01).
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Manual
– Remote devices
– Communications
Notes:
Communicating with the Power Systems with IBM i requires the use of configuration
objects, which usually include the following:
Line descriptions: Line descriptions define the physical interface between the local
system and the remote system, controller, or network and the protocol used for
communications. Line descriptions can also include information about the line speed,
whether the line is switched or non-switched, and the network address or telephone
number of the local system.
Controller descriptions: The controller description describes the characteristics of the
remote system, controller, or network that is to communicate with the local system.
Controller descriptions can describe an actual physical controller or logically represent the
connection to another system or network.
Device descriptions: The device description describes the characteristics of the physical
or logical device that is to communicate with the local system. Device descriptions can
describe a physical device or logically represent a communications session or a program
running on another system.
Uempty These descriptions can be configured either automatically or manually through the use of
CL commands.
To automatically configure your local controllers and devices, use the system value
QAUTOCFG. The QAUTOCFG (automatic configuration) system value is set to yes by default,
if you do not change this default value then the system continues to automatically configure
any local controllers and devices you attach. This includes any new local workstation
controllers and tape controllers and any new twin axial display stations, twin axial printers,
tape units, diskette units, optical units, and media library devices.
The system automatically assigns names to all your local devices. The names that are
assigned depend on what you selected on the Device configuration naming option on
the Set Major Options display. The naming convention that you can select is one of the
following:
• Normal naming convention
• System/36 style naming convention
• Naming convention that is based on the device address
The system value that is set with this menu option is QDEVNAMING which controls
automatic configuration naming for your devices.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Automatic configuration uses one of three methods for naming your local controllers and
devices. The graphic in the visual shows the normal naming convention (*NORMAL), the
System/36 style naming convention (*S36), and the naming convention that is based on
the device address (*DEVADR).
If you decide to manually configure the local devices, you should be aware of the
PRTDEVADR command. The Print Device Addresses (PRTDEVADR) command provides a
printed list of addresses and related information for devices attached to a local or remote
workstation controller. For each device attached to the local workstation controller named
in the controller description (CTLD parameter), the output shows the device's name, its port
and switch setting, its type and model number, its shared session number (valid only if
device type is 3486 or 3487), and whether the device is a display station or printer.
Uempty
Remote
*CTL
workstation CRTCTLRWS
Line controller
IBM i
*DEV
Display CRTDEVDSP
*LIN
CRTLIN x x x
*DEV
Printer CRTDEVPRT
Notes:
A device description is software that identifies a piece of hardware to the system. A user
profile is software that identifies a user to the system. Device configuration for local devices
can be created automatically by the system, but user profiles must be created by a user
with *SECADM special authority.
The Create Controller Description (remote workstation) (CRTCTLRWS) command creates a
controller description for a remote workstation controller. For more information about using
this command, see the Communications Configuration book, SC41-5401. Restriction: You
must have input/output system configuration (*IOSYSCFG) special authority to use this
command.
The Create Device Description (display) (CRTDEVDSP) command creates a device
description for a display device. Restriction: You must have input/output system
configuration (*IOSYSCFG) special authority to use this command.
The Create Device Description (printer) (CRTDEVPRT) command creates a device
description for a printer device. Restriction: You must have input/output system
configuration (*IOSYSCFG) special authority to use this command.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
MSG
Device
description
Device
description
Aut keyword
AUT keyword
MSG
User profile
*WRKSTN
OUTQ *DEV
name
Notes:
The user profile controls much of what a user can do on the system. This is discussed in
the security unit.
Uempty
User profile
.
Current library
.
.
Initial program
.
.
Initial menu
.
.
Authorizations
Special
User class
Password
Notes:
The general properties of a job determine how the system runs each job. Some of the
properties are grouped together in the job description for easier multiple job management.
The system knows what properties to get and when based on how the job properties are
specified.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
JOBQ
Job description Batch jobs
.
.
awaiting execution
Job queue
.
.
Output queue
.
.
Main storage
Library list
MSGQ OUTQ
Messages Output
awaiting view awaiting print
User workstation
Notes:
Job description attributes such as job queue, output queue and initial library list determine
various aspects of how the job will execute and use resources.
Uempty
Notes:
IBM Systems Director Navigator for i replaces the System i Navigator Tasks for the web.
System i Navigator Tasks for the web provided servlet URLs for a subset of System i
Navigator (Windows) functions.
IBM Systems Director Navigator:
• Director means progressing towards Director interfaces and functionality.
• Navigator means coming from System i Navigator heritage.
• Tool is part of IBM i and is provided as part of i (no extra charge).
Ninety percent of System i Navigator (Windows) function can be accessed using the web
and IBM Systems Director Navigator.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Both are built from the same source code for consistent functionality.
Panels look different when rendered on the Web console.
Figure 1-45. How does Systems Director Navigator for i compare to System i Navigator? OL1914.1
Notes:
Uempty
See and manage physical and virtual resources across multiple systems.
Notes:
IBM Systems Director 6.3 manages a limited set of IBM i functions. This comes with an IBM
i order; you are entitled to it and can start using it.
IBM Systems Director 6.3 has some extension support for Virtualization Manager, IBM
Active Energy Manager, and Electronic Service Agent.
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The material presented in this unit reviewed some of the more basic concepts you learned
from on-the-job experience or through the course for Power Systems with IBM i operators.
A good understanding of these concepts is necessary to complete the remainder of the
course material.
Uempty
Checkpoint (1 of 2)
IBM i
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Checkpoint (2 of 2)
IBM i
Notes:
Uempty
Unit summary
IBM i
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 1. IBM i overview and concepts 1-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
References
SG24-5407 Management Central: A Smart Way to Manage
AS/400 Systems
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit objectives
IBM i
Notes:
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
System i Navigator is a powerful graphical user interface (GUI) that provides an
explorer-like view of system resources.
The integration of System i Navigator with the Windows client desktop is an advantage for
administrators and operators as well as end users who do not have an extensive
knowledge of Control Language (CL) commands.
System i Navigator has been available since V3R1M1 of Client Access for Windows 95.
Continuous enhancements have been made to the application to support other 32-bit
Windows clients and also to include additional functions such as database support, file
systems and so on.
Under the system configuration entry (known as Configuration and Services in the
hierarchical tree of System i Navigator), you can view a list of hardware (including the
operational status) and software (installed product or supported product) on the system.
Fixes program temporary fixes or PTFs management and Collection Services is also
available under this category if the Management Central component is installed.
Uempty Use the Network function to work with the TCP/IP configuration as well as configure and
manage new communication interfaces Point-to Point (PPP) or Serial Line Interface
Protocol (SLIP) using wizards.
This function also allows you to work with both TCP/IP servers and IBM i access host
servers.
The Security function provides a security wizard that runs through a set of questions and
generates a security recommendation based on your answers.
You can also manipulate security and auditing system values.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Management Central is a suite of systems management functions. It has some powerful
extensions that allow you to manage multiple systems from a single IBM Power System
with IBM i in a TCP/IP network environment. Each new release brings more
enhancements.
A central IBM Power System with IBM i is the single system you use to manage the other
systems in your network. The other systems in your network are called endpoint systems.
Once you define endpoint systems to your network, you only need to do your system
administration tasks once. Your central IBM Power System with IBM i initiates your tasks
and stores all Management Central data.
In each new release, Management Central provides you with even more functions to help
you manage your systems. Take a look at the following functions. From managing users
across all your systems, to graphing performance over a year's time, to monitoring status
from your Internet-ready phone, Management Central frees you to focus on the important
parts of your business, and not just the day-to-day details.
Uempty The following functions answer the question as to why you should use Management
Central:
• Synchronize functions, such as Enterprise Identity Mapping (EIM) and Kerberos, across
multiple systems
• Manage users and groups across multiple systems
• Monitor your systems, jobs, messages, files, and business-to-business (B2B) activity in
real time
• Historically graph system performance
• Manage fixes (PTF) and fix groups
• Run commands on multiple systems
• Schedule tasks
• Manage inventory service attributes, and contact information, as well as hardware,
software, fixes, system values, and users and groups
• Use Collection Services to collect performance data for future analysis on multiple
systems
• Save packages and send files and folders to multiple systems
• Create your own products and manage them across multiple systems
• Receive Extreme Support for the latest in IBM support
• Leverage System i Navigator for Wireless, allows you to manage multiple systems;
work with monitors for files, jobs, messages, and system performance; and run
commands on multiple systems from an Internet-ready phone or personal digital
assistant (PDA).
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Target
Central system
Model
Web application
Source
server
Notes:
Management Central uses the basic system operations on each of the endpoints (for
example, APIs for performance monitoring, system commands, and so forth).
Management Central does not place any limitation on the number of endpoint systems
used by its functions.
There are practical limits determined by your environment, networks, management
policies, and so forth.
In addition, there is no limit to the number of endpoint systems that can be in a group.
Endpoints do not need to be at the same level as the central system, nor does the central
system need to be at the same level as the client.
However, Management Central is only as effective as the client and central system
combination are.
Management Central provides the graphical interface (that is, view) of both input and
output management activities.
Uempty Terms:
• Central system: Connects to other systems (called endpoints)
• Endpoints: Systems which your PC does not need to be in direct contact with in order
to manage them
• Source system: System from which objects, files, and information are sent within
Management Central's send tasks and which is the source of the objects, files and
information being sent.
• Model system: Has all desired fixes installed or has all system values set properly for
the targets.
• Target systems: Where objects, files and information are sent within Management
Central's send tasks, in other words, the destination that are often grouped into system
groups.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
• Packaging
– Server: 5770SS1 options *BASE
and 0003
– Client: IBM Power System with
IBM i running IBM i Access
(5770-XE1)
• Client installation
– Windows
• 2008 Server
• Windows 7
• Windows Vista
• XP
• Server 2003
• 2000
– IBM Power System with IBM i
running
IBM i NetServer or CD
– Custom or Full option
• TCP/IP only
© Copyright IBM Corporation 2012
Notes:
Management Central (MC) is included as a component of IBM Power Systems with IBM i
running IBM i Access for Windows at no additional cost.
The host IBM Power Systems IBM i function is integrated into base IBM i. The client
function is integrated into System i Navigator, which ships as part of IBM Power System
with IBM i running IBM i Access for Windows.
The general rule of thumb for connectivity is that N-2 and N+2 releases are supported. It is
recommended that your client and server be compatible as closely as possible. That would
mean a V6R1 client connects to a V6R1 server.
Management Central is a subcomponent of System i Navigator and is not installed with a
typical installation of IBM Power Systems with IBM i running IBM i Access for Windows.
When installing, choose Custom Install. Expand the System i Navigator tree and select
the appropriate components, such as Monitors and Commands.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• System i Navigator
– Basic operations
– Work management
– Configuration and services
– Network
– Integrated server admin
– Security
– Users and groups
– Database
– File systems
– Backup
– Commands
– Packages and products
– Monitors
– Logical system
– AFP manager
– Application administration
Notes:
Basic support options
System i Navigator Base Support
• Many things are included here for underlying support such as common .dll and .jar
files
Basic Operations
• Message actions
• Ability to view spooled files
Work Management
• Job actions for job and system monitor menus
Configuration and Services
• View inventory directly
• Directly launch graph history from management collection objects
Uempty
Network
• View, start, and stop servers such as Management Central
Users and Groups
• Edit and send user profiles
File Systems
• Ability to view and select items from the file system such as files and programs
Command
• Create command definitions and run across a set of endpoint systems
Packages and Products
• Package object and files
• Create installable products and PTFs
Monitors
• System monitors
• Job monitors
• Message monitors
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Configure connections
IBM i
Notes:
In order to be designated as the Management Central system, the IBM Power System with
IBM i must be in the list under My Connections.
Uempty
System to be
connected
Notes:
To see these windows:
1. Right-click My Connections.
2. Select Connection to Servers.
3. Select Add Connection.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The final part of the process of adding a new connection is to verify the connection. It is
useful to check that all components on the server are running. You can verify connection for
an existing connection by right-clicking the server in the list of connections, then selecting
Connection to Server > Verify Connection.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Connection tuning
• Security options
– Require password on endpoint systems
• Same as central system
– Use Secure Sockets Layer (SSL)
Notes:
When you right click Management Central and then select properties you will be presented
with the panel you see on the visual. On the general tab you can select which system will
be used as the central system. On the remaining panes you will have an option to set the
following:
Require password on endpoint systems
This security option specifies that the user profile used to sign on to the central system
must have the same password on each endpoint system. Even if this box is not checked,
the user profile used to sign on to the central system must exist on each endpoint system.
Selecting this box sets only the value for the central system. Each endpoint system must
be explicitly configured to require the password for Management Central functions.
Use Secure Sockets Layer (SSL)
This option specifies the use of SSL to ensure secure transmissions between the central
system and the endpoint systems. SSL provides the transport and authentication of public
key system certificates as well as private connection and data encryption. An SSL
Uempty connection can occur only between an SSL-enabled central system and an SSL-enabled
endpoint system. An SSL-enabled IBM Power System with IBM i is a system on which the
required administration and configuration tasks have been performed.
Authentication level
If Use Secure Sockets Layer (SSL) is selected, select an authentication level.
Maximum data transfer size (MB)
Specifies the maximum size in MB for a list of fixes sent from a source system to the
endpoint system. The value specified must be less than or equal to 2048. This does not
apply to sending files, folders, or packages to systems or groups. Limiting the size of the list
effectively limits the length of time allowed to complete the data transfer.
Maximum connections
Specifies the maximum number of endpoint systems to which the central system can
connect to at the same time. For example, if 200 for Maximum connections is specified
and then the central system connects to 202 endpoint systems, two connections fail.
Endpoint connection time-out (seconds)
Specifies the number of idle seconds that the central system waits before the attempt to
connect to an endpoint IBM Power System with IBM i is ended.
IP address lookup frequency
Specifies how often the IP address must be verified when connecting to an endpoint
system. Select Always or Never.
• If Always is selected, connecting to an endpoint system takes longer, but the IP
addresses are always correct.
• If Never is selected, connecting to an endpoint IBM Power System with IBM i is quicker
because the connection uses the IP address currently stored in Management Central.
Run Discover Systems at any time to update the list of IP addresses stored in
Management Central.
Refer to online help for which configuration options require the user to restart the MC
server jobs.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
In order to define a central system, there must be a TCP/IP connection under My
Connections.
You have the ability to change your central system at any point. Some things to remember:
• Changing the central system ends the connection to the current central system.
• All the objects you create under Management Central are created on the central
system.
• Once you change your central system, you no longer have access to the objects you
created on the original central system.
Uempty
Notes:
Management Central offers two choices:
• New Endpoint System: Manual addition of an endpoint system (shown on above
visual)
• Discover Systems: Automatic addition of endpoint systems
New Endpoint System
The General panel provides the definition of a new endpoint system by specifying the name
and description of the system.
An endpoint IBM Power System with IBM i is defined by any user on the central system for
the purpose of performing tasks or running monitors in a distributed network.
An endpoint system must be able to be connected to the central system and must be
running i. The level of OS that is running on the endpoint system determines functions you
can perform on the system (see release level functionality).
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
The name specified for the new endpoint system must be known to TCP/IP, either as an
entry in the IBM Power System with IBM i local host table or on the domain name server
(DNS). The domain name server maintains the host table for an entire TCP/IP domain.
If the Network component of System i Navigator is installed, add and remove entries to the
local host table and add hosts to the domain (expand Network, click Protocols, right-click
TCP/IP, and select Properties). When adding a system name to the host table, specify the
name in all uppercase letters.
Adding a new endpoint system under the Management Central tree will not add that system
to the IBM Power System with IBM i Connections tree.
Discover Systems
Use the Discover Systems dialog to search the selected TCP/IP subnets for IBM Power
Systems with IBM i systems. This can be done at server startup but is not recommended.
The systems found during discovery are added as endpoint systems on the central system.
If the IBM Power Systems with IBM i is already defined as an endpoint system, the IP
address is verified and updated if it has changed.
You can select the TCP/IP subnets to search and whether to use File Transfer Protocol
(FTP) or Simple Network Management Protocol (SNMP) to determine which systems are
IBM Power Systems with IBM i.
You can also specify the earliest release of OS to search for, and how long to wait for a
system to respond.
Warning
Depending on how many IBM Power Systems with IBM i are installed within your
organization and how many of these have the management central server running, you
may end up with a longer list of System being displayed than you had expected.
Automatic discovery
The only time connections are added automatically is when connecting to the central
system for the very first time (after install). This helps ensure your central system knows
about all your direct connects.
Uempty
Notes:
Selecting System Groups > New System Group displays a panel with two tabs: General
and Sharing.
General tab
The General tab allows you to create a list of endpoint systems to be included in the
system group. You can then perform functions on the group in one step, as if they were a
single system.
Specify the name of the group and a brief description to help you identify this group in a list
of groups. You then specify the endpoint systems to be included in the group.
Sharing tab
Specify whether you want other to view or modify your system group.
Owner: The name of the user who created the task, definition, or system group.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Sharing Levels:
None: Other users cannot view this item.
Read-only: Other users can view this item and use it. However, other users cannot
change or delete it.
Full: Other users can change and delete the group. Other users can also view and use
it to create new system groups.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Global sharing
IBM i
Notes:
Sharing allows users to use (or share) the same items: System groups, package
definitions, command definitions, and system administration tasks.
You can use global sharing to share all tasks. Use global sharing to specify the level of
sharing for all your system administration tasks: None, Read-only, or Full sharing. If you
are in an environment where you are part of a team that works around the clock and you
choose to globally share your tasks at the Full level, your team could work with the tasks
you started even when you are not there.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The Management Central Job Scheduler is an integrated scheduler that allows you to
organize when you want your tasks to occur.
This is the base i scheduler that is also invoked by the Add Job Schedule Entry
(ADDJOBSCDE) command.
You have the option of choosing to perform a task immediately or choosing a later time.
You also have the option of installing the Advanced Job Scheduler and overriding the
Management Central Scheduler.
With this scheduler it is possible to automate many of your recurring processes. For
example, you can schedule to clean up the save files and cover letters of the fixes from
your systems on the first of every month or to install a set of fixes.
You can schedule:
• Remote Commands
• Package Distribution
Note
Management Central job schedule entries appear as job Qnnnn, where nnnn is a hex
number, on the Work with Job Schedule Entries green screen display.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
System i Navigator provides an integrated scheduler to organize when tasks are to start.
The Advanced Job Scheduler:
• Can be installed to override the default scheduler
• Is a separate licensed program (5761-JS1) that provides more robust scheduling than
the base scheduler
• Offers full calendar management
• Must be installed separately on both the Central System and the graphical client
When the Advanced Job Scheduler is installed on the graphical client, it is automatically
used instead of the Management Central Job Scheduler.
The Advanced Job Scheduler graphical user interface allows you to schedule jobs, create
groups, work with groups, submit jobs and groups immediately, display the status of jobs,
and create calendars and holiday calendars.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Advanced scheduling
IBM i
Notes:
Uempty
Application Administration (1 of 3)
IBM i
Notes:
Right-click Management Central and select Application Administration. This opens the
Application Administration main dialog.
The Application Administration dialog, when opened through Management Central,
displays Management Central functions. The appropriate components must be installed to
administer the access, and the functions must be registered on the central server, or they
are not displayed.
When the Application Administration dialog is opened through an IBM Power System with
IBM i connection, the dialog does not display these functions, with the exception of Fixes,
Inventory, and Collection Services. The Fixes, Inventory, and Collection Services are
displayed as read-only.
Remember this only limits access from the GUI, not authority on the server.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Application Administration (2 of 3)
IBM i
• At IBM Power
System with IBM i
connections:
– System Director
Navigator for i
• All components
– Client applications
• PC applications
– Host applications
• Backup Recovery
and Media Services
(BRMS)
• On demand
• And so on
Notes:
Application Administration allows system administrators to control the functions or
applications available to users on a specific system. This includes controlling the functions
available to users accessing the system through clients.
Application Administration is not installed with a typical installation. You must use
customize. It is not a security tool and can be defeated by a highly skilled user. In order to
use Application Administration, you must have *SECADM authority.
You must install the application on your PC before you can register it on the system. The
applications must be registered on the system before they can be administered through
Application Administration. By default, no applications are registered. When accessing
Application Administration for the first time, if applications are detected on the PC that are
not registered on the system, a message box is presented. The message box invites you to
add the applications.
Selecting Application Administration from Management Central allows you to control
Management Central functions. You cannot select Application Administration from endpoint
systems under Management Central.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Application Administration (3 of 3)
IBM i
• At Management
Central:
– Commands
– Packages and
Products
– Monitor
– Users and Groups
– Fixes
– Inventory
– System Values
– Collection Services
– Extreme Support
Notes:
Uempty
MC: Pervasive
IBM i
Notes:
Administrators have more flexibility in how they access and interact with Management
Central with Management Central - Pervasive. IBM Power Systems with IBM i Access for
Wireless lets you remotely monitor system performance and status using an Internet
phone, a personal data assistant (PDA) a wireless modem, or a traditional web browser on
a workstation.
After you set up a web server on your central system, you simply enter the URL into your
Internet phone, PDA, or browser to check the availability of your systems and any active
Management Central monitors. For example, you are able to find out if one of your systems
finished restarting, or if a monitor has exceeded any thresholds for CPU, disk utilization, or
other metrics.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
• Run commands
• Create and distribute packages
• Create, distribute, and install products
• Monitor job, message, system, file, and B2B in real time
• Access Collection Services (performance data collection)
• Take inventory:
– Track hardware configuration, software, fixes, system values, and users and
groups.
– Manage network and service attributes and contact information.
– Compare and update system values.
– Compare fixes and distribute and install missing fixes.
– Synchronize date and time.
– Scan for user-owned objects and users with search criteria.
• Manage users and groups and perform qualified search for users or
groups.
© Copyright IBM Corporation 2012
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Run command (1 of 3)
IBM i
Notes:
Command definitions allow you to define a command, then run the command to multiple
systems or a group of systems. You can save an i CL command that can be run over and
over against multiple systems and groups. Storing a command definition on the central
system allows you to share commonly used or complex commands with other users. When
a command is run, a task is created.
What can I do with command definitions?
• Add a reply list entry
• Create a command definition
• Run a command from an existing command definition
• Run a command on selected systems or groups
• Schedule from a command definition
• Work with reply list entries
Uempty
Run command (2 of 3)
IBM i
Notes:
You can submit commands to any systems that run Management Central server.
To submit commands, you create command definitions, which allow you to define a
command, then run the command to multiple systems or a group of systems.
You can save a CL command that can be run over and over against multiple systems and
groups. Storing a command definition on the central system allows you to share commonly
used or complex commands with other users.
When a command is run, a Management Central task is created. The tasks can be
monitored from the Management Central task activity window.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Run command (3 of 3)
IBM i
Notes:
In this window, you can choose the systems to execute the command definition.
Uempty
• Managing software
– Create package definition
• Objects
– Configuration data
– Java applications
– Web files
– Software programs
• Integrated file system (IFS)
• Post-distribution actions
– Create package snapshots
– Distribute package to multiple systems or groups
– Schedule recurring distributions
– View status, job log, and output
Notes:
Package definitions allow you to create a list of QSYS or Integrated File System (IFS) files
and treats them as a logical or physical group (for example, configuration data, Java
applications, HTML web page logical set, or a physical set), by taking a snapshot of the
files. When you create a snapshot of your files, you preserve them for later distribution.
Like other tasks, the package distributions can also be scheduled.
Once submitted, the status of the task can be reviewed from status window. Some actions
may have also been taken after successful package distribution, such as the restore object
command.
• Distribute Information to multiple systems and groups
• Define packages
- Can be from QSYS or IFS, but cannot mix files system types in same package
• Take snapshot of package
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
- Snapshot is taking physical package as it exists at the point in time when the
package was created
- Otherwise it will get logical view of files and send what is there at the time the
package is sent
• Schedule distributions
- Can be one-time or regular updates
• Perform action after distribution completes
- Must be batch type action
Uempty
Notes:
System i Navigator and Management Central allow you to logically group a number of
programs and files on a source IBM Power System with IBM i server and distribute those
objects to one or more destination IBM Power Systems servers with IBM i.
i save and restore commands are used by Management Central to create a snapshot of the
objects and manage the distribution of those objects to multiple endpoint systems,
confirming successful delivery back to the management central system.
There are two steps involved in using packaging to distribute objects between IBM Power
Systems with IBM i. The first is to create a definition, which includes a list of the objects to
be sent. The second is to initiate a distribution task that actually performs the transmittal
and subsequent restore on the target system. The graphic above shows us the first step.
Packaging saves objects from the integrated file system (IFS). Management Central
selects the appropriate save function (SAV, SAVDLO, or SAVOBJ) based on the file system
that contains the object. As a result, you must select objects from a single file system when
you define your package.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Here is an example of the second step of packaging. This picture here shows the initiation
of the distribution task and the choice of the target system.
Uempty
Manage products
IBM i
Notes:
A product is an application program that has been packaged by using either the
Management Central packaging function or the System Manager licensed program (SM1).
The IBM Power System with IBM i provides management functions for software that is
identified as a product.
To use the management functions for your own software, the software must be identified to
the IBM Power System with IBM i as a product.
You need to create a product definition before you can convert your application into a
product that the IBM Power System with IBM i identifies as a product. A product definition
contains all the information that you need to send and install a product across multiple
systems. A product definition also gives you the ability to manage fixes for the product.
The source system on which you create the product definition is used to manage the
product. Once you create a product definition, you can install and generate fixes on the
source system. You can also send and install the product on other systems.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
The application's send and install function extend the i product management capabilities in
multisystem enterprises. The other functions round out the application.
These functions include Installing user-defined products and managing these products.
The life of a product is as follows:
• Create a definition
• Install that definition onto source system
• Test the product, change, and reinstall as needed
• When you are done testing, send and install the product to other systems in your
network
• Generate and manage fixes for the product
• If you want a new version of the product, use new based on function (new based on
function means that you can create a new product that is based on an existing product).
Uempty
• Management Central
– Definitions
• Product
• Welcome wizard explains create
procedure
Notes:
The wizard helps you to create products.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Installation opens
Welcome wizard
Notes:
The wizard helps you to install products.
Uempty
Notes:
The wizard helps you to send and install products.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
System monitor (1 of 4)
IBM i
Notes:
Management Central’s System Monitors function, gathers and presents real-time
performance data for your systems. You can use System Monitors to see your performance
data as it happens. In contrast, you should use The Management Central Graph History to
see historical data saved on the system for more analysis. The data displayed in System
Monitors and Graph History are both gathered from the data collected through Collection
Services.
The Management Central System Monitors graph present system performance data in an
easy-to-use graphical interface that you can directly manipulate to get more detailed data.
Monitors allow you to collect performance data simultaneously for a wide variety of system
metrics, for any system or system group, and for specific time intervals. Once you start a
monitor, you are free to do other tasks. In fact, you could turn your PC off! It continues to
monitor your systems and perform any threshold commands or actions you specify. Your
monitor runs until you decide to stop it. To effectively monitor real-time system
performance, create a Management Central monitor.
Uempty At the first level of detail, the performance data is manipulated to provide a graphical
representation of the performance information. The second level of detail provides a list of
items that account for the first level (for example list of jobs). The third level of detail
provides properties of a specific item in the second level.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
System monitor (2 of 4)
IBM i
Notes:
Possible values for metrics:
• CPU Utilization (Average)
• CPU Utilization (Interactive Jobs)
• CPU Utilization (Interactive Feature)
• CPU Utilization Basic (Average)
• CPU Utilization (Secondary Workloads)
• CPU Utilization (Database Capability)
• Interactive Response Time (Average)
• Interactive Response Time (Maximum)
• Transaction Rate (Average)
• Transaction Rate (Interactive)
• Batch Logical Database I/O
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
System monitor (3 of 4)
IBM i
Notes:
Synchronize system time
If the local system time values are different between your central system and endpoint
system (because they are located in different time zones), the graph time scale would not
be accurate.
Change, on each system, the Coordinated Universal Time Offset (QUTCOFFSET) system
value, specifying the number of hours and minutes in which the current system time differs
from Coordinated Universal Time (UTC), also known as Greenwich Mean Time.
Since V5R3, Management Central now uses the new time zone (QTIMZON) system value
when synchronizing date and time values on target systems with a model system. This
means that it is no longer necessary to manually update the GMT offset (QUTCOFFSET)
system value on the target systems when the source system changes to or from Daylight
Saving Time (DST).
Uempty
System monitor (4 of 4)
IBM i
Notes:
The monitor window shows a graphical view of the metrics for a monitor as they are being
collected.
You can have more than one monitor window open at the same time, and you can work
with other windows while the monitor windows are open. You can minimize the monitor
window and be informed by an audible or visible alarm when important thresholds are
reached.
The monitor window contains three panels.
Graphs
Each endpoint IBM Power System with IBM is represented by a unique graph line. Click the
legend icon in the lower right corner of any graph to see which IBM Power System with IBM
i is represented by each line.
Click the icon in the right-hand corner of the title bar of any monitor graph to minimize the
graph to just the title bar. Click the icon again to restore the graph to its previous size.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Click View from the menu bar and then select Sort Details to sort the data by value or by
name. Select Normalize Details to normalize the data to the largest value or to the graph
scale. Click any bar on the chart to see the properties for that item.
Sort Details
Allows you to sort the data in the Details pane by value or by name.
Normalize Details
Allows you to normalize the data in the Details pane to the largest value or to the graph
scale.
Uempty
File monitor (1 of 2)
IBM i
Notes:
You can use a file monitor to notify you whenever a selected file has changed. Alternately,
you can monitor for a specified size or for specified text strings.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
File monitor (2 of 2)
IBM i
Notes:
The General tab of the monitor Properties panel allows you to view and change general
information about the monitor.
Name: The unique name of the monitor. You can change the name, using up to 64
characters for the new name.
Description: A brief description to help you identify this monitor in a list of monitors. You
can change the description, using up to 256 characters for the new description. This field is
optional.
Files to monitor: You can select to monitor all system log files or selected files.
If you choose to monitor all system log files, the history log (QHST) is monitored on systems
that are running i.
If you choose to monitor selected files, you can type a file name, including a directory path,
and click Add to add it to the list of files to monitor. You can select one or more files in the
list and click Remove to remove them from the list.
Uempty
Jobs monitor (1 of 2)
IBM i
Notes:
You create a job monitor to monitor a set of related jobs. For example, you might create a
job monitor to monitor one or more servers that provide services for a critical application.
You might also create a job monitor to monitor batch jobs that run in the background. Job
monitors allow you to be alerted when the jobs do not run within your predetermined metric
thresholds.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Jobs monitor (2 of 2)
IBM i
Notes:
There are two ways to specify the jobs to monitor:
Jobs: You can specify jobs by their job name, job user, job type and subsystem. Job name,
job user, and subsystem may contain an asterisk (*) as a wild card to represent one or
more characters.
Servers: You can specify jobs by their server name. To see the active servers on your
system, open the Work Management folder and Server jobs. You can also specify a custom
server by clicking Add custom server. To create a custom server, use the Change Job
(QWTCHGJB) API.
When multiple job selection criteria are specified, all jobs matching any of the criteria are
monitored.
Uempty
Messages monitor (1 of 2)
IBM i
Notes:
You create a message monitor to monitor for specified messages on a message queue.
For example, you might create a message monitor to monitor a message queue to
determine whether the application completed successfully. You might also create a
message monitor to monitor the system operator message queue for a specific message
that indicates when a critical storage condition exists. When you create that monitor, you
can specify commands to run when the message is detected.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Messages monitor (2 of 2)
IBM i
Notes:
Message Set: You can specify which messages that the monitor triggers on. This can be
done by specifying one or more message selection criteria. Each criteria can specifically or
generically specify messages based on message ID, message type, and message severity.
You can also specify a reply value for inquiry messages.
In addition, you can permanently remove monitored messages from the message queue.
Permanently remove from the message queue all messages that meet the criteria of a
message to be monitored.
Also you can specify the message count and i trigger and reset commands. You can click
Prompt for assistance in entering or selecting a command. If you select to trigger a
monitor, you cannot select to permanently remove monitored messages from the message
queue.
Uempty
Collection Services
IBM i
• Start collection
– On a single system
– On a system group
Notes:
With Management Central's Collection Services function, you can collect performance data
for future analysis by the Performance Tools for IBM Power Systems with IBM i licensed
program (5770-PT1) or other performance report applications.
You can also use the data collected through Collection Services to create graph and
summary data that is displayable through Management Central's Graph History.
To collect and store performance data for future analysis, you can start Collection Services
on a single system, or you can start Collection Services on system groups.
You can use performance data to make adjustments to programs and operations. These
adjustments can improve response times and throughputs and help your systems reach
their peak performance.
Collection Services collects data that identifies the relative amount of system resource
used by different areas of your system. When you collect and analyze this information on a
regular basis, you help balance your resources better, which in turn gets you the best
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-65
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
performance from your system. You can customize your data collections so you collect only
the data you want.
You can use Collection Services instead of the i performance monitor function (STRPFRMON
command) to collect your data and create database files. When you use i performance
monitor, your data is collected into as many as 30 database files. Collection Services stores
your data for each collection in a single collection object, from which you can create as
many different sets of database files as you need. You can use the database files with the
Performance Tools for IBM Power Systems with IBM i licensed program (5770-PT1) or
other applications to produce performance reports.
Collection Services deletes only cycled collection objects. A status of Cycled means that
Collection Services has stopped collecting data and storing it in the object. You can specify
Permanent if you do not want Collection Services to delete your collection objects for you.
Uempty
Collect data (1 of 2)
IBM i
Notes:
To initiate data collection from System i Navigator, right-click the system of choice under
end-point systems and click Collection Services > Start Performance Collection.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-67
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Collect data (2 of 2)
IBM i
Notes:
The following values pertain to the Cycle if already collecting checkbox on the General
tab of the Start Collection Services panel.
If checked: The existing collection is ended and a new collection is started with the values
specified in the panel.
If not checked: The collection keeps running but now uses these values for any new data
location to store collections.
What time is the collection recycled? If the time is within one hour of the current time, the
collection does not occur until the next day.
Frequency to cycle collections: How many hours into the collection is the collection
recycled?
• Default collection interval
• The elapsed time between intervals
• Collection retention period
Uempty Create database files during collection. If checked, this collection runs just like the old
performance monitor.
The End System stores the values from the last collection. The properties are stored on the
End IBM Power Systems with IBM i in:
• Object: QPFRCOLDTA
• Library: QUSRSYS
• Type: *USRSPC
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-69
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Each endpoint IBM Power System with IBM i is represented by a unique graph line.
Click the legend icon in the lower right corner of any graph to see which IBM Power System
with IBM i is represented by each line.
Here are some actions that you can perform:
• To change the color, width, or style of the line for each system, click Options from the
menu bar on the System i Navigator window, and select User Preferences.
• To change the size of the Graphs pane, click the icon in the right-hand corner of the title
bar of any graph to minimize the graph to just the title bar, and then click the icon again
to restore the graph to its previous size.
• To see the details of the data associated with the collection point, click any collection
point on a graph line.
Uempty Collection points on the graph line are shown by three different graphics that correspond to
the three levels of data that are available:
• A square collection point means the data includes both the detailed information and
properties information.
• A triangular collection point represents summarized data that contains detailed
information.
• A circular collection point represents data that contains no detailed information or
properties information.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-71
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Inventory collection
IBM i
Notes:
With the inventory collection of Management Central, you can gather hardware, software,
fix, users and groups and system values information on your endpoint systems and store
the information on your central system.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-73
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Ensure that you run the collection before you try to view the inventory list. If inventory has
not been collected, no inventory information is available. There is a message above a blank
inventory panel with the status of Last collected: never. Otherwise, the status displays the
last collection date and time or the amount of time that has passed since the last collection.
The properties page of the inventories shows an option for refreshing the list every time it
appears in timed intervals. This option does not mean that the central system refreshes the
list from the endpoint systems. This option indicates how often the list is refreshed from the
data held in the central system only. To update the inventory on the central system with the
endpoint system's data, collect the inventory again.
Uempty
System Values
IBM i
Notes:
System values are pieces of information that affect the operating environment in the entire
system. A system value contains control information for the operation of certain parts of the
systems. You can change the system to define the working environment.
As an administrator, you can manage system values across multiple systems. You can
compare the system values on a model system to one or more target systems and then
update the target system values to match the values of the model system. If you prefer, you
can generate a list that shows the differences in values between the model system and the
target system rather than actually changing the values on the target system.
Be sure you have current system value inventories on your target systems.
Note
There are some limitations to the values which you can distribute, such as QTIME.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-75
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Notes:
The Target Systems table is updated showing the selected system value in the heading of
the second column and the current value (as obtained from the system values inventory
database) for each target system.
The Summary category displays a list of the all system values you have selected for
update. Quick access to the Summary category is also provided by the Summary button
(the button with the pencil icon next to the category drop down).
Note
If system values inventory collection has not been done for a target system, a value not
collected is specified in the second column of the target system table for that target system.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-77
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Fixes functions
IBM i
• Install wizard
• Uninstall wizard
• Clean Up wizard
– Cover letters
– Save files
• Compare and Update
wizard
• Compare and update
multiple systems and
groups in one operation
• Schedule fix functions
• All systems must be at
V4R4 or higher
© Copyright IBM Corporation 2012
Notes:
Managing fixes among several systems can be cumbersome. Wizards provide guided
procedures to assist you.
Wizards are available to guide you through these tasks:
• Installing fixes
• Permanently installing fixes
• Sending and installing fixes
• Uninstalling fixes
• Comparing and updating fixes
For example, to install multiple fixes, you select the fixes from a list and start the Install
wizard.
You can schedule these fixes at the time you want.
Uempty You can run CL commands as part of completing fix installations or as part of normal
day-to-day operations.
Send function allows you to send PTFs to another system or group. The PTF must have an
existing save file on the system. You can also choose to send requisite PTFs, even if they
are installed. This function has to be used from the Fixes Inventory tree.
Send and install provides an additional wizard, which can be used to install PTFs.
Cleanup function is used for removing PTFs that are not needed anymore. The parameters
for this function are Fix-ID, Product-ID and release of the PTF.
Install provides you with a wizard that takes you through the PTF installation steps. You
only have to confirm the system on which the PTFs should be installed, choose the PTFs,
and state if the PTFs should be installed immediately or when the IBM Power System with
IBM i is going to be restarted. It is also possible to restart the system from within this
wizard.
Uninstall is also wizard-driven. It allows you to choose to uninstall the PTFs temporarily or
permanently, immediately, or delayed. It is also possible to restart the system from within
this wizard.
Permanently Install uses a wizard. You have to state whether the PTFs should be installed
immediately or when the IBM Power System with IBM i is going to be restarted next time.
You can also restart the system from within this wizard.
Cancel Actions allows you to cancel any fix actions that were set to occur at the next restart
of a system. You can also specify what fixes to cancel actions on if the cancel actions are
being done on a group of systems. You can cancel actions immediately or schedule that
activity to begin at a later time.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-79
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
You can distribute some or all of the fixes that you receive to a remote system with
Management Central. However, you must have the save files to distribute the fixes. If you
receive PTFs on media, you can use the Copy from Media function available from System i
Navigator to place the save files for the fixes onto your source system.
Uempty
• Management
Central
– Endpoint system or
system group
• Right-click
• Select Fixes
• Select Compare
and Update
Notes:
To compare and update the levels of your fixes inventory, you need to define a model
system and a source system. Your source system has the fix save files on it. Use your
model system to compare against other systems in your network to ensure that your other
systems have the same level of fixes like the model system. The Compare and Update
wizard finds missing fixes and extra fixes on the target systems.
Each wizard has a welcome screen that explains what it accomplishes.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-81
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Select products
– All or specific
products
• Default is
All products
Notes:
Uempty
Notes:
The third screen of the Compare and Update wizard allows the user to choose to apply
missing fixes (those installed on the model but not on the target system) or extra fixes
(those installed on the target but not the model system) or both missing and extra fixes to
the target system.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-83
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
You can manage your users and groups across multiple systems using Management
Central. You can do tasks such as:
• Create a user definition and then create multiple users across multiple systems based
on the definition
• Create, edit, and delete users and groups across multiple endpoint systems or system
groups and even schedule these actions
• Scan for owned objects to find out what objects a user or group owns across multiple
endpoint systems or system groups, and even scan owned objects for multiple users
simultaneously
• Collect an inventory of the users and groups on one or more endpoint systems and then
view, search, or export that inventory to a PC file
• Send users and groups from one system to multiple endpoint systems or system
groups. Unlike the Copy action, the Send function copies as many user properties as
Uempty possible to the target system(s), including the user name and password, security
settings, authorities, and mail options
All i special authorities and other authorities that are needed when working with users and
groups through a 5250 emulation screen are honored when managing users and groups
with Management Central. This includes security administration (*SECADM) privileges and
authority to the profiles with which you're working.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-85
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
A user definition is an easy way to create a new user on multiple endpoint systems or
system groups. Create user definitions for the various types of users on your system. Then,
when a request comes in for a new user, all special authorities, auditing, session startup,
and other information common to that type of user is already there. You only need to
specify the name for the user, a brief description to help you identify this user in a list of
users, and a new password for the user. All other properties of the new user are based on
the properties stored in the user definition unless you choose to change them. You may
also select the groups the user should belong to and provide personal information about
the user at the time the user is created.
You can create the new user immediately, or you can schedule a later time when you want
the user to be created. For example, you can create a user definition named Accounting
Users, which specifies all the special authorities and other properties that the users in your
accounting department need. Then, at any time, you can create one or more new users
based on that definition on any endpoint system or system group.
Uempty In the user definition, you can specify a command or program to run on the target IBM
Power System with IBM i immediately after a user is created successfully on the system.
The command or program is run when a user is created from the definition. This can be any
command that can be used in the i batch environment. You cannot run an interactive
command. You can use the replacement variable and USER any place in the command
where you want the command to substitute the name of the user that is being created. For
example, you could specify the command CRTLIB and USER to create a library with the
user name as the name of the library. This creates a library each time the definition is used
to create a user.
When creating a new user from a definition, you can change properties of the new user,
and this does not affect the properties defined in the user definition. Or you can simply use
the definition properties for each new user you create, and then just specify a name and
password for the user.
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-87
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The Redbook mentioned in the visual (SG24-5407) can be downloaded from the Redbooks
web site http://www.redbooks.ibm.com.
Even though this Redbook was written at the V4R4 level, it is still a relevant publication that
can be used the learn the features and functions that are supported by Management
Central.
Uempty
Additional resources
IBM i
• Web sites:
– Navigator for IBM i homepage
http://www-03.ibm.com/systems/i/software/navigator/index.html
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-89
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Figure 2-67. Exercise: Management Central inventory and system values OL1914.1
Notes:
The material presented in this unit reviewed some of the more basic concepts you learned
from on-the-job experience or through the IBM Power System with IBM i Operator’s course.
A good understanding of these concepts is necessary to complete the remainder of the
course material.
Uempty
Checkpoint
IBM i
2. True or False: The Management Central server must be running in order for that
system to be visible in the Management Central view of systems.
3. True or False: Once an IBM Power System with IBM i is defined as the central
server you cannot define a different system as your central server.
5. True or False: The advanced job scheduler is automatically included with every
IBM Power System with IBM i that is shipped from IBM.
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 2. Management Central overview 2-91
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit summary
IBM i
Notes:
References
SC41-5302-11 IBM i 7.1 Security – Security Reference
IBM Publications Center:
http://www.elink.ibmlink.ibm.com/publications/servlet/pbi.wss?CTY=US
IBM i Information Center:
http://publib.boulder.ibm.com/iseries/
© Copyright IBM Corp. 1995, 2012 Unit 3. Security concepts and overview 3-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit objectives
IBM i
Notes:
Uempty
• Confidentiality
– Protecting against disclosing information to unauthorized people
– Restricting access to confidential information
– Protecting against curious system users and outsiders
• Integrity
– Protecting against unauthorized changes to data
– Restricting manipulation of data to authorized programs
– Providing assurance that data is trustworthy
• Availability
– Preventing accidental changes or destruction of data
– Protecting against attempts by outsiders to abuse or destroy system
resources
Notes:
System security is often associated with external threats, such as hackers or business
rivals. However, protection against system accidents by authorized system users is often
the greatest benefit of a well-designed security system. In a system without good security
features, pressing the wrong key might result in deleting important information. System
security can prevent this type of accident.
The best security system functions cannot produce good results without good planning.
Security that is set up in small pieces, without planning, can be confusing. It is difficult to
maintain and to audit. Planning does not imply designing the security for every file,
program, and device in advance. It does imply establishing an overall approach to security
on the system and communicating that approach to application designers, programmers,
and system users.
© Copyright IBM Corp. 1995, 2012 Unit 3. Security concepts and overview 3-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
To facilitate installation, many of the security capabilities on your system are not activated
when your system is shipped. Recommendations are provided in this topic collection to
bring your system to a reasonable level of security. Consider the security requirements of
your own installation as you evaluate the recommendations.
Uempty
Physical security
IBM i
Keep
Out
Display stations
Backup tapes
Notes:
Physical security includes protecting the system unit, system devices, and backup media
from accidental or deliberate damage. Most measures you take to ensure the physical
security of your system are external to the system. However, the system is equipped with a
keylock that prevents unauthorized functions at the system unit.
Note
© Copyright IBM Corp. 1995, 2012 Unit 3. Security concepts and overview 3-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Keylock security
IBM i
Low High
Notes:
You can retrieve and change the keylock position by using the Retrieve IPL Attributes
(QWCRIPLA) API or the Change IPL Attributes (CHGIPLA) command.
The keylock on the 940x control panel controls access to various system control panel
functions.
The keylock feature allows the remote user access to additional functions available at the
control panel. For example, it controls where the machine will IPL from and to what
environment, either IBM i or dedicated service tools (DST).
The IBM i system value, QRMTIPL controls the option to IPL the system remotely through a
telephone line. This value is shipped defaulted to off which will not allow the keylock to be
overridden. The system value can be changed to allow remote access, but does require
*SECADM and *ALLOBJ special authorities to change.
The IBM i system value, QRMTSRVATR, (Remote Service Attribute) controls the remote
system service problem analysis ability. The value allows the system to be analyzed
remotely. This value is shipped defaulted to off which will not allow the keylock to be
Uempty overridden. The system value can be changed to allow remote access, but does require
*SECADM and *ALLOBJ special authorities to change.
Note
© Copyright IBM Corp. 1995, 2012 Unit 3. Security concepts and overview 3-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
• Security level
• System values
• Signing
• User profiles
• Groups profiles
• Resource security
• Data encryption
Notes:
Security level
There are five levels of security that can be set with the QSECURITY system value. The
different levels that can be specified are level 10, 20, 30, 40 or 50. Specific details will be
covered later in the class.
System values
Allow you to define system-wide security settings and allow you to provide customization
for many characteristics of your Power System with IBM i.
Signing
Signing your software object is particularly important if the object has been transmitted
across the Internet or stored on media which you feel might have been modified. The digital
signature can be used to detect if the object has been altered.
Digital signatures, and their use for verification of software integrity can be managed
according to your security policies using the Verify Object Restore (QVFYOBJRST) system
value, the Check Object Integrity (CHKOBJITG) command, and the Digital Certificate
© Copyright IBM Corp. 1995, 2012 Unit 3. Security concepts and overview 3-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Manager tool. Additionally, you can choose to sign your own programs (all licensed
programs shipped with the system are signed).
Single signon enablement
Single signon is an authentication process in which a user can access more than one
system by entering a single user ID and password. To enable a single sign-on environment,
IBM provides two technologies that work together to enable users to sign in with their
Windows user name and password and be authenticated to Power Systems with IBM i
platforms in the network: Network Authentication Service (NAS) and Enterprise Identity
Mapping (EIM). Windows 2000, Windows XP, AIX, and z/OS use Kerberos protocol to
authenticate users to the network. A secure, centralized system, called a key distribution
center, authenticates principals (Kerberos users) to the network.
User profiles
The user profile is powerful and flexible tool used to control what the user can do and
customize the way the system appears to that user.
Groups profiles
A group profile is a special type of user profile. Rather than giving authority to each user
individually, you can use a group profile to define authority for a group of users.
Resource security
The ability to access an object is called authority. Resource security on the IBM i operating
system enables you to control object authorities by defining who can use which objects and
how those objects can be used.
You can specify detailed authorities, such as adding records or changing records. Or you
can use the system-defined subsets of authorities: *ALL, *CHANGE, *USE, and
*EXCLUDE.
Files, programs, and libraries are the most common objects requiring security protection,
but you can specify authority for any object on the system.
Data encryption
IBM i offers the possibility to encrypt data at ASP level and Database Column level. ASP
encryption can be turned off and on and the data encryption key can be changed for an
existing user ASP. These changes take a significant amount of time as all the data in the
disk pool needs to be processed. This would affect system performance.'field procedures.
Field procedures are user written exit programs that get executed every time a column is
changed or new values are inserted.
Security audit journal
You can use security audit journals to audit the effectiveness of security on your system.
The IBM i operating system provides the ability to log selected security-related events in a
security audit journal. Several system values, user profile values, and object values control
which events are logged.
Uempty
SIGNON:
Harry
MENU AUTHORITY
PAYROLL
AUTHORITY
MENU
PAYEDIT
AUTHORITY
PROGRAM
Operational
Read
PAYROLL
Execute
DATA
Notes:
On the Power Systems with BM i, security has been architected from the ground up.
Security is always available and active. Based on what level of security you choose to
configure and implement, will determine how secure your system will be.
© Copyright IBM Corp. 1995, 2012 Unit 3. Security concepts and overview 3-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Checkpoint
IBM i
3. Which of the following is not one of the modes you can select for your
system?
a. Manual
b. Normal
c. Automatic
d. Secure
e. Lockdown
Notes:
Uempty
Unit summary
IBM i
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 3. Security concepts and overview 3-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
References
SC41-5302-11 IBM I 7.1 Security - Security Reference (chapter 3)
IBM Publications Center:
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
http://www.elink.ibmlink.ibm.com/publications/servlet/pbi.wss?CTY=U
S
IBM infocenter for i:
http://publib.boulder.ibm.com/iseries/
Uempty
Unit objectives
IBM i
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Security components
IBM i
People Objects
(users) (resources)
Individual
User profiles
objects
System values
Notes:
There are three components used to implement security on this system. The operating
system continually checks system values, user profiles, and objects as it receives requests
from users to determine if that user will be allowed to access the object in question.
In this unit, we will discuss system values and how you use these to customize many
characteristics of your system.
Security is an integral part of the operating system. It is not an add-on or extra purchase
feature of an application.
Uempty
• Purpose
– Used to define customized (security) characteristics on the system
• How to set
– 5250 emulation
• WRKSYSVAL: Work with system values
• CHGSYSVAL: Directly change system values
– IBM i Navigator
• Configuration and Service > System Values
– IBM Systems Director Navigator for i
• Configuration and Service > System Values
• Authority required
– Must have *SECADM and *ALLOBJ authority to change security -related system
values
– Can be locked with an option through dedicated service tools (DST) or system
service tools (SST)
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
You can use system service tools (SST) or dedicated service tools (DST) to lock and
unlock the security-related system values. However, you must use DST if you are in
recovery mode because SST is not available during this mode. Otherwise, use SST to lock
or unlock the security-related system values.
You can restrict the following system values by using the lock option:
QALWJOBITP QAUTORMT QLMTDEVSSN QPWDLMTREP
QRETSVRSEC QALWOBJRST QAUTOVRT QLMTSECOFR
QPWDLVL QRMTSIGN QALWUSRDMN QCRTAUT
QMAXSGNACN QPWDMAXLEN QRMTSRVATR QAUDCTL
QCRTOBJAUD QMAXSIGN QPWDMINLEN QSCANFS
QAUDENACN QDEVRCYACN QPWDCHGBLK QPWDPOSDIF
QSCANFSCTL QAUDFRCLVL QDSPSGNINF QPWDEXPITV
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
• Purpose:
– Used to specify the level of security to be enforced on the system.
• How to set:
– 5250 emulation: WRKSYSVAL QSECURITY
– IBM i Navigator: Configuration and Service > System Values >
Security > General tab
– IBM Systems Director Navigator for i: Configuration and Service >
System Values > Security (properties) > General tab
• Authority required:
– Must have *SECADM and *ALLOBJ authority to change system values
– Can be locked with an option through service tools (DST and SST)
• Journal entry:
– SV
© Copyright IBM Corporation 2012
Notes:
System security level specifies the level of security on the system. A change to this system
value takes effect at the next IPL.
The shipped value is 40 (Protect from undocumented system interfaces)
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Level 20 Password
Notes:
You can choose how much security you want the system to enforce by setting the security
level (QSECURITY) system value. If you want to change the security level, use the Work
with System Values (WRKSYSVAL) command.
The comparison of the functions supported by the different levels of security is:
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Security level 40
IBM i
Notes:
Level 40 is referred to as system integrity security. At this level, the system itself is
protected against users. User-written programs cannot directly access the internal control
blocks through pointer manipulation.
Select system security level using System i Navigator panels.
Security level 40:
• Prevents accessing objects through unsupported interfaces. Example: Calling the
command processing program for the SIGNOFF command
• Prevents accessing internal system structures with C/400, Pascal or Assembler
• Controls use of job descriptions on SBMJOB
• Does not allow *SBSD to allow signon without entering userid and password
• Enables enhanced hardware storage protection, defining system information on disk as
read-write, read only, or no access
At level 20-30, action is usually allowed but logged to QAUDJRN journal.
At level 40-50, action usually fails and is logged to QAUDJRN journal.
Uempty
Notes:
Before migrating to level 40, make sure that all of your applications run successfully at
security level 30. Security level 30 gives you the opportunity to test resource security for all
of your applications. Follow these steps to migrate to security level 40:
1. Activate the security auditing function, if you have not already done so.
2. Make sure that the QAUDLVL system value includes *AUTFAIL and *PGMFAIL.
*PGMFAIL logs journal entries for any access attempts that violate the integrity
protection at security level 40.
3. Monitor the audit journal for *AUTFAIL and *PGMFAIL entries while running all of your
applications at security level 30. Pay particular attention to the following reason codes
in AF type entries:
C: Object validation failure
D: Unsupported interface (domain) violation
J: Job-description and user-profile authorization failure
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Note
Restore program libraries as part of your application test. Check the audit journal for
validation failures.
5. Based on the entries in the audit journal, take steps to correct your applications and
prevent program failures.
6. Change the QSECURITY value to 40 and perform an IPL.
Uempty
Security level 50
IBM i
Notes:
Level 50 is referred to as enhanced system integrity security. Level 50 is the recommended
level of security for most businesses because it offers the highest level of security currently
possible. Not only is the system protected against user-written programs, but it ensures
that users only have access to data on the system, rather than information about the
system itself. This offers greater security against anyone attempting to learn about your
system.
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
If your current security level is 30 or 40, you need to evaluate the QALWUSRDMN value and
recompile some programs to prepare for security level 50.
Most of the additional security measures that are enforced at security level 50 do not cause
audit journal entries at lower security levels. Therefore, an application cannot be tested for
all possible integrity error conditions before changing to security level 50.
The actions that cause errors at security level 50 are uncommon in normal application
software. Most software that runs successfully at security level 40 also runs at security
level 50.
If you are currently running your system at security level 30 or 40, do the following to
prepare for security level 50:
1. Evaluate the QALWUSRDMN system value. Controlling user domain objects is important
to system integrity.
2. Recompile any COBOL programs that assign the device in the SELECT clause to
WORKSTATION if the COBOL programs were compiled using a pre-V2R3 compiler.
Uempty 3. Recompile any S/36 environment COBOL programs that were compiled using a
pre-V2R3 compiler.
4. Recompile any RPG/400 or System/38 environment RPG programs that use display
files if they were compiled using a pre-V2R2 compiler.
You can go directly from security level 30 to security level 50. Running at security level 40
as an intermediate step does not provide significant benefits for testing.
If you are currently running at security level 40, you can change to security level 50 without
extra testing. Security level 50 cannot be tested in advance. The additional integrity
protection that is enforced at security level 50 does not produce error messages or journal
entries at lower security levels.
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The steps to follow when using IBM i Navigator to change the QSECURITY System Value
are:
1. Expand the Configuration and Service branch on the function tree.
2. Click the System Values sub-branch to see the categories displayed on the right pane.
3. Double-click Security in the right pane to see the panel displayed in the lower right
corner on the visual.
4. Select the level of security that is to be implemented, and then click OK.
5. IPL the system (partition) for this change to take effect.
Uempty
Notes:
The steps to follow when using IBM Systems Director Navigator for i to change the
QSECURITY System Value are:
1. Click Configuration and Service; the Configuration and Service tab appears on the
right pane.
2. On the right pane, click System Values; the System Values tab is displayed on the right
pane
3. On the right pane, in the Category column, click the Security pop-up button [»], and
click the Properties option.
4. Select the level of security that is to be implemented, and click OK.
5. An IPL of the partition is needed to effectuate this change.
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Figure 4-14. Topic 2: Using 5250 emulation to configure system values OL1914.1
Notes:
Uempty
• Purpose
– Specify system values that control security on the system.
• How to set
– WRKSYSVAL *SEC
• (Work with the system values that are in the security category.)
• Authority required
– User profile must have *ALLOBJ and *SECADM authority.
• Journal entry
– SV
Notes:
General security system values allow you to set security function to support the decisions
you made when developing your security policy. Most of the changes take affect
immediately and do not require an IPL of the system.
General system values that control security on your system are as follows:
QALWUSRDMN: Allow user domain objects in the libraries
QCRTAUT: Create default public authority
QDSPSGNINF: Display signon information
QFRCCVNRST: Force conversion on restore
QINACTITV: Inactive job timeout interval
QINACTMSGQ: Inactive job message queue
QLMTDEVSSN: Limit device sessions
QLMTSECOFR: Limit security officer
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
• Purpose
– Specify system values that relate to security on the system.
• How to set
– WRKSYSVAL
• Authority required
– User profile must have *ALLOBJ and *SECADM authority.
• Journal entry
– SV
Notes:
The following information are descriptions of additional system values that relate to security
on your system. These system values are not included in the *SEC group on the Work with
System Values display.
QAUTOCFG: Automatic device configuration
QAUTOVRT: Automatic configuration of virtual devices
QDEVRCYACN: Device recovery action
QDSCJOBITV: Disconnected job timeout interval
QRMTSRVATR: Remote service attribute
QSSLCSL: Secure Sockets Layer (SSL) cipher specification list (New at V6R1)
QSSLCSLCTL: Secure Sockets Layer (SSL) cipher control (New at V6R1)
QSSLPCL: Secure Sockets Layer (SSL) protocols (New at V6R1)
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Purpose
– Controls how and which security-related objects are restored on the
system.
• How to set
– WRKSYSVAL *SEC
• Authority required
– User profile must have *ALLOBJ and *SECADM authority.
• Journal entry
– SV
Notes:
The following information are descriptions of system values that relate to restoring
security-related objects on the system which should be considered when restoring objects
as well.
QVFYOBJRST: Verify object on restore
QFRCCVNRST: Force conversion on restore
QALWOBJRST: Allow restoring of security sensitive objects
Uempty
• Purpose
– Specify system values to set requirements for the passwords users
assign.
• How to set
– WRKSYSVAL *SEC
• Authority required
– User profile must have *ALLOBJ and *SECADM authority.
• Journal entry
– SV
Notes:
The system values control passwords:
QPWDCHGBLK: Block password change (New at V6R1)
QPWDEXPITV: Expiration interval
QPWDEXPWRN: Password expiration warning (New at V6R1)
QPWDLVL: Password level
QPWDLMTCHR: Restricted characters
QPWDLMTAJC: Restrict adjacent characters
QPWDLMTREP: Restrict repeating characters
QPWDMINLEN: Minimum length
QPWDMAXLEN: Maximum length
QPWDPOSDIF: Character position difference
QPWDRQDDIF: Required difference
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
• Purpose
– Specify system values to control security auditing on the system.
• How to set
– WRKSYSVAL *SEC
• Authority required
– User profile must have *AUDIT authority.
• Journal entry
– SV
Notes:
These system values control auditing on the system:
QAUDCTL: Auditing control
QAUDENDACN: Auditing end action
QAUDFRCLVL: Auditing force level
QAUDLVL: Auditing level
QAUDLVL2: Auditing level extension
QCRTOBJAUD: Create default auditing
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Figure 4-20. Topic 3: Using IBM i Navigator to configure system values OL1914.1
Notes:
Uempty
Notes:
Changes to the majority of the system values will take effect immediately. An IPL is
required only when changing the security level (QSECURITY) system value or the
password level (QPWDLVL) system value.
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Date:
Use the Date tab to specify the current date for your system. The Date tab also specifies a
leap year adjustment that ensures that the system date is correct when a leap year occurs.
System date: The system supports dates that range from August 24, 1928 to July 6, 2053.
To change only the year, highlight the year and click the up or down arrow. To change only
the month, highlight the month and click the up or down arrow.
System value: QDAYOFWEEK, QDATE, QDAY, QMONTH, and QYEAR.
Special considerations: The system date is automatically updated when the time reaches
midnight, 12:00:00 AM.
Leap year adjustment: Adjusts the system calendar for the leap year in different calendar
systems. If your calendar year agrees with the Gregorian calendar system, select Use
Gregorian leap year adjustment. If your calendar year differs from the Gregorian, adjust
the system calendar to account for the leap year of the calendar year you are using. To
make the adjustment, divide the leap year in your calendar system by 4; then set Leap
Uempty year adjustment to the value of the remainder. For example, the Gregorian calendar year
of 1984 was the year 73 in the Republic of China. Because 73 was a leap year, you divide
73 by 4; this leaves a remainder of 1. Therefore, to adjust the system calendar for the
Republic of China, specify one for Leap year adjustment.
System value: QLEAPADJ.
Special considerations: Changing the leap year system value does not change the system
clock and job dates of active jobs, but it may change the date system value.
Time: Use the Time tab to adjust the current time for your system.
Time of day: The QTIMADJ system value identifies the software used to adjust the system
clock in order to keep it synchronized with an external time source. This value should be
maintained by the time adjustment software and is intended as an aid to prevent multiple
time adjustment applications from conflicting with one another.
Time adjustment specifies whether a time maintenance application is specified to maintain
the system time and whether or not there is a time adjustment in progress. The time
adjustment may initiate from the time maintenance application or you can manually start a
time adjustment.
Adjusting does not cause large jumps in time that can be experienced with setting the clock
with the Time of Day system value. Adjusting takes time to complete because it is not a
single, instantaneous change to the clock. For example, adjusting the clock by 1 second
could take 10 seconds of real time to complete. Two hours forward or backward is the
maximum amount of adjustment that can be made.
Time zone: A time zone specifies how to set your system time. You can specify a time
zone for each system in your business environment. The time zone setting specifies the
offset from UTC and whether to observe Daylight Saving Time (DST) or not. If you specify
to observe Daylight Saving Time, the system automatically updates the system time when
Daylight Saving Time begins and ends. You do not need to manually set the system time
when Daylight Saving Time begins and ends.
System value: QTIMZON
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Automatic Configuration tab
Use the Automatic Configuration tab to specify automatic configuration controls. This tab
allows you to specify which objects are automatically configured. Automatic configuration is
a function that names and creates devices and controllers. The objects are also varied on.
System value: QAUTOCFG
Local controllers and devices: Specifies whether devices and controllers added to the
system are configured automatically. For more information about what specific controllers
and devices are configured, refer to chapter 1 in Local Device Configuration. If this option is
not selected, you must manually configure any new local controllers or devices that you
add to your system. If this option is selected, automatic configuration is on. The system
automatically configures any new local controllers or devices that are added to your
system. The system operator receives a message indicating the changes to the system's
configuration.
Uempty Allow automatic configuration: Specify the following options related to automatic
configuration.
Device naming convention: Specifies the naming convention that is used when the
system automatically creates device descriptions when Local Controllers and devices is
selected. These names are used when creating device descriptions for local controllers or
devices that are added to your system. Possible values are:
• Use i5/OS naming: (should be IBM i) Use naming conventions according to IBM i
standards
• Use System/36 naming: Use naming conventions according to System/36 standards
• Use Device address: Derive the device name from the device address
System value: QDEVNAMING
Remote controllers and devices: Specifies whether remote controllers and devices
connected to the system are configured automatically. If this option is not selected, you
must manually configure any new remote controllers or devices that connect to the system.
System value: QAUTORMT
Pass-through devices and TELNET: Specifies the number of virtual devices to
automatically configure. If you do not want to automatically configure any devices, do not
select this option. Devices are not automatically deleted to bring the total number down to
the specified limit for this system value. Therefore, if you change from a higher value to a
lower value, the system does not delete virtual devices.
The system deletes virtual devices only if they are damaged, or if the device needs to be
created again to change its type. If you select Pass-through devices and TELNET, select
one of the following options to specify the maximum number of devices that are configured:
• No maximum number of devices: An unlimited number of virtual devices may be
configured automatically
• Maximum number of devices (1-32500): The maximum number of devices that may
be configured automatically. Possible values are 1 through 32500 devices
System value: QAUTOVRT
Recovery tab
The system value QDEVRCYACN specifies what action to take when an I/O error occurs for
an interactive job's workstation. Possible values for the QDEVRCYACN system value:
• *DSCMSG: Disconnects the job. When signing on again, an error message is sent to the
user's application program.
• *MSG: Signals the I/O error message to the user's application program. The application
program performs error recovery.
• *DSCENDRQS: Disconnects the job. When signing-on again, a cancel request function is
performed to return control of the job back to the last request level.
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• *ENDJOB: Ends the job. A job log is produced for the job. A message indicating that the
job ended because of the device error is sent to the job log and the QHST log. To
minimize the performance impact of the ending job, the job's priority is lowered by 10,
the time slice is set to 100 milliseconds, and the purge attribute is set to yes.
• *ENDJOBNOLIST: Ends the job. A job log is not produced for the job. A message is sent
to the QHST log indicating that the job ended because of the device error.
Uempty
Notes:
Use the CL commands DSPSYSVAL, CHGSYSVAL, or WRKSYSVAL to display or change
system values.
The QDSCJOBITV system value determines if and when the system ends a disconnected
job. The interval is specified in minutes.
The QINACTITV system value specifies in minutes how long the system allows a job to be
inactive before taking action. A workstation is considered inactive if it is waiting at a menu
or display or if it is waiting for message input with no user interaction.
• Standard value *NONE means no timeout
• Valid interval is 5 - 300
The QINACTMSGQ system value specifies what action the system takes when the inactive
job time-out interval for a job has been reached.
• Standard value *ENDJOB means job is ended
• Other valid values are *DSCJOB or the name of a message queue
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
iSeries
Five minutes inactive
QCPFMSG
CPI1126
*MSGF
DSPMSG
INACTMSGQ
System values: OR
* MSGQ
QINACTITV (5)
QINACTMSGQ (INACTMSGQ)
INACTPGM
* PGM
CRTMSGQ INACTMSGQ
Notes:
• Here the alternate way of using QINACTMSGQ is shown: a timeout message can be sent
to a message queue and an operator or a program can take the appropriate action.
• User or program can monitor for message on message queue and take appropriate
action.
• Message ID is CPI1126.
Uempty
Notes:
The system value QENDJOBLMT specifies the amount of time (in seconds) for application
cleanup during the immediate ending of a job. This system value's time limit is used when
ending one job or when ending all jobs in all subsystems.
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
IBM i Navigator provides you with the ability to set your system's security values through its
graphical interface. The window above is accessed from the IBM i Navigator environment
panel.
A group of system values is used to define system-wide security settings.
The system values can be retrieved and changed under program control by using Work
System Value (WRKSYSVAL) command or Change System Value (CHGSYSVAL) command.
There are five policies in the Security component of System i Navigator:
• Auditing Policy: Specify system values to control security auditing on the system
• Password Policy: Specify system values to set requirements for the passwords users
assign
• Restore Policy: Controls how and which security-related objects are restored on the
system
• Security Policy: Specify system values that control security on the system
Uempty • Signon Policy: Specify system values to set requirements for the passwords users
assign
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The QRETSVRSEC system value determines whether decryptable authentication
information associated with user profiles or validation list (*VLDL) entries can be retained
on the host system. This does not include the Power System with IBM i user profile
password.
The authentication information can be removed from the system by setting the
QRETSVRSEC system value to 0 the CLRSVRSEC command might run for an extensive
period of time.
The QUSEADPAUT system value defines which users can create programs with the use
adopted authority (*USEADPAUT(*YES)) attribute. All users authorized by the
QUSEADPAUT system value can create or change programs and service programs to use
adopted authority if the user has the necessary authority to the program or service
program. The system value can contain the name of an authorization list.
Uempty
Notes:
The QCRTAUT system value is used to determine the public authority for a newly created
object if the following conditions are met:
• The value of the create authority (keyword CRTAUT) at the CRTLIB or CHGLIB
command, is set to *SYSVAL
• A new object is created in that library with public authority (keyword AUT) of
*LIBCRTAUT
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Figure 4-30. Security Policy Properties: Objects not auditable, shared memory OL1914.1
Notes:
The QALWUSRDMN system value specifies which libraries are allowed to contain user
domain objects of type *USRSPC, *USRIDX, and *USRQ. The restriction does not apply to
user domain objects of type *PGM, *SRVPGM, and *SQLPKG.
The QSHRMEMCTL system value defines which users are allowed to use shared memory or
mapped memory that has write capability.
Uempty
Notes:
QSCANFS and QSCANFSCTL are system values that enable programs to be called from two
new registered exit program entries. Registered programs are intended to scan the files in
the integrated file system and return the results to the system. Once a virus is detected, the
appropriate action can be taken in order to eliminate the virus.
Note
Do not scan the IFS using IBM i NetServer. Mapping a drive with all object authority
exposes the system to virus attack by a PC virus. Consider this could:
• Use up network resources
• Move data across the network in the clear
• Scanner can go into infinite loops
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
The QSCANFS system value specifies whether objects in the root (/), QOpenSys, and
user-defined file systems should be scanned by exit programs registered with any of the
integrated file system scan-related exit points. The default value sets objects to be scanned
if any exit programs are registered through API.
The Integrated file system scanning is configured by registering exit programs to the
integrated file system scan-related exit points. These exit programs entries are
QIBM_QP0L_SCAN_OPEN (Integrated File System Scan on Open Exit Program) and
QIBM_QP0L_SCAN_CLOSE (Integrated File System Scan on Close Exit Program).
The QSCANFSCTL system value specifies different control options for scanning objects. For
example, *FSVRONLY for this system value means a scan only takes place if you access
the Power System with IBM i from a file server.
Important
The file system the object is in must be completely converted (all objects within the
directory) to a *TYPE 2. You can use the Convert Directory (CVTDIR) command's
OPTION(*CHECK) to determine if the file system has been completely converted. In V5R3,
shortly after the initial IPL, the system starts a background task that will find any *TYPE1 to
*TYPE2. Therefore, it may appear as if a file is in an *TYPE2 directory, but the file system
may not have yet completed this conversion. The SCAN status for an object shows as
*PENDING/CONVERSION if it is awaiting conversion.
The object attributes can be specified for either *TYPE1 (before conversion) or *TYPE2
directory file systems. The actual scanning, if enabled, only occurs if the object exists in a
file system that has been completely converted to *TYPE2.
Uempty
Notes:
Following are the system values that control passwords. These system values require
users to change passwords regularly and help prevent users from assigning trivial, easily
guessed passwords. They can also make sure passwords meet the requirements of your
communications network.
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The password level of the system can be set to allow for user profile passwords from 1-10
characters or to allow for user profile passwords from 1-128 characters. Possible values for
the QPWDLVL system value are:
• 0: The system supports user profile passwords with a length of 1-10 characters.
• 1: QPWDLVL 1 is the equivalent support of QPWDLVL 0 with the following exception: IBM
i NetServer passwords for Windows 95/98/ME clients are removed from the system.
• 2: The system supports user profile passwords from 1-128 characters. Upper and lower
case characters are allowed. Passwords can consist of any character, and the
password is case sensitive.
• 3: QPWDLVL 2 is the equivalent support of QPWDLVL 2 with the following exception:
QPWDLVL 3 cannot be used if your system communicates with the Windows 95/98/ME
IBM i Client Support for Windows Network Neighborhood (IBM i NetServer) product.
Uempty Minimum time between password changes: Specifies the minimum time that must occur
between password changes. You can select None or any number of hours between 1 and
99.
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The QPWDMINLEN system value controls the minimum number of characters in a password.
The QPWDMAXLEN system value controls the maximum number of characters in a
password.
The QPWDRQDDGT system value controls whether a numeric character is required in a new
password. This value provides additional security by preventing users from using all
alphabetic characters.
The QPWDLMTAJC system value limits the use of numeric characters next to each other
(adjacent) in a password. This value provides additional security by preventing users from
using birthdays, telephone numbers, or a sequence of numbers as passwords.
The QPWDLMTREP system value limits the use of repeating characters in a password. This
value provides additional security by preventing users from specifying passwords that are
easy to guess, such as the same character repeated several times.
The QPWDLMTCHR system value limits the use of certain characters in a password. This
value provides additional security by preventing users from using specific characters, such
Uempty as vowels, in a password. Restricting vowels prevents users from forming actual words for
their passwords.
The QPWDRQDDIF system value controls whether the password must be different from
previous passwords. This value provides additional security by preventing users from
specifying passwords used previously. It also prevents a user whose password has expired
from changing it and then immediately changing it back to the old password.
The QPWDPOSDIF system value controls each position in a new password. This provides
additional security by preventing users from using the same character (alphabetic or
numeric) in a position corresponding to the same position in the previous password.
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Use the Validation 2 tab to specify password restrictions. Changing values on this tab will
cause certain corresponding system values on the Validation 1 tab to be ignored by the
system. System Value QPWDRULES is set.
Password level (current): Displays the current password level set.
Password validation options: Specifies the rules used to check whether a password is
formed correctly. Changes made to this system value take effect the next time a password
is changed.
Use the validation system values on the Validation 1 tab: System Value QPWDRULES
gets value *PWDSYSVAL.' This system value is ignored and the other password system
values are used to check whether a password is formed correctly.
Specifically, the QPWDLMTAJC, QPWDLMTCHR, QPWDLMTREP, QPWDMAXLEN,
QPWDMINLEN, QPWDPOSDIF, and QPWDRQDDGT system values will be used instead of
QPWDRULES.
Uempty Use the following validation rules Certain corresponding system values on the
Validation 1 tab will be ignored:
Specifically, the QPWDLMTAJC, QPWDLMTCHR, QPWDLMTREP, QPWDMAXLEN,
QPWDMINLEN, QPWDPOSDIF, and QPWDRQDDGT system values will be ignored.
Minimum length (*MINLENnnn): Specifies the minimum number of characters for a
password. The possible values vary depending on the password level for your system.
Maximum length (*MAXLENnnn): Specifies the maximum number of characters for a
password. The possible values vary depending on the password level for your system.
Restrict repeating characters: Specifies whether repeating characters are allowed in a
password. This option provides additional security by preventing users from specifying
passwords that are easy to guess, such as the same character repeated several times.
Possible values are:
Characters can be used more than once: The same characters can be used more
than once in a password.
Characters cannot be used more than once (*CHRLMTREP)
Characters cannot be used consecutively (*CHRLMTAJC): The same character can
be used more than once, but it cannot be used consecutively in a password.
Letter Characters
Minimum Number (*LTRMINn): Specifies the minimum number of letter characters that
must occur in the password.
Maximum Number (*LTRMAXn): Specifies the maximum number of letter characters
that may occur in the password.
Restrict consecutive letter characters (*LTRLMTAJC): The password may not contain
2 or more adjacent (consecutive) to each other.
Digits
Minimum Number (*DGTMINn): Specifies the minimum number of digit characters that
must occur in the password.
Maximum Number (*DGTMAXn): Specifies the maximum number of digit characters
that may occur in the password.
Restrict consecutive digit characters (*DGTLMTAJC): The password may not contain
two or more adjacent (consecutive) digit characters.
Special Characters
Minimum Number (*SPCCHRMINn): Specifies the minimum number of special
characters that must occur in the password.
Maximum Number (*SPCCHRMAXn): Specifies the maximum number of special
characters that may occur in the password.
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Notes:
The QPWDEXPITV system value controls the number of days allowed before a password
must be changed. If a user attempts to sign on after the password has expired, the system
shows a display requiring that the password be changed before the user is allowed to sign
on.
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Change Password
IBM i
Notes:
The password-composition system values are enforced only when the password is
changed using the CHGPWD command, the Change Password in IBM i Navigator, the
ASSIST menu option to change a password, or the QSYCHGPW application programming
interface (API). They are not enforced when the password is set using the CRTUSRPRF or
CHGUSRPRF command.
Uempty
N
QPWDVLDPGM
Y
Validation
program
Message PGM
N
detects
error?
Password
changed
Y
© Copyright IBM Corporation 2012
Notes:
If *REGFAC or a program name is specified in the QPWDVLDPGM system value, the system
runs one or more programs after the new password has passed any validation tests you
specify in the password-control system values. You can use the programs to do additional
checking of user-assigned passwords before they are accepted by the system.
The topic “Using a Password Approval Program” in the book IBM i 7.1 Security - Security
Reference discusses the requirements of the password approval program and shows an
example.
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The Signon Policy of System i Navigator allows you to view or change the system values
that control the signon of the users.
Following are the system values that control the signon of the users.
Uempty
Notes:
The QMAXSIGN system value controls the number of consecutive signon attempts that are
not correct by local and remote users. Incorrect sign-on attempts can be caused by a user
ID that is not correct, a password that is not correct, or inadequate authority to use the
workstation.
The QMAXSGNACN system value determines what the system does when the maximum
number of sign-on attempts is reached at a workstation. Possible values for the
QMAXSGNACN System Value:
• 3: Disable both the user profile and device
• 1: Disable the device only
• 2: Disable the user profile only
The QDSPSGNINF system value determines whether the Sign-on Information display is
shown after signing on. The Sign-on Information display shows:
• Date of last signon
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Notes:
The QRMTSIGN system value specifies how the system handles remote sign-on requests.
Examples of remote sign-on are display station pass-through from another system, the
workstation function of the System i Access licensed program, and TELNET access.
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The restore policy controls how and which security-related objects are restored on the
system.
When an attempt is made to restore an object onto the system, three system values work
together as filters to determine if the object is allowed to be restored. The first filter is the
verify object on restore QVFYOBJRST system value. The second filter is the force
conversion on restore QFRCCVNRST system value. The third filter is the allow object on
restore (QALWOBJRST) system value.
Uempty
Notes:
The QVFYOBJRST system value determines whether objects are required to have digital
signatures in order to be restored to your system. You can prevent anyone from restoring
an object unless that object has a proper digital signature from a trusted software provider.
This value applies to objects of types *PGM, *SRVPGM, *SQLPKG, *CMD and *MODULE. It also
applies to *STMF objects which contain Java programs.
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
This system value QFRCCVNRST allows you to specify whether to convert the following
object types during a restore:
• Program *PGM
• Service program *SRVPGM
• SQL Package *SQLPKG
• Module *MODULE
The following are possible conversion values:
0: Level 0. Restore all objects without conversion.
1: Level 1. Objects with validation errors are converted.
2: Level 2. Objects that must be converted to be used on the current version of the
operating system and objects with validation errors are converted.
Uempty 3: Level 3. Objects that are suspected of having been tampered with, must be converted to
be used on the current version of the operating system, or have validation errors are
converted.
4: Level 4. Objects that contain validation errors, require conversion for use, or are
suspected of having been tampered with are converted. Objects that contain sufficient
creation data and do not have a valid digital signature are also converted.
5: Level 5. Objects that contain validation errors, require conversion for use, are suspected
of having been tampered with, or contains sufficient creation data are converted.
6: Level 6. Objects that contain validation errors, require conversion for use, are suspected
of having been tampered with, or do not have a valid digital signature are converted.
7: Level 7. All objects are converted.
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The QALWOBJRST system value determines whether objects that are security-sensitive
may be restored to your system. You can use it to prevent anyone from restoring a system
state object or an object that adopts authority.
When your system is shipped, the QALWOBJRST system value is set to *ALL. This value is
necessary to install your system successfully.
Uempty
Notes:
The QSAVACCPTH system value indicates whether or not the access paths are saved
during a save operation. The access path is the order in which records in one or more
database files are organized for processing by a program.
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-65
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Checkpoint
IBM i
Notes:
Uempty
Unit summary
IBM i
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 4. Security-related system values 4-67
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
References
SC41-5302-11 IBM I 7.1 Security - Security Reference (chapter 3)
IBM Publications Center:
http://www.elink.ibmlink.ibm.com/publications/servlet/pbi.wss?C
TY=US
Uempty
Unit objectives
IBM i
Notes:
Security components
IBM i
People Objects
(users) (resources)
Individual
User profiles
objects
System values
Notes:
There are three components used to implement security on this system. The operating
system continually checks system values, user profiles, and objects as it receives requests
from users to determine if that user will be allowed to access the object in question.
In this unit, we will discuss user and group profiles and how you use these to customize
capabilities and what authority users will have once they are signed on to the system. We
will also look at the capabilities provided by Management Central in relation to working with
users on the system.
Uempty
Notes:
Notes:
A user profile has several roles on the system:
• It contains security-related information that controls how the user signs on the system,
what the user is allowed to do after signing on, and how the user's actions are audited.
• It contains information that is designed to customize the system and adapt it to the user.
• It is a management and recovery tool for the operating system. The user profile
contains information about the objects owned by the user and all the private authorities
to objects.
• The user profile name identifies the user's jobs and printer output.
Uempty
User profiles
IBM i
• Purpose
– Used to define users and groups on the system
• How to set
– 5250 emulation:
• WRKUSRPRF: Create, change, and delete profiles on the system
• CHGUSRAUD: Change user audit settings
– IBM i Navigator: Users and Groups > All Users > Properties
– IBM Systems Director Navigator for i: Users and Groups > Create Users or Change Users
• Authority required
– Must at least have *SECADM authority to work with profiles
– Must have *AUDIT authority to change user auditing
• Journal entry
– AD for changes to user auditing
– CO for creation of a user profile
– CP for changes to user profiles
– DO for deletion of a user profile
– ZC for changes to user profile that are not relevant to security
Notes:
User profile
IBM i
User information
User profile • Password
Tells the system
who you are • Password expiration level
• Initial menu/program
• User class
• Special authority
• Static
– User information
• Dynamic
– List of owned objects
– List of object authorizations
© Copyright IBM Corporation 2012
Notes:
The user profile contains a list of objects owned by the user profile, a list of objects which
the user profile does not own but is otherwise authorized to access, and information about
the user: current library, initial program, initial menu, special authorities, user class, group
profile, maximum storage, and much more.
Every object on the system must have an owner. If an object does not have an owner, it
may not be used, and the RCLSTG command is typically executed in order to assign it to
QDFTOWN.
Do not assign all (or nearly all) objects to only one owner profile. Profiles that own many
objects with many private authorities can become very large. To prevent impacts to either
performance or system operations, distribute ownership of objects to multiple profiles.
Avoid applications owned by IBM-supplied user profiles, such as QSECOFR or QPGMR.
These profiles can become difficult to manage because they own a large number of
IBM-supplied objects.
Uempty
Notes:
Refer to the table listed in Appendix B of the IBM i Security - Security Reference 7.1
manual, SC41-5302-11.
This table shows the default values that are used for all IBM-supplied user profiles and on
the Create User Profile (CRTUSRPRF) command. The parameters are sequenced in the
order they appear on the Create User Profile display.
New User
IBM i
Notes:
Creating a new user profile is a function that can be done from an 5250 Emulation screen
or using IBM i Navigator, or IBM Systems Director Navigator for i
When using an emulation session, you can directly key in the command CRTUSRPRF, or
you can use option 1=Create on the Work with Profiles panel.
With IBM i Navigator, you can either right-click Users and Groups or right-click All users.
Uempty
Figure 5-9. Create a new user: 5250 and IBM i Navigator OL1914.1
Notes:
5250 emulation screens, IBM i Navigator, and IBM Systems Director Navigator for i provide
you with the ability to create new users and groups. In order to create user profiles on the
system, your user profile needs security administration (*SECADM) privileges or security
officer (*SECOFR) privilege.
Create a profile on an emulation session by using the Create User Profile (CRTUSRPRF)
command or by using the Work with User Profiles (WRKUSRPRF) command and selecting
option 1=Create.
In IBM i Navigator, click My Connections > Users and Groups; then click the appropriate
branch to view all users, groups, or users not in a group. You can use the Include option to
control which of the possible users within each container you can work. All is the default.
To create a new user, open Users and Groups and right-click All Users; then, select New
User. The New User panel appears.
Password: Specifies the password for the user. The rules that determine whether a
password is valid are specified on the Password System Values dialog (expand
Configuration and Service to see system values).
If you specify no password for this user, the user cannot sign on. The user is still
functioning, and programs or other users can access its resources.
Enable user for processing: Specifies whether the user is enabled or disabled. A user
that is disabled cannot sign on to the system.
Uempty
Create User: IBM Systems Director Navigator for I
(1 of 2)
IBM i
Figure 5-10. Create User: IBM Systems Director Navigator for I (1 of 2) OL1914.1
Notes:
IBM Systems Director Navigator for i also provides you with the ability to maintain user
profiles. Your user profile needs security administration (*SECADM) privileges or security
officer (*SECOFR) privilege in order to maintain user profiles. To work with user profiles:
Click IBM i Management to expand the left pane. Click Users and Groups to open the
right pane. Click Create User to create a new user profile.
Figure 5-11. Create User: IBM Systems Director Navigator for I (2 of 2) OL1914.1
Notes:
IBM Systems Director Navigator for i offers the option to create a user profile from a copy of
an existing profile. After clicking OK, the right pane shows the options as we found them in
the IBM i Navigator.
Uempty
Notes:
Privilege class
Based on their privilege class, users can be given privileges that allow certain actions on
system resources. The Capabilities Privileges dialog specifies the privileges for a user or
for a group (and the members of the group).
System privileges
Specifies the system privileges for this user or group. Privileges are required to perform
certain functions on the system. When you are working with a group, the privileges
specified apply to all users who are members of the group.
Notes:
The system privileges (Special authority – SPCAUT as called in 5250 emulation) that
can be specified for a user are:
All object access (*ALLOBJ): The user can access any system resource whether or not
the user has private authority.
Auditing Control (*AUDIT): The user has authority to perform auditing functions. This
authority is granted to users who turn auditing on or off for the system and control the level
of auditing on an object or user.
Job control (*JOBCTL): The user has authority to change, display, hold, release, cancel,
and clear all jobs running on the system or on a job queue or output queue that is operator
controlled. The user also has the authority to start writers and to stop active subsystems.
This authority is usually granted to users who operate the system.
Save/restore (*SAVSYS): The user has authority to save, restore, and free storage for all
objects on the system, whether or not the user has authority to the object. This authority is
usually granted to users who operate the system.
Uempty Security administration (*SECADM): The user can create, change, or delete user profiles,
if authorized to those commands and the user profiles.
Spool control (*SPLCTL): The user can perform all spool functions.
System configuration (*IOSYSCFG): The user has authority to change system I/O
configurations.
System service access (*SERVICE): The user can perform service functions.
The system security level determines what the default special privileges are for each user.
Privilege classes
IBM i
System
Privilege classes
privileges
Security Security System
Programmer User
officer administrator operator
All object access X 20 20 20 20
Auditing control X
Job control X 20 X 20
Save/restore X 20 X 20 20
Security
X X
administration
Spool control X
System
X
configuration
System service
X
access
© Copyright IBM Corporation 2012
Notes:
The table shows the privilege classes (User class in 5250 Emulation) available on the
system. Each class has a default set of system privileges (special authority in 5250
Emulation). The authorities specified under System privileges override the default
privileges for this user or group. When you are working with a group, the privileges
specified apply to all users who are members of the group.
Choices are:
• User: The user's default privileges are save/restore and all object access for security
levels 10 and 20. The user does not get any privileges at other security levels.
• Programmer: The user's default privileges are save/restore, job control, and all object
access for security levels 10 and 20. The user does not get any privileges at other
security levels.
• System operator: The user's default privileges are save/restore, job control, and all
object access for security levels 10 and 20. The user's default privileges are
save/restore and job control at other security levels.
Uempty • Security administrator: The user's default privileges are save/restore, job control,
security administration, and all object access for security levels 10 and 20. The user's
special authority is security administration at other security levels.
• Security officer: The user's default privileges are all object access, save/restore,
auditing control, security administration, system configuration, system service access,
job control, and spool control.
Notes:
Using the Applications tab, you can identify which functions a user or group may access.
Where the access is derived from is also displayed. Access for allows you to select one of
the following categories of applications:
• IBM i Navigator: Includes IBM i Navigator and any plug-in extensions
• Client Applications: Includes all client applications that provide functions on clients
that can be administered through Application Administration
• Host Applications: Includes all applications that reside entirely on the IBM i and
provide functions that can be administered through Application Administration
You can customize access for a user or group to a specific functions. Where the access is
derived from is also displayed.
Access to the functions is restricted as follows:
• Default access: Determines whether the user has default access to the functions when
the user or group is not explicitly allowed or denied access
Uempty • All object access: Defines if a user or group with All Object System privilege is allowed
access to the function
• Customized access: Users with security administration privilege can explicitly allow or
deny access of users or groups to specific functions
There is a set of commands that can be called from a 5250 emulation session. The menu
CMDFCNUSG shows the available commands: WRKFCNUSG, CHGFCHUSG and DSPFCNUSG
commands are available. The Work with Function Usage (WRKFCNUSG) command shows a
list of function identifiers and allows you to change or display specified functions.
Figure 5-16. New User: Capabilities \> Password and Unique Identifier OL1914.1
Notes:
Password tab
Requiring users to change their passwords after a specified length of time reduces the risk
of an unauthorized person accessing the system. The Capabilities Password dialog
specifies the change interval used for the user's password. The number of days the user's
password is valid can be specified in the system value. Also, the number of days can be
specified explicitly or the user's password can never expire.
Select As specified by system value if you want the password expiration setting to match
the specified system value. The QPWDEXPITV (password expiration) system value controls
the number of days a password is valid.
Manage this password locally: When you select this option, the password can be
managed on the local system. This is the recommended setting. This option is available for
systems running V5R4 or later. You cannot change this option if you are viewing this dialog
from Management Central. This field corresponds to the local password management
(LCLPWDMGT) parameter of the CRTUSRPRF and CHGUSRPRF commands.
Uempty Manage this password remotely: When you select this option, the password will not be
managed on the local system. Specifying this value will cause the local i5/OS password to
be set to *NONE. The password value specified in the password parameter will be sent to
other IBM products and options that do password synchronization (for example, Integrated
Server support). The user will not be able to change his or hers own password using the
Change Password (CHGPWD) command. They will not be able to sign on to the system
directly.
Prevent password change (New at V6R1): Specifies the value for blocking password
changes once the password has been successfully changed.
As specified by system value: Specifies that the password uses the specified system
value for password blocking. The QPWDCHGBLK (Block password changes) system value
controls the password blocking.
None: Specifies that no password blocking exists for this user.
Hours after last change (1-99): The number of hours until a password is allowed to be
changed.
Unique Identifier tab
The system uses the user identification (UID) number to identify a user and to verify the
user's authority. For most installations, the best approach is to let the system choose a
unique number for the new user's UID. However, if your system is part of a network, you
may need to assign UID numbers to match those assigned on other systems in the
network. When moving files across systems or managing users across systems, it is very
important that the UID is preserved across systems for a specific user.
• Set the UID to a specific number: If your system is part of a network, you may need to
assign a specific UID number to match those assigned on other systems in the network.
If you specify a UID number, use a number from 1 to 4,294,967,294.
• Let each server choose a unique user identification number (UID): For best results,
let each system generate these numbers. This option is available only when you are
creating a new user.
• Find a unique user identification (UID) number across all selected systems: If you
are adding a new user to an endpoint system or to multiple systems (using
Management Central), you can choose to let the central system find a unique number
based on the inventory across all selected systems.
Two new user profile parameter fields were added in V5R3.
• Local password management (LCLPWDMGT): This parameter specifies whether to
manage the user profile password locally. If you do not want to manage the password
locally, the password value is still sent to other IBM products that do password
synchronization. If you do not manage passwords locally, then the local password is set
to *NONE.
• EIM association (EIMASSOC): This parameter allows you to define Enterprise Identity
Mapping (EIM) identifier associations for the specified user profile for the local registry.
To use this parameter, you specify the EIM identifier, an action option for the
association, the type of identifier association, and whether to create the specified EIM
identifier if it does not already exist.
Uempty
Notes:
Each piece of work in a system is called a job, and each job has a unique name. Jobs can
have values that determine how they are run on the system. These values can be specified
for a user on the Jobs panel, General tab.
Current library: The current library is searched before the libraries in the user portion of
the library list for any objects specified as *LIBL. If the user creates objects and specifies
*CURLIB, the objects are put in the current library.
Job description: When a user signs on, the system looks at the workstation entry in the
subsystem description to determine what job description to use for the interactive job. If the
workstation entry specifies *USRPRF for the job description, the job description in the user
profile is used.
Home directory: Lists the path name of the home directory for this user. The home
directory is the user's initial working directory. If the home directory doesn't exist when the
user signs on, the root directory is used. If you specify a directory path name, use up to
2048 characters.
Notes:
Options on the Session Startup tab include the following:
Display sign-on information:
Indicates whether the sign-on information shows when the user signs on the system. If you
are changing this field, you can specify the system value, to display sign-on information, or
to not display it. Sign-on information includes date of last sign-on, sign-on attempts that
were not valid, and number of days before the user's password expires if the password is
due to be changed.
Number of device sessions a user can have: Indicates the number of device sessions a
user can have.
• As specified by system value: Specifies that the password uses the specified system
value. The QLMTDEVSSN (Limit Device Sessions) system value controls the number of
device sessions.
• No limit: There is no limit specified for the number of device sessions.
• Device sessions (1-9): The number of device sessions that a user can have.
Uempty
Notes:
Options on the Display Session tab include the following:
Attention program: The Attention-key-handling program (ATNPGM) is the program that is
called when the user presses the Attention (ATTN) key during an interactive job.
Limit capability: Lists the limits the user has over the initial program, initial menu, current
library, and the ATTN key handling program values while signed on to an i Series session.
This value is ignored when the security level is 10. If you are changing this field, you can
specify no limit, partial limit, or full limiting of the user's capabilities where the user cannot
change the program, menu, or current library. If specific commands are limited, users
cannot run them from the command line.
In PC-based applications, setting a user profile to LMTCPB(*YES) does not prevent the user
from running a Power System with IBM i command through a tool such as System i
Navigator or Rational Developer for Power Systems Software.
Assistance level: The QASTLVL system value is used to determine the assistance level.
Keyboard buffering: The QKBDBUF system value is used.
User options: Lists the level of detail the user sees and the default function of the Page Up
and Page Down keys when the user is signed on the system. The possible values are:
• No user options: No detailed information is shown. Or one or more of the following can
be specified:
- Show parameter keywords: Parameter keywords are shown instead of the
possible parameter values when a command is displayed.
- Show all details: Detailed information is shown when the user is doing display and
edit options.
• Change direction of rollkey: The actions of the Page Up and Page Down keys are
reversed.
• Do not show status messages: The user sees no status messages.
• Show status messages: The user sees status messages.
• Display help on full screen: Help information is shown on full screen.
• Send message to spool file owner: A message is sent to this user's message queue
when a spooled file for this user is printed or held by the printer writer. The owner of the
spool file receives a message.
Uempty
• The Display Session tab allows you to limit users’ capability to change their
initial program, menu, current library, and attention program and prohibit
them from running most Power System with IBM i commands.
Limit initial
Initial Initial Current Attention Execute
program/menu
program menu library program commands
capabilities
Limit some
No Yes No No Yes
capabilities
Limit capabilities No No No No No
Note: Users can still run commands created or changed with parameter
ALWLMTCPB(*YES).
Notes:
The ALWLMTUSR parameter on commands and Limit Capabilities and Limit some
capabilities do not restrict a user from doing the following:
• Running commands in CL programs that are running a command as a result of taking
an option from a menu
• Running remote commands through applications, such as FTP
The commands allowed by default are DSPMSG, DSPJOB, DSPJOBLOG, and STRPCO,
SIGNOFF, and SNDMSG.
Notes:
Output tab
You can specify the printer used to print the output for this user. Spooled files are placed in
an output queue with the same name as the printer when the output queue (OUTQ) is
specified as the print device (*DEV).
The print device and output queue information from the user profile are used only if the
printer file specifies *JOB and the job description specifies *USRPRF.
International tab
You can specify the name of a message queue for a user. A message queue is an object
on which messages are placed when they are sent to a person or a program. A message
queue is used when a user sends or receives messages. If the message queue does not
exist, it is created when the profile is created or changed. The message queue is owned by
the profile being created or changed.
You can specify the language identifier and country or region identifier to be used by the
system for the user.
Uempty
Notes:
International tab
You can specify the language identifier and country or region identifier to be used by the
system for the user.
The Coded character set ID (CCSID) defines the definitions of the characters Code page
used for the started job.
A locale identifies formatting information that is culturally specific. For a specific cultural
region, this information describes the valid alphabetic characters, collating sequence,
number formats and currency amounts, and date and time formats.
Sort sequence specifies which sort sequence is used for this user's jobs. A sort table may
be associated with a particular language on the system. Possible values are:
• Use system value: Specifies that the QSRTSEQ system value is used.
• Use hexadecimal values: Specifies that the standard hexadecimal sort sequence is
used for this user.
• Use unique-weight table: Specifies that the sort sequence table associated with the
user's language is used. The table must contain a unique weight for each character in
the code page.
• Use shared-weight table: Specifies that the sort sequence table associated with the
user's language is used. The table can contain the same weight for multiple
characters.
• table-name: Specifies the name of the sort sequence table for the user.
Character Control ID preference specifies the character ID control preference for this user's
jobs. Possible values are:
• Use system value: Specifies that the QCHRIDCTL system value is used.
• Use device character ID: Specifies that the device character ID is used.
• Use job CCSID: Specifies that the current job CCSID is used.
Note
Uempty
Notes:
Specifying a group profile name makes the user a member of the group profile. The group
profile can provide the user with authority to use objects for which the user does not have
specific authority. You may specify up to 16 additional groups for the user.
If the user is a member of a group, you use the owner parameter in the user profile to
specify who owns any new objects created by the user. Objects can be owned either by the
user or by the user's first group (the value of the GRPPRF parameter). You can specify the
OWNER field only if you have specified the Group profile field.
If the user profile is a member of a group and OWNER(*USRPRF) is specified, the Group
authority (GRPAUT) field controls what authority is given to the group profile for any objects
created by this user.
Possible values for GRPAUT:
• *ALL: The group profile is given all management and data authorities to any new
objects the user creates
• *CHANGE: The group profile is given the authority to change any objects the user
creates
• *USE: The group profile is given authority to view any objects the user creates
• *EXCLUDE: The group profile is specifically denied access to any new objects created
by the user
When a user creates a new object, the Group authority type (GRPAUTTYP) parameter in
the user's profile determines what type of authority the user's group receives to the new
GRPAUT parameters to determine the group’s authority to a new object.
Possible values for GRPAUTTYP:
• *Private: The authority defined in the GRPAUT parameter is assigned to the group
profile as a private authority.
• *PGP: The group profile defined in the GRPPRF parameter is the primary group for the
newly created object. The primary group authority for the object is the authority
specified in the GRPAUT parameter.
Uempty
Figure 5-24. New User: Personal \> Name, Location, and Mail OL1914.1
Notes:
Mail tab
Mail service level: Specifies the type of mailbox for the Power System with IBM i to use to
store the user's mail. The Mail service level value matches the type of email application
that the user has.
The possible values are:
• User index
• System mailbox
• Lotus Domino
The Power System with IBM i places all mail for the user in the mailbox type that you
specify, regardless of the source of the mail or the type of address that the sender specifies
on the incoming mail.
Preferred address type: Specifies how the Power System with IBM i should format the
address on incoming mail for this user. The possible choices are:
• User ID and address: Used for OfficeVision or JustMail users. A System Network
Architecture distribution service (SNADS) network uses this addressing scheme for
distributing mail.
• SMTP name: Used in an email or Internet network.
• O/R name: Used for an X.400 email network. This value is set only through a 5250
terminal or 5250 emulation session. If you are changing the preferred address type, you
may change this value to another value, but you may not specify this value in the
Preferred address type field.
• Other: Used for configuring other email options that are not part of the Power System
for IBM i support. This value is set only through a 5250 terminal or 5250 emulation
session. If you are changing the preferred address type, you may change this value to
another value, but you may not specify this value in the Preferred address type field.
Note
Addresses: The Personal Mail dialog shows one or more addresses the Power System
with IBM i uses to locate the user when email arrives. The appearance of the following
fields are dependent on the Preferred address type and the Power System with IBM i
configurations.
The possible fields are:
• User ID: For mail users with a Power System with IBM i user profile, the user ID is the
user profile name.
• Address: Identifies the user. The address usually matches the name of the Power
System with IBM i where the user receives mail. When you are using Management
Central to work with users on multiple systems, you can select Use system name to
specify the target system, or you can specify another address.
• System name: Identifies the Power System with IBM i where the user receives mail. If
you are using Management Central to work with users on multiple systems, you can
select Use system name to specify the target system, or you can specify another
system to use as the mail system.
Uempty
Note
If you are viewing the properties of an existing user, you may see the special values *PC
(personal computer) and *ERROR (one system in the network is designated to receive all
unresolved distributions). These values are set only through a 5250 terminal or 5250
emulation session. You may change these values to a system name, but you may not
specify these values in the System name field.
• SMTP name: Specifies the user name for email in an SMTP network, including the
Internet. The system inserts the user profile name if the user is not in the Power System
with IBM i distribution directory. The SMTP name can be a value other than the user
profile name. The SMTP name can be up to 64 characters with no blank spaces
between characters.
• SMTP route: Identifies the route to the recipient's host within an SMTP network.
• Domain: Identifies the user's location within an SMTP network. If you are using
Management Central to work with users on multiple systems, you can select Use
system domain to specify the domain of the SMTP server on the target system, or you
can specify another SMTP server domain.
• Address type: Identifies the type of non-standard email for the user.
• Field name: Defines the non-standard email address for this user. It tells the system
which field in the system distribution directory to use for this user's address.
• Value: Defines the user's address for the Field name.
Notes:
The tables listed in Appendix B of the IBM i Security – Security Reference manual
(SC41-5302-11) list each IBM-supplied profile, its purpose, and any values for the profile
that are different from the defaults for IBM-supplied user profiles. This is the first of multiple
tables that are listed in Appendix B.
Note
IBM-supplied user profiles now includes additional user profiles that are shipped with the
licensed program products. The table includes only some, but not all, user profiles for
licensed program products; therefore, the list is not all-inclusive.
Uempty
Warning
• Password for the QSECOFR profile: You must change the password for the QSECOFR
profile after you install your system. This password is the same for every Power System
with IBM i product and poses a security exposure until it is changed. However, do not
change any other values for IBM-supplied user profiles. Changing these profiles can
cause system functions to fail.
• Authorities for IBM-supplied profiles: Use caution when removing authorities that
IBM-supplied profiles have for objects that are shipped with the operating system.
Some IBM-supplied profiles are granted private authorities to objects that are shipped
with the operating system. Removing any of these authorities can cause system
functions to fail.
User functions
IBM i
Notes:
You can access the details of users' profiles in System i Navigator by right-clicking a
specific user and selecting Properties.
Uempty
Notes:
You can change a user profile using option 2 (Change) from either the Work with User
Profiles display or the Work with User Enrollment display. You can also use the Change
User Profile (CHGUSRPRF) command.
Using IBM i Navigator: Right click the user profile name, and select Properties.
Notes:
Specifies whether you choose not to:
• Delete the user if the user owns objects
• Delete the user and all the objects that the user owns
• Delete the user and transfer ownership of the user’s objects to another user.
If you select to transfer objects, you must then select the user you want to own the
objects. The objects are transferred to the new user regardless of that user's current
authority to the objects.
Scan for Owned Objects: List the objects in the system owned by this user. The output
from this function is quite interesting as it includes objects you know about as well as
internal work objects the system uses for this user while the user is active. A window is
shown for each user or group in the list.
Uempty
Notes:
In IBM i 7.1 the parameters USREXPDATE and USREXPITV have been added to the
CRTUSRPRF and CHGUSRPRF commands.
These parameters cannot be set (yet) using the IBM i Navigator and the IBM Systems
Director Navigator for i interfaces.
USREXPDATE: Specifies the date when the user profile expires and is automatically
disabled.
If a user profile is set to expire, the QSECEXP1 job is scheduled to run nightly.
The following IBM-supplied user profiles cannot specify a user expiration date:
QANZAGENT, QAUTPROF, QCLUMGT, QCLUSTER, QCOLSRV, QDBSHR,
QDBSHRDO, QDFTOWN, QDIRSRV, QDLFM, QDOC, QDSNX, QEJB, QEJBSVR,
QFNC, QGATE, QIBMHELP, QIPP, QLPAUTO, QLPINSTALL, QLWISVR,
QMGTC, QMSF, QNETSPLF, QNFSANON, QNTP, QPEX, QPM400, QSECOFR,
QSNADS, QSPL, QSPLJOB, QSRVAGT, QSYS, QTCM, QTCP, QTFTP,
Note
A value must be specified for this parameter if the User expiration date (USREXPDATE)
parameter has a value of *USREXPITV.
If the USREXPDATE parameter has a value other than *USREXPITV, no value is allowed for
this parameter.
1-366: If the user profile does not have a user expiration date, or the user profile has
expired and the Status parameter is set to *ENABLED, specifies the number of days
between today and the new date when the user profile expires.
If the user profile has not yet expired, the user expiration interval is changed, but the
existing user expiration date is not changed.
Use the Display Expiration Schedule (DSPEXPSCD) command to display a list of all user
profiles set to expire.
Uempty
Notes:
Notes:
Uempty
Notes:
A group profile is a special type of user profile that provides the same authority to a group
of users.
A group profile serves two purposes on the system:
• Security tool: A group profile provides a method for organizing authorities on your
system and sharing them among users. You can define object authorities or special
authorities for group profiles rather than for each individual user profile. A user can be a
member of up to 16 group profiles.
• Customizing tool: A group profile can be used as a pattern for creating individual user
profiles. Most people who are part of the same group have the same customizing
needs, such as the initial menu and the default printer. You can define these things in
the group profile and then copy the group profile to create individual user profiles.
You create group profiles in the same way that you create individual profiles. The system
recognizes a group profile when you add the first member to it. At that point, the system
sets information in the profile indicating that it is a group profile. The system also generates
a group identification number (GID) for the profile. You can also designate a profile as a
group profile at the time when you create it by specifying a value in the GID parameter.
Uempty
Notes:
New Group
IBM i
Notes:
Here you can see that under My Connections > Users and Groups, all users are grouped
for viewing according to all users, groups, users not in a group.
At the container level you see the menu options available.
Select Open or Explore to see the list of groups.
Select New Group to create a new group on that system.
You can use the Include option to control which of the possible groups within each
container you can work. All is the default.
Uempty
Notes:
Click the New Group Capabilities button in order to designate the privilege class and
system privileges for a group profile.
Notes:
The user identification (UID) and group identification (GID) numbers identify the group to
the system. For best results, let each system choose a unique number for the UID and GID
of the new group. However, if your system is part of a network, you may need to assign
specific UID and GID numbers to match those assigned on other systems in the network.
When moving files across systems or managing users across systems, it is very important
that the unique identifiers are preserved across systems for a specific group.
If you are viewing the properties of a group from the group inventory on an endpoint system
(using Management Central), you cannot make any changes to the group settings. To
make changes, you can right-click the group in the list and select Edit.
Uempty
Group functions
IBM i
Notes:
Right-click a group profile in order to perform group profile tasks such as displaying
objects owned by the group, copying the group profile, deleting the group profile or viewing
and changing group profile attributes.
Deleting a group
IBM i
Notes:
You can specify a primary group for an object. The name of the primary group profile and
the primary group's authority to the object are stored with the object. Using primary group
authority may provide better performance than private group authority.
You can change these authorities either through System i Navigator panels or through
command parameters.
The GRPAUTTYP parameter in a user profile can be used to make the user's group the
primary group for the object. Use the CHGOBJPGP or WRKOBJPGP commands to specify the
primary group for an object. You can change the authority the primary group has by using
EDTOBJAUT or the GRTOBJAUT or RVKOBJAUT commands.
You cannot delete a group profile if it is the primary group for any objects.
Uempty
Notes:
Figure 5-40. Topic 3: Management Central and working with profiles OL1914.1
Notes:
Uempty
• Create user
– Use definition
• Template
– Create similar users based on the original
• Create, edit, copy, and delete users and groups
– Scan for owned objects
– Schedule those actions
• Send users or groups from one system to multiple systems
– Names
– Passwords
– Security settings
– Authorities
– Enterprise Identity Mapping (EIM)
– Mail options
• Integrated with inventory
– Schedule collection
– Search Manage across multiple systems
– Export
Notes:
You can now manage your users and groups across multiple systems using Management
Central:
• Create a user definition and then create multiple users across multiple systems based
on the definition. Create user definitions for the types of users on your system. Then,
when a request comes in for a new user, all special authorities, attributes, and other
information common to that type of user are already there. You can even specify a
command to be run after a user is created from a user definition.
• Create, edit, and delete users and groups across multiple endpoint systems or system
groups--and even schedule these actions. For example, use the Edit Users function to
change the properties for one or more users on the selected endpoint systems or
system groups. This is useful if, for example, you need to change the authority level for
several users on multiple systems, or, if a user who has access to multiple systems
changes his or her name, you can easily edit that information and apply the change to
all systems.
• Scan for owned objects to find out what objects a user or group owns across multiple
endpoint systems or system groups, and even scan owned objects for multiple users
simultaneously.
• Collect an inventory of the users and groups on one or more endpoint systems, and
then view, search, or export that inventory to a PC file. Extensive advanced search
capabilities are provided for easy searching. For example, you can search the inventory
for all users who have Security Officer privileges, as well as query other profile
properties. Columns are sortable, so when you view user or group inventory, you can
click on the column headings to organize the information how you want it.
• Send users and groups from one system to multiple endpoint systems or system
groups. Unlike the Copy action, the Send function copies as many user properties as
possible to the target systems, including the user name and password, security
settings, authorities, and mail options.
Note
All i5/OS special authorities and other authorities that are needed when working with users
and groups through a 5250 emulation screen are honored when managing users and
groups with Management Central. This includes security administration (*SECADM)
privileges and authority to the profiles with which you are working.
Uempty
Notes:
Using Management Central, you can choose to perform functions against a single system
at a time when you choose an ‘endpoint' system.
Also under Management Central, you have the option to perform functions against a
system group, which means you would be performing the selected function or activity
against all of the systems that are part of the defined group. In other words, you perform
the operation one time, but in fact it is performed on multiple systems!
The functions that can be performed are:
• New User
• New Group
• Edit User
• Edit Group
• Delete User
• Delete Group
Uempty
• Management Central
– Definitions
• User
• Template to create users
Notes:
When creating a new definition, the User name, Password, Groups, and Networks
options are disabled because those fields are not generic: they are unique to the individual
user you create and the systems you want to create that user on.
When editing user settings for a definition, the unique identifier (UID) cannot be set to a
specific number as you can do when creating a new user. The unique identifier is
accessible from the Capabilities button. You can let each server choose a unique number
or let the central system find a unique number based on the inventory across all selected
systems. The default setting is to allow each server to choose a unique number for a new
user's UID.
The UID is used to ensure that each user is unique. When managing users across
systems, it sometimes becomes very important that this ID is preserved across systems for
a specific user. The UID number is another way of identifying a user to a program. For
example, the UID number is used by programming interfaces in the Integrated File
Systems environment. The UID also becomes critical when sending users across multiple
systems as the UID numbers of the users being sent may need to be synchronized.
When creating a user over multiple systems, the administrator needs the ability to decide
what mail system to use. The System Name on the Mail page of Personal properties has
been updated to be a drop-down combo box. The default is Use system name, but a
specific system name could be typed in.
Uempty
Notes:
On the Actions tab of a new user definition, you can specify a command to be run on the
target system. The command is stored in the user definition and is run when a user is
created from the definition. This can be any command that can be used in the batch
environment. You cannot run an interactive command.
The command is run under the authority of the administrator who is creating the user. If any
objects are created by the command (such as a library and job description), these objects
are owned by the administrator. If the objects should be owned by the new user, the
administrator must run another command to change object ownership. Thus, if you typically
create several objects for a new user, you can specify your CL program with this
information, and these objects will be automatically created at the same time the user is
created.
Note
Some commands, such as Submit Job (SBMJOB), cause a job to run on the target system
after the user is created successfully. If the user definition includes such a command, you
should check the job log of the submitted job after the create user operation has completed
to make sure the submitted job also ran successfully. To find the qualified name of the
submitted job, display the status of the create task under Task Activity->Users and
Groups, select Task Output, and open the job log for the create task.
Hint
Wildcards like CRT* can be used so that when Prompt is selected, all commands
beginning with CRT are listed.
Uempty
• Properties specified
when creating
definition
– Personal
– Capabilities
– Job defaults and
attributes
• Ability to change
properties when
creating user
Notes:
Notes:
Uempty
Notes:
When you connect to a system that appears under the My Connections branch, you are
establishing a direct connection from your PC to that system. Notice that when you click
ALL Users, the data listed consists of the names of the user profile and the description.
There is no additional data that can be displayed.
Notes:
When you compare the information being displayed on the previous page to the
information displayed on this page, you will notice that you have access to a lot more
information about a user through the Display User Inventory branch.
You can also customize the information being displayed and request that additional
columns of data to be displayed when this function is selected. To call up the Columns
panel, highlight User Inventory, and click View > Customize this view > Columns.
You also have the option to export inventory information to your PC, and, in the process,
you can specify how the data is to be formatted. You can choose to reformat your data into
the following formats:
• ASCII tab delimited text (*.txt)
• Unicode table delimited text (*.txt)
• Comma separated variable (*.csv)
• Web page (*.html)
• Microsoft excel (*.xls)
• Lotus123 compatible (*.csv)
Uempty
Notes:
• The service tools user IDs are used for both SST and DST.
Notes:
Use of Start Service Tools (STRSST) command from a 5250 workstation can also be
defined to permit DST-like user ID/password and individual privilege grant/revoke
functions. Any use of SST requires signing on as a service tools user. We recommend you
create at least two service tools user profiles/passwords in addition to those supplied with
IBM i. Use these additional user profiles to do any of these functions. That way, you do not
accidentally disable the service tools profile supplied by IBM.
Since V5R3, it possible to access disk management functions with IBM i Navigator. These
are functions that are accessed through service tools and will require that you sign on with
your service tools user ID and password. The functions that can be accessed include:
• Display disk configuration
• Add unassigned disk units to an auxiliary storage pool (user ASP or new Independent
ASP)
• LPAR configuration and management
Uempty IBM i Navigator use of disk management or LPAR configuration and management also
requires IBM i Navigator Application Administration to explicitly be specified to permit
access. The command to be processed to Add Service Table entry is:
ADDSRVTBLE SERVICE('as-sts') PORT(3000) PROTOCOL('tcp') TEXT('Service Tools
Service') ALIAS('AS-STS')
In order to activate this new service, you will need to end TCP on your system then restart
it. To do this, issue the End TCP (ENDTCP) and then Start TCP (STRTCP) command.
Notes:
Service profiles which are created by the administrator have limited privileges. It is
necessary to explicitly grant authority for any additional functions required by the user. Any
service tools user profiles created by the administrator are able to access DST or SST.
Authorized users could previously access any service tool on the system if they had a valid
password and user ID. Users who needed access to only one tool could access all tools.
This posed a potential security risk.
Starting with V5R1, the OS delivered a number of new SST management functions. When
used with the existing functions, they provide a comprehensive toolkit with which the
administer may manage service tool operations.
Beginning with V5R2, it is now manage and create service tools user IDs from SST by
selecting option 8 (Work with service tools user IDs) from the main SST display. You no
longer need to go into DST to reset passwords, grant or revoke privileges, or create service
tools user IDs.
Uempty
Notes:
Perform the following steps to create a service tools user ID:
1. Start SST.
2. Sign on to SST using your service tools user ID and password.
3. When the System Service Tools (SST) main menu appears, select option 8 (Work with
service tools user IDs and devices).
4. From the Work With Service Tools User IDs And Devices display, select option 1
(Service tools user IDs).
5. Type 1 (Create) on the Service Tools User IDs display, type the new service tools user
ID in the field provided, and press Enter. The Create Service Tools User ID display
appears.
Notes:
The Work with Service Tools User IDs screen lists the system service tool users and allows
the following options/actions: 1= Create, 2 = Change password, 3 = Delete, 4 = Display, 5 =
Enable, 6 = Disable, 7 = Change privileges, 8 = Change description.
Uempty
QSECOFR terminology
IBM i
Notes:
Notes:
Uempty
Changing DST passwords: Manual mode
procedure
IBM i
Notes:
Notes:
Uempty
SST option 7: Allow change of security-related
system values
IBM i
Figure 5-58. SST option 7: Allow change of security-related system values OL1914.1
Notes:
System service tools (SST) and dedicated service tools (DST) provide an option that allows
you to prevent changes to a variety of security-related system values. If the value of the
Allow system value security changes option is set to NO, the system values cannot be
changed by using the Change system value (CHGSYSVAL) command (or any other user
interfaces).
Checkpoint (1 of 3)
IBM i
Notes:
Uempty
Checkpoint (2 of 3)
IBM i
Notes:
Checkpoint (3 of 3)
IBM i
7. The maximum number of group profiles that a user can belong to is?
a. 16
b. 32
c. 64
d. *NOLIMIT
8. True or False: With Management Central you can send a user profile
to other systems in your network.
10. True or False: I can recover the QSECOFR service tool profile by
signing on with the IBM i QSECOFR profile and using the CHGDSTPWD
command.
© Copyright IBM Corporation 2012
Notes:
Uempty
Unit summary
IBM i
Notes:
References
SC41-5302-11 IBM i Security - Security Reference 7.1
IBM Publications Center:
http://www.elink.ibmlink.ibm.com/publications/servlet/pbi.wss?CTY=US
IBM infocenter for i:
http://publib.boulder.ibm.com/iseries/
Uempty
Unit objectives
IBM i
Notes:
Security components
IBM i
People Objects
(users) (resources)
Individual
User profiles
objects
System values
Notes:
There are three components used to implement security on this system. The operating
system continually checks system values, user profiles and objects as it receives requests
from users to determine if that user will be allowed to access the object in question.
In this unit we will discuss user and group profiles and how you use these to customize the
capabilities and what authority users will have once they are signed on to the system. We
will also look at the capabilities provided by Management Central in relation to working with
users on the system.
Uempty
Notes:
User-owned objects
IBM i
Notes:
Uempty
Notes:
You can specify a primary group for an object. The name of the primary group profile and
the primary group's authority to the object are stored with the object. Using primary group
authority may provide better performance than private authority granted to a group profile.
Only a user profile with a group identification number (GID) can be the primary group for an
object. Primary group authority is not considered private authority.
You can change these authorities either through IBM i Navigator panels, IBM Systems
Directory Navigator for i panels, or through command parameters.
The GRPAUTTYP parameter in a user profile can be used to make the user's group the
primary group for the object. Use the CHGOBJPGP or WRKOBJPGP commands to specify the
primary group for an object. You can change the authority the primary group has by using
EDTOBJAUT or the GRTOBJAUT and RVKOBJAUT commands.
QDFTOWN
IBM i
Notes:
Uempty
Notes:
Authority means the type of access allowed to an object. Different operations require
different types of authority.
All objects have public authority. This is the authority you get when you do not have any
other authority to the object. Public authority can be *EXCLUDE, which implies that the
public (all user profiles that do not have *ALLOBJ special authority) is excluded from an
object, unless in one or the other way special authority is granted.
System values
QCRTAUT: *CHANGE
Library PAYLIB
CRTAUT: *SYSVAL
AUT(*LIBCRTAUT)
Notes:
Every library has a parameter called CRTAUT (create authority). This parameter determines
the default public authority for any new object that is created in that library. When you
create an object, the AUT parameter on the create command determines the public
authority for the object. If the AUT value on the create command is *LIBCRTAUT, which is
the default, the public authority for the object is set to the CRTAUT value for the library.
The QCRTAUT system value is used to determine the public authority for a newly created
object if the following conditions are met:
• The create authority (CRTAUT) parameter for the library of the new object is set to
*SYSVAL
• The new object is created with public authority (AUT) of *LIBCRTAUT
The default value for the QCRTAUT system value is *CHANGE. This may introduce a higher
authority level to new objects than actually needed. However, prior to V5R3, changing this
system value to *USE or *EXCLUDE caused problems for some objects, such as
automatically created device descriptions. In V5R3, the default value for the AUT parameter
Uempty has changed from *LIBCRTAUT to *CHANGE on several CRT commands for line, controller,
and device description. This solves the problem with public authority of automatically
created configuration objects we had prior to V5R3.
Exclude
Operational Read
Management Add
Existence Update
Alter Delete
Reference Execute
Authorization list
© Copyright IBM Corporation 2012
Notes:
Authority to an object is divided into three categories:
1. Object authority defines what operations can be performed on the object as a whole.
2. Data authority defines what operations can be performed on the contents of the object.
3. Field authority defines what operations can be performed on data fields. Field
authorities (Reference and Update) are supported through the SQL statements GRANT
and REVOKE. You can display these authorities through DSPOBJAUT and EDTOBJAUT.
Uempty
Permission Definition
Look at the description of an object and use the object as determined by the
Operational
data authorities the user has.
(*OBJOPR)
To open a file, the user must have *OBJOPR
Authorize users to the object, move or rename the object, and add members
Management
to database files.
(*OBJMGT)
All functions defined for *OBJALTER and *OBJREF.
Existence Change ownership and delete the object, free storage for the object, and
(*OBJEXIST) perform save and restore operations for the object.
Add, clear, initialize, and reorganize members of database files, alter and add
Alter
attributes to database files, add and remove triggers, and change attributes of
(*OBJALTER)
SQL packages.
Reference
Specify database file as the parent in a referential constraint.
(*OBJREF)
Authorization list
Add and remove users and their authorities from an authorization list.
(*AUTLMGT)
Notes:
Notice that authorization list management authority may not be specified for the public at
the time of creation of the object. For some objects, such as files and programs, public
authority may be controlled by specifying the name of an authorization list.
Data permissions
IBM i
Permission Definition
Read
Display the contents of an object, such as viewing the records in a file.
(*READ)
Update
Change entries in an object, such as changing records in a file.
(*UPD)
Execute
Run a program or search a library or directory.
(*EXECUTE)
Exclude
Object access prevented.
(*EXCLUDE)
Notes:
Exclude is a specific authority. The absence of a specific authority does not mean the
access is excluded. It means that an authority is found elsewhere, according to the
authority checking process.
Field authorities (Reference and Update) are supported through SQL statements GRANT
and REVOKE. You can display these authorities through DSPOBJAUT and EDTOBJAUT.
Uempty
All X X X X X X X X X X
Change X X X X X X
Use X X X
Exclude
Notes:
Certain sets of object and data authorities are commonly required to perform operations on
objects. You can specify these system-defined sets of authority (*ALL, *CHANGE, *USE)
instead of individually defining the authorities needed for an object.
*EXCLUDE authority is different than having no authority.
Figure 6-13. Specifying specific authority for objects in the integrated file system OL1914.1
Notes:
*RWX: The users are given *RWX authority to perform all operations on the object except
those limited to the owner or controlled by object existence, object management, object
alter, and object reference authority. The user can change the object and perform basic
functions on the object. *RWX authority provides object operational authority and all the data
authorities.
*RX: The users are given *RX authority to perform basic operations on the object, such as
run a program or display the contents of a file. The user is prevented from changing the
object. *RX authority provides object operational authority and read and execute
authorities.
*RW: The users are given *RW authority to view the contents of an object and change the
contents of an object. *RW authority provides object operational authority and data read,
add, update, and delete authorities.
*WX: The users are given *WX authority to change the contents of an object and run a
program or search a library or directory. *WX authority provides object operational authority
and data add, update, delete, and execute authorities.
Uempty *R: The users are given *R authority to view the contents of an object. *R authority provides
object operational authority and data read authority.
*W: The users are given *W authority to change the contents of an object. *W authority
provides object operational authority and data add, update, and delete authorities.
*X: The users are given *X authority to run a program or search a library or directory. *X
authority provides object operational authority and data execute authority.
*EXCLUDE: Exclude authority prevents the user from accessing the object.
*AUTL: The public authority of the authorization list specified in the AUTL parameter is used
for the public authority for the object.
Notes:
Uempty
Notes:
The File Systems function in IBM i Navigator consists of the Integrated File System (IFS)
as well as IBM i NetServer File Shares. The IFS allows you to work with the files and
folders on the Power System with IBM i. File Shares shows the IBM i NetServer file shares.
The Open IBM i NetServer option in the File Share context menu opens up a separate
window, which allows you to work with the IBM i NetServer. The functions were previously
discussed during Unit 2. Now we review setting up and editing the file system object
permissions.
Setting up and editing permissions of file system objects
You can grant or revoke permissions on file system objects to restrict users from accessing
them. You can view or change the current permission settings of a file or folder by
right-clicking the file/folder and selecting Permissions from the context editor.
Notes:
The Permissions panel is used to:
• Specify individual access authority or permissions
• Specify the authorization list that will manage authorities for this object
• Define who is designated as the owner of this object
• Define if this object authority is controlled through a primary group
• Define the default public authority for newly created objects
• Define the specified object, data and where applicable column authority to this object
On this panel, you can click Add to add a user to the list of who is authorized to this object.
Uempty
Notes:
This visual shows the System i Navigator permission screens for adding or removing users
and the permission allowed those users.
Permission: Customize
IBM i
Notes:
Shown are the System i Navigator screens for specifying detail permission for users and
objects. Besides the standards of *USE, *CHANGE, *ALL and *EXCLUDE, custom
permission is also available.
Uempty
Notes:
You can group objects with similar security requirements using an authorization list. An
authorization list, conceptually, contains a list of users and the authority that the users have
to the objects secured by the list. The authorization list is explained later in the unit.
Notes:
System i Navigator also allows designation of a primary group profile.
Uempty
None found
None found
Object *Public: This is used when
Authorization list no authority is found for
user or groups.
Insufficient
Adopted profile Adopted profiles: These are
All object authority used when authority is
Private authority insufficient.
Authorization list
Notes:
The system goes through a permission search order.
Notes:
Uempty
Authorization list
IBM i
Name: AUTL1
Owner: USER3
LIBA LFILEB
User authority:
*PUBLIC Exclude
USER1 Use
USER2 Change
USER4 All
USER5 Change PROGD
PFILEC
Notes:
A user in an authorization list has the same authority to each of the objects controlled by
the authorization list. Notice that different users may have different authority to these
objects.
In order to add or remove objects to an authorization list, or to add or remove users to an
authorizations list, authorization list management rights must be defined for the user profile
which is making these changes.
Setting up an authorization list requires three steps:
1. Creating the authorization list.
2. Adding users to the authorization list.
3. Locating each individual object and specifying that it is secured with the authorization
list.
Notes:
Authorization lists
The Authorization list function is used to:
• Create, delete, display, or change authorization lists
• Add, change, or remove users from the authorization lists
• Change the owner and primary group of an authorization list
• Display objects secured by the authorization list
This function is equivalent to using the CRTAUTL, DLTAUTL, ADDAUTLE, CHGAUTLE, and
RVMAUTLE commands.
Uempty
Note
To create a new authorization list, select Security, right-click Authorization Lists, and
then select New Authorization List from the context menu.
Notes:
To work with an authorization list, either double-click the desired authorization list or
right-click and select Open from the context menu.
From this interface, you can review the object location, object type, owner, and primary
group and list the objects secured by the authorization list; add new users or groups to the
authorization list; or change the owner or primary group.
The Basic and Details views display the permissions allowed by the authorization list. The
Basic view displays the user or groups permission to authorization list management
authorities. These authorities are Use, Change, All, and Exclude. The Details view displays
the users or groups object permissions (Operational, Management, Existence, Alter and
Reference) and data permissions (Read, Add, Update, Delete, and Execute).
To work with the authority that user's have to the authorization list, you must have
authorization list management 9*AUTLMGT) authority, as well as the specific authorities you
are granting.
Uempty
Notes:
You cannot change the Secured Objects list from the Secured Objects button. You can
only list the objects secured by the authorization list. To change the secured objects list,
you must modify the object to be secured to use the desired authorization list.
Notes:
Shown are the System i Navigator screens for securing an object with an authorization list.
Uempty
Notes:
Group profile
Notes:
Authorization lists and group profiles both give multiple users access to multiple objects.
Uempty
Notes:
Authorization lists are best used when users have different authorities to the same objects.
Group profiles are best used when users have the same authorities to the same objects.
Notes:
Uempty
Notes:
Column-level security
IBM i
Notes:
Currently the user OL50GRP has some permission to the file QCUSTCDT.
Using the SQL GRANT command, the user OL50GRP will be granted update authority to
the credit limit (CDTLMT) field in the QCUSTCDT file.
Uempty
Notes:
Column-level security in DB2 universal data base (UDB) for IBM i provides an easier and
more flexible way to control access to columns in the database tables. It is a way of using
the system security functions to restrict users from certain columns in a table.
Two authorities are supported:
• Reference is the ability to grant reference authority to certain columns of a table or
physical file such that those columns can be referred as parent keys in a referential
constraint. Those columns that have not been granted reference authority, cannot be
referred as parent keys.
• Update is the ability to grant update authority to certain columns of a database file such
that those columns can be updated during database I/O. Those columns that have not
been granted update authority cannot be updated while performing database I/O.
Column-level security support can be defined using the SQL statements GRANT and
REVOKE. There is no native i5/OS command to achieve the same function. The CL
command DSPOBJAUT is used to display the column-level authorities defined on a file.
Granting column-level authorities to a user is really giving that user update authority to the
table and then restricting the columns that can be updated in the table.
To be able to update a column, a user must have authority to the columns being updated if
column level authorities exist.
Uempty
Notes:
The enforcement of Column-level security is done primarily during the update operation on
the file. The update operation fails when an update is attempted on columns that restrict
the update operation.
There is no new enforcement during open of the file. Implementation gives the user some
object authority when column level authority is granted so normal object level authority
processing occurs.
The column level authorities are stored in the database file object and are managed by
DB2 UDB for i5/OS.
Object authorities are stored in the user profile and managed by the system security
manager.
Column level authorities still work with all system security components like group profiles
and program-adopted authority.
Column-level authorities cause a small percentage growth in the size of the database file
object.
Column-level authorities are no longer needed once a user is given the appropriate
object-level authority. For example, if a user is given update authority to just the first
column in a table and later given an update authority at the table level, the column level
authority defined for the first column is no longer needed, and it is removed. The system
eliminates column-level authorities when the user is granted authority to all of the columns
of the table. This is done to avoid an overhead in the checking of authorities.
Since the column authorities are stored with the file, when you restore the user profile, it will
not restore the column level rights. In a recovery situation, when a file with column level
authorities are restored, there are a couple of options:
• You must grant user authority to one column to have DB2 reactivate all column level
authorities for that user.
• Use RSTAUT CL command as part of the recovery process to have database reactivate
column level authorities.
To be able to grant column-level authorities, the user needs *EXECUTE authority on the
library and *OBJMGT on the table or column, in addition to the data right (Update,
Reference) being granted on the column.
Uempty
Notes:
Adopted authority (1 of 3)
IBM i
Notes:
Uempty
Adopted authority (2 of 3)
IBM i
Notes:
DSPPGM
IBM i
Notes:
User profile (USRPRF):
Specifies whether the authority checking done while this program is running should include
only the user who is running the program (*USER) or both the user who is running the
program and the program owner (*OWNER). The profiles of the program user or both the
program user and the program owner are used to control which objects can be used by the
program, including the authority the program has for each object. Only the program owner
or a user with QSECOFR authority can change the user profile attribute.
Note
*USER: The program runs under the user profile of the program's user.
Uempty *OWNER: The user profiles of both the program owner and the program user are used
when the program is run.
Use adopted authority (USEADPAUT):
Specifies whether program adopted authority from previous programs in the call stack will
be used as a source of authority when this program is running.
*SAME: The use adopted authority attribute does not change.
*YES: Program adopted authority from previous call levels is used when this program is
running. If an authorization list is specified for the QUSEADPAUT system value and the
user is not authorized to that authorization list, *NO is used.
*NO: Program adopted authority from previous call levels is not used when this program
is running.
The USEADPAUT value can be changed with the CHGPGM command. It defaults to a value of
*YES when the program is created.
QUSEADPAUT system value:
Defines which users can create programs with the use adopted authority
(*USEADPAUT(*YES)) attribute.
QUSEADPAUT defaults to *NONE. All users can create, change, or update programs and
service programs to use adopted authority if the user has the necessary authority to the
program or service program.
QUSEADPAUT can also contain the name of an authorization list. The user's authority is
checked against the authorization list. If the user has at least *USE authority to the named
authorization list, the user can create, change, or update programs or service programs
with the USEADPAUT(*NO) attribute. This authority cannot come from the adopted authority.
*PGM: PGM1
Owner: OFCMGR
*FILE : FILE1
USRPRF (*OWNER)
OFCMGR: *CHANGE
USER01: *OBJOPR
*PUBLIC : *EXCLUDE
*EXECUTE
Notes:
All of the owner's authority is adopted by a user while PGM1 is in the user's program
invocation stack.
Warning
A user should not be allowed to adopt the authority of QSECOFR and be able to get to a
command line unless such is intended.
Adopted authority is ANDed with any specific authority the user already has to an object or
objects.
Uempty
PGM3
Owner: QPGMR User plus OFCMGR
User profile: *USER plus QSECOFR
PGM4
Owner: OFCMGR User plus OFCMGR
User profile: *OWNER
Use adopted AUT: *NO
Notes:
In addition to the above flowchart, consider special authority:
Although it is not part of the above authority checking process, a user may be authorized to
perform a function through a special authority. The special authority could come from the
user profile or adopted profiles.
Adopted authority (3 of 3)
IBM i
Security considerations
M. HONEST A. CROOK
HONEST CROOK
PROG1
PROG2 SECURE
PROG2 FILE
Notes:
Since adopted authority is transferred through a call, a person with bad intentions can use
these by manipulating the library list. If a user can change the sequence of libraries on the
library list, or add additional libraries to the list, the user may be able to perform functions
that break security requirements.
• All special and private authorities are adopted.
• Allowing a program to run under the owner's user profile is an intentional release of
control, which may allow unanticipated access to objects.
• If a program is created again using REPLACE(*YES) from a CRTxxxPGM command,
the new copy of the program uses the value for the USRPRF and USEADPAUT
parameters from the replaced program.
• The adopt function is additive for all programs in the program stack. For example, if a
primary program adopts the owner's authority, any secondary programs that are
created with USRPRF(*USER) still operate under the owner's authority of the primary
program.
Uempty • A program using adopted authority operates under the owner's authority in addition to
the user's authority. If the user has authority and the program owner is excluded,
access is allowed.
• If a program that uses adopted authority submits a job, that submitted job does not have
the adopted authority of the submitting program.
• If the job is running with program-adopted authority and the owner of the program is a
member of a group profile, the authority of the owner's group profile is not used.
• The adopted authority is not used if one of the following events occur:
- System Request key pressed
- ATTN key pressed, including TFRGRPJOB
- Break message handling program takes control
- DEBUG facilities take control of the job
Notes:
Uempty
• Should perform only the function the user does not have authority to do
and return.
• This provides the ability to restrict direct object access but allow access
through applications.
Notes:
Authority checking (1 of 2)
IBM i
Sufficient
Fast path for object authority
Authorized
Insufficient
User’s authority: Exit this box immediately when
any authority is found.
Insufficient *ALLOBJ? Sufficient
Is owner and has some authority?
Fast path for user authority? Authorized
Private authority?
Authorization list?
No authority found
Group’s authority: Exit this box immediately for this group
when any authority is found.
Insufficient *ALLOBJ? Sufficient
Is owner and has some authority? ADDITIVE
Primary group (if group is primary group) Authorized
Authority? ADDITIVE
Private authority? ADDITIVE
Authorization list? ADDITIVE
(Repeat above if more groups.)
No authority found
Public authority Sufficient
If *PUBLIC=*AUTL, get public from authorization list.
Authorized
Otherwise use public authority stored with object.
Insufficient
Adopt
© Copyright IBM Corporation 2012
Notes:
When a user attempts to perform an operation on an object, the system verifies that the
user has adequate authority for the operation. The system first checks authority to the
library or directory path that contains the object. If the authority to the library or directory
path is adequate, the system checks authority to the object itself. In the case of database
files, authority checking is done at the time the file is opened, not when each individual
operation to the file is performed.
During the authority-checking process, when any authority is found (even if it is not
adequate for the requested operation), authority checking stops, and access is granted or
denied. The adopted authority function is the exception to this rule. Adopted authority can
override any specific (and inadequate) authority found.
Uempty
Authority checking (2 of 2)
IBM i
Adopt
No
Does program adopt?
Yes
Program OWNER'S AUTHORITY. Exit
this box immediately when any authority is found.
*ALLOBJ? Sufficient
Is owner and has some authority? ADDITIVE Authorized
Insufficient
Yes Current program: USEADPAUT(*YES)
More programs in stack? Next program.
No
No
Does program adopt?
Yes
Program OWNER'S AUTHORITY. Exit this
box immediately when any authority is found.
Private and primary group authority? ADDITIVE Sufficient
Authorized
Authorization list? ADDITIVE
Insufficient
Notes:
Adopted authority could override specific, inadequate authority, if used.
Notes:
Uempty
Security example (1 of 3)
IBM i
Notes:
This class exercise depicts a security example with several users, group profiles, objects
and authorization lists. You are to answer questions about users and their access to
programs and objects and how the system would allow or not allow users to access
objects.
Security example (2 of 3)
IBM i
a. Is the user authorized to run the program and access the file without a
security message?
b. What authority did the user get for files X, Y, and Z?
c. From where did the user get his/her authority?
d. How would the following change the table:
– CHGPGM PGM(PGM3) USRPRF(*OWNER)
d. PGM3-Z
PGM1 - X PGM2 - Y PGM3 - Z
USRPRF(*OWNER)
Notes:
These are questions for the class exercise:
A) Is the user authorized to run the program and access the file without a security
message?
B) What authority did the user get for Files X, Y and Z?
C) From where did the user get his/her authority?
D) If PGM3 is changed to use adopted authority, how would authority be affected?
Uempty
Security example (3 of 3)
IBM i
d. PGM3-Z
PGM1 - X PGM2 - Y PGM3 - Z
USRPRF(*OWNER)
a. No No Yes
Bill b. *USE *USE *CHANGE Same
c. *PUBLIC-Object *PUBLIC-*AUTL *PUBLIC-Object
a. No No Yes
Cathy b. *USE *EXCLUDE *ALL Same
c. User-Private User-*AUTL Group-Specific
a. Yes No No Yes
David b. *ALL *USE *USE *ALL
c. Group-Specific Group-*AUTL User-Private Adopted DEPT03
Notes:
Here are the answers to the questions in the class exercise.
Uempty
Exercise: Working with object authority and
adopted authority
IBM i
Figure 6-51. Exercise: Working with object authority and adopted authority OL1914.1
Notes:
Checkpoint (1 of 3)
IBM i
2. True or False: The name of the primary group and its authority to the
object are stored in the object header.
5. True or False: Read, add, and update are authorities that can be
specified to the object management authority for a specific object.
Notes:
Uempty
Checkpoint (2 of 3)
IBM i
7. The very first thing that a system checks when determining if a user is
allowed to access an object is:
a. Group authority
b. Authorization list
c. Private authorities
d. All object access
Notes:
Checkpoint (3 of 3)
IBM i
Notes:
Uempty
Unit summary
IBM i
Notes:
References
SC41-5302-11 IBM I 7.1 Security - Security Reference (chapter 3)
IBM Publications Center:
http://www.elink.ibmlink.ibm.com/publications/servlet/pbi.wss?CTY=US
IBM InfoCenter for i:
http://publib.boulder.ibm.com/iseries/
Unit objectives
IBM i
Notes:
Uempty
• Why?
– Keep system at planned security level
• How?
– Implement at any security level or
– Use system functions
• DSPUSRPRF
• DSPOBJAUT
• DSPPGMADP
Notes:
People audit their system security for several reasons:
• To evaluate whether the security plan is complete
• To make sure that the planned security controls are in place and working
• To make sure that system security is keeping pace with changes to the system
environment
• To prepare for a future event, such as installing a new application, moving to a higher
security level, or setting up a communications network
• Save/restore information
• Authorization failures
• Deleted objects
Notes:
All events can be journaled, or you may select the ones you want.
Your journal receiver should not be deleted from the system until the information is saved to
tape media.
Uempty
Levels of auditing
IBM i
Notes:
The security audit journal is the primary source of auditing information on the events that
occur on the system.
Starting with V5R4, intrusion detection was added as an auditable event. Intrusion
detection involves gathering information about unauthorized access, attempts, and attacks
coming in over the TCP/IP network. Security administrators can analyze the auditing
records that intrusion detection provides in order to secure the IBM i network from these
types of attacks.
Notes:
Uempty
An effective strategy
IBM i
• Endorsed by management
• Communicated to employees
• Enforceable
• Periodically reexamined
Notes:
Event monitoring
IBM i
Notes:
Uempty
Notes:
Security messages are in the range 2200 to 22FF. They have prefixes CPI, CDF, CPD and
CPA.
However, logging information to the audit journal provides better system performance and
more complete information about these security-related events than the QHST log. The
QHST log should not be considered a complete source of securing violations. Use the
security audit functions instead.
CHGSYSVAL SYSVAL(QAUDCTL)
VALUE(*NONE) (*OBJAUD *AUDLVL *NOQTEMP)
Notes:
The journal QAUDJRN must exist in library QSYS in order to change this system value to a
value other than *NONE. The journal QAUDJRN cannot be deleted or moved from the QSYS
library until the system value is changed to *NONE.
• QAUDLVL: Security auditing level controls the level of auditing on the system. The
system audits functions that can affect security. QAUDLVL default value is *NONE.
Choose the values you wish to journal. These values apply to all users of the system.
• The QAUDLVL2 system value also specifies which actions are audited for all users of
the system and is used when more than 16 auditing values are needed. The AUDLVL
parameter in the user profile determines which actions are audited for a specific user.
The values for the AUDLVL parameter apply in addition to the values for the QAUDLVL
and QAUDLVL2 system values.
• QAUDCTL: Audit control. This system value contains the on and off switches for object
and user level auditing. This system value activates auditing on the system that is
selected by the Change Object Audit (CHGOBJAUD) and Change User Audit
(CHGUSRAUD) commands and the QAUDLVL system value.
Uempty - A change to this system value takes effect immediately. The shipped value is *NONE.
To turn auditing on, specify either *OBJAUD or *AUDLVL. If auditing is active, specify
*NONE to turn auditing off.
- One or more of the following values may be specified. If you specify *NONE, that
must be the only specified value:
• *NONE: No auditing of objects (Change Object Audit (CHGOBJAUD) command) or
of user actions (Change User Audit (CHGUSRAUD) command, AUDLVL keyword)
is done on the system. In addition, no auditing controlled by the QAUDLVL
system value is done.
• *NOQTEMP: No auditing of most objects in QTEMP is done. You must specify
*NOQTEMP with either *OBJAUD or *AUDLVL. You can not specify *NOQTEMP by
itself.
• *OBJAUD: Auditing is performed for objects that have been selected using the
CHGOBJAUD, CHGDLOAUD, or CHGAUD commands.
• *AUDLVL: Auditing is performed for any functions selected on the QAUDLVL
system value and on the AUDLVL parameter of individual user profiles. The audit
level for a user is specified using the Change User Audit (CHGUSRAUD)
command.
Notes:
*NONE: No events controlled by the QAUDLVL or QAUDLVL2 system values are logged.
Events are logged for individual users based on the AUDLVL values of user profiles.
*NOTAVL: This value is displayed to indicate that the system value is not available to the
user because the user does not have either *AUDIT or *ALLOBJ special authority. The
system value cannot be set to this value.
*AUDLVL2: Both QAUDLVL and QAUDLVL2 system values will be used to determine the
security actions to be audited.
*ATNEVT: Attention events are logged.
*AUTFAIL: Authority failure events are logged.
*CREATE: Object create operations are logged.
*DELETE: Object delete operations are logged.
*JOBBAS: Job base functions are audited.
*JOBCHGUSR: Changes to a thread's active user profile or its group profiles are audited.
Uempty *JOBDTA: Actions that affect a job are logged. *JOBDTA is composed of two values,
*JOBBAS and *JOBCHGUSR, which enable you to better customize your auditing. If both of
the values are specified, you will get the same auditing as if just *JOBDTA is specified.
*NETBAS: Network base functions are audited.
*NETCLU: Cluster and cluster resource group operations are audited.
*NETCMN: Network and communication functions are audited.
*NETFAIL: Network failures are audited.
*NETSCK: Socket tasks are audited.
*OBJMGT: Object move and rename operations are logged.
*OFCSRV: Changes to the system distribution directory and office mail actions are logged.
*OPTICAL: Use of Optical Volumes is logged.
*PGMADP: Obtaining authority from a program that adopts authority is logged.
*PGMFAIL: System integrity violations are logged.
*PRTDTA: Printing a spooled file, sending output directly to a printer, and sending output to
a remote printer are logged.
*SAVRST: Save and restore operations are logged.
*SECCFG: Security configuration is audited.
*SECDIRSRV: Changes or updates when doing directory service functions are audited.
*SECIPC: Changes to interprocess communications are audited.
*SECNAS: Network authentication service actions are audited.
*SECRUN: Security run time functions are audited.
*SECSCKD: Socket descriptors are audited.
*SECURITY: Security-related functions are logged. *SECURITY is composed of several
values to enable you to better customize your auditing.
*SECVFY: Use of verification functions are audited.
*SECVLDL: Changes to validation list objects are audited.
*SERVICE: Using service tools is logged.
*SPLFDTA: Actions performed on spooled files are logged.
*SYSMGT: Use of systems management functions is logged.
Notes:
System i Navigator has screens that allow you to view or change the auditing policy for the
system.
Uempty
Notes:
The Audit Policy panel seen in this visual is accessed under IBM i Navigator by selecting
Security and then Policies, then either double-clicking or right-clicking Audit Policy and
selecting Properties. The Audit Policy is similar to setting the value in Auditing System
Values on a IBM i.
These system values are:
• QAUDCTL: Activate action auditing
• QAUDLVL and QAUDLVL2: List of actions to audit
• QCRTOBJAUD: Sets default auditing for newly created objects
Prior to V5R3, the system value QAUDLVL can only store 16 auditing values, which was
enough at that time. With the introduction of new auditing values, a new system value
QAUDLVL2 was introduced at V5R4.
If you will only be auditing for 16 of the supported values or less, then you would use the
QAUDLVL system value only. However, if you will be auditing for more than 16 of the
supported values, then the value *AUDLVL2 must be defined in the system value QAUDLVL
in order to activate the system value QAUDLVL2.
When *AUDIT special authority is specified in your user profile, you can turn auditing on or
off for the following options:
• Action auditing (system page)
• Auditing for newly created objects (next objects page)
Uempty
Notes:
QCRTOBJAUD system value specifies the default auditing value used when objects are
created into a library or directory.
If the CRTOBJAUD value of the library or directory is set to *SYSVAL, the value specified in
QCRTOBJAUD system value is used to set the object auditing value for the object being
created.
The object auditing value of an object determines if an auditing entry is sent to the system
auditing journal QAUDJRN in library QSYS when the object is used or changed. The
auditing entry is only sent to the auditing journal if auditing is currently active on the system.
To start auditing, system value QAUDCTL must be set to a value other than *NONE.
A change to this system value takes effect immediately. The shipped value is *NONE.
Journal Entry
Operation description
code type
T AF All authority failures
T CA Changes to object authority (authorization list or object)
T CP Create, change, delete, display, restore of user profiles
T DO All delete operations on the system
T DS DST security officer password reset
T JD Changes to the USER parameter of a job description
T NA Changes to network attributes
T OW Changes to object ownership
Changes to programs (CHGPGM) that will now adopt the owner's
T PA
authority
T PW Passwords used that are not valid
T RA Restore of objects when authority changes
T RJ Restore of job descriptions that contain user profile names
T RO Restore of objects when ownership information changes
T RP Restore of programs that adopt their owner's authority
T RU Restore of authority for user profiles
T SE Changes to subsystem routing
T SV Changes to system value
U User-specified, user-created entry
Notes:
System-detected entries are written automatically to the receiver.
User entries are written by issuing the SNDJRNE command.
For a complete list of all of the Audit journal (QAUDJRN) entry types, refer to the IBM i 7.1
Security - Security Reference manual (SC41-5301-11, Appendix F, Table 161) in the
Information Center. Appendix F will detail all of the journal entry types and formats.
You can download this publication from the following web site:
http://www.elink.ibmlink.ibm.com/publications/servlet/pbi.wss?CTY=US or using the
Security tab at the http://publib.boulder.ibm.com/iseries/ information center site.
Uempty
Notes:
Overview of the model database output files that can be used to define the record when
you create an output file with the DSPJRN command.
Complete layouts for the model database outfiles are found in Appendix F, “Layout of audit
journal entries,” on page 561 of the IBM I 7.1 Security – Security reference (SC41-5302-11)
guide.
Notes:
Values from the user profile parameter AUDLVL, system value QAUDCTL, and system value
QAUDLVL work together to control action auditing.
Example:
CHGUSRAUD USRPRF(ADM01) AUDLVL(*CMD *DELETE)
The Change User Audit (CHGUSRAUD) command allows a user with *AUDIT special
authority to set up or change auditing for a user. The system value QAUDCTL controls
turning auditing on and off. The auditing attributes of a user profile can be displayed with
the Display User Profile (DSPUSRPRF) command.
Uempty
Note
The changes made by CHGUSRAUD take effect the next time a job is started for this user.
Do not precede an entry with an asterisk unless that entry is a special value that is shown
(on the display itself or in the help information) with an asterisk.
Notes:
Values from the user profile parameter OBJAUD, system value QAUDCTL, and the object
work together to control object auditing.
In the visual, the Change Object Auditing (CHGOBJAUD) command allows users with
*AUDIT special authority to set up auditing on an object. Users with *AUDIT special
authority can turn auditing on or off for an object regardless of whether they have authority
to the object.
The system value QAUDCTL controls turning auditing on and off.
The auditing attribute of an object can be displayed with the Display Object Description
(DSPOBJD) command.
Uempty
Note
Do not precede an entry with an asterisk unless that entry is a special value that is shown
on the display itself or in the help information with an asterisk (*).
Notes:
A security auditor inside or outside your organization can use the auditing function that the
system provides to gather information about security-related events that occur on the
system. The Capabilities panel Auditing dialog specifies the object auditing values for this
user.
System values and values specified for users work together to control action auditing.
Which events you choose to log depends on both your security objectives and your
potential exposures. The Capabilities panel Auditing dialog specifies the action auditing
values for this user.
Uempty
• You have the following options for working with audit journal
entries:
– Use DSPJRN to view and print entries
– Output DSPJRN to disk
• User program
• QUERY/400
• Query manager
• SQL
Notes:
The Display Journal (DSPJRN) command allows you to convert journal entries (contained in
one or more receivers) into a form suitable for external representation. Output of the
command can be displayed or printed with the job's spooled printer output or directed to a
database output file. If the database output file exists, records may either replace or be
added to the current data in the indicated file member. The system creates the specified
database file and member if they do not exist. Database files created by the system have a
standard format. A warning message is sent, and the records are truncated if any of the
entries are longer than the specified maximum record length of the output files.
The contents of selected entries in the journal receivers may be converted for output. It is
also possible to selectively limit the entries that are displayed. If no journal entries satisfy
the selection or limitation criteria, an escape message is sent indicating that fact.
Gaps might exist in the sequence numbers of the entries converted. These occur because
some of the journal entries represent internal system information. These entries are not
converted. It is possible to show journal entries whose journal sequence numbers are reset
in the chain of receivers being specified.
Object . . . . . . . . : Library . . . . . . :
Member . . . . . . . . . : Sequence. . . . . . : 32488
Code . . . . . . . . . . : T - Audit trail entry
Type . . . . . . . . . . : DO - Delete object
Notes:
The Display Journal (DSPJRN) command allows you to view selected journal entries at your
workstation. The journal entry shown is one that you requested on the Display Journal
display. The default is to display entries from only the attached receiver.
If you requested to see more than one journal entry, you can see the next one you
requested by pressing Enter. If you are currently viewing the last requested entry, pressing
Enter will take you back to the Display Journal display. You can go backward through the
requested entries by pressing F14.
If you see More... on the lower right side of your display, there is more information to view.
Press Page Down (or Roll Up) to move toward the end of the information. Press Page Up
(or Roll Down) to move toward the beginning of the information. If you see Bottom instead
of More..., you are at the end of the information.
Uempty
Object.........: Library.........:
Member.........: Flag...........: 0
Date...........: 22/09/94 Time............: 13:42:36
Count/RRN.......: 0 Program.........: CLRLIB_PGM
Job............: 012462/BAD_PGMR/QPADEV0048
User profile......: BAD_PGMR Ref Constraint...: No
Commit cycle ID..: 0 Trigger........: No
Notes:
The Display Journal Entry Details display shows only the detail entry data for a specific
journal entry. The journal entry shown is one that you requested on the Display Journal
display.
If you requested to see more than one journal entry, you can see the next one you
requested by pressing Enter. If you are currently viewing the last requested entry, pressing
Enter takes you back to the Display Journal display. You can go backward through the
requested entries by pressing F14.
DSPJRN JRN(QSYS/QAUDJRN) +
ENTTYP(AF) +
OUTPUT(*OUTFILE) +
OUTFILFMT(*TYPE5) +
OUTFILE(QTEMP/your_file)
Notes:
Outfile format (OUTFILFMT)
Specifies the format of the journal entries written to the output file specified on the file to
receive output prompt (OUTFILE parameter). This parameter can be specified only if the
value *OUTFILE is specified on the OUTPUT parameter.
The information fields and the format of the information in each journal entry is shown in
tables for this parameter in the command description in the CL reference information at
IBM InfoCenter for i http://publib.boulder.ibm.com/iseries/
The possible values are:
*TYPE1: The converted entries are formatted to include the minimum information that can
be specified.
*TYPE2: The converted entries include the information returned when
OUTFILFMT(*TYPE2) is specified, plus the name of the user profile for the job that
generated the displayed journal entries and the name of the system on which the output
records were generated.
Uempty *TYPE3: The converted journal entries include all the information returned when
OUTFILFMT(*TYPE3) is specified and the null value indicators.
*TYPE4: The converted entries include the information returned when
OUTFILFMT(*TYPE4) is specified, the journal identifier, the physical file trigger indicator,
and the referential constraint indicator.
*TYPE5: The converted entries include the information returned when
OUTFILFMT(*TYPE5) is specified, the program library, and ASP information.
File to receive output (OUTFILE): Specifies the name and library of the database file to
which the output of the command is directed. If the output file already exists, the system
attempts to use it. Records may replace or be added to the current data in the file member.
If no records are written to the database file (because of the specified selection values) and
*REPLACE is specified on the OUTMBR parameter, records are cleared from the existing
database file. If the file does not exist, this command creates a database file in the
specified library.
Note
*TYPE2 and *TYPE4 output formats are no longer updated; therefore, IBM recommends
that you stop using *TYPE2 and *TYPE4 formats and use only *TYPE5 formats.
Refer to Appendix F in Security Reference for names and layout of all system-supplied
auditing profiles.
Notes:
This is not security audit journaling. This is normal database file journaling in which detailed
record images of additions, deletions, and changes to records in a database file are logged
to a journal.
Uempty
Checkpoint
IBM i
Notes:
Unit summary
IBM i
Notes:
Unit objectives
IBM i
Notes:
Uempty
Designing security
IBM i
Notes:
Most users of the Power Systems with IBM i end up using a combination of all of the
security methods that are supported on the i platform.
Use the information covered in this unit (in conjunction with the publication mentioned on
the following pages) as a conceptual overview of the steps that need to be taken to secure
your system.
• Use resource security along with the other methods available to protect
information.
• Use authorization lists to secure group objects with the same security
requirements.
© Copyright IBM Corporation 2012
Notes:
Use resource security along with the methods available, such as limited capabilities in the
user profile and restricting users to a set of menus, to protect information.
Important
If you use a product such as IBM i Access or if you have communication lines attached to
your system, do not rely only on limiting capabilities in the user profile and menu access
control. You must use resource security to secure any objects that you do not want to be
accessible through these interfaces.
Secure only those objects that really require security. Analyze a library to determine which
objects, such as data files, are confidential, and secure those objects. Use public authority
for other objects, such as data areas and message queues.
Move from the general to the specific:
Uempty • Plan security for libraries and directories. Deal with individual objects only when
necessary.
• Plan public authority first, followed by group authority and individual authority.
Make the public authority for new objects in a library (CRTAUT parameter) the same as the
public authority for the majority of existing objects in the library.
To make auditing easier and improve authority-checking performance, avoid defining
private authority that is less than the public authority for an object.
Use authorization lists to group objects with the same security requirements. Authorization
lists are simpler to manage than individual authorities and help to recover security
information.
http://publib.boulder.ibm.com/eserver/ibmi.html
• Security
– Planning and setting up system security
• PDF file: Planning and setting up system security
Notes:
The information in this topic collection provides you with detailed information about
planning, setting up, and using your system security. This topic collection combines the
information formerly in the Basic system security and planning topic collection and in the
Tips and Tools for Securing Your iSeries manual.
Determining your company's system security is one of the most basic and most important
decisions that you will make during the course of building your security plan. With system
security, you need to balance the need to safeguard your valuable information and the
need of users to access that information to successfully make your company thrive. To
strike this balance, you must understand the specific needs and goals of your company's
current direction but also be aware of future needs. Your security plan must protect your
resources but also must be flexible enough to grow as your company grows.
Several tools exist that can aid you in creating, configuring, and managing your
system-level security on your server. It is important to note that security does not end with
protecting the server and managing access to assets that are stored on the system. A
complete security implementation needs to include not only system-level security, but also
Uempty network-level security and transaction-level security. This topic focuses on system-level
security.
Use this information to develop a personalized plan that fits your company's specific
system security needs. After you complete the planning phase of your system security, you
can set up system security by using the instructions provided in this information.
Notes:
Many factors affect how you choose to group your application information into libraries and
manage libraries. To access an object, you need authority to the object itself and to the
library containing the object. You can restrict access to an object by restricting the object
itself, the library containing the object, or both.
Planning libraries
A library is like a directory used to locate the objects in the library. *USE authority to a library
allows you to use the directory to find objects in the library. The authority for the object itself
determines how you can use the object. *USE authority to a library is sufficient to perform
most operations on the objects in the library. Using public authority for objects and
restricting access to libraries can be a simple, effective security technique. Putting
programs in a separate library from other application objects can also simplify security
planning. This is particularly true if files are shared by more than one application. You can
use authority to the libraries containing application programs to control who can perform
application functions.
Uempty
Library security
IBM i
– Typically, users that have access to the library have access to all the
objects in the library (through *PUBLIC authority).
– Secure your library lists and any commands used to change them.
Notes:
Changes to programs in the libraries are controlled. That is, application libraries should
have public authority of *USE or *EXCLUDE unless users need to create objects directly into
the library.
Notes:
Menu security controls which menu functions a user can perform. This system was
originally designed as a follow-on product for S/36 and S/38. Many system installations
were, at one time, S/36 or S/38 installations. To control what users can do, security
administrators on those earlier systems often used a technique that is referred to as menu
security or menu access control. Menu access control means that when a user signs on,
the user sees a menu. The user can perform only those functions that are on the menu.
The user cannot get to a command line on the system to perform any functions that are not
on the menu. In theory, the security administrator does not need to worry about authority to
objects because menus and programs control what users can do.
Note
Menus are not secure if the system allows any network interfaces to access the system.
Most network interfaces do not know anything about menu security.
Uempty
• Make sure that the set of menus provides all the necessary links
between menus.
• For users allowed to run a single function, avoid menus entirely and
specify an initial program.
© Copyright IBM Corporation 2012
Notes:
Here are design guidelines for menu security:
• Do not provide a command line on menus designed for restricted users.
• Avoid having functions with different security requirements on the same menu. For
example, if some application users are allowed to only view information, not change it,
provide a menu that has only display and print options for those users.
• Make sure that the set of menus provides all the necessary links between menus so the
user does not need a command line to request one.
• Provide access to a few system functions, such as viewing printer output. The ASSIST
system menu gives this capability and can be defined in the user profile as the
Attention-key-handling program. If the user profile has a class of *USER and has limited
capabilities, the user cannot view the output or jobs of other users.
• Provide access to decision-support tools from menus.
• Consider controlling access to the System Request screen or some of the options on
this screen.
• For users who are allowed to run only a single function, avoid menus entirely and
specify an initial program in the user profile. Specify *SIGNOFF as the initial menu.
Uempty
- Or -
Notes:
You can specify the name of a program to call when a user signs on. This program runs
before the initial menu, if any, is displayed. If the Limit capabilities field in the user's profile
is *YES or *PARTIAL, the user cannot specify an initial program on the Sign On display.
You can specify the name of a menu to be shown when the user signs on. The initial menu
is displayed after the user's initial program runs. The initial menu is called only if the user's
routing program is QCMD or QCL.
Notes:
When you start a job on the system, objects are associated with the job, such as an output
queue, a job description, and the libraries on the library list. Authority for some of these
objects is checked before the job is allowed to start and for other objects after the job
starts. Inadequate authority may cause errors or may cause the job to end.
The system administrator can change the system signon display to add text or company
logo to the display. Care must be taken to make sure the field names or buffer lengths of
the display file are not changed when adding text to the display file. Changing the field
names or buffer lengths may cause signon to fail.
The source for the signon display file is shipped as a member (QDSIGNON or QDSIGNON2)
in the QSYS/QAWTSSRC physical file. QDSIGNON contains the source for the signon screen
source used when system value QPWDLVL is set to 0 or 1. Member QDSIGNON2 contains
the signon screen source used when the system value QPWDLVL is set to 2 or 3.
Uempty
Sign-on processing (1 of 2)
IBM i
No
Valid user/password? Error message
Yes
No
Authorized to device? Error message
Yes
Yes
Program/menu/lib exceed Error message
capability?
No
Program No
INLPGM in profile?
keyed?
Yes
Yes
Call keyed Call INLPGM
program
A
© Copyright IBM Corporation 2012
Notes:
After the user enters a user ID and password, these steps are performed before a job is
actually started on the system:
1. The user profile and password are verified.
2. The user's authority to use the workstation is checked.
3. The system verifies authority for the values in the user profile and in the user's job
description that are used to build the job structure, such as job description, output
queue, current library, and libraries in library list.
After the job is started, these steps are performed before the user sees the first display or
menu:
1. If the routing entry for the job specifies a user program, normal authority checking is
done for the program, the program library, and any objects used by the program.
Uempty
Sign-on processing (2 of 2)
IBM i
No
Menu keyed?
Yes
* SIGNOFF in Yes
profile? Sign off user
Display
keyed menu No
Display
profile menu
Notes:
If the user has the capability, a keyed menu name overrides the menu name in the user
profile. *SIGNOFF is a valid menu name. It causes the user to be signed off. Menu name
might not be blank.
• To prevent specific users from seeing the System Request screen, specify
the following:
GRTOBJAUT OBJ(QSYS/QGMNSYSR) OBJTYPE(*PNLGRP)
USER(USERA) AUT(*EXCLUDE)
© Copyright IBM Corporation 2012
Notes:
A user can use the system request function to suspend the current job and display the
System Request screen. The System Request screen allows the user to send and display
messages, transfer to a second job, or end the current job. This might represent a security
exposure because the public authority to the System Request screen is *USE when a
system is shipped.
To call up the System Request screen:
1. Press the Sys Req key to show an input line at the bottom of the display.
2. Press Enter to show the System Request screen.
Each time the System Request key is pressed, the system automatically changes the
current user profile of the job to the initial user profile of the job. This is done so that the
user does not have any additional authority on the System Request screen or in the
Presystem Request Program exit program. After the System Request function is
completed, the current user profile of the job is returned to the value that it was before the
System Request key was pressed.
Uempty
Job A Job B
Sign-on
1 Process
System Request
Sign-on
2 Process
System Request
Resume processing
3
System Request
Resume processing
4
Sign off
Resume processing
5
Sign off
Notes:
From the System Request screen, select option 1 to display the signon for a secondary job
(Job B in this example). The original job (Job A in this example) is suspended during the
time Job B is processed.
If the operator presses Sys Req and picks option 1, Job B is suspended and Job A is
continued from the point it was suspended.
Thus, the operator can jump between two jobs, processing one while the other is
suspended.
When the operator signs off one job (either one) the other job is given control to continue
processing.
Option Command
1 Transfer Secondary Job (TFRSECJOB)
2 End Request (ENDRQS)
3 Display Job (DSBJOB)
4 Display Message (DSPMSG)
5 Send Message (SNDMSG)
6 Display Message (DSPMSG)
80 Disconnect Job (DSCJOB)
90 Sign Off (SIGNOFF)
Figure 8-15. Restricting the use of System Request screen options OL1914.1
Notes:
You can prevent users from selecting specific options from the System Request screen by
restricting the authority to the associated commands.
Uempty
Notes:
Object security, as a part of resource security, defines which users are allowed to use
objects on the system and what operations they are allowed to perform on those objects.
Also, deciding who will be allowed access to what information on your system is an
important part of your security policy.
Object security
IBM i
Notes:
Uempty
Command security
IBM i
Notes:
When your system arrives, the ability to use commands is set up to meet the security
needs of most installations. Some commands can be run only by a security officer. Others
require a special authority, such as *SAVSYS. Most commands can be used by anyone on
the system. You can change the authority to commands to meet your security
requirements.
For example, you might want to prevent most users on your system from working with
communications. You can set the public authority to *EXCLUDE for all commands that work
with communications objects, such the CHGCTLxxx, CHGLINxxx, and CHGDEVxxx
commands.
If you need to control which commands can be run by users, you can use object authority
to the commands themselves. Every command on the system has object type *CMD and
can be authorized to the public or only to specific users. To run a command, the user needs
*USE authority to that command.
Appendix C, in the Security Reference manual lists all the commands that are shipped with
the public authority set to *EXCLUDE.
If you use the System/38 library, you need to restrict security-relevant commands in that
library also. Alternately, you might restrict access to the entire library. If you use one or
more national language versions of the i5/OS licensed program on your system, you need
to restrict commands in the additional QSYSxxx libraries on your system as well.
Another useful security measure is to change the default values for some commands. The
Change Command Default (CHGCMDDFT) command allows you to do this.
Uempty
Notes:
This section of the Security Reference manual identifies which commands have restricted
authorization (public authority is *EXCLUDE) when your system is shipped. It shows which
IBM-supplied user profiles are authorized to use these restricted commands.
Any commands not listed here are public, which means they can be used by all users.
However, some commands require special authority, such as *SERVICE or *JOBCTL. The
special authorities required for a command are listed in Appendix D of the manual,
“Authority required for objects used by commands”.
If you choose to grant other users or the public *USE authority to these commands, update
this table to indicate which commands are no longer restricted on your system. Using some
commands might require the authority to certain objects on the system as well as to the
commands themselves.
¹) *EXCLUDE overrides any authorities that you grant to the public or through a group profile.
© Copyright IBM Corporation 2012
Notes:
IBM i 7.1. Security - Planning and setting up system security
This page from the Planning and setting up system security section of the IBM i Information
Center describes system defined authorities and the operations that can be performed
against file and program objects.
Uempty
¹) *EXCLUDE overrides any authorities that you grant to the public or through a group profile.
© Copyright IBM Corporation 2012
Notes:
IBM i 7.1. Security - Planning and setting up system security
This page from the Planning and setting up system security section of the IBM i Information
Center describes system defined authorities and the operations that can be performed
against library objects.
Figure 8-22. How library authority and object authority work together OL1914.1
Notes:
IBM i 7.1. Security - Planning and setting up system security
This page from the Planning and setting up system security section of the IBM i Information
Center describes how library authorities and object authorities work together to provide
access to the objects.
Uempty
Logical files
Name
Name Name
Address
Address Address
Credit limit
Credit limit Sales
Sales
Notes:
Resource security on the system supports field-level security of a file. You can also use
logical files to protect specific fields or records in a file.
A logical file can be used to specify a subset of records that a user can access (by using
select and omit logic). Therefore, specific users can be prevented from accessing certain
record types.
A logical file can be used to specify a subset of fields in a record that a user can access.
Therefore, specific users can be prevented from accessing certain fields in a record.
A logical file does not contain any data. It is a particular view of one or more physical files
that contain the data. Providing access to the information defined by a logical file requires
data authority to both the logical file and the associated physical files.
The visual shows an example of a physical file and three different logical files associated
with it.
– Revoke *OBJOPR from the physical files. This prevents users from
accessing the physical files directly.
Notes:
The IBM i command RVKOBJAUT can be used to revoke the users specific authority for an
object.
The IBM i command GRTOBJAUT can be used to grant the users specific authority for an
object.
Uempty
Create Output Queue: Security attributes beyond
resource security
IBM i
Figure 8-25. Create Output Queue: Security attributes beyond resource security OL1914.1
Notes:
In order to make changes to spool files the user must either be the owner of that spool file
or have spool control authority (*SPLCTL) assigned to their user profile.
The optional parameters that can be specified when create an output queue are:
• DSPDTA: Specifies whether users who have authority to read the output queue can
display the output data of any spooled file on the queue or only the data in their own
files.
*NO (default): Users authorized to use the queue can display, copy or send the
output of their own files only unless they have some other special authority.
*YES: Any user having the authority to read the queue can display, copy, or send the
data of any file on the queue.
*OWNER: The owner of the file or a user with *SPLCTL special authority can display,
copy, or send the spooled files on the queue.
• AUTCHK: Specifies whether the commands that check the requestor's authority to the
queue also check for ownership authority or data authority.
*OWNER (default): The requestor must have ownership authority to the output queue
in order to pass the output queue authorization test. The requestor can have
ownership authority by being the owner of the queue, sharing a group profile with
the queue owner, or running a program that adopts the owner's authority.
*DTAAUT: The requestor must have the appropriate data authority to the output
queue (*READ, *ADD and *DELETE) in order to pass the output queue authority.
• OPRCTL: Specifies whether a user who has SPCAUT(*JOBCTL) is allowed to manage or
control the files on this queue.
*YES (default): A user with job control special authority can control the queue and
make changes to the files on the queue.
*NO: This queue and its files cannot be controlled or changed by users with job
control special authority unless they also have some other special authority.
Uempty
Change, delete, hold, and release spooled Any *DTAAUT Any *CHANGE None
file (CHGSPLFA, DLTSPLF, HLDSPLF, Any *OWNER Any Owner None
RLSSPLF). Any Any *YES Any *JOBCTL
Change, clear, hold, and release output Any *DTAAUT Any *CHANGE None
queue (CHGOUTQ, CLROUTQ, HLDOUTQ, Any *OWNER Any Owner None
RLSOUTQ). Any Any *YES Any *JOBCTL
Start a writer for the queue Any *DTAAUT Any *CHANGE None
(STRPRTWTR, STRRMTWTR) Any Any *YES Any *JOBCTL
Notes:
The table shows what combination of output queue parameters and authority to the output
queue is required to perform print management functions on the system.
For example in the first block in the visual, in order to add a spool file to an output queue
the conditions that must be met are either:
1. The output queue was created with any value specified for the parameters DSPDTA,
AUTCHK, OPRCTL and the user has *READ authority to that output queue and there is no
special authority required.
2. The output queue was created with any value specified for the parameters DSPDTA and
AUTCHK, and for the parameter OPRCTL it was set to *YES and the user can have any
authority to that output queue and must have the *JOBCTL special authority assigned to
their profile.
Notes:
The limit access to program function allows you to provide security to some portion of an
application program when you do not have a IBM i object to secure. Before the limit access
to program function support was added in V4R3, you could accomplish this by creating an
authorization list or other object and checking the authority to the object to control access
to the program function. Now, you can use the limit access to program function to more
easily control access to an application, parts of an application, or functions within a
program.
There are two methods that you can use to manage user access to application functions
through IBM i Navigator. The first uses Application Administration support (right click at the
hostname, and select Application Administration).
The second method of managing user access involves IBM i Navigator's Users and Groups
support (select a user, click the Capabilities button, select the Applications tab). Also, the
IBM Systems Director Navigator for i offers two methods to manage user access to
application functions. The first uses the System entry that opens the right pane, where
Application Administration can be selected.
Uempty The second method also can be accessed through the Users and Groups entry. Select
Users at the right pane. At the selected user, left-click the [»] button, and select the
Application Administration option.
If you are an application writer, you can use limit access to program function APIs to do the
following:
• Register a function
• Retrieve information about the function
• Define who can or cannot use the function
• Check to see if the user is allowed to use the function
Note
This support is not a replacement for resource security. The limit access to program
function does not prevent a user from accessing a resource (such as a file or program)
from another interface.
To use this support within an application, the application provider must register the
functions when the application is installed. The registered function corresponds to a code
block for specific functions in the application. When the application is run by the user, the
application calls the API before the application calls the code block. The API calls the
check usage API to see if the user is allowed to use the function. If the user is allowed to
use the registered function, the code block is run. If the user is not allowed to use the
function, the user is prevented from running the code block.
The system administrator specifies who is allowed or denied access to a function. The
administrator can either use the API to manage the access to program function or use the
IBM i Navigator Application Administration GUI. The IBM i Information Center provides
information about the limit access to program function APIs.
Authority to workstation (1 of 2)
IBM i
*CHANGE
Determine user's or Is QSECURITY No
authority to greater => 30?
Workstation.
Yes
Less than Does user have
*CHANGE No
*ALLOBJ or
*SERVICE?
Sign-on fails.
Yes
Is QLMTSECOFR No
= 1?
A
Allow sign-on.
© Copyright IBM Corporation 2012
Notes:
In certain installations, it can be a security exposure to allow the security officer to sign on
any workstation. QLMTSECOFR makes it easy to control this.
The authority to Workstation actually means: the authority to the Device Description
describing the defined workstation.
Uempty
Authority to workstation (2 of 2)
IBM i
A
Less than *CHANGE
Test user's
*CHANGE or greater
authority to
workstation.
No authority
Less than *CHANGE
Test groups' or greater
*CHANGE
authority to
workstation.
No authority
Does user have
Yes *SERVICE but
not *ALLOBJ?
No
No Does QSECOFR
have *CHANGE
or greater?
Yes
Notes:
The authority to Workstation actually means: the authority to the Device Description
describing the defined workstation.
Data encryption
IBM i
• Tape encryption
– Software
– Hardware
Notes:
Disk encryption: In order to use disk encryption, you must have 5770-SS1 Option 45 -
Encrypted ASP Enablement installed. The option to enable encryption is available when
you create a disk pool or independent disk pool. If disk encryption is used in a clustering
environment, you must set the master key manually on each system within the device
domain. Independent disk pools must be created using IBM i Navigator or IBM Systems
Director Navigator for i. The character-based interface (5250 emulation) cannot be used.
Disk encryption can be used to encrypt existing disk pools or independent disk pools.
Starting disk encryption on an existing disk pool might take an extended amount of time to
encrypt the data in the disk pool, potentially affecting system performance. Reference:
http://publib.boulder.ibm.com/infocenter/iseries/ > i 7.1 > Systems management > Disk
management > Disk Encryption
Column encryption: To enhance data security, column encryption may be accomplished
by using a new database feature called field procedures. A field procedure is a user-written
exit routine to transform values in a single column. When values in the column are
changed, or new values inserted, the field procedure is invoked for each value, and can
transform that value (encode it) in any way. The encoded value is then stored. When
Uempty values are retrieved from the column, the field procedure is invoked for each value, which
is encoded, and must decode it back to the original value. Reference:
http://publib.boulder.ibm.com/infocenter/iseries/ > i 7.1 > Database > Programming > SQL
programming > Data definition language > Defining Field procedures
Tape encryption: Tape encryption provides security and reduces the risk of data being
misused. After a tape is encrypted, data is unreadable to people without a key. Software
tape encryption: Use the products and applications that are described to encrypt your data.
Hardware tape encryption: Hardware tape encryption uses tape devices with data
encryption capabilities and the IBM Encryption Key Manager to encrypt your data. The IBM
i only supports library managed encryption.
Decrypting your data: There are two methods available to read or restore tape data that
was previously encrypted.
• If the products and applications used for software tape encryption are installed on your
partition, your tape management application can specify the encryption keystore file
and record label information for each file that is to be decrypted.
• Use a decryption data area to specify the encryption keystore file and record label
information to be used to decrypt your tapes. The data area must be named
QTADECRYPT and can be created in either library QTEMP or QUSRSYS. The data area
must provide the following information. Reference:
http://publib.boulder.ibm.com/infocenter/iseries/ > i 7.1 > Storage solutions > Tape >
Tape encryption
Notes:
Uempty
– Restrict authority to the device descriptions objects for the save and
restore devices (and the commands used to create these).
Notes:
You can restrict the ability to save objects from your system or restore objects to your
system.
Notes:
Saving your security information is just as important as saving your data. In some
situations, you might need to recover user profiles, object authorities, and the data on your
system. If you do not have your security information saved, you might need to manually
rebuild user profiles and object authorities. This can be time-consuming and can lead to
errors and security exposures.
This table shows the commands used to save and restore security information.
Security information is stored differently on the save media than it is on your system. When
you save user profiles, the private authority information stored with the user profile is
formatted into an authority table.
An authority table is built and saved for each user profile that has private authorities. This
reformatting and saving of security information can be lengthy if you have many private
authorities on your system.
Uempty The SAVESECDTA, SAVSYS, and RSTUFSRPRF commands save and restore ownership,
primary group, primary group authority and public authority for object types *USRPRF,
*AUTL, and *AUTHLR.
The following is a security recommendation summary:
• Use *PUBLIC authority where possible
• Use library security to secure an object
• Make group profiles the owners or objects
• User either authorization lists or private authorities to secure an object, not both
For the RSTUSRPRF command, *ALLOBJ special authority is no longer (as of V4R3)
removed from user profiles in some cases. It is removed when a user profile is restored to
a system at security level 30 or higher in either of these situations:
• The profile was saved from a different system and the user performing the RSTUSRPRF
does not have *ALLOBJ and *SECADM special authorities
• The profile was saved from the same system at security level 20
It is never removed from these IBM-supplied user profiles:
• QSYS (system)
• QSECOFR (security officer)
• QLPAUTO (licensed program - Automatic Install)
• QLPINSTALL (licensed program install)
For V5R4, there is a new command, SAVSYSINF, that is used to partially save data
normally saved with the SAVSYS command. It is not mentioned in the chart because it does
not save security data. There is further discussion of this command later in the course.
• Public authority
• Owner name
• Owner’s authority to object
• Primary group name
• Primary group’s authority to object
• Authorization list name
• Field level authorities
• Object auditing value
• Whether any private authority exists
• Whether any private authority is less than public
• Private authorities for the object, if PVTAUT(*YES) is specified
on the SAVxxx command
© Copyright IBM Corporation 2012
Notes:
Uempty
Notes:
Notes:
Uempty
Notes:
Security tools
IBM i
Notes:
Refer to Appendix B for sample Security Tools reports.
SECTOOLS and SECBATCH menus are shipped with public authority *EXCLUDE.
Prior to V5R3, the following commands required *ALLOBJ special authority and were
shipped with a public authority of *EXCLUDE. Starting in V5R3, the commands are shipped
with PUBLIC authority of *USE. A user that only has *AUDIT special authority and users
who have *ALLOBJ and any other required special authorities can run the commands:
• DSPSECAUD (Display Security Auditing)
• PRTADPOBJ (Print Adopting Objects)
• DSPAUDJRNE (Display Audit Journal Entries)
• PRTPVTAUT (Print Private Authorities)
• PRTPUBAUT (Print Publicly Auth Objects)
• PRTCMNSEC (Print Communications Security)
Security Tools (1 of 4)
IBM i
Notes:
The Security Tools (SECTOOLS) menu simplifies the management and control of the
security on your system.
Option 1. Analyze default passwords (ANZDFTPWD)
Select this option to print a report containing all the user profiles on the system that
have a default password and to optionally take an action against those profiles.
Option 2. Display active profile list (DSPACTPRFL)
Select this option to display a list of user profiles which are always considered active
and are not disabled by the Analyze Profile Activity (ANZPRFACT) command. The list
of user profiles is maintained by using the Change Active Profile List (CHGACTPRFL)
command.
Option 3. Change active profile list (CHACTPRFL)
Select this option to add or remove user profiles from the list of profiles that are
always considered active. The profiles in this list are never disabled by the Analyze
Profile Activity (ANZPRFACT) command.
Uempty The current list of active user profiles can be displayed using the Display Active
Profile List (DSPACTPRFL) command.
Option 4. Analyze profile activity (ANZPRFACT)
Select this option to disable user profiles which have been inactive for the specified
number of days.
User profiles can be excluded from this processing by using the Change Active
Profile List (CHGACTPRFL) command to maintain a list of profiles that will always be
considered active.
The current list of active user profiles can be displayed using the Display Active
Profile List (DSPACTPRFL) command.
Option 5. Display activation schedule (DSPACTSCD)
Select this option to display a list of user profiles, the enable time, disable time, and
the days on which the enable and disable jobs are submitted. The profile activation
schedules are managed using the Change Activation Schedule Entry
(CHGACTSCDE) command.
Option 6. Change activation schedule entry (CHGACTSCDE)
Select this option to manage a scheduled job that activates a user profile for a
period of time on specific days.
The current profile activation schedule can be displayed using the Display Activation
Schedule (DSPACTSCD) command.
Option 7. Display expiration schedule (DSPEXPSCD)
Select this option to display a list of user profiles, the expiration date, and the
expiration action to be taken (disable or delete the profile). The profile expiration
schedules are managed using the Change Expiration Schedule Entry
(CHGEXPSCDE) command.
Option 8. Change expiration schedule entry (CHGEXPSCDE)
Select this option to manage a scheduled job that changes a user profile to expire
on a certain date and to take an action against the expired user profile (disable or
delete).
The current profile expiration schedule can be displayed using the Display
Expiration Schedule (DSPEXPSCD) command.
Option 9. Print profile internals (PRTPRFINT)
Select this option to print a report of internal information on the number of entries in
a user profile (*USRPRF) object. The number of entries in a profile determines its
size. The Print Profile Internals (PRTPRFINT) command determines how full a user
profile (*USRPRF) object is based on the number of entries it contains. For more
details, refer to the help for the PRTPRFINT.
Security Tools (2 of 4)
IBM i
Notes:
Option 10. Change security auditing (CHGSECAUD)
Select this option to change the current settings of the system values that control
what is being audited on the system. Current audit information can be displayed
using the Display Security Auditing (DSPSECAUD) command.
Option 11. Display security auditing (DSPSECAUD)
Select this option to display the current information about the security audit journal
and the current settings for the system values that control what is being audited on
the system.
Option 12. Copy audit journal entries
Select this option to copy security audit journal entries from the security audit journal
(QAUDJRN) into one or more outfiles.
Security Tools (3 of 4)
IBM i
Notes:
Option 27. Directory private authority (PRTPVTAUT)
Select this option to print a report containing all directories on the system and the
users that are authorized to each directory.
Option 28. Document authority (PRTPUBAUT)
Select this option to print a list of documents (*DOC) in a folder that do not have
public authority of *EXCLUDE.
Option 29. Document private authority (PRTPVTAUT)
Select this option to print a report containing all documents in a specified folder and
the users that are authorized to each document.
Option 30. File authority (PRTPUBAUT)
Select this option to print a list of files (*FILE) in a library that do not have public
authority of *EXCLUDE.
Security Tools (4 of 4)
IBM i
Notes:
Option 41. User profile authority (PRTPUBAUT)
Select this option to print a list of user profiles on the system that do not have public
authority of *EXCLUDE.
Option 42. User profile private authority (PRTPVTAUT)
Select this option to print a report containing all user profiles on the system and the
users that are authorized to each user profile.
Option 43. Job and output queue authority (PRTQAUT)
Select this option to generate a report containing output queue and job queue
authority information for objects in a specified library.
Option 44. Subsystem authority (PRTSBSDAUT)
Select this option to print a list of subsystem descriptions in a library that contain a
default user in a communications entry.
At the next page we only find: Option 80. Related security tasks (SECURITY)
Select this option to use additional commands related to security on your system
This will direct you to the IBM i Security menu.
Uempty
Security Wizard
IBM i
Notes:
The Security Wizard using the IBM i Navigator is accessible by right-clicking Security, then
selecting Configure from the context menu. The Security Wizard asks a set of simple
questions about your system and how it is used. Based on your answers, it generates a set
of security recommendations for how your security values should be set. You can choose
which recommendations to accept, and the wizard makes the changes for you. It also
creates a detailed report for the administrator and the user explaining the
recommendations. At the end of the wizard, you can either apply the security
recommendations to the system immediately or save the recommendations and apply
them later. You can exit the Security Wizard at any time by clicking Cancel.
The next set of graphics simulates the running of the Security Wizard from this point in the
process.
Notes:
Based on a user's responses the goal of the Security Wizard is:
• To configure security-related system values and network attributes
• To configure security-related reporting for monitoring the system
• To generate an Administrator Information Report and a User Information report
• To provide recommended settings for various security-related items on the system
Uempty
Notes:
The System i Navigator Security wizard is shown prompting the user with security related
questions.
Notes:
The System i Navigator Security wizard is shown prompting the user with network security
related questions.
Uempty
Notes:
The System i Navigator Security wizard is shown prompting the user with netserver
security related questions.
Notes:
The System i Navigator Security wizard is shown prompting the user with security audit
related questions.
Uempty
Notes:
The System i Navigator Security wizard is shown prompting the user with security reporting
related questions.
Notes:
The System i Navigator Security wizard is shown summarizing the answers to the
previously prompted questions.
Uempty
Notes:
The wizard produces detailed information reports including the following:
• Report explaining the wizard's recommendations
• Report detailing the procedures that should be followed before implementation
• Report listing relevant information to be distributed to the users of the system
Notes:
The wizard asks you if you want to apply the recommended security changes to the
system. You can select:
• Yes: Apply the recommendations made by the security wizard. and make changes
immediately.
• No: Save the changes that were recommended by the security wizard, but do not apply
them.
If you select No, then the next time the security wizard is started, it will display the panel on
the next page as opposed to the panel that you saw on the visuals labeled 1 of 10 (starting
the wizard the very first time).
Click Finish or Cancel to end this process.
Uempty
Notes:
Notice that at this point in the process, you have the option to apply the recommended
changes or to save the changes. Also remember, clicking Cancel exits you from the wizard
Yet another security implementation tool, Secure Perspective for IBM i has been withdrawn
from marketing and is no longer available for IBM i 7.1. The use of this IBM i licensed
program product is only available as a contract service offering from IBM Lab Services.
Checkpoint
IBM i
4. True or False: You cannot limit access to the System Request screen.
5. True or False: You can define ASP encryption through 5250 interface.
Notes:
Uempty
Unit summary
IBM i
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit objectives
IBM i
Notes:
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Availability concepts
IBM i
Notes:
Before you plan for the availability of your system, it is important for you to understand
some of the concepts associated with availability. Businesses and their IT operations that
support them must, determine which solutions and technologies address their business
needs. In the case of business continuity requirements, detailed business continuity
requirements must be developed and documented, the solution types must be identified,
and the solution choices must be evaluated.
Business continuity is the capability of a business to withstand outages, which are times
when the IBM Power System with IBM i is unavailable, and to operate important services
normally and without interruption in accordance with predefined service-level agreements.
To achieve a given level of business continuity, a collection of services, software, hardware,
and procedures must be selected, described in a documented plan, implemented, and
practiced regularly. The business continuity solution must address the data, the operational
environment, the applications, the application hosting environment, and the user interface.
All must be available to deliver a good, complete business continuity solution. Your
business continuity plan includes disaster recovery and high availability (HA).
Uempty Disaster recovery provides a plan in the event of a complete outage at the production site
of your business, such as during a natural disaster. Disaster recovery provides a set of
resources, plans, services, and procedures used to recover important applications and to
resume normal operations from a remote site. This disaster recovery plan includes a stated
disaster recovery goal (for example, resume operations within eight hours) and addresses
acceptable levels of degradation.
High availability is another major aspect of business continuity goals for many customers.
High availability is the ability to withstand all outages (planned, unplanned, and disasters)
and to provide continuous processing for all important applications. The ultimate goal is for
the outage time to be less than .001% of the total service time. The differences between
high availability and disaster recovery typically include more demanding recovery time
objectives (seconds to minutes) and more demanding recovery point objectives (zero user
disruption).
Availability is measured in terms of outages, which are periods of time when the IBM Power
System with IBM i is not available to users. During a planned outage (also called a
scheduled outage), you deliberately make your system unavailable to users. You might use
a scheduled outage to run batch work, back up your system, or apply fixes.
Backup window is the amount of time that your system can be unavailable to users while
you perform your backup operations. Your backup window is a scheduled outage that
typically occurs in the night or on a weekend when your system has less traffic.
An unplanned outage, also called an unscheduled outage, is typically caused by a failure.
You can recover from some unplanned outages (such as disk failure, system failure, power
failure, program failure, or human error) if you have an adequate backup strategy.
However, an unplanned outage that causes a complete system loss, such as a tornado or
fire, requires you to have a detailed disaster recovery plan in place in order to recover.
High availability solutions provide fully automated failover to a backup system to ensure
continuous operation for users and applications. These HA solutions must provide an
immediate recovery point and ensure that the time of recovery is faster than a non-HA
solution. Unlike with disaster recovery, where entire systems experience an outage, high
availability solutions can be customized to individual critical resources within a system; for
example, a specific application instance. High availability solutions are based on cluster
technology. You can use clusters to avoid the impacts of both planned and unplanned
outages. Even though you still have an outage, the business function is not impacted by
the outage.
A cluster is a collection of interconnected complete systems used as a single, unified
resource. The cluster provides a coordinated, distributed process across the systems to
deliver the solution. This results in higher levels of availability, some horizontal growth, and
simpler administration across the enterprise. Cluster resource services detect outage
conditions and coordinate automatic movement of critical resources to a backup system.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
To estimate the value of your information services, follow these steps:
Develop a list of the major services and solutions that your system provides. Your system
exists so that users and solutions can accomplish tasks that are critical to the operation of
your business. The systems provide solutions to a business function. If the IBM Power
System with IBM i is unavailable, the business function cannot be completed or is
significantly degraded to the point of causing the business lost revenue or increased
expenses.
Assess how much it costs you when these services are unavailable. Each application or
service has a direct effect on business functions. You need to determine how these
business functions would be affected and what would be the overall cost to your business if
these services were unavailable.
Look at direct costs versus indirect costs. Direct costs are losses that can be traced directly
to a system being unavailable. Indirect costs are those that are incurred by another
department or function as a result of an outage.
Uempty Consider tangible costs versus intangible costs. Tangible costs can be measured in
currency. However, there are other costs that are not measured with money, such as
market share, lost opportunity, and good will.
Analyze fixed costs versus variable costs. Fixed costs are those that result from a failure
and are the same, regardless of the length of the outage. Variable costs are those that vary,
based on the length of the outage.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
After understanding availability at a basic level, it is important to assess your individual
availability needs. Higher availability is more costly than a lower-level availability. You must
balance your needs and services with the overall cost of implementing and maintaining
these availability solutions.
You want to be sure that you have analyzed your business needs thoroughly in order to
decide what level of availability you can afford to maintain. To decide what level of
availability you need, consider the following questions:
Do you have any applications that require 100% availability? In most cases, you can
achieve a high level of availability by implementing sound processes and systems
management practices. The closer you need to be to continuous availability, the more of an
investment you must make. Before you make that kind of investment, you should be sure
that you require that level of availability.
Along with knowing how much downtime is acceptable to you, you need to consider how
that downtime might occur. For example, you might think that 99% availability is acceptable
if the downtime is a series of shorter outages that are distributed over the course of one
Uempty year, but you might think differently about 99% availability if the downtime is actually a
single outage that lasts three days.
You also need to consider when a downtime is acceptable and when it is not. For example,
your average annual downtime goal per year might be nine hours. If that downtime were to
occur during critical business hours, it might have an adverse effect on the bottom line
revenue for your company.
It used to be that customers and business partners accessed your business from 9 a.m. to
5 p.m., so it was realistic to expect that your system only had to be available during those
hours. However, the Internet and a diverse global marketplace have changed that
expectation; customers and business associates might expect to have access to your
company’s data at any time of the day or night. Your working hours might be hours or even
days different from your global business partner or customer. You must determine what
your customer expectations are, and what is realistic with regard to those expectations, as
you determine what level of availability you will maintain.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Types of outages
IBM i
Notes:
Availability is measured in terms of outages, which are periods of time when the server is
not available to users.
During a planned outage (also called a scheduled outage), you deliberately make your
system unavailable to users. You might use a scheduled outage to run batch work, back up
your server, or apply fixes.
An unplanned outage (also called an unscheduled outage) is usually caused by a failure.
You can recover from some unplanned outages (such as disk failure, system failure, power
failure, program failure, or human error) if you have an adequate backup strategy.
However, an unplanned outage that causes a complete system loss, such as a tornado or
fire, requires you to have a detailed disaster recovery plan in place in order to recover.
Your backup window is the amount of time that your server can be unavailable to users
while you perform your backup operations. Your backup window is a scheduled outage that
usually occurs in the night or on a weekend when your server has less traffic.
Uempty There are several levels of availability. These levels differ in the type and duration of
outages that they tolerate. These levels are as follows:
• Highly available: The server delivers an acceptable or agreed-upon level of service
during its scheduled period of operation. The goal is to have the server available when
the customer needs it.
• High availability: The server delivers an acceptable or agreed-upon level of service
during its scheduled period of operation. The goal is to have no unplanned outages;
there may be some planned outages.
• Continuous operations: The server delivers an acceptable or agreed-upon level of
service 24 hours per day, 365 days per year. The goal is for the server to operate
without any planned outages; there may be some unplanned outages.
• Continuous availability: The server delivers an acceptable or agreed-upon level of
service 24 hours a day, 365 days a year. The goal is to have no planned or unplanned
outages.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Failure types (1 of 2)
IBM i
Disk failure
Usually data on failed unit lost
Recover an ASP of failed unit
System failure (hardware failure other than disk)
Usually causes abnormal end
Possible problems:
Files partially updated
Access paths incomplete
Damage to objects in use
Relationships between files might be partially validated
Long IPL
Notes:
Disk failure
If a disk unit on your system fails, in most cases the data on that disk unit is destroyed.
This requires recovering all data in the auxiliary storage pool (ASP) that contains the
failed unit.
The single-level storage architecture makes the IBM Power System with IBM i a very
productive system to program and to manage. However, the architecture makes
recovering from a disk failure more difficult. The system spreads information across all
the disk units in an ASP to provide good performance and storage management. If a
unit in an ASP is lost, you cannot determine what data was on that unit because objects
are spread across the ASP. You must recover all the data in the ASP.
Independent disk pools (also called independent auxiliary storage pools) enable you to
prevent unplanned outages because the data on them is isolated from the rest of your
server. If an independent disk pool fails, your server can continue to operate.
Uempty The disk protection tools, mirrored protection and device parity protection are designed
to reduce the recovery time if a disk unit fails or, in some cases, to eliminate the need
for the recovery of data.
System failure
A system failure means that some part of your system hardware, other than the DASD
subsystems, fails. Some system failures, such as processor problems, cause your
system to stop without warning. This is called an abnormal end.
When your system ends abnormally, the following problems can occur:
- Files may be partially updated.
- Access paths for files may be incomplete.
- Objects that are in use may be damaged.
- Relationships between files may be partially validated.
Long IPL
When you restart (IPL) your system after the failed component is repaired, the system
analyzes the possible damage, rebuilds or recovers access paths, tries to verify file
relationships, and attempts to synchronize files to transaction boundaries. The first IPL
after the system ends abnormally can take a long time.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Failure types (2 of 2)
IBM i
Power failure
Can cause abnormal end
Same problems as system failure
Program or user error
Incorrect (damaged) data
Correct data or restore files
Complete system loss
Natural disasters, such as fire and flood
Notes:
Power failure
Loss of power also causes your system to end abnormally. You may experience the
same types of problems that occur with a system failure. Many systems are equipped
with a feature called System Power Control Network. This feature provides a function
called Continuously Powered Main Store. If your system has this feature, a battery
provides sufficient power to shut down the system and maintain the contents of memory
for up to two days after a power loss. In many cases, this can significantly reduce the
amount of time the system requires to perform an initial program load (IPL) after a
power loss.
Program or user error
Sometimes programs are not adequately tested before they are put into production, or a
condition occurs that was not anticipated by the software developers. A program error
can cause incorrect information in some of your data files.
Uempty People using the system can make mistakes, too. An operator might run a month-end
program twice. A data entry person might enter the same batch of orders twice. A
system manager might delete a file by mistake.
When these types of errors occur, you need to correct or restore the data that has been
damaged.
Complete system loss
A fire, flood, or other natural disaster could destroy your entire system. To rebuild your
entire system, you should have a complete set of save tapes and documentation stored
offsite at a secure, accessible location.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Power subsystem
Redundant power supplies
Dual line cords
Redundant cooling fans
Dedicated UPS monitoring interface
Figure 9-9. IBM Power Systems with IBM i hardware features(1 of 5) OL1914.1
Notes:
Power subsystem
Redundant power supplies
Cooling fans are options available for IBM Power Systems with IBM i. Some models of
the system can be ordered with dual line cords.
These features allow power to be supplied from more than one source, with one power
source acting as a backup in the event of a disruption to the alternate power source.
Dedicated UPS interface
The IBM Power System with IBM i provides a program interface to monitor and manage
the switch to a UPS source in the event of a power outage. The system sends a
message (that can be monitored for) when it detects power loss. A power handling
program can monitor for power-related messages and manage the switchover to a
UPS.
Uempty
IBM Power Systems with IBM i hardware features
(2 of 5)
IBM i
Disk subsystem
RAID 5 / RAID 6 protection
Mirroring protection
Concurrent maintenance
Add disk concurrently
Figure 9-10. IBM Power Systems with IBM i hardware features (2 of 5) OL1914.1
Notes:
Disk subsystem
RAID-5
Device parity protection (RAID-5) is a hardware availability function that protects data
from loss due to a disk unit failure or because of damage to a disk. The overall goal of
device parity protection is to provide high availability and to protect data. To protect
data, the disk controller or input/output processor (IOP) calculates and saves a parity
value for each bit of data. Conceptually, the disk controller or IOP computes the parity
value from the data at the same location on each of the other disk units in the device
parity set. When a disk failure occurs, the parity value and values of the bits in the
corresponding locations on the other disks are used to reconstruct the data. The system
continues to run while the data is reconstructed.
RAID-6
If more than two disk units fail, you must restore the data from the backup media.
Logically, the capacity of two disk units is dedicated to storing parity data in a parity set.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
However, in practice the parity data is spread among multiple disk units. The minimum
number of disk units in a parity set is 4. The maximum number of disk units in a parity
set is 18. When a RAID-6 parity set is started, all of the disk units contain parity.
Restoring data to a disk pool that has disk units with device parity protection may take
longer than a disk pool that contains only unprotected disk units. The Reed Soloman
algorithm and the hardware finite field multiplier, are used to create the stripes of parity
data in a RAID set. These features enhance performance and functionality.
Mirrored protection
Mirrored protection is an availability function that protects data from being lost due to
failure or because of damage to a disk-related component. Data is protected because
the system keeps two copies of data on two separate disk units. When a disk-related
component fails, the system continues to operate without interruption. The mirrored
copy of the data is used until the failed component is repaired. Mirroring can be
extended to include mirroring the disk IOPs and the busses that the disk units are
attached to so the disk subsystem can continue to function even if a disk IOP or a bus
fails.
Concurrent maintenance
The IBM Power System with IBM i disk subsystem allows maintenance to be performed
on a disk drive that is part of a mirrored pair or a RAID set while the system remains
operational. Disks can be added concurrently, meaning disk capacity can be increased
without disruption to system operations. Because the system manages storage
automatically, newly added drives are immediately available for use. There is no
requirement to partition the drives or move data to them in order for the system to utilize
the drives. The system manages all space as one virtual address. Other than
configuring the disks as new hardware devices, special setup is not required to make a
new disk operational.
Uempty
IBM Power Systems with IBM i hardware features
(3 of 5)
IBM i
I/O subsystem
Hot pluggable PCI cards
Dynamic hardware resource reallocation (Vary cmd)
Redundant HSL loops
IOP reset
Figure 9-11. IBM Power Systems with IBM i hardware features (3 of 5) OL1914.1
Notes:
I/O subsystem
Hot pluggable PCI cards
Hot plugging is made possible by the existence of a power control to individual cards
slots. PCI IOPs or IOAs can be added, removed, or replaced while the system remains
active.
Dynamic hardware resource reallocation
Each hardware device on the IBM Power System with IBM i has a device description
associated with it.
The description contains the name of the specific hardware component that the
hardware resource is associated with. If a hardware device fails and there is a backup
device for it installed in the system, the device description can be modified to point to
the backup device. It can then be substituted for the failing device.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
IBM Power Systems with IBM i hardware features
(4 of 5)
IBM i
Memory
Chipkill technology
Error detection and correction
Memory scrubbing
Figure 9-12. IBM Power Systems with IBM i hardware features (4 of 5) OL1914.1
Notes:
Memory
IBM Power Systems with IBM i utilize memory that represents Chip Kill technology. If a
segment of memory fails, the IBM Power System with IBM i simply makes unavailable the
range of addresses, including the defective address or addresses. A message is sent to the
system operator and the hardware error logs are updated with data related to the failure.
Therefore, the system can remain active should a part of main storage fail. Maintenance
can be deferred, which allows the system to tolerate memory failures without bringing the
system down. The system also performs a background scrub of memory, to detect and
correct single- and double-bit errors.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Hardware service
Automatic failure notification
Figure 9-13. IBM Power Systems with IBM i hardware features (5 of 5) OL1914.1
Notes:
Hardware service
Automatic failure notification
With IBM Power Systems with IBM i running Service Director, the system phones home
to a service machine when it detects key hardware component failures. A customer can
optionally choose to have a repair engineer dispatched automatically when a hardware
failure is logged. There are many cases recorded where a service engineer comes to a
customer’s premises in response to a hardware problem detected by Electronic Service
Agent, and the customer is not even aware of the problem because the system was
able to continue operations.
Uempty
IBM Power Systems with IBM i software features
(1 of 6)
IBM i
Figure 9-14. IBM Power Systems with IBM i software features (1 of 6) OL1914.1
Notes:
Database: DB2 Universal Database for IBM Power Systems with IBM i
Journaling
IBM Power Systems with IBM i journaling was initially introduced to record changes
made to database files. In the event of a system outage, the journal is used to
reconstruct the file based on changes recorded in the journal receiver.
IBM Power Systems with IBM i journaling has evolved over time, as has the style of
computing that the system supports. Journaling support is enhanced to include byte
stream files (Integrated File System files), data areas, and data queues.
Remote journaling was introduced to the system at V4R2. With remote journaling,
journal receiver entries are replicated to a backup or remote system. Remote journaling
can be set up to run in synchronous or asynchronous mode. When remote journaling is
synchronous, a database update for the source IBM Power Systems with IBM i is not
completed until the target system makes the journal entry in its receiver. Remote
journaling can be used in conjunction with database replication for high availability.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Commitment control
Some applications involve multistep transactions to update the database. It is
imperative that you complete all steps within the transaction before you commit the
database update. The IBM Power SYstem with IBM i provides commitment control for
this transaction environment. Commitment control is an application-level function that
defines the transaction boundary. It is used in conjunction with database journaling. In
the event of a system failure, commitment control uses journal entries to roll back an
entire transaction. Therefore, a partial update to database files is avoided. An example
of the need for commitment control is a financial application that moves funds between
accounts. In order for the transaction to be considered complete, the debit and credit of
the accounts involved must both be reflected in the database.
Uempty
IBM Power Systems with IBM i software features
(2 of 6)
IBM i
Figure 9-15. IBM Power Systems with IBM i software features (2 of 6) OL1914.1
Notes:
Auxiliary storage pools (ASPs)
IBM Power Systems with IBM i single-level storage treats all storage as one large virtual
address space (this includes main store memory as well as disk). There is no concept
of a disk volume or data set partition. However, the system provides the capability to
separate this contiguous address space into smaller disk pools to make system backup
and recovery faster and to provide Hierarchical Storage Management facilities. These
pools are called auxiliary storage pools.
Conceptually, each ASP on the IBM Power System with IBM i is a separate pool of disk
units for single-level storage. The system spreads data across the disk units within an
ASP. If a disk failure occurs, you need to recover only the data in the ASP that contains
the failed unit. The user of ASPs can reduce system backup time. To do this, create an
ASP to include individual applications and data. A single ASP can then be backed up
without impacting business operations while other applications that operate from
different ASPs stay online.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Introduced with V5R1, independent ASPs (IASPs) take the concept of ASPs further by
making the ASP switchable between systems in a cluster. At V5R1, IASPs can contain
only IFS objects. At V5R3, IASPs can contain almost all IBM Power Systems with IBM i
objects. See the IBM Power Systems with IBM i Information center for more
information.
Hierarchical storage management
Hierarchical storage management (HSM) is a set of APIs supplied with IBM i. Beginning
with V4R4, the IBM Power Systems with IBM i Backup Recovery Media Services
(BRMS) licensed program offers an HSM component. BRMS provides automated
backup and recovery support for database and IFS files. It also provides automation for
system recovery. HSM moves data across a hierarchy of storage, allowing data that is
not heavily used to move to less costly storage. Retrieval of the data is transparent to
users and programs. When the object is referenced, BRMS retrieves it for the user or
program. HSM also helps reduce system back up time, as seldom used data is moved
out of the system ASP and can be saved outside the backup window used for daily
saves of critical business data.
Automated storage management
The IBM Power System with IBM i has long been known for its low cost of ownership. A
contributing factor is that the IBM Power Systems with IBM i server does not need a
database administrator (DBA) to track storage utilization and worry about moving data
around to balance or enhance disk subsystem performance.
Automated storage management is also an availability feature in that the database does
not need to be made unavailable to perform this type of maintenance. IBM i storage
management automatically spreads data across all available disk arms to balance disk
arm utilization. It also automatically allocates additional storage as files, libraries, and
other objects grow. There is no need to take the database or a file offline to extend its
size.
Online disk balancing
If a large number of disk drives are added at once, run the Start ASP Balance
(STRASPBAL) CL command to redistribute data across the disk arms and rebalance
arm utilization. There is no need to partition data sets or to move data between volumes
as required with other databases to balance performance.
You need to select the method of balancing that you wish to use:
• Capacity balancing
• Usage balancing
• Hierarchical storage management (HSM) balancing
Before using usage balancing or HSM balancing, you must run the Trace ASP Balance
(TRCASPBAL) command. This command starts a trace function that collects statistics on
the data in the ASPs that you wish to balance. Data that is used often is referred to as
high use or hot data. Data that is not used often is referred to as low use or cold data.
Uempty
IBM Power Systems with IBM i software features
(3 of 6)
IBM i
Figure 9-16. IBM Power Systems with IBM i software features (3 of 6) OL1914.1
Notes:
Save and restore
IBM i provides a very comprehensive set of save and restore capabilities. These
capabilities include:
Save-while-active
Save-while-active provides a means to save an object to tape while the system remains
active. Any application using a file or library being saved while the IBM Power System
with IBM i is active, must temporarily stop processing before the save can occur.
Save-while-active then establishes a checkpoint image of the object and begins the
save to tape while the application resumes execution.
An advantage to save-while-active is that the entire system does not need to be brought
down for back up. We recommend that you end all subsystems to ensure any database
updates are written from memory to disk before the save is initiated.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
IBM Power Systems with IBM i software features
(4 of 6)
IBM i
Figure 9-17. IBM Power Systems with IBM i software features (4 of 6) OL1914.1
Notes:
TCP/IP
IBM Power Systems with IBM i support a full-function TCP/IP communications stack.
The support is built into TCP/IP to facilitate high-availability computing in a network
environment. A description of these functions follows.
Virtual IP
IBM Power Systems with IBM i support for virtual IP allows the system to assign an IP
address without designating it to a physical hardware device. All IP traffic can be routed
through this virtual address. Each virtual address can have more than one physical
communications adapter, system, or both behind it. This way, if a physical card adapter
or system fails, traffic can be rerouted to maintain availability. A client can be
transparently rerouted. There is no need to reestablish or reconfigure the link to the
alternate system. Virtual IP can also be used for load balancing and to direct sessions
across communications adapters in a system. This helps to evenly distribute traffic for
workload management.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Figure 9-18. IBM Power Systems with IBM i software features (5 of 6) OL1914.1
Notes:
Security
With the well-known instances today of viruses and server hacking, to have a secure
server that is not vulnerable to attack is a key component of availability. IBM i has no
open interfaces to the system kernel, which means the IBM Power System with IBM i is
highly resistant to hacking and viruses. The IBM Power System with IBM i provides
security auditing and uses system journaling support to log security entries. System
security auditing can log activities with user profiles, objects on the system, and jobs.
Uempty
IBM Power Systems with IBM i software features
(6 of 6)
IBM i
Figure 9-19. IBM Power Systems with IBM i software features (6 of 6) OL1914.1
Notes:
System software maintenance
To achieve higher levels of availability when applying PTFs, the IBM Power System with
IBM i adopts a philosophy to applying PTFs immediately (if possible), and not requiring
an IBM Power System with IBM i to IPL for the PTF to take effect.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Figure 9-20. Topic 2: LPAR and HMC concepts and overview OL1914.1
Notes:
LPAR is short for logical partitioning
HMC is short for Hardware Management Console
Uempty
PowerVM virtualization
IBM i
PowerVM
PowerVm Express
PowerVm Standard Edition
PowerVM Enterprise Edition
POWER Hypervisor
Firmware sitting between hosted Operating Systems and server hardware
Controls hardware I/O and management for partitions
Always installed and activated
Regardless of configuration
Dynamic Logical Partitioning
Shared processor pools
Micro-partitioning
Integrated Virtualization Manager
Combines partition management and Virtual I/O Server (VIOS)
VIOS allows sharing of physical resources amongst multiple partitions
Managed from a single point of control (IVM partition)
Does not require a Hardware Management Console (HMC)
© Copyright IBM Corporation 2012
Notes:
PowerVM
PowerVM is a set of comprehensive systems technologies and services designed to
enable the management of resources in a consolidated, logical view. PowerVM is the
virtualization solution for AIX, IBM i and Linux environments on IBM POWER technology.
There are three versions of PowerVM, suited for various purposes:
PowerVM Express is an economical introduction to more advanced virtualization features
at a highly affordable price. It provides the Integrated Virtualization Manager, the Virtual I/O
Server and Shared Dedicated Capacity. It runs in an appliance-style partition that is not
intended to run end-user applications. System administrators can login and manage the
system through a VIOS command line interface.
PowerVM Standard Edition is supported on all POWER processor-based servers and
includes features designed to allow increased system utilization. It provides an HMC
interface, dual Virtual I/O Servers, multiple shared processor pools and shared (main)
storage pools.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
PowerVM Enterprise Edition includes all the features of PowerVM Standard Edition plus
two new capabilities called Active Memory Sharing and Live Partition Mobility.
POWER Hypervisor
The POWER Hypervisor is firmware that sits between hosted operating systems and
server hardware. It provides access between the physical hardware resources and the
logical partitions that use them. It also monitors the Service Processor on behalf of the
server and all of its partitions
Integrated Virtualization Manager
The Integrated Virtualization Manager (IVM) is a hardware management solution (part of
the VIOS product) that enables an administrator to configure a single server using a
browser-based, GUI interface or a command line interface. The tight relationship between
VIOS and IVM enables the administrator to manage a partitioned system without an HMC.
Micro-Partitioning
Micro-partitioning technology allows you to allocate fractions of processors to a logical
partition. An LPAR using fractions of processors is also known as a shared processor
partition or micro-partition. Micro-partitions run over a set of processors called a
shared-processor pool.
Shared-processor pools
Shared-processor pools allow a system administrator to create a set of micro-partitions
with the purpose of controlling the processor capacity that can be consumed from the
physical shared pool. Micro-partitions are created and then identified as members of either
the default shared-processor pool or a user-defined shared-processor pool. If certain
micro-partitions in a shared-processor pool do not use their capacity entitlement, the
unused capacity is ceded and other micro-partitions within the same shared-processor pool
are allocated the additional capacity.
Dynamic Logical Partitioning
Dynamic logical partitioning allows selected resources, such as processors, memory and
I/O components to be added or deleted from logical partitions while the partitions are
executing.
Hardware Management Console
The Hardware Management Console (HMC) is a hardware appliance that you can use to
configure and control one or more managed systems. You can use the HMC to create and
manage logical partitions and activate Capacity Upgrade on Demand. Using service
applications, the HMC communicates with managed systems to detect, consolidate, and
send information to service and support for analysis. The HMC also provides terminal
emulation for the logical partitions on your managed system. You can connect to logical
partitions from the HMC itself, or you can set up the HMC so that you can connect to logical
partitions remotely through the HMC.
Uempty
IBM power-based
servers To independent partitions
running IBM i
From a single
footprint
Notes:
The introduction of faster more powerful processor cores may result in the capacity of a
single processor core to be more than what is required by a single IT organization. Also, an
organization may have the need for multiple independently operating environments to
support different functions. Logical partitioning is a technique for sub-dividing a single IBM
Power System with IBM i into multiple entities.
Partition
When a single IBM Power System with IBM i is subdivided into multiple entities, each
functioning under an separate instance of an operating system, those independent
operating environments are called partitions. The system resources are allocated to the
partitions. Applications running on a partitioned system do not have to be redesigned for
the partitioned environment.
On POWER5, POWER6 and POWER7 based hardware, a primary partition is not required.
There is a service processor (SP) provided which controls the base operations of the IBM
Power System with IBM i for all partitions. The service processor is powered up
immediately when the IBM Power System with IBM i, is plugged into a power source. A
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Hardware Management Console (HMC) is required in order to interface with the service
processor for management of all partitions.
On POWER4 based hardware, a primary partition is required to handle the added
responsibility of partition management. This partition management function is integrated
into the Licensed Internal Code of the primary partition, and includes creating and deleting
partitions as well as adding and removing resources. The LIC hypervisor provides
additional functions for all secondary partitions that include:
• Virtual operations panels for setting IPL modes and source, powering up/down and
forcing service functions like main storage dumps
• Virtual service processor for secondary partitions
Independent operating environment
Each partition runs its own operating system which may or may not match operating
systems in other partitions on the same system. Each partition may be started and stopped
independently of other partitions. An operator can perform the following functions on
independent partitions:
• Run applications
• Perform a secondary partition IPL
• Power on or off the secondary partition
• Dump the main storage of the secondary partition
• Apply fixes to the secondary partition
• Perform system backups of the secondary partition
Note that POWER4 systems have a limit of 32 logical partitions.
Uempty
Processors
Virtual
Ethernet Memory
Dynamic reallocation
I/O adapters
Common resources
I/O devices
Notes:
Resources
Resources are the system components that are configured into partitions.
The maximum number of partitions is related to the type of POWER system and the total
amount of resources on the system. For example, a system with 8 processors can be
configured with a total of no more than 80 partitions (if there are sufficient resources). If a
system has enough resources, the upper limit of the number of partitions is 254 on
POWER5 and POWER6 systems versus 32 on a POWER4 system.
Minimum amount of resources
Each IBM i partition must be configured with at least 128 MB of memory, one tenth of a
physical processor, and enough I/O devices to provide a load source (boot resources),
have access to a console and have the ability to load code.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Memory
Memory is allocated in multiple MB segments (the smallest being 16 MB). The exact size is
dependant on the model and the total amount of memory on the managed server. A
partition may be as small as 128 MB or as large as all of the installed memory.
Processing units
Processing power is configured in processing units equivalent to 1/100 of a physical
processor. A dedicated processor = 1.00 processing units. A partition can be configured
with as little as .10 processing unit or as much as the equivalent to all of the available
installed physical processors.
I/O slots
I/O resources are allocated to partitions at the slot level. At a minimum, you must configure
a partition with enough I/O resources to include the load source disk (boot resources) and
at least access to a console.
5250 CPW (IBM i partitions only) – also known as OLTP
Your system has a certain amount of interactive performance based on the type of system
and the number of processors. The 5250 emulation refers to how much the user must
interact with (and respond to prompts from) the computer. You can contrast this with batch
where no user intervention is required. Given the amount of interactive performance on
your system, you need to determine what percentage will be available for each partition.
The combined total of all partitions’ settings cannot exceed 100% - of the available 5250
CPWs. This resource was known as Interactive Performance on the POWER4-based
iSeries servers.
Virtual devices
Other devices can be configured to be shared between partitions. Each partition may
configure virtual I/O slots which can be configured with a virtual adapter instance. These
virtual adapters may be an Ethernet interface, a SCSI, or serial devices.
Uempty
TIMI
Open firmware Open firmware
SLIC
POWER Hypervisor
Notes:
A partition is the allocation of system resources to create logically separate systems within
the same physical footprint.
A logical partition is when the isolation is implemented with firmware.
• Although a partition might be logical, it can also be physical (resources).
• It provides configuration flexibility.
The POWER Hypervisor is a layer of firmware associated with the service processor of the
hardware. It provides the support necessary for logically partitioning the hardware.
The POWER Systems hardware supports one of the following operating systems in each
partition:
• IBM i
• AIX 5L
• Linux
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
The AIX and Linux operating systems interface through Run-Time Abstraction Services
(RTAS), while the IBM i has System License Internal Code (SLIC) and the Technology
Independent Machine Interface (TIMI).
Uempty
Notes:
Introduction to the POWER Hypervisor
Partitions are isolated from each other by firmware (underlying software) part of which is
the POWER Hypervisor.
Virtual memory management by the POWER Hypervisor
There is no program access permitted between partition memory and I/O memory.
Software exceptions and crashes are contained within a partition. The POWER Hypervisor
controls the page tables used by partitions to ensure a partition only has access to its own
physical memory segments. It uses a physical memory offset value for each partition so
that the operating IBM i instances in each partition can continue to use memory address
zero as its starting point.
Virtual console support
The POWER Hypervisor provides input/output streams for a virtual console device that can
be presented on the HMC.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Software licensing
IBM i
Licensing
Is per operating system
Is based on processing power or is user-based for some entry-level
servers
Is affected by partial processor feature
Third-party application provider licenses might differ
Other software
Operating systems
IBM i, Linux, AIX 5L
IBM hardware
© Copyright IBM Corporation 2012
Notes:
Software licenses on a partitioned system
Unique software resources exist and operate on hardware that is assigned to each
partition. These software resources include separate copies of Licensed Internal Code,
IBM i, and other licensed operating systems and programs. Additionally, language feature
codes, security, user data, most system values, and software release and fixes also known
as program temporary fixes (PTFs) remain unique for each partition.
If you use shared processors and take advantage of sub-processor allocations, IBM rounds
up to the nearest whole number in calculating the appropriate software licenses and IBM
will not charge you for more software licenses than the total number of physical processors
on your server. Planning through the System Planning Tool (SPT) will give you the required
number of licenses necessary.
If you plan to run different operating systems (for example, IBM i and AIX 5L) on the same
server, then you need licenses for each individual operating system and the licenses are
based on processing power. For example, on an eight processor system, you might have
licenses for four processors for IBM i and four processors for AIX 5L. There are license
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
keys to manage licenses. If you reconfigure your partitions so that, for example, you have
4.5 processors in the partition running IBM i and your licenses only allow four processors,
you will receive out of compliance messages. Either contact IBM to purchase more
licenses or reconfigure the partition to use less processing power to stop these messages.
For third-party software, you will have to discuss with the vendor how to license packages
on a partitioned system.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Communications adapters
Global consolidation
Independent partition time zones
Multiple national languages
Partition-1 Partition-2 Partition-3 Partition-4
Operating systems flexibility Japan USA Argentina UK
Notes:
Consolidation
Using partitions gives you the ability to reallocate expensive resources and manage them
all with one interface (the HMC). You can reallocate processors, memory, or any I/O
adapter (and thus device) by reconfiguring the partitions or by using dynamic partition
operations. All of the resources are located within one system, potentially reducing the
amount of floor space needed.
Applications that were running on different systems with different operating systems can
now be brought on to a single Power System – and less frequently is used resources
maybe switched between partitions to reduce costs.
Each partition can have its own instance of a supported operating system (AIX, Linux, or
IBM i) and therefore have its own version level, language support, local time, and so on.
Many customers utilize smaller development systems to develop, test, and migrate
applications. These smaller systems may not be the same hardware, have the same
software, devices, or infrastructure as the “real”, production system. These issues can be
Uempty largely avoided by utilizing a partition on the same system as the production applications
for development and testing. This also protects the production partition from the activities
on the test partition. Once the testing is complete, the resources used for the development
partition can be reallocated to the production partition.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Since there is a service processor (SP) which controls the base operations of the IBM
Power System with IBM i across all partitions, a primary partition is not required. A
Hardware Management Console (HMC) is required in order to interface with the service
processor for management of all the partitions.
POWER5 and POWER6 systems can support up to 254 maximum logical partitions.
Multiple operating systems are supported across the partitions. These partitions could be
IBM i, AIX 5L, and Linux-based operating systems.
Another advantage POWER5 and POWER6 partitioning has over POWER4 is the ability to
balance processor usage between partitions by using uncapped partitions.
Uempty
IBM
power-
based
servers
running
IBM i
CPW
IBM i
Partition Processor LS
Processor
LPAR 2 = memory UNIT 1
Memory
Disks
Logically dividing
IBM i
system resources
IBM i
CPW
Primary = Processor
memory
LS
UNIT 1
Hypervisor
Workstations
Communication lines
Tape drives
Other hardware resources Available alternate IPL device
for each LPAR
Notes:
When an IBM Power System with IBM i is partitioned, the resources within the system are
assigned to create complete logical systems. POWER4 hardware does not make use of an
HMC. POWER4 systems require that the first LPAR is defined as the primary partition
which performs the duties that are now done by the Hypervisor. Basically, the primary
partition is used to manage and drive this physical system and all of the logical partitions
that are set up on this server.
Alternate IPL device
The media in the alternate IPL device is what the system uses to start from when you
perform a D- source IPL. The device can be a tape drive or an optical device. The alternate
IPL device loads the Licensed Internal Code contained on the removable media instead of
the code on the load source.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Partition console
Each logical partition must have a console attached to it through an IOP. The console is the
first workstation that the system activates in the partition. The system assumes that this
console will always be available for use.
Load source resource
Each logical partition must have one disk unit designated as the load source. The load
source resource is the IOP with the load source that contains the Licensed Internal Code
and the configuration data for the logical partitions. The system always identifies this disk
unit as unit number one.
Additional information can be found in:
http://publib.boulder.ibm.com/infocenter/powersys/v3r1m5/index.jsp
http://www-03.ibm.com/systems/i/
Uempty
Intel-based PC appliance
Required for configuration and management of partitions
Available for POWER5, POWER6, and POWER7 systems
Main HMC/SDMC applications are:
Server and partition management
Licensed internal code maintenance
HMC/SDMC code maintenance
Independent of managed system or operating systems
Licensed internal code update flexible service processor (FSP)
HMC management
HMC/SDMC users
Configuration
HMC
Service applications
System manager security
© Copyright IBM Corporation 2012
Notes:
An appliance is used here to describe a component which has a range of fixed functions
already included prior to delivery to the customer. Additional unsupported applications
cannot be installed nor can the HMC firmware be altered.
The Hardware Maintenance Console (HMC) is a dedicated desktop or rack-mounted
workstation that provides a graphical user interface (GUI) for configuration and operating
logical partitions on LPAR-capable eServer POWER5, POWER6, or POWER7 servers.
The Systems Director Management Console (SDMC) is the newest hardware and software
appliance that provides the same functionality as the HMC but for POWER6 or POWER7
servers only. It is IBM’s strategic product that will allow management of multiple systems,
multiple platforms (i, z, p, Power-based blades) and multiple virtual systems (LPARs) with
one hardware device. It also has the capability of running as a virtualized SDMC on System
x hardware.
An HMC or SDMC is required for many functions, including logical partition (LPAR)
management, capacity on demand (CoD) management, and as a single point for service
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
error reporting for the HMC, SDMC, the service processor and – if desired – logical
partitions.
Uempty
Hypervisor: OS-independent
Non-volatile RAM
Processors
Service
processor Virtual servers consist of different
Mem regions Virtual elements (look at colors):
Server Processors
I/O slots
(LPAR) Managed
Memory
allocation system
tables I/O slots
Notes:
The HMC/SDMC and service processor
The HMC/SDMC provides the administrator a GUI method of managing virtual servers
(partitions or LPARs).
The Service Processor (SP) in turn provides the interface to the Hypervisor, which is
operating system and virtual server (partition) independent.
The POWER Hypervisor is the interface through which the SDMC is able to control the
allocation of appropriate resources necessary for virtual servers (partitions) on a managed
system.
The virtual server (partition) configuration information is recorded in the NVRAM on the
managed system.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Integrated Virtualization Manager
The Integrated Virtualization Manager (IVM), a component of PowerVM Editions, can be
used to manage your Virtual I/O Server (VIOS) and client virtual servers. The IVM provides
a web-based system management interface called the Advanced System Management
Interface (ASMI). The ASMI, accessed using a browser on a PC attached to a managed
server, can be used to manage an unpartitioned server. The ASMI can also be used to
create a partition in which VIOS runs. This partition is called the management partition.
Once this partition is created, you can then configure a physical Ethernet adapter on the
server so that you can connect to the IVM from a computer with a web browser.
Partitioning with the Integrated Virtualization Manager
In the above figure, the VIOS is in its own partition, and the client logical partitions are
managed by the VIOS logical partition. The browser on the PC connects to the IVM over a
network and it (IVM) can be used to create and managed the logical partitions.
Uempty
Power Systems
Rack-mount
ASMI only IVM only Desktop HMC
HMC
No LPAR Entry-level LPAR Basic desktop, Stackable, with
Limited CoD controls from IVM, worldwide support, shared flat
Basic service based on AIX VIO long production panel/keyboard
functions Server (VIOS) cycle drawer, well suited for
Limited CoD Full function LPAR clusters
Limited service controls Full function LPAR
functions Full service functions controls
Virtual OS consoles Full service functions
Redundant HMC Virtual OS consoles
optional Redundant HMC
optional
Notes:
This figure summarizes the Power Systems management techniques available to
administrators. ASMI management allows limited server management and no partitions.
IVM and HMC/SDMC provide more functional server management and partitions.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
PC-based console
Closed custom appliance
Connects to service processor over a private or open network
Notes:
HMC description
Officially, the name of the PC-based console is called the “IBM Hardware Management
Console for IBM Power Systems with IBM i”. It is available in a desktop or a rack-mount
model. The user can only access the management application and no additional
applications may be installed. A second HMC may be connected to a single managed
system for redundancy. The HMC is required for POWER5 and POWER6 systems running
LPARs.
Remote access to the HMC functions
Remote access to the HMC application is provided by using WebSM. The WebSM client
runs on Microsoft Windows PCs and on Linux and AIX 5L workstations. In addition, there
are extensive HMC command-line controls accessible through the use of the Secure Shell
(SSH).
Uempty HMC is independent from the managed system and its partitions
The managed system refers to the IBM Power System with IBM i being managed by the
HMC. While the HMC is necessary for some functions, such as configuring LPARs, it will
not affect the operational status of any partitions if something goes wrong. The partition
configuration information is not only kept on the HMC but also kept in Non-Volatile RAM
(NVRAM) on the managed system, so if the HMC were to crash, the partitions would
continue to run. In fact, you can remove the HMC, replace it with another, (after contacting
your service provider) then download the partition data from the NVRAM on the managed
system and not affect the running of the partitions.
Service errors focal point
If a hardware error occurs, that error may be reported by multiple partitions. To prevent
confusion, the HMC is also used as a service focal point for error reporting. An application
on the HMC serves as a filter for errors to ensure IBM service calls are placed only once
per actual hardware error. Alternatively, a partition configured as the service partition may
collect system errors and report them to IBM.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
HMC appliance
IBM i
Notes:
HMC is not used on POWER4 systems. An HMC is used on POWER5, POWER6 and
POWER7 systems.
An HMC is required on systems with:
• Logical partitions
• Capacity on demand
• Bulk power assemblies (high-end 595)
• Redundant service processors (570 and 595 only)
• Concurrent Firmware Maintenance (CFM)
While the HMC is necessary for some functions, it does not affect the operational status of
any partitions if something goes wrong. The partition configuration information is not only
kept on the HMC but also kept in Non-Volatile RAM (NVRAM) on the managed system, so
if the HMC were to crash, the partitions would continue to run.
Uempty
Notes:
The HMC 7310 is available as two standard models.
The desktop has a standard single integrated Ethernet port, while the rack-mounted model
has two Ethernet ports in the standard configuration. At a minimum, one Ethernet port on
the HMC is required to connect to the service processor of a logically partitioned System i
managed system.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Information on the modem of the HMC 7040 models: The number of available PCI slots in
the configuration and the availability of a homologated internal modem for the ship-to
country, determine whether an internal modem is shipped. If an internal modem is not
shipped, an external modem is shipped if there is an homologated modem available for the
ship-to country.
Uempty
HMC interface
IBM i
Notes:
HMC interface
The HMC application is split into two window panes. The navigation pane on the left side
allows you to access the individual applications. The content pane on the right side gives
access to the application options.
In the visual above, the example shows the HMC Management application which allows a
menu of options to work with the attached Managed System.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
You can use local or remote access and interfaces in order to manage your systems.
Uempty
Remote access to the HMC (browser-based
since V7)
IBM i
Figure 9-41. Remote access to the HMC (browser-based since V7) OL1914.1
Notes:
It is recommended that the HMC be connected to the managed systems through a private
network. HMCs may typically be placed inside the machine room where managed systems
are located, so you might not have easy physical access to the HMC. To access the HMC
through the network, one of the HMC Ethernet ports must be configured for an open
network. There are three options for accessing HMC functions remotely.
Another remote HMC
Each HMC has the ability to connect to another HMC and access its functions. You must
log in to the second HMC. To connect to another HMC from an HMC, use the Console >
Add host menu option, then enter the hostname or IP address of the remote HMC. The
second HMC appears in the navigation pane of the HMC interface. Click its name to log in.
From there you have all the capabilities that your login account allows on that HMC.
WebSM client
You can install WebSM client software on a Windows PC, an AIX workstation, or on a Linux
workstation. From WebSM you may connect to any HMC and access its functions. You
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
must log in to the HMC both to install the remote client and to access the HMC each time.
Linux:
SSH connection
You can use a secure shell (SSH) connection directly to the HMC. When you log in, you are
given a restricted shell. Most partition management commands can be executed using this
restricted shell command line. The SSH access feature is disabled by default. You need to
enable SSH to use the facility, and you can enable this from the HMC.
Virtual terminal
Virtual terminal gives you the ability to assume the console role for your IBM i partitions
from the HMC to a 5250 session configured on your PC.
Uempty
Managed system
Service
Processors Processor
Memory Ethernet
LPAR
I/O Slots
allocation
tables
Notes:
Introduction
This picture brings together several concepts that have been covered already. Partitions
are independent operating environments and their resources are managed by the POWER
Hypervisor.
• NVRAM is used on the managed system to keep track of the LPAR configuration.
• The LPAR configuration is managed and also kept on the HMC.
• The HMC is connected to the managed system through the Flexible Service Processor
(FSP). The FSP is a separate, independent processor that provides hardware
initialization during system load, operation monitoring of environmental and error
events, and maintenance support.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-65
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Introduction
This page lists the advanced partition features covered in the rest of this unit.
Uempty
Dynamic partitioning
IBM i
Notes:
Dynamic partitioning
Dynamic partitioning refers to the fact that you can switch resources between partitions
without shutting down the partitions. The opposite of dynamic partitioning is static
partitioning, where new configurations are only used when a partition is reactivated.
DLPAR operations do not weaken the security or isolation between LPARs. Partitions only
see resources in its own partition, any potential connectors for additional virtual resources
that may have been configured, and any resources not currently allocated.
Resources are reset when moved from one partition to another. Processors are
reinitialized, memory regions are cleared, and adapter slots are reset.
DLPAR operations
You can add, remove, and move resources between partitions. This can be accomplished
from the HMC application or through HMC command-line commands.
With virtual devices, you may add or delete them, but you cannot move them from one
partition to another. You can, however, dynamically change the configuration that specifies
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-67
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
what type of virtual adapter it is. Other partition options which can be reconfigured
dynamically will be covered later in this course.
DLPAR resources
The resources include memory, processing units, and not required I/O slots. A required slot
or adapter is one that a partition has defined as essential to its operation and is thus
unavailable for movement as long as the partition is operational.
For virtual devices, you may add and remove, but not move resources between partitions.
These operations will be covered in a future unit in this course.
Applications may not be DLPAR-aware
Most applications are unaware of the underlying resource specifics and that works just fine.
But some applications and utilities, particularly monitoring tools, may inhibit some DLPAR
operations if they bind to processors or pin memory. Many resource-aware applications
have been rewritten in recent years to allow DLPAR. Check with your sales representative
about your application.
Uempty
HMC
HMC command
Partition A Partition B
POWER Hypervisor
© Copyright IBM Corporation 2012
Notes:
Introduction
The visual illustrates these points:
The DLPAR request originates at the HMC.
• The request is made over the TCP/IP network to the POWER Hypervisor.
• Partition A and partition B communicate about the DLPAR operation through a task
running on both partitions.
• DLPAR will not work if the network is down:
- Between the HMC and the Managed System
- Between the HMC and the IBM i, AIX or LINUX partition
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-69
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Processor concepts
IBM i
Shared
Dedicated
Inactive
(CoD)
Deconfigured
Physical
(installed)
Notes:
Introduction
This visual summarizes the various concepts concerning POWER5 and POWER^
processors. Along the bottom are whole, physical processors installed in the computer
system. These are configured in various ways into the three partitions.
Processing units, partial processors, and logical processors
Shared processor partitions are allocated in processing units rather than physical
processors. A processing unit is the equivalent to 1.00 physical processor. 1.00 processing
unit is (more or less) equivalent to one dedicated processor.
The terms micro-partitioning and partial processors refer to the ability to allocated less than
a whole physical processor to a partition.
Virtual processors
If you were to allocate 2.00 processing units to a partition, what is actually allocated is the
equivalent of the execution time or capacity of two whole processors. A virtual processor
Uempty defines the number of real processors in the shared pool that this partition can run jobs (or
threads) on simultaneously.
Shared versus dedicated processors
Dedicated processors are physical processors that are allocated to a partition and are
dedicated to that partition. Other partitions cannot use any time slices on that processor
while that partition is active. Shared processors are whole processors that live in the
shared pool – now the default. Partitions use processing units from that pool as needed
within configuration guidelines.
Inactive, Capacity on Demand (CoD) processors aka Capacity Upgrade on Demand
(CUoD)
Inactive processors may be added as a dedicated or shared processor through the
activation of a CoD license key. CoD is an option that can be purchased. There is more on
this in a few moments.
Deconfigured
A physical processor may be automatically deconfigured from the system due to detected
errors.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-71
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Micro-partitioning
IBM i
Partition 1
P P P P Partition 2
t=0 Partition 3
Partition 4
Partition 5
Partition 6
Partition 7
Notes:
Micro-partitioning
Micro-partitioning is defined as the ability to create a partition and allocate less than a full
processor to it. Processing power may be allocated to partitions using dedicated
processors or shared processors. For shared processors, partitions may allocate
processing power in processing units which are equivalent to 1/100 of the execution
capacity of a physical processor. At a minimum, a partition must have processing units
equivalent to 1/10 of a processor.
The visual above shows seven partitions each time-slicing on four physical processors
which are part of the shared processing pool. “t” shows the time scale. Each partition gets a
percentage of the execution dispatch time on the processors in the pool, based on its
capacity assignment. Do not worry. We will come back to this later. This page is here to
give you some basic terminology until we reach the advanced processor topic later in this
course.
Uempty
Virtual I/O
IBM i
Notes:
Virtual I/O basics
Each partition, by default, has two virtual Serial I/O slots (which are already used by system
functions – HMC console and debugging) and cannot be used or modified by the end user.
Additional slots can be configured and populated with a virtual adapter instance which
allows partitions to share devices. It also provides virtual Ethernet connections between
partitions on the same IBM Power System with IBM i.
Virtual adapters interact with the operating system like any other adapter card, except that
they are not physically present. Virtual adapters are recorded in IBM Power System with
IBM i inventory and management utilities.
As with physical I/O adapters, a virtual I/O adapter must first be varied off from the
operating system to perform a DLPAR remove operation.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-73
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Virtual Ethernet
Virtual Ethernet provides the same function as using a 1 GB Ethernet adapter and is
implemented through high-speed, inter-partition, in-memory communication. Each partition
can connect to multiple networks through one or more adapters (using a virtual switch).
Virtual serial
The virtual serial option is typically used for virtual console access.
Virtual SCSI
The virtual SCSI option provides access to block storage devices in other partitions such as
device sharing. It uses the client/server model where the server exports disks, logical
volumes, or other SCSI-based devices, and the client sees the imported device as a
standard SCSI device.
Uempty
Client Server
partition partition
Physical
Virtual Virtual Virtual Proxy Physical network
Ethernet Ethernet ARP Ethernet
switch
Notes:
Client/server relationship
Virtual I/O devices provide for sharing of physical resources, such as adapters and
devices, among partitions. Multiple partitions can share physical I/O resources and each
partition can simultaneously use virtual and physical I/O devices. When sharing adapters,
the client/server model is used to designate partitions as users or suppliers of adapters. A
server must make its physical adapter available and a client must configure the virtual
adapter.
If a server partition providing I/O for a client partition fails, the client partition might continue
to function depending on the significance of the hardware it is using. For example, if the
server is providing the paging volume for another partition, a failure of the server partition
will be significant to the client. However, if the shared resource is a tape drive, a failure of
the server partition will have only minimal effects on the client partition.
Currently, only IBM i partitions can be server partitions on POWER5 Servers. AIX can be
either a client or a server, whereas Linux can only be a client.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-75
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Virtual SCSI
Virtual SCSI devices provide the ability for a partition to use storage I/O (disk, CD, and
tape) devices that are owned by another partition. For example, one partition may provide
disk storage space to other partitions. Disk unit, CD, and tape devices on an IBM Power
System with IBM i are based on the SCSI protocol.
Virtual serial adapters
For IBM i, the virtual serial adapter provides for a 5250 console connection to the HMC and
allows for an internal debugging connection through the HMC and to the partition. For
Linux, the virtual serial adapter provides a character console to either the HMC or an IBM i
partition.
Virtual Ethernet
There are two features to Virtual Ethernet. One is the inter-partition virtual switch to provide
support for connecting up to 4096 LANs. LAN IDs are used to configure virtual Ethernet
LANs and all partitions using a particular LAN ID can communicate with each other. The
other feature is a function that bridges networks together without using TCP/IP routing.
This function allows the partition to appear to be connected directly to the external network.
The connections to the physical networks are through routing partitions and this implies a
trusted environment for the routing partition. The benefits to using this feature include not
needing a physical adapter for each partition and it removes some network load.
Uempty
Capacity on demand
IBM i
Trial CoD
No charge 30-day activation of processors or memory resources
On/off CoD
Ability to activate processor or memory resources temporarily
Add reserve
Reserve CoD resources
Processors only
Prepaid for certain number of days
Notes:
Introduction to CoD
CoD is a list of features which may be purchased. The four main bullets in the visual above
list the four purchasing options. These options are managed from the HMC and require a
license key to activate.
Capacity CUoD requires a purchase agreement. Once processors or memory are added,
there is no ability to turn off the capacity.
Trial CoD is available for 30 days at no additional cost to allow testing and emergency relief
while the customer processes the purchase of permanent CUoD resources.
On/Off CoD provides temporary additional processor or memory resources. Activity is
reported to IBM and there must be an On/Off Capacity agreement.
Reserve CoD adds reserve processor capacity to the shared processor pool if the base
shared pool capacity is exceeded. There must be a prepaid debit agreement for a set
number of days.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-77
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Introduction
This visual illustrates a system with eleven partitions. It shows the basic components of a
system running logical partitions such as the HMC, the POWER Hypervisor, a virtual LAN,
partial processors, virtual I/O, and dedicated versus shared processing pool.
In the visual, the P=processors, M=memory, and A=adapters are in I/O slots.
Virtual OptiConnect
The visual above shows one new concept, the virtual OptiConnect. OptiConnect is a
POWER5 system option which provides high-speed partition-to-partition communication for
PCI-based models. No additional hardware is required. To use the OptiConnect feature,
you need to install the separately priced OptiConnect, software.
Uempty
3 Set up HMC.
Notes:
Introduction
These are the overall steps for configuring partitions on a new POWER5 and POWER6
LPAR-capable system.
Step 1: Plan for usage model and applications
If you have already purchased a POWER5 or POWER6 system you have probably already
completed Step 1 as part of the system sizing process. As part of this step you should have
some idea about how to divide up the applications into partitions. You should also plan for
future needs such as partitions for development and testing.
Step 2: Plan resources for partitions
Planning the resource allocations for partitions is the most important step in the
configuration process because it will hopefully eliminate errors and multiple
reconfigurations later in the process. Planning is crucial because with multiple partitions the
configuration information becomes quite complex very quickly. This is particularly true for
the network configuration of your partitions and the HMC.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-79
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
You should plan for the “normal” operation of the application in a partition and for best case
and worst case scenarios. It is important to document all configurations and keep the
records up to date.
Step 3: Set up the HMC
Once the hardware has been delivered, set up the HMC. The HMC can (and should) be set
up and ready to go long before the managed IBM Power System with IBM i is even
powered on. Since the HMC has its own operating system it can be configured
independently of any other hardware.
Step 4: Power on and set up the HMC managed system
The managed IBM Power System with IBM i is a term used to describe a single IBM Power
System with IBM i with one or more partitions. For new managed systems and HMCs, the
HMC must be configured to support the managed system. Then, when you power on the
managed system from the HMC for the FIRST time consider the Auto Start rather than the
Partition Standby power on option. This option will allow you to insure all your hardware is
operating correctly before configuring additional partitions.
Step 5: Create and configure partitions
You must plan, create, and configure each logical partition. Configuring a partition consists
of allocating resources and setting other configuration options.
Step 6: Activate partitions and install operating systems
At this point you can activate each partition and install an operating system – if necessary.
Step 7: Configure and test service applications
Since IBM cannot predict how a particular system might be divided into separate operating
system environments, you may need to alter the configuration of the service applications,
such as Service Agent and Service Focal Point.
Uempty
Education:
AS530/OV530: Logical Partitioning (LPAR) on IBM Power Systems
with IBM i
www.redbooks.com:
SG24-6251: LPAR Configuration and Management
SG24-6209: Capacity Planning for Logical Partitioning
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-81
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Topic 3: Clustering
Notes:
Uempty
Notes:
Starting at V4R4 the System i family of systems was enhanced with Continuous Availability
Clustering. The definition of a cluster is a group of independent systems working together
as a single system.
IBM Power Systems with IBM i clustering lets you efficiently group your systems together to
set up an environment that provides availability that approaches 100% for your critical
applications and your critical data. Clustering also provides simplified systems
management and increased scalability to seamlessly add new components as a
customer’s business grows.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-83
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Types of clusters (1 of 4)
IBM i
Separate servers
Each system has a copy
of the disks.
Data is replicated from a
source system to one or
more target systems.
Local access to the data
for updates is only
available at the source
system.
Servers can be in different
Replicated
locations to withstand objects
single site disaster.
Notes:
A separate server cluster is also known as a replication solution.
In this solution, each of the systems in the cluster has a copy of the data located on
different disk units. Changes made to data and objects on one system are replicated to the
second system using an HABP replication product. With this solution, both copies of the
data are available and may be in use. It is usually advisable for one of the copies of the
data to be used for read-only operations like queries. Also, the distance between the
systems can be quite large. Therefore, this cluster can provide high availability and disaster
recovery.
Uempty
Types of clusters (2 of 4)
IBM i
Switchable DASD
Disk drives can be switched
from one system to another.
Local access to the data is
only available from the owning
system.
There is a single set of disk
drives for all systems.
It is not necessary to replicate
data between systems that
can own the switchable
devices.
This is susceptible to site
IASP
disaster.
Notes:
One form of high availability for an IBM Power System with IBM i cluster, is switched disks.
The independent disk pools reside on a single set of disk units. If the disks are switched
between systems, they are located in expansion towers on HSL loops connecting the
systems. In a switched disk environment, the disks are owned by one of the systems or
partitions in the cluster. The distance between systems is limited, and, as a result, switched
disks are not a good disaster recovery solution.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-85
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Types of clusters (3 of 4)
IBM i
Notes:
Cross site mirror (XSM) clusters are similar to replication solutions.
Changes written to disk units in an independent disk pool are intercepted and sent to a
backup location. When the change is received at the backup location, it is written into a
different set of disk units. The practical distance between the XSM sites makes this solution
acceptable for disaster recovery. The main differences between XSM and a replication
solution are:
• An HABP replication product is not required
• Changes are always written in the same order on both sets of disks.
• Only the production copy of the disk pool is available.
Uempty
Types of clusters (4 of 4)
IBM i
Notes:
Another disk solution is provided with IBM external storage through Copy Services
functions called metro and global mirroring.
In this solution, a change will be written to one set of external disk units and copied to a
second set of disk units by the storage subsystem. There is no IBM Power System with
IBM i involvement in the replication. The target of the copy of the operation may be local
(metro mirroring) or remote (global mirroring). Nearly all installations of this solution are
implemented using the Copy Services Toolkit provided by the Custom Technology Center
and supported by the IBM Power System with IBM i Technology Center.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-87
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Elements of a cluster (1 of 5)
IBM i
Cluster
Administrative
domain CRG CRG
Cluster node
A A
Device
domain
CRG
C
CRG CRG CRG
B B C
Recovery Cluster
domain resource
group
Cluster resources
(for example, switched disk with IASP)
Notes:
A cluster is a collection of systems or partitions that are logically linked together.
Uempty
Elements of a cluster (2 of 5)
IBM i
Cluster
Device
domain
CRG
C
CRG CRG CRG
B B C
Recovery Cluster
domain resource
group
Cluster resources
(for example, switched disk with IASP)
Notes:
A cluster node is a system or partition that is in a cluster. A partition or system can be a
node in only one cluster.
The three types of roles a node can have in a recovery domain are:
Primary node
The cluster node that is the primary point of access for the resilient cluster resource.
• For a data CRG, the primary node contains the principle copy of a resource.
• For an application CRG, the primary node is the system on which the application
is currently running.
• For a device CRG, the primary node is the current owner of the device resource.
If the primary node for a CRG fails, or a manual switchover is initiated, all CRG objects
fail or switch over to a backup node.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-89
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Backup node
The backup node is the cluster node that takes over the role of primary access if the
present primary node fails or a manual switchover is initiated. For a data CRG, this
cluster node contains a copy of that resource which is kept current with replication.
Replicate node
The replicate node is a cluster node that has copies of cluster resources, but is unable
to assume the role of primary or backup. Failover or switchover to a replicate node is
not allowed. If you ever want a replicate node to become a primary, you must first
change the role of the replicate node to that of a backup node.
Uempty
Elements of a cluster (3 of 5)
IBM i
Cluster
Administrative
domain CRG CRG Cluster node
A A
Device
domain
CRG
C
CRG CRG CRG
B B C
Recovery Cluster
domain resource
group
Cluster resources
(for example, switched disk with IASP)
Notes:
Cluster resources are resilient and may be relocated between nodes in a cluster. Selecting
data or applications to be made resilient is similar to planning a save/restore strategy to be
used for disaster recovery.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-91
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Elements of a cluster (4 of 5)
IBM i
Cluster
Administrative
domain CRG CRG Cluster node
A A
Device
domain
CRG
C
CRG CRG CRG
B B C
Recovery Cluster
domain resource
group
Cluster resources
(for example, switched disk with IASP)
Notes:
A Cluster resource group is an object that describes and manages cluster resources.
Uempty
Elements of a cluster (5 of 5)
IBM i
Cluster
Administrative
domain Cluster node
CRG CRG
A A
Device
domain
CRG
C
CRG CRG CRG
B B C
Recovery Cluster
domain resource
group
Cluster resources
(for example, switched disk with IASP)
Notes:
An Administrative domain is a collection of nodes that is used to replicate objects between
them. For example, if the user profiles in three nodes in the Administrative Domain should
remain the same, whenever a change is made to the user profile on one of the nodes in the
Administrative domain, the user profile is copied to the other nodes.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-93
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Example 1
HABP Replication
Notes:
In example one, the backup system can be used to take the backups of the production IBM
Power System with IBM i in order to reduce the down time associated with the backup
window on the production system. Time and resource consuming queries for business
intelligence-like activities can also be performed on the backup system, this technique
avoids a performance impact on the production system.
In example two, both systems are production machines and cross-backup of each other
using HABP in both directions. Each machine can work as a fail-over for the workload
running on the other system.
Uempty
530 740
750 750
H H 720
U U
B B
520 750 T1 WAN
520 T1 WAN
Ethernet LPAR
LAN 520 ATM WAN
520
520
520 520
Notes:
Up to 128 nodes can be configured and be part of a single cluster. In the given example
there are no clients shown.
First, this example shows the combination of different systems with the different roles they
can perform.
Secondly, this example also shows how the systems can be connected using different
topologies. The systems in the middle ring are connected through OptiConnect in a dual
hub configuration. This means two systems are connected with a dedicated hub tower and
the other systems are connected as satellites to both of the hubs. The other systems are
connected together with different types of communication interfaces and protocols.
Third, this example shows a configuration with redundant communications paths. The best
way to avoid a cluster from getting partitioned is to configure redundant communications
paths between all of the nodes on the cluster. A redundant communications path means
that you have two lines configured between two nodes in a cluster. If a failure should occur,
the second communication path can take over to keep the communications running
between the nodes, thereby minimizing conditions that could put one or more of the nodes
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-95
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
in the cluster into a partition situation. One thing you want to keep in mind when configuring
these paths is if both of your communications lines go into the same adapter on a system,
these lines are still at risk if this single adapter fails.
Uempty
Education:
AS541/OV541: IBM Power HA for i, Clustering and Independent Disk
Pools Implementation
www.redbooks.ibm.com:
SG24-7994: PowerHA SystemMirror for IBM i Cookbook
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-97
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
IBM Power System with IBM i and Windows
servers
IBM i
IBM power-based servers
IBM Power Systems with IBM i running IBM i
Enterprise-wide support
Commercial applications
Database
Reliability
Availability
Scalability
External
And others LAN
Figure 9-69. IBM Power System with IBM i and Windows servers OL1914.1
Notes:
90% of the customers who have a server in the IBM Power Systems with IBM i family
also have Windows servers installed. IBM Power Systems with IBM i customers have
Windows products installed not only on client PCs but also on Windows servers. Our
customers have Windows products installed more than any other operating
environment.
ISVs and IBM are delivering complementary applications with Windows servers. With
complementary applications, part of the application is on IBM Power Systems with IBM
i OS and part of the application is on the Windows client. It takes a heterogeneous
server environment to deliver these applications with the IBM Power System with IBM i.
Windows is a popular choice for the application portion of the application working with a
back-end application.
Customers want to consolidate servers. Mainframe, UNIX, Windows, and IBM Power
System with IBM i customers are looking to consolidate servers to take advantage of
the cost savings that can be received. Pulling together IBM Power Systems with IBM i
and Windows servers is one way to consolidate servers.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-99
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Benefits of IBM Power Systems with IBM i/
Windows server integration
IBM i
Server management
Management IBM i and Windows servers IBM Power System with
IBM i
User administration
IBM i users, groups, passwords synchronized with Windows
Virtual Ethernet
Communicate more securely over 1 Gbps virtual Ethernet
connections
Dynamic virtual storage
Windows server
Up to 31 TB per Windows server
on Integrated
Backups xSeries
Consolidate IBM i and Windows backups Server
Testing
External
Logical servers allow testing with the production image and LAN
hardware
Hot spare
Easily switch production environment to another server
Improve Windows server uptime and stability
Update IBM Power System with IBM i device drivers automatically
from IBM Power Systems with IBM i
Reduce total cost of ownership
IBM Power Systems with IBM i warranty and maintenance cover Windows
integrated xSeries servers
server
© Copyright IBM Corporation 2012
Figure 9-70. Benefits of IBM Power Systems with IBM i/ Windows server integration OL1914.1
Notes:
Server management: Manage IBM i and Windows servers from one interface. This can
save on operations costs.
User administration: IBM i users, groups, passwords synchronized with Windows
accounts. Reduces the help desk calls for passwords being reset.
Virtual Ethernet: Communicate more securely over 1 Gbps Virtual Ethernet connections.
There is no extra hardware to buy or install. It runs between Windows servers or to a
partitioned IBM Power System with IBM i.
Dynamic virtual storage: Three is up to 31 TB per Windows server. Use drives as needed
to stay ahead of storage constraints.
Backups: Consolidate IBM i and Windows backups to cut down on multiple methods,
multiple media and training costs.
Testing: Logical servers allow testing with the production image and hardware to better
represent your true production environment. Testing cuts down on the surprises when
moving to new fix levels or application updates.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-101
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Hot spare: Easily switch the production environment to another server. Recover from
hardware problems quickly, but utilize the hot spare hardware for other applications while it
is not needed as a hot spare.
Enhanced reliability: IBM Power System with IBM i disk drives with RAID-5 and mirroring
options can improve uptime and consolidate storage. Increase business recovery
protection with the backup of the combined IBM i and Windows servers.
Improved Windows server uptime and stability: Update device drivers automatically
from IBM i. Windows device drivers are from a single supplier, single configuration,
integrated testing/support. Fixes to device drivers are deployed through IBM i PTFs. It is
simple to manage distribution across an entire network.
Reduced total cost of ownership: The IBM Power System with IBM i warranty and
maintenance covers Integrated xSeries Servers.
Uempty
Notes:
The opportunities for integration include:
Windows server: The IXS is a Windows NT and 2000 server. The xSeries servers that
support the IXA are Windows 2000 servers. As a result, both of these offerings support
the various Windows server applications including File/Print, IIS, Exchange, and SQL
Server.
Thin client environment:
Citrix metaframe: This Citrix product supports running the heavy Windows client
application on server (IXS or direct attach with IXA) and sending the user interface
to the client. In this environment, a new Windows application can be used by older,
smaller, and even non-Windows clients.
Run the heavy Windows client application on a server, and send the user interface
to the client.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-103
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Communications
Disk
Tape drive
ed
CD drive grat
e
Int eries Communications
xS rver
Se
Notes:
A PC-based server has an Intel processor and PC memory on a motherboard, combined
with a LAN adapter, disk, and CD-ROM drives.
The Integrated xSeries Server for the IBM Power IBM i family has an Intel processor and
PC memory, but these are packaged on a motherboard to fit inside the IBM Power System
with IBM i. Once inside the IBM Power System with IBM i, device drivers are provided to
share the IBM Power System with IBM i disks, CD-ROM, DVD, and tape drives. LAN
adapters cannot be shared between IBM Power Systems with IBM i and Windows: a
separate LAN adapter and TCP/IP address are required for each system.
The Integrated xSeries Server is designed to run Windows server and can also run Citrix
MetaFrame which is used with Windows 2000 to connect IBM network stations. The IXS
requires a monitor, keyboard, and mouse to be attached as a Windows console.
Hot plug PCI provides concurrent maintenance for LAN adapters on all IBM Power
Systems with IBM i and for the Integrated xSeries Server board on selected IBM Power
Systems with IBM i servers. An Integrated xSeries Server must be varied off to perform
concurrent maintenance on either the server board or the LAN adapter.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-105
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Announced with the POWER5, there is a new and improved version of the Integrated
xSeries Server that has been optimized and sized to fit Central Electronics Complexes
(CEC).
Uempty
IBM Power
Systems with
IBM i
IBM Power Systems with
IBM i
IBM i
Console
Notes:
1. First you need a compatible IBM Power System with IBM i. See the Hardware
requirements section for compatibility information.
2. The IBM i console, from which you connect to the IBM Power System with IBM i using
IBM Systems Director Navigator for i or the character-based interface, is shown to
clarify the distinction between it and the Windows console.
3. Depending upon the type of IXS adapter, there are different ways to provide network
connectivity. Some types of IXSs can “take over” adjacent PCI slots therefore allowing
the IXS to control an IBM Power System with IBM i network card. See the Hardware
requirements for information about which network cards are supported. You can install
up to three network cards in this way. Other types of IXSs have integrated network
controllers and do not support network cards in adjacent slots.
4. An integrated server does not have its own hard disk drive. IBM i emulates hard disk
space for it to use from IBM Power System with IBM i hard disk drives.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-107
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
5. The IXS card itself is an Intel processor with its own RAM, mounted on a PCI board and
plugged into an IBM Power System with IBM i expansion slot. The IXS physically
occupies two slots.
6. A typical IBM Power System with IBM i will have a network card.
7. A Windows console allows you to interact with the integrated server. A Windows
console will consist of a monitor, a keyboard, and a mouse directly attached to the IXS
card.
Uempty
Integrated
Systems management xSeries
and power control Adapter
IXA attaches n-way IBM xSeries servers to IBM Power Systems with IBM i
xSeries server models supported
http://www-03.ibm.com/systmes/i/advantages/integratedserver/ixa/ servermodels/index.html
Retains features and value of Integrated xSeries server
Uses IBM i storage consolidation and systems management
Has processors, memory, and ServerProven adapters but no disk drives
Complementary application support
Server consolidation
Notes:
The Integrated xSeries Server extends IBM Power Systems with IBM i integration with
Windows server to IBM xSeries high-performance Intel servers for companies with core
applications running on the IBM Power System with IBM i and complementary applications
running on Windows server and for companies looking to consolidate their Windows
servers.
A PCI-based Integrated xSeries Adapter is placed in the xSeries server to connect to the
IBM Power System with IBM i through the High-Speed Link. The IXA provides the power
control for the server and also links the xSeries server to disks in the IBM Power System
with IBM i.
Which xSeries server can attach to an IBM Power System with IBM i, is based on which
server within the IBM Power Systems with IBM i family of you have installed. The xSeries
server is a standard model containing processors, memory, and ServerProven adapters
but no disk drives. All the disks for the xSeries server are housed in the IBM Power System
with IBM i and managed in the same way as for the current Integrated xSeries server
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-109
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
models. All the current storage management and other integration features of the current
Integrated xSeries server are maintained.
The Integrated xSeries Adapter connection interfaces directly with the xSeries’ service
processor. The integration provided between IBM Power Systems with IBM i and direct
attach xSeries servers is an IBM technology initiative and is not designed to support OEM
Intel servers.
Key opportunities for the IXA include:
• Server consolidation: Consolidating multiple Windows servers with IBM Power
Systems with IBM i storage, server, and user management
• Complementary application support: Application requires IBM i and Windows
servers
Notes: Why direct attach offering?
We are offering the Integrated xSeries Adapter that supports the direct attachment of
selected xSeries servers to offer enhanced:
• Scalability: The IXA supports xSeries servers with up to four processors. These
servers are able to support larger workloads and more users than the one processor
Integrated xSeries Server.
• Availability of PCI slots: Since the direct attach xSeries server is a standard, the
xSeries server has PCI slots available for the customer to use. Some customers use
these slots to attach devices like CD-ROM towers and modem towers. The Integrated
xSeries Server does not have PCI slots.
• Performance currency: The IXA is installed in standard xSeries servers. As these
servers offer faster processors (for example, 550, to 700, to 900 MHz) we are able to
connect these servers to IBM Power Systems with IBM i with little to no development
work. As IBM introduces new xSeries servers, Rochester tests them with the IXA and
announces which models are supported. The IBM Power System with IBM i web site at
http://www-03.ibm.com/systems/i/advantages/integratedserver/ includes a list of the
xSeries servers we have tested and support. The Integrated xSeries Server is a product
that is specifically designed by Rochester to fit inside the IBM Power System with IBM i.
It takes time and resources to develop a faster version of the IXS.
• Leverage xSeries marketing, channels, and development: The xSeries servers are
offered by the standard xSeries channels at normal prices. As a result, the IXA offering
leverages xSeries marketing, channels, and development.
Notes: Planning considerations
The maximum number of xSeries servers that can be directly attached to IBM Power
Systems with IBM i depends on the model of the IBM Power System with IBM i.
The actual number of xSeries servers that can be attached to an IBM Power System with
IBM i and offer a good performing environment depends on many factors, including:
• How busy the IBM Power Systems with IBM i server are
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-111
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Shared devices
IBM i
DASD
IBM Power
System with
Tape drive
IBM i
Notes:
One advantage to using Windows servers on one or more Integrated xSeries Servers is the
ability to use IBM Power System IBM i devices. You can use IBM Power Systems with IBM
i optical drives, tape drives, and printers from your Windows server.
Uempty
IBM Power Systems with IBM i SAN for
Windows servers
IBM i
Windows servers
IBM Power Systems with IBM i SAN for multiple Windows servers.
SAN: Storage, fabric, and management
Consolidation provides simplified management.
Consistent hardware and device drivers can improve Windows stability.
Figure 9-76. IBM Power Systems with IBM i SAN for Windows servers OL1914.1
Notes:
The IBM Power Systems with IBM i are the only systems in the world that have an
automated storage management system. The IBM Power Systems with IBM i customers do
not employ storage specialists. Optimized arm utilization, caching, paging, data placement,
and RAS are an implicit part of IBM i. Single Level store means that main store and disk are
a logical continuum. Main store is literally the cache for the disk, and therefore, from the
beginning, it has been the business of the storage management system to manage the
retrieval and location of data between main store and disk in a manner that continually
optimizes system performance on the fly.
Today, SAN vendors are selling such functions as disk striping for better arm utilization.
This has always been an inherent part of the IBM Power System with IBM i storage
management architecture. There is the expert cache which monitors logical to physical I/O
and takes advantage of the ubiquitous logical address space activity in concert with the
physical data access activity to dynamically optimize the retrieval and retention of data
from a disk in a main store based on current and future temporal and spatial data and
address locality. Bottom line, the IBM Power System with IBM i invented the automatic
transmission of storage and has been optimizing it for over a decade.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-113
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
The IBM Power System with IBM i can be used to provide a flexible storage area network
(SAN) to consolidate the disk requirements of multiple Windows servers. While full
Windows storage capability is maintained, the IBM Power System with IBM i provides the
value of its advanced storage management facilities and reliability.
IBM Power Systems with IBM i disk storage is allocated to Windows by creating a storage
space object or virtual disk space from the IBM Power System with BM i pool of disk
resources. Up to 32 storage spaces can be created and linked to each Integrated xSeries
server or direct attached server through the IXA. Each storage space can be between 1 MB
and 64 GB in size (up to V5R2) or up to 1 TB starting with V5R3, for a maximum of up to 2
TB per server. Multiple storage spaces can be linked together using a volume set using the
Windows disk administrator utility. By using IBM Power System with IBM i disks, Windows
server files are protected by the IBM Power System with IBM i RAID-5 / RAID-6 and
mirroring. Windows storage spaces can either be located in the IBM Power System with
IBM i disk pool, or separated from IBM Power System with IBM i applications and data on
specific drives in a user auxiliary storage pool.
The IBM Power System with IBM i disk provides the storage, the HSL and bus connections
provide the fabric, and IBM i provides the management for the IBM Power System with IBM
i storage area network. IBM Systems Director Navigator for i provides one management
environment to back up and restore IBM i and Windows objects.
Consistent hardware device drivers for IBM Power Systems with BM i disk, tape, and LAN
adapters can improve the stability of Windows servers. Stability is enhanced since IBM
tests the combinations of these device drivers working with Windows and IBM i. With
standard PC servers and the 100s of possible devices, it is impossible to test all the various
combinations that a customer might implement.
Hot spare can offer protection from planned and unplanned outages of the directly attached
xSeries servers or the Integrated xSeries servers.
Uempty
Notes:
Support for installing and configuring the Windows Cluster Service on the IBM Power
System with IBM i Integrated Windows servers was added in V5R2.
Windows 2000 Advanced Server supports a two-node cluster while Windows.NET
Enterprise Server supports four-node clusters. Datacenter versions of Windows are not
supported.
The Integrated Windows Server solution uses a virtual Fibre Channel bus to share the
virtual disk devices between the nodes of a cluster.
In addition, the new support for Virtual Ethernet enables high-performance; secure
communication for the internal node-to-node communication between clustered nodes.
Availability Improvements: Planned or unplanned outages can be handled by this support.
Support is available only for Windows servers that have an Integrated xSeries Server or
Adapter with a resource type of 2890, 2892, or 2689; running either Windows 2000
Advanced Server or Windows.NET Enterprise Server.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-115
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Environment flexibility
IBM i
Windows Server
NWSD SP n
Notes:
One IXS/IXA can quickly support different operating environments by the use of different
network storage spaces. You just link the one you need to:
• Test Windows service packs during non-production times
• Test different Windows server products
• Give developers their own server for off-hours work
• Test an application in a number of environments
• Recover a failed server
Uempty
Hot spare
IBM i
This is the solution for planned and unplanned xSeries server outages.
Link NWSD to hot spare.
IXS/IXA
Boot Windows server.
xSeries servers need to have the same configuration.
One IXS/IXA can be a
hot spare backup.
Windows Server
NWSD
Windows
NWSD
Server
Windows
NWSD Server SPn
Notes:
In order for Windows server to recognize disk drives (network server storage spaces), you
must link them to your network server description (NWSD). You must create a disk drive
before you can link it. After you create and link a new disk drive, it appears as a new hard
drive on Windows server. It must be formatted before you can use it.
Imagine a recovery scenario where a server fails and you unlink its network storage space
and link it to another server. If you have the Windows server hardware standing by for this
scenario, it is considered a hot spare. You can have it available for any of your other
servers in case of their failure.
The hot spare server needs to have the same configuration as the server it is intended to
replace.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-117
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
A Disk tower B
IASP
storage
HSL loop spaces HSL loop
Windows
server #1
NWSD
Integrated C:,D:,E:,F: Integrated
NWSD
xSeries xSeries
server Windows server
server #2
C:,D:,E:,F: NWSD
NWSD
Windows, applications, and data
Figure 9-80. Solution for planned and unplanned IBM Power Systems with IBM i server outages OL1914.1
Notes:
Support for Windows disks in Independent ASP is incorporated in the product. You can
create your network storage spaces in IASPs and recover them as follows:
• Server A is running with IXS A and direct attached xSeries server A.
• Take IBM Power System with IBM i A offline. The disk tower switches to IBM Power
System with IBM i B. Manually link NWSDs to B resource names, then reboot Windows
servers. Windows servers are back online on B.
• xSeries servers need to have the same configuration.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-119
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Without
Installation and recovery from the devices attached to the first system
bus (connected to service processor IOP)
With
Installation and recovery from devices attached to the first system
bus, only enough LIC to perform an IPL with IPL-type D
Continues using media in an alternate installation device, such as:
• SAVSYS tapes
User-created distribution tapes with LIC and possibly operating system,
licensed programs, and data
Might improve performance
Notes:
Previously, installation and recovery operations were only supported from the first system
bus which is connected to the server processor IOP. Alternate Device Installation allows
the use of a combination of devices supported from the first system bus and on additional
buses. It supports installation and recovery from tape media, such as SAVSYS tapes or
distribution tapes you created that contain Licensed Internal Code, and may contain the
operating system, licensed programs, and data.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-121
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Benefits
Continue operations during brief
power interruption
Provide orderly shutdown and
avoid lengthy recovery (IPL)
12
11 1
10 2
9 3
8 4
7 5
6
Without:
Objects might be damaged; recovery
time might be significant.
Notes:
The loss of system utility power can cause major problems for an IBM Power System with
IBM i. If the IBM Power System with IBM i is not protected against the loss of power and
power is lost, the IBM Power System with IBM i immediately shuts down (abnormal
shutdown), resulting in the loss of the contents of main memory, possible damaged objects,
and significantly increasing the amount of time required for an IPL. The system may
attempt to automatically restart and reconstruct information after power is returned,
depending upon how the QPWRRSTIPL system value is set.
Continuously Powered Main store and an uninterruptible power supply (UPS) can help
prevent the occurrence of an abnormal shutdown.
• The Continuously Powered Main store (CPM) feature is available on certain IBM Power
Systems with IBM i. CPM is part of the System Power control Network (SPCN) feature.
Once a power loss is detected, the Battery Backup Unit (BBU) provides power to the
system for a brief 30 seconds. If power has not been restored, after the initial 30
seconds, the BBU supplies another 90 seconds of power to allow the CPM feature to
become enabled. Once CPM has been enabled, the system automatically performs a
Uempty controlled shutdown with the BBU providing enough power to maintain the contents of
main memory for up to 48 hours. Once the power is restored, the contents of main
memory will be written to auxiliary storage and the system performs an IPL.
• The UPS feature provides a source of power for the IBM Power System with IBM i if
utility power is interrupted. It allows for continuous operations during brief power
interruptions and permits a controlled shutdown of the system for longer power
interruptions. The capacity of a UPS should be sized to meet the system requirements.
Power is not normally supplied to devices such as workstations. Applications can be
programmed to recognized this situation and end in an orderly fashion.
The UPS and CPM features can be used in conjunction with each other. For example, if the
UPS falls below a specific level of charge, a weak battery condition signal is sent from the
UPS. A typical setting for the weak battery condition signal is when there is only two
minutes of power remaining. If this signal is received prior to the value specified in the
QUPSDLYTIM system value, the system automatically enters the CPM mode.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-123
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
QPWRRSTIPL, Power Restore IPL system value, controls what happens if the system ends
when utility power is interrupted and then restored at a later time.
• 0 does not allow an automatic IPL after a power failure.
• 1 does an automatic IPL after a power failure.
The default is 0.
QUPSDLYTIM, Uninterruptible Power Supply Delay Time system value, controls the length
of time that the system waits before saving main storage and powering the system down. If
utility power is restored prior to the delay time, the system resets the times. If the delay time
is exceeded, the system saves main storage and begins to perform a controlled shutdown.
• *BASIC or *CALC Performs a controlled shutdown after the default 45 seconds.
• 0 - 99999 specifies a delay time in seconds before the system powers down.
• *NOMAX is used when a user supplied program is controlling the system or a generator
is providing unlimited UPS power.
Uempty QUPSMSGQ, Uninterruptible Power Supply Message Queue system value, determines the
message queues the power supply message are sent to. Messages generated are sent to
the specified message queues in addition to the QSYSOPR message queue.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-125
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Utility power
goes off
Save of
Safety
Run PWRDWNSYS margin main storage Safety
controlled margin
shutdown
QUPSDLYTIM
Time
Notes:
Worst case calculation for time to save storage and shut down the system:
(2.816 *(ms size in MB)) + 30 = # of seconds
There are basically two power failure scenarios:
• Power failure with UPS - When the system detects a power failure, the UPS provides
the system utility power until power is restored, an operator or program issues a
PWRDWNSYS or a controlled shutdown is initiated. The UPS can be powered by a
generator or by batteries. Backup power from a generator is the most desirable as it
provides virtually unlimited power, as long as it stays running.
• Power failure with no power protection - If the system does not have a UPS, the system
will stop immediately, resulting in the loss of the contents of main memory, possible
damaged objects, and significantly longer IPL on restart.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-127
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Usually a job reaches the next instruction boundary shortly. However, some long-running
instructions, such as those that build access paths or create programs, may not complete
in the time that is allowed.
If unsuccessful, the next IPL is abnormal for the LIC.
Uempty
Notes:
Additionally, in some cases, users may prefer to customize how their IBM Power System
with IBM i is shutdown. In these instances, a Power-handling program may be used to
control system activity during a power interruption when used in conjunction with a power
protection device (UPS or generator). A power-handling program allows:
• Sending specific messages to interactive users
• Pending batch jobs and subsystems in preparation for powering down
• Dynamically changing the system values that control the uninterruptible power supply
handling
• Issuing the PWRDWNSYS command to power down the system
For more information on power-handling programs, suggest that students review the
information available on the IBM Power Systems with IBM i Information Center under the
Availability subsection of Systems Management, titled control Server Shutdown.
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-129
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Dual systems are intended for installations with high-availability requirements. This
involves maintaining some or all data on two systems. This allows the secondary (backup)
system to take over critical applications if the primary system fails.
There are several methods commonly used to maintain the data on both systems. Journal
entries from the primary system are transmitted to the secondary system. A user-written
program then receives the journal entries and uses them to update the files and other
journal objects. Another method is to make use of remote journaling support which enables
the primary system to send the journal entries to a duplicate journal receiver on the
secondary system. A third common method is to copy the journals from the primary system
to tape and load them on the secondary system. A user-written program then updates the
files on the secondary system.
Uempty
Checkpoint (1 of 3)
IBM i
1. True or False: Whenever there is a disk failure on the system, this will
force a full recovery of all data.
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-131
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Checkpoint (2 of 3)
IBM i
4. The maximum number of partitions supported on POWER4-based hardware is _____.
The maximum number of partitions supported on POWER5 and POWER6-based hardware is ____ .
The maximum number of partitions supported on POWER7-based hardware is _____.
a. POWER4 = 32 POWER5 and POWER6 = 254 POWER7=1000
b. POWER4 = 64 POWER5 and POWER6 = 128 POWER7=512
c. POWER4 = 128 POWER5 and POWER6 = 64 POWER7=254
d. POWER4 = 254 POWER5 and POWER6 = 32 POWER7=128
e. POWER4, 5, and 6 support the same number of partitions, but POWER7 supports 1000.
5. Which of the following are resources that can be allocated to an LPAR? Select all that apply.
a. Only whole processors
b. Memory
c. I/O adapters
d. Disk drives
e. Operating system software
6. Which of the following is not supported in an IBM Power System with IBM i partition?
a. AIX
b. Linux
c. IBM i
d. Windows server software
Notes:
Uempty
Checkpoint (3 of 3)
IBM i
7. True or False: Each LPAR requires a separate license from IBM for the OS installed in that LPAR.
8. Which of the following is one of the supported type of clusters that can be set up?
a. Separate servers
b. Switchable DASD
c. Cross site mirrors
d. System storage copy services
e. Hot site immediate switchover
10. Which of the following cannot be shared on an IBM Power System with IBM i and
integrated xSeries server?
a. Tape drive
b. DASD
c. Memory
d. CD-ROM drive
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 9. IBM Power Systems with IBM i: Availability overview 9-133
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit summary
IBM i
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit objectives
IBM i
Notes:
Uempty
Figure 10-2. Topic 1: Concepts and overview of auxiliary storage pools OL1914.1
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
System User
Basic Independent
Secondary
Secondary UDFS
Primary
Notes:
A disk pool, also referred to as an auxiliary storage pool (ASP), is a software definition of a
group of disk units on your system. This means that a disk pool does not necessarily
correspond to the physical arrangement of disks. Conceptually, each disk pool on your IBM
Power System with IBM i is a separate pool of disk units for single-level storage. The
system spreads data across the disk units within a disk pool. If a disk failure occurs, you
need to recover only the data in the disk pool that contained the failed unit.
There are two main categories of disk pools: the system disk pool and user disk pools.
There are two types of user disk pools: basic and independent. Independent disk pools are
further divided into primary, secondary, and UDFS disk pools.
Uempty
• System ASP
– ASP# 1
– IBM i operating system
• Basic
– ASP# 2-32
– Also known as user or dependent ASPs
• Independent (IASP)
– ASP# 33-255
– User-defined file system (UDFS) (V5R1)
– Primary (QSYS.LIB objects) (V5R2 and up)
• Secondary
• Disk pool, IASP, and database can be used interchangeably
Notes:
System disk pool
The system automatically creates the system disk pool (disk pool one) which contains disk
unit one and all other configured disks that are not assigned to a user disk pool. The
system disk pool contains all system objects for the IBM i licensed program and all user
objects that are not assigned to a basic or independent disk pool.
Note
You can have disk units that are attached to your system but are not configured and are not
being used. These are called nonconfigured disk units.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
objects. User disk pools exist in two forms: basic disk pools and independent disk pools. In
a clustered environment independent disk pools can be switched between systems without
having to perform an IPL, allowing for continuously available data.
Basic disk pools
A basic disk pool is used to isolate some objects from the other objects that are stored in
the system disk pool. Basic disk pools are defined by the user. Data in a basic user pool is
always accessible whenever the server is up and running. You can configure basic disk
pools with numbers two through 32.
Independent disk pool
The terms independent auxiliary storage pool (ASP) and independent disk pool are
synonymous. An independent disk pool is a collection of disk units that can be brought
online or taken offline independent of the rest of the storage on a system, including the
system disk pool, basic user disk pools, and other independent disk pools. You can
configure independent disk pools with numbers 33 through 255. An independent disk pool
can be either of the following:
• Switchable among multiple systems in a clustered environment
• Privately connected to a single system
The benefits, in both multisystem clustered environments and single-system environments,
can be significant. For example, in a clustered environment, the use of independent disk
pools can provide disk storage that is switchable amongst servers in the cluster, providing
continuous availability of resources. In a single-system environment, independent disk
pools could be used to isolate infrequently used data that does not always need to be
present when the IBM Power System with IBM i is operational.
Contrast basic and independent disk pools
Basic disk pools and independent disk pools, also called auxiliary storage pools (ASPs),
are both useful to group disk units containing certain information together; however, they
have some inherent differences:
• When the server IPLs, all of the disk units configured to a basic disk pool must be
accounted in order for the server to continue the IPL. Independent disk pools are not
included in the IPL. When you vary on the independent disk pool, the node then verifies
that all disk units are present.
• When an unprotected disk unit in a disk pool fails, it typically stops all normal
processing on the server until it can be repaired. The total loss of a disk unit in a basic
disk pool requires lengthy recovery procedures to restore the lost data before the server
can IPL and resume normal operations.
• The data in a basic disk pool belongs to the attaching node and can only be directly
accessed by that system. In an independent disk pool, the data does not belong to the
node, but it belongs to the independent disk pool. You can share the data in the
independent disk pool between nodes in a cluster by varying it off of one node and
varying it on to another node.
Uempty • When you create a basic disk pool, you assign the disk pool a number. When you
create an independent disk pool, you name the disk pool and the system assigns a
number.
• If a basic disk pool fills up, it can overflow excess data into the system disk pool.
Independent disk pools cannot overflow. If they did, they would lose their
independence. When the independent disk pool nears its threshold, you need to add
more disk units or delete objects to create more storage space.
• When you make restricted changes to disk configuration in a basic disk pool, you must
have your server restarted to Dedicated Service Tools (DST). In an offline independent
disk pool, you do not have to have your server in DST mode to start or stop mirroring,
start device parity protection, start compression, remove a disk unit, and so on.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Made up of:
– A primary disk pool
The system database is
– Zero or more secondary disk pools referred to as *SYSBAS.
• Groups logically connect disk System ASP
pools
– Vary them on and off together
Basic 2-32 iASP# 33-255
– Switch them together
• Share the same database
– Similar as system ASP and basic Pool groups for multiple databases
ASPs UDFS
– For example:
• Primary independent ASP for libraries Primary Primary Primary
and database files
• Secondary independent ASP for
journals and journal receivers Secondary Secondary
• Do not overflow
– If a disk pool fills, no more data can
Secondary
be added, but the system keeps
running.
Notes:
Independent disk pools may be grouped together. The disk pool group will have a primary
disk pool and zero or more secondary disk pools. Disk pools in a disk pool group:
• Function as a single entity
• Are varied on and off together
• Are treated as a single high availability resource by cluster resource services.
The objects in a disk pool group also share a single data base which by default, has the
same name as the primary disk pool.
Probably the most common usage of a disk pool group is to provide a primary disk pool for
data and secondary disk pool for journal receivers.
Finally, unlike basic disk pools, independent disk pools do not overflow. Secondary disk
pools will not overflow to a primary disk pool, and a primary disk pool will not overflow to the
system ASP.
Uempty
Notes:
Protection from disk drive failure does not mean prevention of disk drive failure.
Remember that a disk drive is a spinning mechanical piece of equipment, and is subject to
failure. Sometimes, warnings are given (for example, noise, data error reads and writes,
error logs, and so forth), but other times the disk unit fails without any warning.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
ASP benefits
IBM i
• Data protection
– Isolate effects of a disk failure
• Improved performance
– High use objects
– Separate files and journal receivers
Notes:
User ASPs can improve performance when extensive journaling operations are off-loaded
to user ASPs.
Journaling operations work most productively if active journal receivers can be placed in
separate user ASPs to reduce disk contention.
Uempty
• Automatically created
• Load source (unit one) and all units not in user ASPs
• System objects and objects not in user ASPs
• Abnormal end if full
– Threshold percent: QSYSOPR Message
– QSTGLOWLMT: Low limit of available storage
– QSTGLOWACN: Action when QSTGLOWLMT reached
• QSYSOPR message or critical message
• Call registered (ADDEXITPGM) exit programs
• ENDSYS or PWRDWNSYS
• If ASP1 lost, addressability of objects in user ASPs lost
– RCLSTG or restore entire system
– If RCLSTG, QDFTOWN will own all objects
Notes:
QSTGLOWLMT
The auxiliary storage lower limit specifies the percent of available storage remaining in the
system ASP when the auxiliary storage lower limit is reached. The QSTGLOWACN system
value specifies the action associated with this limit. The percent of storage currently used in
the system ASP is viewed with the Work with System Status (WRKSYSSTS) command.
*ALLOBJ and *SECADM special authorities are required to change the system value
QSTGLOWLMT.
A change to this system value takes effect immediately. The shipped value is 5.
Lower limit
0 - 100
Specify the percentage of storage to remain available.
QSTGLOWACN
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
The auxiliary storage lower limit action specifies the action to take when the available
storage in the system ASP is below the lower limit for auxiliary storage.
*ALLOBJ and *SECADM special authorities are required to change the QSTGLOWACN system
value.
A change to this system value takes effect immediately. The shipped value is *MSG. See the
Work Management Book, SC41-5306, for additional information if you want to change the
QSTGLOWACN system value.
Action
*MSG
Send message CPI099C to QSYSMSG and QSYSOPR message queue. This message is
also sent for the other actions.
*CRITMSG
Send critical message CPI099B to the user who is specified in the service attribute to
receive critical messages.
*REGFAC
Submit a job to call exit programs registered for the QIBM_QWC_QSTGLOWACN exit
point.
*ENDSYS
End the system to the restricted state.
*PWRDWNSYS
Power down the IBM Power System with IBM i immediately and restart it.
Uempty
IBM Power Systems with IBM i Navigator: Storage
System Values
IBM i
Figure 10-9. IBM Power Systems with IBM i Navigator: Storage System Values OL1914.1
Notes:
Maximum system disk pool usage: Specifies the maximum percent of used storage
allowed in the system disk pool (also known as auxiliary storage pool). If the maximum is
met, the action specified for the When maximum usage is reached system value is taken.
You should know the following about this system value:
Special authority: All object (*ALLOBJ) and security administrator (*SECADM)
Default value: 95%
Changes take effect: Immediately
Lockable: No
System value: QSTGLOWLMT
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Library user disk pools
Library user disk pools, contain libraries and user-defined file systems (UDFS). IBM
recommends that you use library user disk pools because the recovery steps are easier
than with non-library user disk pools. There are several factors to consider when using
library user disk pools.
Non-library user disk pools
Non-library user disk pools contain journals, journal receivers, and save files whose
libraries are in the system disk pool.
If you are assigning access path recovery times for individual disk pools, you should set the
target recovery time for a non-library user disk pool to *NONE. A non-library user disk pool
cannot contain any database files and cannot, therefore, benefit from system-managed
access-path protection (SMAPP). If you set an access path recovery time for a non-library
user disk pool to a value other than *NONE, this causes the system to do extra work with no
Uempty possible benefit. System-managed access-path protection describes how to set access
path recovery times.
• Refer to the Information Center for specific procedures to manage ASPs (also known as
disk pools).
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
An ASP is a logical grouping of disk units, not a physical grouping or a hardware function.
Uempty
Sample configuration
IBM i
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Single-system environment
– Isolate low-use data with ability to bring online only when needed.
– Reduce system start time.
– Manage save/restore by independent disk pool.
– Reclaim storage by independent disk pool.
– Divide data between multiple databases.
– Isolate data associated with specific applications or associated with specific
groups of users.
– Consolidate data on small systems to independent disk pools on a larger system,
for example, in the case of multiple branch offices.
– Perform application maintenance that does not affect entire system.
• Multisystem clustered environment
– Keep data available to an application even in the event of a single system outage,
either scheduled or unscheduled.
– Eliminate the process of replicating data from one system to another.
– In some situations, isolate disk unit failures within the independent disk pool.
– Achieve high availability and scalability.
Notes:
There are two environments in which the use of independent disk pools can be beneficial: a
multi-system clustered environment and a single-system environment.
Single-system environment
In a single-system environment, where an independent disk pool is privately connected to a
single server, independent disk pools can be taken offline, or made unavailable,
independent of other disk pools because the data in the independent disk pool is
self-contained. The independent disk pool can also be brought online or made available
while the IBM Power System with IBM i is active, without having to perform an IPL. Using
independent disk pools this way can be very useful, for example, if you have large amounts
of data that are not needed for normal day-to-day business processing. The independent
disk pool containing this data can be left offline until it is needed. When large amounts of
storage are normally kept offline, you can shorten processing time for operations such as
IPL and reclaim storage.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The graphic above shows an example of multiple databases which reside in independent
disk pools. Here, we have independent disk pools for the Payroll data, Order entry data,
and data for Companies 1, 2, and 3.
In this example, the actual application code could reside in the System ASP or another disk
pool (either a User ASP or another IASP). A typical use of independent disk pools such as
the ones shown in this example, would be for Server Consolidation of multiple branch office
or store systems. Corporate data could reside in the other independent disk pools.
Segmenting your databases in this manner can allow greater control and flexibility.
Uempty
Switchable
towers Drives
Drives Drives
Drives
IASP A4
IASP A1 IASP B3
IASP A2
Device domain
Notes:
Above is an example of a switchable disk pool which consists of two system units and four
expansion units.
The lower three expansion units are owned by the system unit on the left of the diagram
and the upper expansion unit is owned by the system unit on the right. The lower three
expansion units are switchable disk pools and are normally used by the system on the left.
In the event of an outage, either planned or unplanned, these three expansion units can be
switched to the backup system on the right. This can be done manually in the case of a
planned outage (for example, in the event of a system software upgrade) or automatically
by Cluster Resource Services in the event of an unplanned outage such as a hardware
failure on the system unit.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Figure 10-16. Topic 2: Concepts and overview of device parity protection: RAID-5 and RAID-6 OL1914.1
Notes:
Uempty
Notes:
RAID - Redundant Array of Independent Disks
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Rebuild
PS = Parity sector
DS = Data sector
© Copyright IBM Corporation 2012
Notes:
One of the earliest forms of protection was check summing. Here is a brief overview.
All the units are in ASP1 and are check summed. If one of the disk units fails, the system
stops with an SRC error code displayed. The failed unit must be replaced. When the IBM
Power System with IBM i is IPLed, the system rebuilds the lost data during storage
management recovery. The advantage of check summing is that the data is not lost if only
one disk unit fails. One of the disadvantages is the system stops if there is a failure in the
set, and there is a performance and resource cost.
RAID-5 Device parity works similarly to check summing and is intended to prevent data
from being lost if a single disk unit failure occurs. RAID-6 will provide protection if two disk
units fail. In many cases, this protection can prevent the system from stopping when a disk
unit fails, and may allow concurrent maintenance.
Device parity protection is a hardware availability function that protects data from being lost
because of a disk unit failure or because of damage to a disk. To protect data, the disk
input/output adapter (IOA) calculates and saves a parity value for each bit of data.
Uempty Conceptually, the IOA computes the parity value from the data at the same location on
each of the other disk units in the device parity set.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
RAID-5 RAID-6
One additional disk drive Two additional disk
Protection
per RAID array drives per RAID array
Maximum size
18 disks 18 disks
array
#5709/5726/5727/5728
Supporting disk (CEC), #5703, #2757/5581,
#5737/0648/5776
IOAs #2780/5580, #5737/0648,
#4778, and so forth
Notes:
Device parity protection, like checksum, is a hardware function that protects data from
being lost because of a disk unit failure or damage to a disk. Calculating and saving a parity
value for each bit of data protects data. There are two levels of protection offered, RAID-5
and RAID-6.
RAID-5
RAID-5 protects against the failure of a single disk unit. Logically, the capacity of one disk
unit is dedicated to storing parity data in a parity set. In practice, the parity data is spread
among multiple disk units depending upon the number of disk units in the parity set and the
level of the disk I/O adapter. Internal disk units of different technology (that is, different
feature numbers), but of the same capacity, can be RAID-5 protected.
RAID-6
RAID-6 protects against the failure of two disk units. Logically, the capacity of two disk units
is dedicated to storing parity data. In practice, the parity data is spread among multiple disk
Uempty units. The minimum number of disk units in a parity set is four and the maximum is
eighteen. When a RAID-6 parity set is started, all the disk units contain parity data.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
• It provides high availability through device parity protection for disk units
capable of device parity protection.
• Starting at V5R2 and later IOA, you have the ability to choose how you
want the parity set to be optimized.
Notes:
Beginning with V5R2 IOAs, the minimum number of disk units in a parity set is three; the
maximum number of disk units in the parity set is 18. With IOAs developed prior to V5R2,
the minimum number of disk units in a parity set is four; the maximum number of disk units
in the parity set is 10.
Parity data requires space equal to the size of one disk per device parity set. If a device
parity set is started with four to seven disks, the parity data is spread over four disks. If
eight or more disks are in the device parity set when you start it, the parity data is spread
over eight disks.
You can include additional disks into a device parity set after you start it. You can exclude
disks that do not have parity data from a device parity set without stopping device parity
protection.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Note
If possible, start device parity protection before adding disk units to an auxiliary storage
pool (ASP). This significantly reduces the time it takes to configure the disk unit.
Uempty
• RAID-5
– Single disk unit failures
• Performance decrease during data reconstruction
– Multiple unit failures (more than one)
• System becomes unusable
• ASP data must be restored
• RAID-6
– Two disk unit failures
• Performance decrease during data reconstruction
– Multiple unit failures (more than two)
• System becomes unusable
• ASP data must be restored
• BUS, IOP, IOA failures
– System outages might result
• Restore operations might take longer
• Might decrease performance
• Not supported for load source attached to a 6502 or 6512 IOP or to
older type units without the high availability option
Notes:
How device parity protection affects performance
Device parity protection requires extra I/O operations to save the parity data. This could
cause a performance problem. To avoid this problem, some IOPs contain a nonvolatile
write cache that ensures data integrity and provides faster write capability. The IBM Power
System with IBM i is notified that a write operation is complete as soon as a copy of the
data is stored in the write cache. Data is collected in the cache before it gets written to a
disk unit. Because of the cache, performance is generally about the same on protected and
unprotected disk units.
Applications that have many write requests in a short period of time, such as batch
programs, can adversely affect performance. A single disk unit failure can adversely affect
the performance for both read and write operations.
The additional processing that is associated with a disk unit failure in a device parity set
can be significant. The decrease in performance is in effect until both the failed unit is
repaired (or replaced) and the rebuild process is complete. If device parity protection
decreases performance too much, consider using mirrored protection.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Note
The rebuild process takes longer when read and write operations to a replaced disk unit
are also occurring. Every read request or every write request interrupts the rebuild process
to perform the necessary I/O operations.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
RAID-5 RAID-6
plus plus
write cache write cache
RAID-5 protection protection
Good BETTER
Better Best
(but exposed cache)
This protects against single This protects against This protects against two
disk drive failure (per array). single disk drive failure disk drive failures (per
(per array). array).
Notes:
The auxiliary write cache is a level protection against one or two points of failure. Where
RAID-5 protects against a single disk drive failure per array and RAID-6 protects against
two disk drive failures per array, this option protects against the failure of the loss of the
write cache on the disk I/O adapter. By combining the RAID-5 or RAID-6 protection with the
write cache protection, you now have good protection against an extended outage.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Mirrored protection is a software availability function that protects data from being lost
because of failure or because of damage to a disk-related component. Data is protected
because the system keeps two copies on two separate disk units. When a disk-related
component fails, the system may continue to operate without interruption by using the
mirrored copy of the data until the failed component is repaired.
When you start mirrored protection or add disk units to an ASP that has mirrored
protection, the system creates mirrored pairs using disk units that have identical capacities.
The overall goal is to protect as many disk-related components as possible. To provide
maximum hardware redundancy and protection, the system attempts to pair disk units that
are attached to different input/output adapters, input/output processors, and buses.
If a disk failure occurs, mirrored protection is intended to prevent data from being lost.
Mirrored protection is a software function that uses duplicates of disk-related hardware
components to keep your system available if one of the components fails. It can be used on
any model of the IBM Power Systems with IBM i and is a part of the licensed internal code.
Uempty Different levels of mirrored protection are possible, depending on what hardware is
duplicated. You can duplicate:
• Disk units
• Disk I/O adapters
• Disk I/O processors
• A bus
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Mirroring definitions
IBM i
I/O Adapter
I/O Adapter
Unit 1 Unit 2
© Copyright IBM Corporation 2012
Notes:
Mirrored pair: This is two storage units that contain the same data and are referred to by
the system as one unit. A mirrored unit is a storage unit that is half of a mirrored pair.
The system remains available during the failure if a failing component and the hardware
components that are attached to it are duplicated.
Uempty
• Benefits
– Disk units (and data) duplicated
– Continue to run, without restore, after disk failure
– Concurrent or deferred maintenance
– Better performance than device parity protection
– Easy and fast to start and stop
• Considerations
– Continue to run after multiple disk failures but not both units in
mirrored pair
– Synchronization after replacing failed disk affects performance
– Possible increased IPL time after abnormal end to synchronize data
– Additional hardware
Notes:
Deferred maintenance: Wait until the system can be powered down.
Concurrent maintenance: Replace or repair the failed unit while the IBM Power System
with IBM i is in use (for example, 9406 Models).
Mirrored protection: Benefits
With the best possible mirrored configuration, the system continues to run after a single
disk-related hardware failure. On some system units, the failed hardware can sometimes
be repaired or replaced without having to power down the system. If the failing component
is one that cannot be repaired while the IBM Power System with IBM i is running, such as a
bus or an I/O processor, the system usually continues to run after the failure. Maintenance
can be deferred, the system can be shut down normally, and a long recovery time can be
avoided.
Even if your IBM Power System with IBM i is not a large one, mirrored protection can
provide you valuable protection. A disk or disk-related hardware failure on an unprotected
system leaves your system unusable for several hours. The actual time depends on the
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
kind of failure, the amount of disk storage, your backup strategy, the speed of your tape
unit, and the type and amount of processing the system performs. If you or your business
cannot tolerate this loss of availability, you should consider mirrored protection for your
system, regardless of your system's size.
Mirrored protection: Costs and limitations
The main cost of using mirrored protection is in additional hardware. To achieve high
availability and prevent data loss when a disk unit fails, you need mirrored protection for all
the ASPs. This normally requires twice as many disk units. If you want continuous
operation and prevention of data loss when a disk unit, I/O adapter, or I/O processor fails,
you need duplicate disk I/O adapters and I/O processors. A model upgrade can be done to
get nearly continuous operation and to prevent data loss when any of these failures occur,
as well as the failure of a bus. If bus 1 fails, the system cannot continue to operate.
Because bus failures are rare, and bus-level protection is not significantly greater than I/O
processor-level protection, you may not find a model upgrade to be cost-effective for your
protection needs.
Mirrored protection has a minimal effect on performance. If the buses, I/O processors, and
I/O adapters are more heavily loaded on a system with mirrored protection than they are on
an equivalent system without mirrored protection, then the performance of the two systems
should be approximately the same.
In deciding whether to use mirrored protection on your system, you must evaluate the cost
of potential downtime against the cost of additional hardware, over the life of the system.
The additional cost in performance or system complexity is usually negligible. For
concurrent maintenance and higher availability on systems with mirrored protection, other
disk-related hardware may be required.
Limitations
Although mirrored protection can keep the system available after disk-related hardware
failures occur, it is not a replacement for save procedures. There can be multiple types of
disk-related hardware failures, or disasters (such as flood or sabotage) that require backup
media.
Mirrored protection cannot keep your system available if the remaining storage unit in the
mirrored pair fails before the first failing storage unit is repaired and mirrored protection is
resumed. If two failed storage units are in different mirrored pairs, the IBM Power System
with IBM i is still available and normal mirrored protection recovery is done because the
mirrored pairs are not dependent on each other for recovery. If a second storage unit of the
same mirrored pair fails, the failure may not result in a data loss. If the failure is limited to
the disk electronics, or if the service representative can successfully use the Save Disk Unit
Data function to recover all of the data, no data is lost.
If both storage units in a mirrored pair fail causing data loss, the entire ASP is lost and all
units in the ASP are cleared. You must be prepared to restore your ASP from the backup
media and apply any journal changes.
Uempty When starting the mirrored protection operation, objects that are created on a preferred
unit may be moved to another unit. The preferred unit may no longer exist after mirror
protection is started.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Bus
Input/output
processor
Disk Disk
unit unit
Notes:
Disk unit-level protection
Mirrored protection always provides disk unit-level protection because the storage units are
duplicated. If your main concern is protection of data and not high availability, then disk
unit-level protection may be adequate. The disk unit is the most likely hardware component
to fail, and disk unit-level protection keeps your system available after a disk unit failure.
Concurrent maintenance is often possible for certain types of disk unit failures with disk
unit-level protection.
Some details about disk-level protection:
• The level of mirrored protection determines whether the system keeps running when
different levels of hardware fail. Mirrored protection always provides disk unit-level
protection which keeps the system available for a single disk unit failure. To keep the
system available for failures of other disk-related hardware requires higher levels of
protection.
Uempty • The level of mirrored protection also determines if concurrent maintenance can be done
for different types of failures. Certain types of failures require concurrent maintenance
to diagnose hardware levels above the failing hardware component. For example, to
diagnose a power failure in a disk unit requires resetting the I/O processor to which the
failed disk unit is attached. Therefore, IOP-level protection is required. The higher the
level of mirrored protection, the more often concurrent maintenance is possible.
• The level of protection you get depends upon the hardware you duplicate. If you
duplicate disk units, you will have disk unit-level protection. If you duplicate unit I/O
adapters as well, you have IOA-level protection. If you duplicate input/output
processors, you have IOP-level protection. If you duplicate buses, you have bus-level
protection. Mirrored units will always have at least disk unit-level protection. Because
most internal disk units have the I/O adapter packaged along with the disk unit, they will
have at least IOA-level protection.
• During the start mirrored protection operation, the system pairs the disk units to provide
the maximum level of protection for the system. When disk units are added to a
mirrored ASP, the system pairs only those disk units that are added without rearranging
the existing pairs. The hardware configuration includes both the hardware and how the
hardware is connected.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Bus
IOP
Disk Disk
unit unit
Notes:
This visual details the concept of I/O adapter level protection.
IOA-level protection: Determine if you want IOA-level protection based on the following:
• To keep your system available when a IOA fails
• To concurrently repair a failed disk unit or IOA
• To use problem recovery procedures in preparation for isolating a failing item or to verify
a repair action, the I/O adapter must be dedicated to the repair action. If any disk units
that are attached to the IOA do not have IOA-level protection, then this part of
concurrent maintenance is not possible
To achieve IOA-level protection, all disk units must have a mirrored unit attached to a
different IOA. Most internal disk units have their IOA packaged as part of the disk unit, so
internal disk units generally have at least IOA-level protection.
Uempty
Bus
IOP IOP
Disk Disk
unit unit
Notes:
This visual details the concept of IOP (input/output processor) level protection.
Input/Output processor-level protection: Determine if you want IOP-level protection
based on the following:
• To keep your system available when an I/O processor fails
• To keep your system available when the cable attached to the I/O processor fails
• To concurrently repair certain types of disk unit failures or cable failures
For these failures, concurrent maintenance needs to reset the IOP. If any of the disk
units are attached to the IOP, then you do not have IOP level protection. This means
that concurrent maintenance is not possible.
To achieve I/O processor-level protection, all disk units that are attached to an I/O
processor must have a mirrored unit attached to a different I/O processor. On many
systems, I/O processor-level protection is not possible for the mirrored pair for unit 1.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Bus1 Bus2
IOP IOP
Disk Disk
unit unit
© Copyright IBM Corporation 2012
Notes:
This visual details the concept of bus-level protection.
Bus-level protection: Bus-level protection may allow the system to run when a bus fails.
However, bus-level protection is often not cost-effective because of the following:
• If bus 1 fails, the IBM Power System with IBM i is not usable.
• If a bus fails, disk I/O operations may continue, but so much other hardware is lost, such
as work stations, printers and communication lines, that from a practical standpoint, the
IBM Power System with IBM i is not usable.
• Bus failures are rare compared with other disk-related hardware failures.
• Concurrent maintenance is not possible for bus failures.
To achieve bus-level protection, all disk units that are attached to a bus must have a
mirrored unit attached to a different bus. Bus-level protection is not possible for unit 1.
Uempty
DASD
Bus 3
Notes:
Standard DASD mirroring support requires that both disk units of the load source mirrored
pair (unit 1) are attached to the Multi-function I/O processor (MFIOP). This allows the
system to IPL from either load source in the mirrored pair and allows the system to dump
main storage to either load source if the system ends abnormally. However, since both load
sources must be attached to the same I/O Processor (IOP), the best mirroring protection
possible for the load source mirrored pair is IOA-level protection. To provide a higher level
of protection for your system, you can use remote load source mirroring and remote DASD
mirroring.
Remote DASD mirroring support, when combined with remote load source mirroring,
mirrors the DASD on local optical buses with the DASD on optical buses that terminate at a
remote location. In this configuration, the entire system, including the load source, can be
protected from a site disaster. If the remote site is lost, the system can continue to run on
the DASD at the local site. If the local DASD and system unit are lost, a new system unit
can be attached to the set of DASD at the remote site, and system processing can be
resumed.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Advantages and disadvantages of remote
mirroring
IBM i
• Advantages
– IOP-level or bus-level protection for the load source
– Protection against site disaster
• Disadvantages
– Only able to IPL from one DASD of the load source mirrored pair
– If IPL load source fails
• Cannot dump main storage
• Cannot use CPM
Notes:
Continuously powered main store (CPM) is a feature on the PowerPC base 9406 Models.
This feature provides power to the main storage cards in the event of an abnormal system
termination. It may help reduce IPL time after a system crash.
Remote DASD mirroring advantages
• Remote DASD mirroring can provide IOP-level or bus-level mirrored protection for the
load source.
• Remote DASD mirroring allows the DASD to be divided between two sites, mirroring
one site to another, to protect against a site disaster.
Remote DASD mirroring disadvantages
• A system that uses remote DASD mirroring is only able to IPL from one DASD of the
load source mirrored pair. If that DASD fails and cannot be repaired concurrently, the
system cannot be IPLed until the failed load source is fixed and the remote load source
recovery procedure is performed
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• When remote DASD mirroring is active on a system and the one load source the
system can use to IPL fails, the system cannot perform a main storage dump if the
system ends abnormally. This means that the system cannot use the main storage
dump or continuously-powered main store (CPM) to reduce recovery time after a
system crash. It also means that the main storage dump is not available to diagnose the
problem that caused the system to end abnormally.
Uempty
Mirroring performance
IBM i
Notes:
Mirroring and performance: When mirrored protection is started, most systems show little
difference in performance; in some cases, mirrored protection can improve performance.
Generally, functions that do mostly read operations see equal or better performance with
mirrored protection. This is because read operations have a choice of two storage units to
read from, and the one with the faster expected response time is selected. Operations that
do mostly write operations (such as updating database records) may see slightly reduced
performance on a system that has mirrored protection because all changes must be written
to both storage units of the mirrored pair. Thus, restore operations are slower.
In some cases, if the system ends abnormally, the system cannot determine whether the
last updates were written to both storage units of each mirrored pair. If the IBM Power
System with IBM i is not sure that the last changes were written to both storage units of the
mirrored pair, the system synchronizes the mirrored pair by copying the data in question
from one storage unit of each mirrored pair to the other storage unit. The synchronization
occurs during the IPL that follows the abnormal system end. If the system can save a copy
of main storage before it ends, the synchronization process takes just a few minutes. If not,
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
the synchronization process can take much longer. The extreme case could be close to a
complete synchronization.
Mirrored protection normally requires additional disk units and input/output processors.
However, in some cases, you may need additional hardware to achieve the level of
performance that you want. Use the following information to decide how much extra
hardware you may need:
• Processing unit requirements
Mirrored protection causes a minor increase in central processing unit usage
(approximately 1% to 2%)
• Main storage requirements
If you have mirrored protection, you need to increase the size of your machine pool.
Mirrored protection requires storage in the machine pool for general purposes and for
each mirrored pair. You should expect to increase your machine pool by approximately
12 KB for each 1 GB of mirrored disk storage (12 KB for 1 GB DASD, 24 KB for 2 GB
DASD, and so forth).
During synchronization, mirrored protection uses an additional 512 KB of memory for
each mirrored pair that is being synchronized. The system uses the pool with the most
storage.
• I/O processor requirements
To maintain equivalent performance after starting mirrored protection, your system
should have the same ratio of disk units to I/O processors as it did before. To add I/O
processors, you may need to upgrade your system for additional buses.
Because of the limit on buses and I/O processors, you may not be able to maintain the
same ratio of disk units to I/O processors. In this case, system performance may be
reduced.
Uempty
Concurrent maintenance
IBM i
Notes:
ECS - Electronic Customer Support
Concurrent maintenance is the process of repairing or replacing a failed disk-related
hardware component while using the system.
On systems without mirrored protection, the IBM Power System with IBM i is not available
when a disk-related hardware failure occurs and remains unavailable until the failed
hardware is repaired or replaced. However, with mirrored protection the failing hardware
can often be repaired or replaced while the IBM Power System with IBM i is being used.
Concurrent maintenance support is a function of system unit hardware packaging. Mirrored
protection only provides concurrent maintenance when the hardware and packaging of the
system support it. The best hardware configuration for mirrored protection also provides for
the maximum amount of concurrent maintenance.
It is possible for the system to operate successfully through many failures and repair
actions. For example, a failure of a disk head assembly will not prevent the system from
operating. A replacement of the head assembly and synchronization of the mirrored unit
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
can occur while the system continues to run. The greater your level of protection, the more
often concurrent maintenance can be performed.
On some models, the system restricts the level of protection for unit 1 and its mirrored unit
to only IOA-level protection. See Mirrored Protection - Configuration Rules in Information
Center for more information.
Under some conditions, diagnosis and repair can require active mirrored units to be
suspended. You may prefer to power down the system to minimize the exposure of
operating with less mirrored protection. Some repair actions require that the system be
powered down. Deferred maintenance is the process of waiting to repair or replace a failed
disk-related hardware component until the system can be powered down. The IBM Power
System with IBM i is available, although mirrored protection is reduced by whatever
hardware components have failed. Deferred maintenance is only possible with mirrored
protection or device parity protection.
Uempty
• Determine the level of protection you want for each mirrored ASP.
• Plan the installation of your system and the configuration of new units.
Notes:
Note
Before performing this procedure, we strongly recommend that you read the appropriate
sections of the backup and recovery guide.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
To provide the best protection and availability for the entire system, all ASPs in the system
should have mirrored protection.
If the system has a mixture of some ASPs with and some ASPs without mirrored
protection, a disk unit failure in an ASP without mirrored protection severely limits the
operation of the entire system. Data can be lost in the ASP in which the failure occurred. A
long recovery may be required.
If a disk fails in a mirrored ASP, and the system also contains ASPs that are not mirrored,
data is not lost. However, in some cases, concurrent maintenance may not be possible.
The disk units that are used in user ASPs should be selected carefully. For best protection
and performance, an ASP should contain disk units that are attached to several different
I/O processors. The number of disk units in the ASP that are attached to each I/O
processor should be the same (that is, balanced).
Determining the disk units that are needed
A mirrored ASP requires twice as much auxiliary storage as an ASP that is not mirrored,
because the system keeps two copies of all the data in the ASP. Also, mirrored protection
requires an even number of disk units of the same capacity so that disk units can be made
into mirrored pairs. On an existing system, it should be noted that it is not necessary to add
the same types of disk units already attached in order to provide the required additional
storage capacity. Any new disk units may be added as long as sufficient total storage
capacity and an even number of storage units of each size are present. The system will
assign mirrored pairs and automatically move the data as necessary.
The process of determining the disk units that are needed for mirrored protection is similar
for existing or new systems. You should do the following:
Plan how much data each ASP contains.
Plan a target percent of storage used for the ASP (how full the ASP is).
Plan the number and type of disk units needed to provide the storage that is required. For
an existing ASP, you can plan a different type and model of disk unit to provide the required
storage. You must ensure an even number of each type of disk unit and model.
After planning for all ASPs is completed, plan for spare units, if desired.
Once you know all of this information, you can calculate your total storage needs.
Determining the level of protection that you want
The level of mirrored protection determines if the system keeps running when different
levels of hardware fail. The level of protection is the amount of duplicate disk-related
hardware that you have. The more mirrored pairs that have higher levels of protection, the
more often your IBM Power System with IBM i is usable when disk related hardware fails.
You may decide that a lower level of protection is more cost effective for your system than
a higher level. The levels of protection, in order from lowest to highest, are as follows:
1. Disk unit-level protection
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Notes:
If one storage unit of a mirrored pair fails, the system suspends mirrored protection to the
failed mirrored unit. The system continues to operate using the remaining mirrored unit.
The failing mirrored unit can be physically repaired or replaced.
After the failed mirrored unit is repaired or replaced, the system synchronizes the mirrored
pair by copying current data from the storage unit that has remained operational to the
other storage unit. During synchronization, the mirrored unit to which the information is
being copied is in the resuming state. Synchronization does not require a dedicated system
and runs concurrently with other jobs on the system. System performance is affected
during synchronization. When synchronization is complete, the mirrored unit becomes
active.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Mirrored
Mirrored Device parity
1 protection
protection protection
(*see note)
Notes:
When mirrored protection is started, most systems show little difference in performance; in
some cases, mirrored protection can improve performance. Generally, functions that do
mostly read operations see equal or better performance with mirrored protection. This is
because read operations have a choice of two storage units to read from, and the one with
the faster expected response time is selected. Operations that do mostly write operations
(such as updating database records) may see slightly reduced performance on a system
that has mirrored protection because all changes must be written to both storage units of
the mirrored pair. Thus, restore operations are slower.
With both device parity protection and mirrored protection, the system continues to run
after a single disk failure when using RAID-5 or two disk failures when using RAID-6. With
mirrored protection, the system may continue to run after the failure of a disk-related
component, such as an IOA or an IOP.
When a second disk failure occurs such that the system has two failed disks (and you are
not using RAID-6), the IBM Power System with IBM i is more likely to continue to run with
mirrored protection than with device parity protection.
Uempty Device parity protection requires up to 25% additional disk capacity for storage of parity
information. The actual increase depends on the number of disk units that are assigned to
a device parity set. A system with mirrored protection requires twice as much disk capacity
as the same system without mirrored protection because all information is stored twice.
Mirrored protection may also require more buses, IOPs, and disk IOAs, depending on the
level of protection that you want. Therefore, mirrored protection is usually a more
expensive solution than device parity protection.
Usually, neither device parity protection nor mirrored protection has a noticeable effect on
system performance. In some cases, mirrored protection actually improves system
performance.
The restore time to disk units protected by device parity protection is slower than the
restore time to the same disk devices without device parity protection activated, because
the parity data must be calculated and written.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
1. It depends on hardware used, configuration, and level of mirrored protection.
2. Configuring disk pools can limit the loss of data and the recovery to a single disk pool.
3. For site disaster protection, remote mirroring is required.
4. In a clustered environment, an independent disk pool can help maintain availability.
5. When using geographic mirroring, independent disk pools can provide site disaster
protection.
Uempty
Notes:
Full protection method: Single ASP
A simple and safe way to manage and protect your auxiliary storage is to do the following:
• Assign all disk units to a single auxiliary storage pool (the system ASP).
• Use device parity protection for all disk units that have the hardware capability.
• Use mirrored protection for the remaining disk units on the system.
With this method, your system continues to run if a single disk unit fails. When the disk is
replaced, the system can reconstruct the information so that no data is lost. The system
may also continue to run when a disk-related hardware component fails. Whether your
system continues to run depends on your configuration. For example, the system will
continue to run if an IOP fails and all of the attached disk units have mirrored pairs that are
attached to a different IOP.
When you use a combination of mirrored protection and device parity protection to fully
protect your system, you increase your disk capacity requirements. Device parity protection
requires up to 25% of the space on your disk units (depending upon how many disk units
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
and whether you are implementing RAID-5 or RAID-6) to store parity information. Mirrored
protection doubles the disk requirement for all disks that do not have the capability for
device parity protection.
Full protection: Multiple ASPs
You may want to divide your disk units into several auxiliary storage pools. Sometimes,
your overall system performance may improve by having user ASPs. For example, you can
isolate journal receivers in a user ASP. You can also place history files or documents that
seldom change in a user ASP that has lower performance disk units.
You can fully protect a system with multiple ASPs by doing the following:
• Use device parity protection for all disk units that have the hardware capability.
• Set up mirrored protection for every ASP on the system. You can set up mirrored
protection even for an ASP that has only disk units with device parity protection. That
way, if you add units that do not have device parity protection in the future, those units
are automatically mirrored.
Note
You must add new units in pairs of units with equal capacity.
Before configuring this level of protection, be sure that you know how to assign disk units to
ASPs.
Uempty
Notes:
Sometimes, full protection (using a combination of device parity protection and mirrored
protection) may be too costly. If this happens, you need to develop a strategy to protect the
critical information on your system. Your objectives should be to minimize the loss of data
and to reduce the amount of time that critical applications are not available. Your strategy
will probably involve dividing your IBM Power System with IBM i into user ASPs and
protecting only certain ASPs. Note, however, that if the IBM Power System with IBM i is not
fully protected and an unprotected disk unit fails, serious problems can occur. The entire
system can become unusable, end abnormally, require a long recovery, and data in the
ASP that contains the failed unit will have to be restored.
Before configuring this level of protection, be sure that you know how to assign disk units to
ASPs.
The following list has suggestions for developing your strategy:
• If you protect the system ASP with a combination of mirrored protection and device
parity protection, you can reduce or eliminate recovery time. The system ASP, and
particularly the load source unit, contain information that is critical to keeping your
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-65
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
system operational. For example, the system ASP has security information,
configuration information, and addresses for all the libraries on the system.
• Think about how you can recover file information. If you have on-line applications and
your files change constantly, consider using journaling and placing journal receivers in a
protected user ASP.
• Think about what information does not need protection, probably because it changes
infrequently. For example, history files may need to be on-line for reference, but the
data in the history files may not change except at the end of the month. You might place
those files in a separate user ASP that does not have any disk protection. If a failure
occurs, the system becomes unusable, but the files can be restored without any loss of
data. The same may be true for documents.
• Think about other information that may not need disk protection. For example, your
application programs may be in a separate library from the application data. Probably,
the programs change infrequently. The program libraries might be placed in a user ASP
that is not protected. If a failure occurs, the system becomes unusable, but the
programs can be restored.
Two simple guidelines can summarize the previous list:
1. To reduce recovery time, protect the system ASP.
2. To reduce loss of data, make conscious decisions about which libraries must be
protected.
Uempty
Notes:
Geographic mirroring provides the ability to replicate changes made to the production copy
of an independent auxiliary storage pool (IASP) to a mirror copy of that IASP. As data is
written to the production copy of an IASP, the operating system mirrors that data to a
second copy of the IASP through another IBM Power System with IBM i. This process
keeps multiple identical copies of the data.
The example given in the foil is a very simple configuration with XSM implemented
between two cluster nodes. Two physical sites A and B have a IBM Power Systems with
IBM i installed. Each of the servers have two IASPs configured on switchable hardware
(Tower level on individual systems – IOP level between partitions). Since XSM works under
clustering topology only, the hardware used for configuring the IASPs must be recognized
as resilient (switchable hardware). Both servers have two IASPs one of them in production
on each site, the other one serving as a mirrored copy of the production IASP of the other
site. If one of the IBM Power Systems with IBM i servers should fail, the mirrored copy on
the other site can then be brought in production. It is obvious that both nodes need to be
made part of the same recovery domain.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-67
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Notes:
XSM can be configured between two IASPs that have their own DASD protection
mechanism. The protection can be different on both sites and does not even have to exist.
XSM on unprotected DASD in IASP is not recommended when striving for high availability.
Any allowed combination of RAID-5 / RAID-6, mirrored or unprotected DASD in the IASP is
supported under XSM.
In this same sense the storage size of the IASP on the target can be different from the size
of the source IASP under geographical mirroring. When configuring XSM, the user should
start XSM from the site with the smallest IASP. Once configured, the user can then swap
roles if required. Messages regarding the threshold value for the storage are issued as
soon as one of the IASP storage units reaches its threshold value. Messages arrive in the
operator message queue of the production site for either one of the geographical mirrored
IASPs. There are size restrictions for the initial setup.
When cluster nodes owning geographical mirrored IASPs are switching roles, there is a
need for synchronized objects in the system based auxiliary storage pool if there are
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-69
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
• Dependencies
– IASP state synchronized automatically
• Example: Production is available; mirrored copy is varied on.
– No concurrent operations or data access on mirrored copy when varied on
– IBM Power System with IBM i Navigator shows pending
• Recovery time out
– Time before XSM suspends
– Consider redundant communication paths
• Performance
– Input/Output intensive work
– Read to write ratio
– Asynchronous compared to synchronous
– Main storage
• Consequences of detaching and attaching a mirrored IASP copy
– Resynchronization time depends on size and on communication bandwidth.
– Most environments are not suitable for backup to tape operation.
– Create a different device description before using a detached mirrored copy.
© Copyright IBM Corporation 2012
Notes:
When the production IASP is made available, the geographical mirrored copy is
automatically brought to an active state. Once geographical mirroring is started, the
mirrored copy is not accessible for the user.
Recovery Time Out is the time the user can specify (during the setup of XSM) for how long
the application can wait and the server can try to recover the connection with the remote
copy. Once the time limit is reached, cross-site mirroring is suspended. If mirroring is
suspended, the system performs a full synchronization, this means that the XSM copy is
zeroed out and completely rewritten during the resume phase. This can be a very
time-consuming process and may have a severe impact on the performance of the
applications using the data in the production pools. If the user makes the production copy
unavailable during the resume process, the resume function is stopped automatically and
restarted from the point where it was stopped when the production copy is made available
again. When choosing the recovery time or value, the user has to decide between blocking
the applications using the data in the disk pool group for a certain amount of time, or for
allowing full synchronization after the automatic suspend of geographic mirroring.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-71
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Where read operations are only performed on the local or production IASP and there is no
impact on performance at all with XSM, every write operation has to be performed on the
geographical mirrored copy too, be it in a synchronous or asynchronous way. As depicted
earlier, the user can influence the impact on performance by changing the replication
methodology or priority. However, geographical mirroring always uses server resources,
consumes memory and processor cycles. Testing showed a CPU overhead between 15%
and 20% with XSM active. It is highly recommended that you provide additional main
storage for the server to be able to handle the data port services requests without
interfering with application paging.
Before making a detached mirror copy available, creating a second device description for
the independent disk pool that differentiates it from the production copy is the only way to
avoid problems. A separate device description for the mirror copy prevents two instances
of the same database in the network. You may then use this second mirror copy device
description to make the XSM copy available for operations.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-73
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
SD
cts
e
SD
DA
ac
bje
AS
DA
sp
e
ro
old
rD
ov
top
e
re
sfe
lat
sh
m
sfe
igu
t/s
lcu
re
an
re
ar
an
nf
d/
Th
Ca
Tr
St
Co
Ad
Tr
Mirrored protection ASPs
Disk compression LPARs
Device parity protection
Notes:
The IBM Power Systems with IBM i Systems Management Recovering Your System
(SC41-5304-09) manual has detailed checklists for procedures involving disk configuration
and protection. The checklists can be found starting on page 395, in the section titled Part
6: Disk configuration and protection.
Note that many of the checklists will require the use of either the System Service Tools
(SST) or Dedicated Service Tools (DST).
Uempty
n?
tio
n?
ec
tio
l?
?
d?
ot
ed
fu
ec
pr
ile
s
ur
ot
es
y
fa
fig
rit
pr
cc
it
pa
on
un
ed
su
c
ice
or
h
p
Ps
hic
m
irr
v
De
AS
Pu
M
W
Notes:
For disk failure or disk errors, first recover the disk, then recover the data. To recover the
disk select the appropriate checklist. The checklist selection will depend on the following:
• Which disk unit failed
• Whether device parity protection or mirrored protection was active
• Whether the ASPs are configured
• Whether or not the failed disk could be pumped
If a disk unit must be replaced, a service representative normally tries to copy the
information from the disk unit when it is replaced. This procedure is sometimes referred to
as a pump. If the service representative is able to perform a full pump then none of the data
is lost. On the other hand, if only a partial pump can be performed then some of the data
will be lost. There will be some situations when a pump cannot be performed at all, in which
case the data on the system will have to be manually restored.
The recovery checklists are very specific procedures to guide you through recovery.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-75
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
ta
al
da
d?
ply ourn
re
ve
ve
ns
u over
sa
j
?
co
to s or
tio
to
re
m rec
op
ed
BJ
ap
g
ein
o
us
en
ug r t
G
sb
re VCH
e
ro the
rs
ur
ive
h
SP
ed
he
SA
ce
oc
lA
W
Pr
Al
th
Backup and Recovery manual
Select checklist to recover user data
2 #1
1
2
3
#2
1
2 ...
4
Notes:
After the disk is recovered, then the next step is to recover the user data.
To recover user data select the appropriate checklist. The checklist depends on the
following:
• Whether all ASPs are being recovered
• The procedure used to save the data
• Whether there are SAVCHGOBJs or journal receivers to apply
• Whether you want to use menu options to recover
Uempty
DASD management
IBM i
• Application administration
required: Service tools
server DST authority for:
– Complete DASD
management
– DST support (subset)
– View and add disk units
– Disk balancing
– Create and manage ASPs
and disk units
– Create and manage
independent ASPs (disk
pools equal private pools)
– Compression
© Copyright IBM Corporation 2012
Notes:
Many DASD management functions including defining user ASPs, viewing the disk
hardware configuration details and disk balancing and compression are available in IBM
Power Systems with IBM i Navigator. Starting with version 5, many of the commonly used
disk management functions available under the traditional Start Service Tools (STRSST
command) interface are now supported in IBM Power Systems with IBM i Navigator. Some
additional disk management functions available when your IBM Power System with IBM i is
started or changed to DST (dedicated service tools) mode are also supported since V5R1
through the Configuration and Service > Hardware > Disk units functions.
Here is a quick summary of the DASD management functions.
View and manipulate large disk configurations
This includes the ability to view subsets of all disk units, view disk units in a physical and
logical hierarchical layout, and sort the disk units by various criteria such as size, resource
name, or associated I/O processor.
Use a graphical view to see where all the disk units on your system are located
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-77
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
From the graphical view, you can perform all the same actions on a disk unit that you can
perform from the list of all disk units in the IBM i Navigator window. These actions include
start or stop compression, include the disk unit in a parity set (or exclude it), add a disk unit
to a disk pool (or remove it), replace a disk unit, rename a disk unit, and more.
Wizards provide streamlined disk maintenance procedures for performing the functions
listed here. Note that on an LPAR system, you would be defining the disk units through the
LPAR 5250 Dedicated Service Tools (DST) interface or through the IBM i Navigator Logical
Partition interface, if you are authorized to do this.
Uempty
Notes:
You must have the appropriate service authority to administer disk units. Before you even
see the Disk Units branch under Hardware, your system administrator must have first
enabled Disk Units to be managed. The DASD management support ships with a no
access default for each system.
To enable, view, and work with (manage) disk units, your system administrator must have
done the following for your connection system. The following steps need to be done only
once:
• The user to be authorized must have *SERVICE Special Authority.
• Install the Configure and Service Installable function for IBM i Navigator. This is
selectable under Custom Install or gets automatically installed when you select Full
Install.
• Right-click the IBM Power System with IBM i and select Application Administration.
• Click Host Applications.
• Expand IBM i.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-79
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Expand Service.
• Check Disk Units authorization as you have previously determined.
Each client work station that requires access to Disk Unit management must also have:
• Configure and Service function for IBM i Navigator installed
• Service Tools authorization: When clicking Disk Units, a Service Tools Security window
appears requesting an explicit Service Tools Server user ID and password.
• The DST user profile, password, and user profile authorizations are specified through
the Dedicated Service Tools (DST) interface using either a 5250 console or Operations
Console device.
Uempty
Notes:
Service Tools user profiles are shipped with IBM i are QSECOFR, 111111, 222222, and
QSRV. Each has different levels of authority (privileges). The standard recommendation is
that the system administrator create a specific DST user profile, with specific privileges
assigned, for each user who will have authority to sign on through DST or SST. This way,
the capabilities of the QSECOFR service tools profile are not compromised.
Note the service tools, user profiles, and associated passwords are separate and
independent of IBM i user profiles and associated passwords. For example, IBM i user
profiles QSECOFR and JIMC passwords are SCY1OFR and myos4usr. Service tools user
profiles QSECOFR and JIMC (you created this) have passwords of sts1sofor and back2you.
Attempting to sign on to DST with the IBM i user ID and password (user ID = JIMC;
password=myos4usr) three times successively disables your service tools user profile.
If you have not previously performed the Add Service Tools Entry command as shown and
then stopped and started TCP/IP, when selecting either Disk Units or Logical Partitions
under IBM i Navigator, an error screen is displayed that indicates there is no server
listening on an IP port.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-81
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
For more information in this area, refer to the release appropriate document: Configuring
the service tools server for i5/OS. In the V7R1Information Center, you can find this
document by visiting:
http://publib.boulder.ibm.com/infocenter/iseries/v7r1m0/index.jsp
Click Security -> Service tools -> Managing service tools in the Navigation bar. The
document is near the bottom.
Uempty
Notes:
Assuming that Application Administration has specified Disk Units can be managed, and
your workstation has Configuration and Service installed, you see a Disk Units branch at
the bottom of the Configuration and Service-Hardware tree structure.
To perform disk unit functions click the + character to the right of Disk Units. This expands
the Disk Units sub-branches but before you can do any function you must sign on with a
Service Tools security user profile and password as shown on this foil.
The Service Tools user profile and password and proper authorizations are specified
through the Dedicated Service Tools (DST) interface options available to the system
console device (twinax 5250, Operations Console Direct Attach, or new for V5R1,
Operations Console LAN Attach). The DST configuration for the Service Tools user profile
used here must be explicitly granted the capabilities to manage disk units.
Similarly, for the IBM i Navigator user to do Logical Partitioning or Cluster Management
functions the Service Tools user profile must be granted authority to do these functions as
well as generally be enabled through IBM i Navigator Application Administration.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-83
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
The Service Tools user profile and password/authorizations are separate and independent
of IBM i user profile password/authorizations. That is, user JIMC may be defined under
Service Tools security but need not be defined under IBM i. If the user ID is defined both
under IBM i and Service Tools security, the password and specific authorizations are
completely independent.
Uempty
Notes:
Starting with V5R3, you can use IBM i Navigator to gather information about a specific disk
unit. Only newer generation disk units return meaningful logs. This function should be used
under the direction of your next level of support during maintenance activities.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-85
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Notes:
This System i Navigator screen shows the physical location of disk drives within the system
rack.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-87
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
This System i Navigator screen shows how you request the Add Disk Unit wizard by
right-clicking the All disk units container and then clicking Add Disk Unit.
Uempty
• The Welcome page explains the tasks that the wizard helps you with.
– Add disk units to an existing disk pool.
– Create a new disk pool and add disk units to it.
– Include nonconfigured disk units in a device parity set.
– Start device parity protection.
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-89
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-91
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Select the disk unit to be added at this time, and click Add.
– Add to Disk Pool: Single disks for RAID
Notes:
Uempty
• Disk balancing
– Choosing Yes, balance disk pools moves data so that each disk unit
in the disk pool has an equal percentage of used and unused space*.
Notes:
The Balance pane offers you the choice to balance the capacity of the disk pool.
If you select Yes, balance disk pools, the system moves data so that each disk unit in the
disk pool has an equal percentage of used and unused space. Balancing the capacity of
the disk pool avoids a situation where several disk units contain the majority of the data and
the newly added disk units contain very little data. This situation leads to poor system
performance.
Select No, do not balance disk pools if you do not want to balance the capacity of the
disk pool at this time.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-93
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Continue Adding
– Selecting No, I am done adding Disk Units takes you to the summary screen.
– Selecting Yes, I want to add Disk Units to a Disk Pool brings you back to the
add disk screen.
Notes:
Uempty
• Summary
– This page displays the complete configuration and reflects all
of your choices so far.
Notes:
The Summary pane displays the complete configuration and reflects all the choices you
have made so far. The list shows the disk units that are associated with each disk pool and
the projected capacity of each disk unit. The projected capacity shown for the disk unit
reflects the fact that compression is started when a disk unit is included in a device parity
set.
When you click Finish, a status dialog shows the progress of the operations. Depending on
the type, model, and size of each unit being added, the operations may take more than an
hour.
The Status page displays the progress of each operation you have selected: starting
device parity protection, including disk units in device parity sets, and adding disk units.
The time it takes to complete each operation depends on the type, model, and size of each
unit being added.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-95
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Notes:
Before you change the disk configuration of your server, it is important to know exactly
where the existing disk units are located in relation to disk pools, I/O adapters, and frames.
The graphical view of IBM i Navigator eliminates the process of compiling all this
information by providing a graphical representation of how your server is configured. You
can use the graphical view to perform any function that is possible through the Disk Units
list view of IBM i Navigator, with the added benefit of being able to see a visual
representation.
If you right-click any object in the table, such as a specific disk unit, disk pool, parity set, or
frame, you see the same options as in the main IBM i Navigator window. You can choose
how to view the hardware in the Disk Unit Graphical View window.
For example, you can select to view by disk pools, and then select a disk pool in the list to
display only those frames that contain the disk units that make up the selected disk pool.
You can select Show all frames to see all frames whether or not they contain disk units in
the selected disk pool. You can also select Show device positions to associate disk unit
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-97
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
names with the device position where they are inserted. You can right-click any highlighted
blue disk unit in the graphical view and select an action to perform on the disk unit.
For example, you can select to start or stop compression on a disk unit, include the disk
unit in a parity set (or exclude it), or rename the disk unit. If the disk unit has mirrored
protection (that is, it is one of a mirrored pair), you can suspend or resume mirroring on the
disk unit. If you right-click an empty disk unit slot, you can start the Install Disk Unit Wizard.
All valid sides of a tower are shown. If a tower can have disk units on the Front and Back,
then both views of the same tower are shown. If Show all towers is checked off, then only
the view that has an item with a hit to the view by field is shown.
When right clicked, the context menu for a disk unit is displayed. You can then select from
a list of actions to perform on the disk unit. For example, you can select:
• Start or Stop Compression on a disk unit
• Include the disk unit in a parity set (or exclude it)
• Rename the disk unit
If the disk unit has mirrored protection (that is, it is one of a mirrored pair), you can suspend
or resume mirroring on the disk unit.
When Ctrl-click is done on multiple disk units, these multiple disk units can be selected,
and actions can be performed on them at once (add, remove, clear). Doing a Ctrl-A allows
a user to select all disk units easily in the list.
Uempty
Notes:
This System i Navigator screen shows general information for disk pools by right-clicking
Disk pools and selecting Properties.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-99
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
This System i Navigator screen shows the threshold and capacity information of disk pools
graphically.
Uempty
Notes:
This System i Navigator screen shows the balance and trace information of disk pools.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-101
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
If you choose to create a new disk pool while your IBM Power System with IBM i is active,
consider the following points:
You cannot start mirrored protection while the IBM Power System with IBM i is active. The
new disk pool is not fully protected unless all of the disk units have device parity protection.
You cannot remove existing disk units from one disk pool and create a new disk pool while
your IBM Power System with IBM i is active, since the system must rewrite data when it
removes disk units from an existing disk pool. This can be done only through the Dedicated
Service Tools (DST).
The system considers the size of an auxiliary storage pool (ASP) to determine the size of
the SMAPP journal receiver for that ASP. When you perform an IPL, the system checks to
see if your ASP configuration has changed. The system does the following:
If any disk units have been added or removed from an existing ASP, the system may
change either the size of the SMAPP receiver or the placement of the receiver.
Uempty If any new ASPs are in the configuration and do not have any access path recovery times
assigned for SMAPP, the system assigns a recovery time of *NONE for that ASP. If you
remove an ASP from your configuration and later add it back, the access path for that ASP
is set to *
, even if that ASP previously had a recovery time for access paths.
If all user ASPs have been removed from your configuration so that you have only the
system ASP, the system access path recovery time is set to the lower of the following
values:
• The existing system access path recovery time
• The current access path recovery time for ASP1
- If the current access path recovery time for ASP 1 is *NONE, the system access path
recovery time is not changed.
When you add disk units to your disk configuration while your IBM Power System with IBM
i is active, the system does not consider those changes in making SMAPP storage
decisions until the next time you perform an IPL. The system uses the size of the ASP to
determine the threshold size for SMAPP receivers. If you add disk units, the system does
not increase the threshold size for the receivers until the next IPL. This means that the
frequency of changing SMAPP receivers will not go down until you perform an IPL.
When you create a new user ASP while your IBM Power System with IBM i is active, you
should add all of the planned disks to the ASP at the same time. The system uses the initial
size of the new ASP to make storage decisions for SMAPP. If you later add more disk units
to the ASP, those disk units are not considered until the next IPL. When you create a new
user ASP, the access path recovery time for that ASP is set to *NONE. You can use the
EDTRCYAP command to set a target recovery time for the new ASP, if desired.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-103
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Use the New Disk Pool dialog to select the basic numerical identifier for
your new disk pool from a list of all available numerical identifiers.
Notes:
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-105
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The left side of this visual shows the available disks. Click Add to add them to the pool.
Along the way you specify what kind of protection and if disk balancing, compression, or
both are to be used. If you select to do balancing it is done now.
If you select Protect Disk Pool then, if it is an IASP, when the Add Disk wizard is finished,
a Start Mirroring dialog appears prompting you to Start or Cancel.
If the disk pool is the System ASP or a user (not an IASP) ASP, then a dialog is presented
telling you, Your pool is now ready for you to perform Start Mirroring. When you choose to
continue mirroring, it will be started.
Please note that mirroring can take quite a long time, the more disks and the more storage
per disk, the longer it takes.
Mirroring does not require an IPL for IASPs. For system and user ASPs, the user can only
start mirroring at DST. The system performs a forced IPL as part of the Start Mirroring
function.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-107
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The following list describes the circumstances that can cause your system to stop
unexpectedly and what happens when it does.
• Power failure with uninterruptible power supply: When the system loses normal
power, the uninterruptible power supply system takes over and keeps the system
running. The system detects this change and sends a message to your
power-monitoring program. Your program can decide whether to keep the system
running until power returns or to begin an orderly shutdown.
• Power failure with continuously powered main store: If your system has this
feature, a battery provides sufficient power to shut down the system and maintain the
contents of memory for up to two days after a power loss. In many cases, this can
significantly reduce the amount of time the system requires to perform an initial program
load (IPL) after a power loss. This continuously powered main store feature can also
take control if the uninterruptible power supply system can no longer maintain power.
The system automatically restarts when power is restored. You may see the Disk
Configuration Error Report display.
Uempty • Power failure with no protection: If your system does not have an uninterruptible
power supply or the continuously powered main store feature and the power fails, your
system stops immediately. The contents of main memory are lost. The system must
reconstruct information when power returns. This can be very time-consuming. Whether
the system starts automatically depends on how you have set the QPWRRSTIPL system
value.
• Disk failure with device parity protection or mirrored protection: In many cases,
the system can continue running without full disk protection until the failed unit is
replaced.
• Disk failure without disk protection: This is like a power failure without protection.
The system stops immediately. The system must reconstruct information about jobs
that were running and files that were open after the disk is repaired or replaced.
• Failure of a critical operating system program: The system will stop immediately,
just as it does if an unprotected power failure or disk failure occurs. The system
attempts to copy the contents of main memory so that the problem can be analyzed.
This is called a main storage dump. When the system stops, you see the Main
Storage Dump Manager Occurred display.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-109
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
When your system starts, it checks to ensure that it can access all of the disk units that are
configured. If it cannot access one or more disk units, you are shown the Disk
Configuration Error Report display:
Disk Configuration Error Report
Type option, press Enter.
5=Display Detailed Report
Option Error
_ Missing disk units in the configuration
Following a temporary power outage you may see the display because power has been
restored to the processor but not to the peripheral devices. Wait to respond to the display
until power is restored to all the disk units. The system's ability to access all the disk units
when the IBM Power System with IBM i is starting, particularly if you have the continuously
powered main store feature, is important for a successful recovery. If disk units are not
Uempty available, the system may not be able to recover changed pages of memory. This can
lengthen the time it takes to perform the IPL.
This screen may also be presented:
• After abnormal termination, if the IBM Power System with IBM i is unable to activate all
the DASD on the re-IPL
• During any IBM Power System with IBM i IPL that has a similar problem, even if normal
system shutdown had taken the system down last
If your system encounters a serious software problem, you are shown the Main Storage
Dump Manager Occurred display:
Main Storage Dump Manager Occurred
S/N xxxxxxxx
Function 11 . . . . . : A1D03000
Function 12 . . . . . : 69B0015F
Function 13 . . . . . : 0000308F
Function 14 . . . . . : 3FFFDE00
Function 15 . . . . . : 0C211008
Function 16 . . . . . : 00000000
Function 17 . . . . . : 00000000
Function 18 . . . . . : 00D5A400
Function 19 . . . . . : 00CDA400
Type/Model/Feature . . : 9401 150 2270
Warning: The Main Storage Dump (MSD) must be copied for service.
Failure to copy the Main Storage Dump will limit
the ability to diagnose the failure.
Press Enter to copy the MSD for service or view the MSD.
F3=Exit F12=Cancel
Follow the instructions for your service provider in responding to this display. In most
cases, you should make a copy of the main storage dump, either to tape media or to
auxiliary storage (disk), to assist with diagnosing the problem.
The IBM i Service Functions book has more information about the Main Storage Dump
Manager function.
When you have solved whatever problem caused your system to stop, you must start it
again. In some cases, you start the initial program load (IPL) yourself. In other cases, such
as a power loss, the system starts automatically. When you start your system again after it
ends abnormally, the system tries to put things back in order. It closes files that were in use,
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-111
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
rebuilds access paths that were open, and verifies file constraints. This process can take a
long time.
If you want the system to determine when to rebuild and verify, perform a normal
(automatic) IPL to restart your system. If you want to view and change the schedules for
rebuilding access paths and verifying referential constraints, follow the steps in the Backup
and Recovery manual.
Uempty
Notes:
The Edit Rebuild of Access Paths display shows the names of the file members that have
immediate or delayed maintenance access paths that are not valid.
The display allows you to rebuild the access path for a given member of the file. The
access path for a file member is marked as not valid when the system ends abnormally and
the file member is in use.
Files with journaled access paths and files with rebuild maintenance of the access path are
not shown on the Edit Rebuild Access Path display.
When a sequence value is selected and the Enter key is pressed, the status field is
updated to show the current rebuild condition of the access path.
If you see More... on the lower right side of your display, there is more information to
view. Press Page Down (or Roll Up) to move toward the end of the information. Press Page
Up (or Roll Down) to move toward the beginning of the information.
If you see Bottom instead of More..., you are at the end of the information.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-113
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
HELD
The access path is rebuilt when the user changes the sequence to *OPN or to a value
ranging from 1 through 99.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-115
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
You can define required attributes for physical files on the system. These are referred to as
referential constraints or simply constraints. When you perform an IPL after the system
ends abnormally or when you restore database files, the system checks the validity of file
constraints. Refer to the DB2 UDB for IBM i Database Programming document for more
information about using referential constraints.
If database constraints are marked for verification, you are shown the above display.
The Edit Check Pending Constraints display shows a list of constraints in check pending.
The display includes the status, constraint name, file name, library name, the estimated
time to verify the constraint, the current elapsed time since verification started, and
constraint type.
If you see More... on the lower right side of your display, there is more information to
view. Press Page Down (or Roll Up) to move toward the end of the information. Press Page
Up (or Roll Down) to move toward the beginning of the information.
If you see Bottom instead of More..., you are at the end of the information.
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-117
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
F3=Exit
Exits the current task and returns to the display from which the task was started.
F5=Refresh
Re-displays the list showing any new constraints and removes constraints that no
longer belong in the list. Shows changes in state and check pending.
F11=Display type
Shows the list again, but with different information.
F12=Cancel
Returns to the previous menu or display.
F13=Repeat all
Changes the sequence value for constraints of the same sequence value group (1-99,
*HLD) and status condition (RUN, HELD, and so on). The change is applied to the
constraints that follow the selected constraint in the display list that have the same
sequence value and status condition as the selected constraint.
F15=Sort by
Sorts the constraints by status, constraint name, file, library, ascending verify time, or
descending verify time.
F16=Repeat position to
Repeats the previous position to operation.
F17=Position to
The list is positioned to a specified constraint name. If the name is not found, the list
begins with the entry displayed immediately before your request. You can also enter
*TOP or *BOT to position the list to the beginning or to the end.
F22=Display constraint name
Displays the entire constraint name. Use this key to show the entire name when a
greater than sign (>) appears to the right of the constraint name.
Uempty
Checkpoint (1 of 3)
IBM i
1. True or False: The terms disk pool and IASP are terms that are not
interchangeable.
2. The maximum number of basic ASPs you can create is ____, and the
maximum number of IASPs you can create is ____.
a. 32 and 255
b. 64 and 128
c. 128 and 64
d. 255 and 32
e. The number is the same for both
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-119
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Checkpoint (2 of 3)
IBM i
6. True or False: The ability to access and manage disk units is a function that is
automatically available when you install IBM i Navigator.
Notes:
Uempty
Checkpoint (3 of 3)
IBM i
7. True or False: The OS security officer user ID and password are different from the
service tools security officer user ID and password.
8. Which of the following is not usually the cause of an abnormal system end?
a. Power failure
b. Disk failure
c. User error
d. Failure of critical IBM i program
9. True or False: During a normal IPL, after there has been an abnormal end, the
system determines which access paths need to be rebuilt.
10. True or False: During an attended IPL, after there has been an abnormal end, the
user is not presented with any options for rebuilding access paths.
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 10. Disk management 10-121
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit summary
IBM i
Notes:
References
http://publib.boulder.ibm.com/iseries > i 7.1 > Systems
management > Backup and Recovery
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit objectives
IBM i
Notes:
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Your company
Disaster Disaster
recovery recovery
plan plan
Save/restore
Notes:
The method that you use to back up your server depends upon your backup strategy. If you
do not have a strategy, review the information in Planning a Backup and Recovery
Strategy. After reviewing the information, determine how you should save your data.
The save and restore commands are the foundation for a backup and recovery plan. A
knowledge of how to save the system, in order be able to restore that part of the system
that is in error is critical to a disaster recovery plan.
If it would never be necessary to restore, there would be no need to make a save!
Think of the data on your computer as company assets, the same as inventory and fixed
assets. It has value to the company and it would be difficult to do business if it were lost.
Save and restore is the foundation upon which all recovery plans are built.
Uempty
Figure 11-4. Uses for the save and restore capabilities OL1914.1
Notes:
The Save commands (SAVxxx) allow you to copy data from the system to off-line media,
virtual media, or a savefile, so that it can then be restored if needed. These commands can
also be used for exchange of information between like systems and to archive information
no longer needed on a daily basis.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
This visual lists the different types of losses which may occur on a system:
• Disk failure: Loss of a disk unit (if not any form of RAID protection is active)
• System failure: Hardware failure other than DASD
• Power failure: Loss of power
• Program failure: Anomalies in programs
• Human error: Problems created by personnel mistakes
• Complete system loss: Due to fire, flood, tornado, or other natural disasters
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Managing tapes
IBM i
• Tape management
– Rotating tapes
– Naming and labeling tapes
– Preparing tapes and tape drives
– Verifying tapes
– Storing tapes
– Monitoring tapes for errors
Notes:
Since tapes are the prevalent method of saving and recovering your system data, you
should institute a tape management process because managing your tapes is an important
part of your save operation. If you cannot easily locate tapes that are correct and
undamaged when you need to do a recovery, the time spent creating the save tape was
wasted.
Make decisions about your procedures for managing tapes, write down those decisions,
and monitor the procedures regularly.
Tape management requires the following:
Rotating tapes: An important part of a good save procedure is to have more than one set
of tapes. When you perform a recovery, you may need to go back to an old or previous set
of saved tapes. If you discover that your most recent set of backup tapes is damaged, or if
you discover that a programming error has damaged the data on the most recent backup
tapes, you may have to use a previous version or a previous set of the backup tapes.
Uempty Naming and labeling tapes: As a standard practice all tapes should always be labeled to
assist the system operator in loading the correct tape to perform a save. Use
easy-to-identify labels to define what information is contained on the tape and which tape
set it is part of.
Preparing tapes and tape drives: Tape drives need regular cleaning as the heads collect
dust which may cause data errors. Also, before you can use a tape it must be initialized
with the Initialize Tape (INZTAP) command.
Verifying that the correct tapes are loaded: This can be done manually by the system
operator or by the system with the VOL parameter (on the save or restore commands)
which specifies a list of volume identifiers that can be used to perform the requested
operation. The system ensures that the tapes that are loaded by the operator are the
correct volumes and in the order specified on the command. If an error occurs, a message
is sent to the operator requesting the correct tape volumes. At that point, the operator can
either load the tape being called for, or select the option to override the request and use the
tape that is currently loaded.
Storing tapes: Tapes should be stored in a safe but accessible location away from where
the system is located. Off-site storage is highly recommended to avoid problems due to site
loss.
Monitoring for tape errors: You can determine if a tape is wearing out by printing the error
log. Use the Print Error Log (PRTERRLOG) command and specify TYPE(*VOLSTAT). If you
suspect that a tape has problems and you want to check the integrity of saved information,
use the Display Tape (DSPTAP) or the Duplicate Tape (DUPTAP) command. These
commands read the entire tape and detect objects on the tape that cannot be read.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The system offers many different types of tape drives to meet a variety of requirements for
cost, capacity, and performance. In most cases, you can attach enough tape drives with
sufficient capacity to save your entire system without operator intervention.
For more information, refer to IBM i Information Center web site.
Single tape devices
Single tape devices enable you to enjoy the benefits of tape media with your IBM i server.
They are excellent for smaller companies that may not have much data to back up or to
retrieve. (LTO4 Cartridge capacity = 800 GB uncompressed, LTO5 Cartridge capacity = 1.5
TB!) If a full backup of your server fits on a single tape, you can perform unattended
backups with a single tape device. However, once your backup exceeds one tape,
someone needs to be present to switch the tapes in the drive as the backup runs.
Automatic cartridge loaders
Automatic cartridge loaders provide automation solutions for small to medium size
environments. Automatic cartridge loaders can hold multiple cartridges and perform
Uempty unattended backups. Though they have fewer automation capabilities than tape libraries,
you can use tape management software to support automated, centrally scheduled,
policy-managed backup and storage operations. There are two ways that you can use tape
cartridges with an automatic cartridge loader:
Tape libraries
Tape libraries can help you perform unattended save and restore operations, archival and
retrieval operations, spool archiving, and other tape-related tasks. Tape libraries are often
used with some form of automation software, and are capable of supporting multiple
systems across different platforms and large quantities of cartridges. In these
environments, a media management application often maintains the cartridge inventory
and handles most of the tape library tasks. However, you can also use tape libraries
without a media management application. In these environments the tape library can still
support some automated tape functions.
Automated tape devices
Automated Tape Library Systems are a combination of hardware and software that allow
you to store, catalog, and load large numbers of tapes without operator intervention. This
function is supported by Backup Recovery and Media Services (BRMS).
For further information, refer to Backup and Recovery (subtopic of Systems Management)
in the System i Information Center.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
You can use IBM i navigator, IBM Systems Director Navigator for i, or 5250 emulation
(WRKCFGSTS command) to determine the status for your stand-alone tape device.
Occasionally, it may be necessary to use the tape resources in a tape library without the
benefit of the automation. An example of this would be when you perform an alternate IPL.
Another example would be when the tape library automation is disabled. Using the tape
resource in this fashion is referred to as stand-alone mode. In stand-alone mode, the tape
resource operates like other tape devices that are not in a tape library. Most tape libraries
provide modes or commands to move media to a tape resource. Refer to the operator
information for your tape library for the different operating modes available. When
automation is not used, the tape library operates as an automatic cartridge loader for the
tape device and loads cartridges individually or sequentially in the device.
Tape automation with BRMS
The combination of the BRMS software and a tape library provides a total solution for all
your tape automation requirements. When using tape automation and BRMS, you can
design and carry out a solution that shows the results in the following ways:
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Right-click
Figure 11-10. IBM i Navigator: Manage tapes and tape libraries OL1914.1
Notes:
You can manage Stand Alone Tape drives, Virtual Tape drives and Tape Libraries with IBM
i Navigator.
Configuration and Service > Hardware > Tape Devices > Stand-Alone Devices >
right-click the tape device you can choose.
• Make Available: Makes the tape device available
• Make Unavailable: Makes the tape device unavailable
• Reset: If you click OK on the Confirm Reset dialog, you will reset the tape device as
well as the I/O processor and all devices attached to the I/O processor. You cannot
reverse this action.
• Format: Initialize a tape in the tape device.
• Display Volume Labels: Displays information about the files on the tape
• Duplicate: Copies the contents of a tape or set of tapes to another tape or set of tapes
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Figure 11-11. IBM Systems Director Navigator for i: Manage tapes and tape libraries (1 of 3) OL1914.1
Notes:
You can manage Stand Alone Tape drives, Virtual Tape drives and Tape Libraries with IBM
Systems Director Navigator for i.
Configuration and Service > Show All Configuration and Service Tasks > Tape
Devices [»] > Stand-Alone Devices > Select [»] at the tape device of your choice.
• Make Available: Makes the tape device available
• Make Unavailable: Makes the tape device unavailable
• Reset: If you click OK on the Confirm Reset dialog, you will reset the tape device as
well as the I/O processor and all devices attached to the I/O processor. You cannot
reverse this action.
• Format: Initialize a tape in the tape device.
• Display Volume Labels: Displays information about the files on the tape
• Duplicate: Copies the contents of a tape or set of tapes to another tape or set of tapes
• Print Tape:
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Figure 11-12. IBM Systems Director Navigator for i: Manage tapes and tape libraries (2 of 3) OL1914.1
Notes:
You can manage Stand Alone Tape drives, Virtual Tape drives and Tape Libraries with IBM
Systems Director Navigator for i.
Configuration and Service > Hardware > Tape Devices > Stand-Alone Devices >
Select [»] at the tape device of your choice.
• Make Available: Makes the tape device available
• Make Unavailable: Makes the tape device unavailable
• Properties Reset: If you click OK on the Confirm Reset dialog, you will reset the tape
device as well as the I/O processor and all devices attached to the I/O processor. You
cannot reverse this action.
• Format: Initialize a tape in the tape device.
• Display Volume Labels: Displays information about the files on the tape
• Duplicate: Copies the contents of a tape or set of tapes to another tape or set of tapes
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Figure 11-13. IBM Systems Director Navigator for i: Manage tapes and tape libraries (3 of 3) OL1914.1
Notes:
Properties
General: General information as is stored in the device description
Options: Vary – on at system restart, Make device private when made available, Unload
cartridge when made unavailable, message queue selection.
Capabilities: Shows what densities, read/write, optimum / maximum block sizes,
compaction and Worm capability the device has.
Location and Logical address shows resource information.
Uempty
WRKCFGSTS
WRKMLBSTS
Notes:
You can view the status of all the configuration objects by using the Work with
Configuration Status (WRKCFGSTS) command. This interactive command shows the
following:
Status of each configuration object:
Attachments of configuration objects
Status of jobs
Connection status
The WRKCFGSTS command shows a successful connection status as active (varied on). To
ensure that your configuration objects are properly configured, you should review the
network interface, line, controller, and device descriptions.
Also, you can use the Menu Tape (GO TAPE). Here are the following options for working
with tapes available:
1. Display tape information
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
2. Initialize a tape
3. Print contents of a tape
4. Save
5. Restore
6. Work with tape device status
7. Verify tape
70. Related commands
Tape library devices are configured with tape library device descriptions for the tape library.
There are also separate tape device descriptions for the tape resources. These tape device
descriptions are the devices that are used for stand-alone operation. To use the tape
resources in stand-alone mode, the resource must be available to the tape device
description. This is done by either deallocating the tape resource from the tape library or
varying off the tape library device. Once the tape resource is available, you can vary on the
tape device description, and issue commands to this device. The tape resource on the
WRKMLBSTS screen will now show a status of UNAVAILABLE / VARIED OFF. No tape
library functions operate for this tape resource. The tape resource needs to have cartridges
mounted manually, by a device mode, or by device operator panel commands.
Uempty
Notes:
The Initialize Tape (INZTAP) command is used to initialize magnetic tapes for use on the
system. This command is used to initialize a tape with a standard volume label for standard
label magnetic tape processing, or to initialize a tape with no labels for unlabeled magnetic
tape processing.
The only required parameter is the DEV parameter.
Specifies the name of the device in which the volume being initialized is placed. Specify the
name of the tape or media library device.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Key advantages
– Supported on all save/restore commands, virtual I/O, and APIs
(except SAVSTG)
– Can be faster than saving directly to tape
– Eliminates the following save file limitations
– Eliminates media error limitations
– Once checkpoint is reached, saves can be restarted
– Duplicate saves to media (DUPTAP or DUPMEDBRM)
– On-site and off-site storage
Notes:
Virtual Tape support was added at V5R4. Virtual tape support can help when you have an
amount of data to save during the same time period and do not have a large number of
tape devices to do the saves directly. Virtual tape support provides “extras” that are not
available with saves to a save file.
Virtual tape devices use virtual tape volumes that are created on a server's disk units. This
allows IBM i SAVxxx commands (except SAVSTG) to be used to back up data to virtual
tapes stored on disk rather than on actual tapes.
Key advantages
• Supported on all save/restore commands, virtual I/O, and APIs (except SAVSTG)
• Can be faster than saving directly to tape
- Similar performance to save files
- Best performance in separate ASP
• Eliminates the following save file limitations:
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
CRTIMGCLG ADDIMGCLGE
(3) (4)
LODIMGCLG
(5)
CRTDEVTAP
(1)
WRKCFGSTS
(2)
Notes:
The objective is to save to virtual tapes that are really storage areas on the IBM i partition.
No physical tape devices need to be attached during the backup (or restore). The numbers
in this visual represent the steps for implementing IBM i virtual tape support:
1. Create a tape device description with a “virtual attribute.”
2. Vary on your virtual tape device (use the WRKCFGSTS command, option 8 - Work with
status, then option 1- Vary on) and insure that it is varied on before continuing.
3. Create a tape image catalog.
4. Add image catalog entries (up to 256) to the image catalogue. Entries represent a virtual
tape volume.
Uempty
Note
Take care of the image size of the entry! An entry can be created with the size VRT256K,
which indicates the virtual tape just can contain 256K of data.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Notes:
Select: Configuration and Services > Hardware > Tape Devices. Right-click
Stand-alone Devices and select Create Virtual device.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• CRTIMGCLG command
• Create using System i Navigator
Figure 11-20. Create the image catalog for virtual tape support OL1914.1
Notes:
Uempty
Notes:
Select: Configuration and Services > Hardware > Tape Devices. Right-click Tape
Image Catalog and select Create Image Catalog.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Figure 11-22. Create new virtual volume using WRKIMGCLG command or ADDIMGCLGE command OL1914.1
Notes:
The WRKIMGCLG and ADDIMGCLGE commands and accompanying IBM i interfaces are
shown. These screens allow you to create a new virtual volume for a virtual tape drive.
Uempty
Notes:
Allocate storage size parameter
When *IMGSIZ is specified, the full amount of storage is determined by the image size
parameter and is allocated at create time. When the default of *MIN is specified, the newly
created virtual tape volumes initially use 4 KB of storage and allocate additional storage as
needed until the image size is reached.
Note
For ASPs smaller than 100 GB, virtual tape does not allocate more than 95% of the ASP
storage. For ASPs larger than 100 GB, virtual tape does not allocate additional storage
once the amount of free space reaches 5 GB. It is recommended that *IMGSIZ be used
when you are not sure if there is enough free storage to support the image size.
New: Lesser of 5% or 5 GB storage remains allocated.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Note
BRMS does not allow duplicate volume names in any catalog or physical drive.
The Tape Volume Name can be changed using the Initialize Tape (INZTAP) command.
Density parameter
The density parameter for the volume is used to control the optimum block size that the
volume uses.
Volumes with a density of *VRT256K use an optimum block size of 256 KB and are
compatible with 35xx type of devices and the newer QIC tape devices.
Volumes with a density of *VRT240K use an optimum block size of 240 KB and are
compatible with VXA and 8mm technology devices along with the 35xx and newer QIC
devices.
Volumes with a density of *VRT64K use an optimum block size of 64 KB and are
compatible with 3490F model 18 track media, VXA and 8mm technology devices, and with
the 35xx and newer QIC devices.
Volumes with a density of *VRT32K do not use an optimum block size and are compatible
with all devices.
Note
You should specify the largest compatible optimum block size to Maximize performance.
The density can be changed using the Initialize Tape (INZTAP) command.
Dependent catalog characteristics
Dependent catalog entries can be:
• Unloaded
• Loaded
• Mounted
• Reordered
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The Load or Unload Image Catalog (LODIMGCLG) command is used to associate an image
catalog and its images to a virtual device. The status of the image catalog will be changed
based on the value specified for the Option (OPTION) parameter as follows:
*LOAD This causes the status of the image catalog to change to ready.
All image catalog entries that are in mounted or loaded status
are loaded in the specified virtual device. The allow save
attribute is set to not allow save for all image catalog files.
*UNLOAD This causes the status of the image catalog to change to not
ready. All image catalog entries are removed from the specified
virtual device. The allow save attribute is set to allow save for all
image catalog entries.
Only one image catalog can be associated with a virtual device. If the virtual device already
has an image catalog associated with it, you can use OPTION(*UNLOAD) to unload the
current image catalog.
Uempty
Notes:
Select: Configuration and Services > Hardware > Tape Image Catalogs. At the right
pane, right-click the Image Catalog to load, and select Load Image Catalog.
At the popup screen select the virtual tape device the Image Catalog is to be connected to.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Figure 11-26. Virtual tape actions by IBM Systems Director Navigator for i (1 of 2) OL1914.1
Notes:
At the IBM Systems Director Navigator for i window, open the IBM i management
pull-down. Select the entry Configuration and Service.
At the right pane, click Show all Configuration and Service tasks.
Uempty
Virtual tape actions by IBM Systems Director
Navigator for i (2 of 2)
IBM i
Figure 11-27. Virtual tape actions by IBM Systems Director Navigator for i (2 of 2) OL1914.1
Notes:
At the right pane, left click the [»] button next to Tape Devices.
At the pull-down menu, select the task you want to perform.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Optical storage
IBM i
• Optical device
– CD-ROM or DVD-ROM drive
– Optical media libraries
• Virtual optical storage
– Ability to duplicate to physical media
– Save cumulative PTF record
– Save to virtual optical
• Create a virtual optical device
• Vary on the device
• Create an image catalog
• Add a new image catalog entry
• Load the image catalog
• Initialize the new volume
• Run the save command
© Copyright IBM Corporation 2012
Notes:
Tape is the most common media that is used for save and restore operations. You can also
save your user data and your system data to optical media.
Optical media library devices allow you to archive information to optical media, and they
provide backup and recovery capability similar to tape media. The Optical Support book
provides more information about using optical media. If you want to substitute optical
media for tape in some of your existing procedures, you need to evaluate how to assign
saved objects to directories on the optical media and how to name the media.
Optical storage refers to any storage method that uses a laser to store and retrieve data
from media. Examples of this media are compact disk read-only memory (CD-ROM), digital
video disk read-only memory (DVD-ROM), digital video disk random access memory
(DVD-RAM), write-once read-many (WORM) optical cartridges, and erasable optical
cartridges.
Another option that you can use for optical storage is virtual optical storage. When you use
virtual optical storage, you create and use optical images that are stored on your disk units.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
A virtual optical device is a device description that supports virtual optical storage, like
an actual optical device description supports actual optical storage. One to 35 virtual
optical device descriptions can be active at a time on the server.
CRTDEVOPT DEVD(virtual-device-name) RSRCNAME(*VRT) ONLINE(*YES)
TEXT(text-description)
3. Vary on the virtual optical device.
VRYCFG CFGOBJ(virtual-device-name) CFGTYPE(*DEV) STATUS(*ON)
4. Create an image catalog for your save operation.
An image catalog is an object that can contain up to 256 image catalog entries. Each
catalog is associated with one user-specified integrated file system directory. The
system recognized identifier for the object type is *IMGCLG.
CRTIMGCLG IMGCLG(catalog-name) DIR(catalog-path) CRTDIR(*YES)
TEXT(image-description)
5. Add a new image catalog entry with a size of 48 MB to 16 GB. If you are performing a
SAVSYS, the first volume must be at least 1489 MB to accommodate the Licensed
Internal Code. If you plan to save the full operating system, add a new image catalog
entry with a size of 4 GB. If you plan to duplicate image catalogs to physical media, then
ensure you select a virtual image size that matches the size of the media you plan to
write to.
An image catalog entry is a position within an image catalog that contains information
about a virtual image that is located in the image catalog directory.
ADDIMGCLGE IMGCLG(catalog-name) FROMFILE(*NEW) TOFILE(file-name)
IMGSIZ(*DVD4700) TEXT(text-description)
6. Load the image catalog.
This step associates the virtual optical device to the image catalog. Only one image
catalog at a time can be associated with a specific virtual optical device.
LODIMGCLG IMGCLG(catalog-name) DEV(virtual-device-name) OPTION(*LOAD)
7. Initialize the new volume.
INZOPT NEWVOL(volume-name) DEV(virtual-device-name) TEXT(volume text)
Use the WRKIMGCLGE (Work with image catalog entries) command to select the image
to be initialized or use the LODIMGCLGE (Load or unload image catalog entry)
command to continue to the next volume to be initialized.
LODIMGCLGE IMGCLG(catalog-name) IMGCLGIDX(1) OPTION(*MOUNT)
When you have completed initializing the new volumes, leave the first entry in mounted
status.
8. Run the save command for your desired save operation, listing the virtual optical device
in the DEV parameter.
Uempty
Notes:
Lab setup instructions
The student user ID and password that you will use for the reminder of the lab exercises
has changed. Use the following for the remainder of the lab exercises.
In all of the instructions in this workbook, replace lower case xx with the team number
assigned to you by the instructor.
User id: OL51xx
Password: OL51PWD
Current lib: OL51xx
Your password is set to expired, you will need to change it the first time you sign on.
Each team has its own team library named OL51xx. Any objects created by the team
should be placed in your team library. All output is directed to an output queue named
OL51 in the library OL51LIB.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
SAVSTG
IBM-supplied directories SAV (see notes)
Notes:
You can access the save commands either from the menu GO SAVE or CL commands.
Which method you use depends upon the type of save strategy you use. If you are using a
simple save strategy, the GO SAVE menu options 21, 22, or 23 probably suffice. The
graphic above depicts the parts of your system that are saved when you use options 21,
22, or 23 from the Save menu.
If you have chosen to use a medium, a save strategy, or both, there are additional steps to
consider when determining your SAV strategy. Draw a picture of your system similar to the
one above. In your picture, break the section called All User Libraries into smaller
segments that match the way you plan to save user libraries.
To determine how and when you plan to save each part of your system, review the System
i Backup and Recovery.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Note
Option 20 - Define save system and user data defaults. Select this option to define the save
system and user data defaults. These defaults are used by SAVE options 21, 22, and 23.
Following are the commands the system runs for the menu options 21, 22, and 23. In
parentheses () following the description is the name of the program for the menu option.
You may want to change this program if you need different values than the system-supplied
default values for the program.
Uempty
Important
If you are using the Hardware Management Console (HMC), you must back up the HMC in
addition to using the GO SAVE: Option 21 to obtain a complete save of your system.
Save and Restore menu options that bring the system to restricted state have been
enhanced, in IBM i 7.1, to gracefully end TCP/IP servers, Host servers and TCP/IP before
ending to restricted state. Save menu options 21 (Save entire system), 22 (Save system
data only), 23 (Save all user data) and 40 (Save all libraries other than the system library)
and Restore menu options 21 (Restore entire system), 22 (Restore system data only), 23
(Restore all user data) and 40 (Restore all libraries other than the system library) now
include the following commands:
ENDTCPSVR
ENDHOSTSVR
DLYJOB JOB(300)
ENDTCP
DLYJOB JOB(300)
before the ENDSBS SBS(*ALL) OPTION(*IMMED) command is issued. This enhancement is
available through PTF SI35204 for IBM i 6.1
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Notes:
SAVE Option 21 runs program QMNSAVE in QSYS. You may use RTVCLSRC to retrieve the
source and modify it.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
SAVE Option 22 runs program QSRSAVI in QSYS. You may use RTVCLSRC to retrieve the
source and modify it.
Uempty
Notes:
SAVE Option 23 runs program QSRSAVU in QSYS. You may use RTVCLSRC to retrieve the
source and modify it.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Start
Preprocessing
Build save list Post processing
for library LIBA.
Copy the objects in
library LIBA to tape.
Notes:
The system performs a save by processing a list of objects (by library) to be saved, then
saving those objects to the media.
Uempty
Tape
Disk
Physical or virtual = DEV(tape names)
Notes:
Normally, tape is the media of choice for save and restore operations. However, you can
use either tape, diskette, save files (SAVF), or optical media. Support for optical media is
provided so that you can archive information.
The chart below shows the types of media supported by the various SAVxxx commands.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Type of media
Command Tape Virtual optical Save file Optical media
SAVSYS Yes Yes 4 No Yes 1
SAVCFG Yes Yes Yes Yes
SAVSECDTA Yes Yes Yes Yes
SAVLIB Yes Yes Yes Yes 2
SAVOBJ Yes Yes Yes Yes
SAVCHGOBJ Yes Yes Yes Yes
SAVDLO Yes Yes Yes Yes 3
SAVSAVFDTA Yes Yes No Yes
SAVLICPGM Yes Yes 4 Yes Yes 1
SAVSTG Yes No No No
SAV Yes Yes Yes Yes
RUNBCKUP Yes No No No
Uempty
Notes:
Saving Libraries:
Parameter LIB is a required parameter and you can choose between several special
values, generic names, or from one to 300 individual specified library names for saving
libraries.
• LIB(*NONSYS): User libraries, QGPL, QUSRSYS and LPP libraries are saved.
• LIB(*IBM): All IBM libraries are saved, see notes for exceptions.
• LIB(*ALLUSR): All user libraries are saved. Some IBM libraries that contain user data
are saved.
New support that was added at V5R3:
Save access paths
• When a save command (SAVLIB, SAVOBJ, SAVCHGOBJ, SAVRSTLIB, SAVRSTOBJ, or
SAVRSTCHG) is performed, the save access paths parameter value is determined by
this system value when ACCPTH(*SYSVAL) is specified.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Notes:
The Save Object (SAVOBJ) command saves a copy of a single object or a group of objects
located in the same library. When *ALL is specified for the Objects (OBJ) parameter,
objects can be saved from a list of libraries. When saving to a save file, only one library can
be specified. The system saves the specified objects by writing a copy of each object on
tape or optical media, or in a save file.
The objects are not affected in the system unless the command specifies that the storage
should be freed. However, the description of each object is changed with the date, time,
and place when it was last saved, unless *NO is specified for the Update history (UPDHST)
parameter.
Save access paths
When a save command (SAVLIB, SAVOBJ, SAVCHGOBJ, SAVRSTLIB, SAVRSTOBJ, or
SAVRSTCHG) is performed, the save access paths parameter value is determined by this
system value when ACCPTH(*SYSVAL) is specified.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Notes:
This command is used to save only objects that have changed since a specified time.
Saving changed objects is often used to reduce the amount of media and to complete save
processing in a shorter period of time. For example, you might use the SAVLIB command
once a week and the SAVCHGOBJ command every day. The default for the SAVCHGOBJ is
from the last SAVLIB operation, so the media produced tends to grow during the week.
Note
The Reference date (REFDATE) parameter specifies a reference date. Any object that has
changed since that date is saved. The default is *SAVLIB. This setting allows running a
SAVLIB occasionally, say once a week, and then running SAVCHGOBJ to save only those
objects that have changed since the last *SAVLIB. This command should always be used
with the SAVLIB command in a save strategy.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Notes:
There is a new parameter (SPLFDTA) on save/restore commands
• SPLFDTA(*NONE) is default on saves
No spooled file data is saved.
• SPLFDTA(*ALL) supported on saves
For each output queue that is saved, all available spooled file data on the output
queue is saved.
• SPLFDTA(*NEW) is default on restores
For each output queue that is restored, spooled file data that was saved with the
output queue is restored, if it does not already exist on the system.
• SPLFDTA(*NONE) supported on restores
No spooled file data is restored
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
SAVSYS, SAVCFG,
QSYS..LIB SAVSECDTA,
(Library) SAVLIB, SAVOBJ
SAVCHGOBJ, SAV
QDLS
SAVDLO
(Document
library services) SAV
QOpenSys
SAV
(Open systems)
QNetware
(Novell NetWare) SAV
User-defined file
System (/dev QASPxx/) SAV
(Other file
systems) SAV
© Copyright IBM Corporation 2012
Notes:
The SAV command is used to save objects in the Integrated File System (IFS). You must
include the SAV command to your save strategy to back up the objects in directories. This
is very important because IBM i Access, your configurations for DHCP, DNS, the HTTP
Server, and many other applications have objects in directories and also maybe users have
documents and other files stored in the IFS. Otherwise, objects in directories are not
backed up, and you cannot recover them if you do not use the SAV command.
You can reach directly to the IFS using green screen with the WRKLNK command or in IBM i
Navigator, or the IBM Systems Director Navigator for i, open the File System > Integrated
File System.
The following file systems cannot be saved using the SAVxxx commands:
• NFS
• QFileSvr.400
• QOPT - directory for the CD-ROM
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
The Objects (OBJ) parameter on the SAV command supports the use of wildcard
characters and the directory hierarchy. When you have a specific subset of similar objects
within a directory subtree that you want to save, you can use the Name pattern (PATTERN)
parameter to further define the objects that are identified in the (OBJ) parameter.
Another feature that the SAV command offers is the Scan objects (SCAN) parameter for
purposes such as virus protection. If exit programs are registered with any of the integrated
file system scan-related exit points, you can specify whether objects will be scanned while
being saved. This parameter also allows you to indicate whether objects that previously
failed a scan should be saved.
Uempty
SAVSYSINF command
IBM i
Notes:
• Save system information (SAVSYSINF) command performs a partial save of data saved
by save system (SAVSYS) command
• Cumulative save since last SAVSYS
• Restricted state note required with SAVSYSINF (SAVSYS requires restricted state)
• Saves:
- Selected objects in library QSYS: *DTAAR, *JOBD, *JRN, *CLS, *IGCTBL, *MSGF,
*JOBQ, *JRNRCV, *MSGQ (since last SAVSYS), *EDTD, *SBSD, *TBL, *CMD (since last
SAVSYS)
- System reply list entries
- Certain system values
• Some system values are not saved
• Not required for system recovery
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-65
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
- Service attributes
- Network attributes
- Environment variables
- PTFs for 5722SS1 and 5722999 applied (TEMP or PERM) since last SAVSYS
- All group PTFs
- All PTF cover letters
- Loaded PTFs if copied into *SERVICE
The SAVSYSINF command does not save the following:
• Licensed internal code
• QSYS library
• System values which cannot be changed, saved or are related to date/time or password
level
• Configuration objects (use SAVCFG)
• Security data (use SAVSECDTA)
Loaded PTFs are only saved if copied into *SERVICE area. This enables SAVSYSINF to
find the save files of the PTFs. The Copy PTFs (CPYPTF) service attribute specifies
whether to copy PTF save files into *SERVICE when PTFs are loaded from a tape or optical
device. Use the CHGSRVA CPYPTF(*YES) command to change the service attribute on your
system to copy PTF save files when loading PTFs from media.
Note
Since IBM i 7.1 SAVLIB and SAVCHGOBJ of library QUSRSYS now includes performing
RTVSYSINF and saves the results.
If recommended procedures are followed this information is already saved, but often this
data is inadvertently not saved and cannot be recovered. This change ensures the system
information is saved for later recovery if needed. This enhancement is available through
PTF SI34094 for V5R4 i5/OS and PTF SI34095 for IBM i 6.1.
Uempty
Notes:
It is recommended that a save of the entire system including a SAVSYS be done in
restricted state. This can be accomplished by performing a Go Save Option 21, a
combination of an Option 22 and 23, or by using the equivalent functions within BRMS.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-67
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
This slide shows a process for backing up save system information. The command
example saves the system information to the save file named SAVF in library QGPL. The
save file is cleared automatically. Information about what was saved is written to the first
member of the file name OUTPUT in library QGPL. The file and member are created if they
do not exist.
Uempty
Parameter: Save-while-active
IBM i
Notes:
You can use the save-while-active function, along with your other backup and recovery
procedures, to reduce or eliminate your outage for particular save operations. The amount
of time during the backup process that you cannot use the server is the save-outage time.
The save-while-active function allows you to use your server during all or part of the save
process, that is, save your server while it is active. This allows you to reduce or eliminate
your save-outage time. In contrast, other save functions allow no access, or only allow read
access, to the objects as you are saving them.
Note
IBM i no longer supports save while active and File Level Backup for Linux partitions.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-69
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Save-while-active parameters
IBM i
Notes:
Synchronization
When you save more than one object, you must choose when the objects reach a
checkpoint in relationship to each other. This is synchronization. There are three kinds of
synchronization:
*SYNCLIB (Full synchronization): With full synchronization, the checkpoints for all of the
objects (across multiple libraries) occur at the same time. The checkpoints occur during a
time period in which no changes can occur to the objects. IBM strongly recommends that
you use full synchronization, even when you are saving objects in only one library.
*LIB (Library synchronization): With library synchronization, the checkpoints for all of the
objects within a specific library occur at the same time. Objects in a library can be saved
while they are in use by another job. All of the objects in a library reach a checkpoint
together and are saved in a consistent state in relationship to each other.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-71
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Save-outage time
IBM i
Notes:
Reducing your save-outage time
Reducing your save-outage time is the easiest way to use the save-while-active function.
When you use this option, the restore procedure is the same as when you perform a
standard save. In addition, you can use the save-while-active function to reduce your
save-outage time without using journaling or commitment control. Unless you have no
tolerance for a save-outage time, you should use the save-while-active function to reduce
your save outage.
To reduce your save-outage time, you can end the applications that make changes to the
objects you are saving. You can restart the applications when the server has established a
checkpoint for application-dependent objects.
Eliminating your save-outage time
You can use the save-while-active function to eliminate your save outage. Use this option
only if you have no tolerance for a save-outage time. You should use the save-while-active
function to eliminate your save-outage time only for objects that you protect with journaling
Uempty or commitment control. In addition, you will have considerably more complex recovery
procedures. You should consider these more complex recovery procedures in your disaster
recovery plan.
Example: SAVACTWAIT at a V5R2 level SAVACT(*SYNCLIB) SAVACTWAIT(30)
Prior to V5R3, one could only specify one value designating the quantity of time to wait for
background blocking actions to clear out. However, even prior to V5R3 there were three
different varieties of actions which could block a classic SWA from reaching its Sync Point.
Thus the singular value, (30 seconds in our example), was used to influence all three
varieties of wait.
Example: SAVACTWAIT at a V5R3 level SAVACT(*SYNCLIB) SAVACTWAIT(15 30 35)
In order to give you more granular control over such wait-related activity in V5R3, IBM
enhanced the SAVACTWAIT parameter so that you can now specify a customized wait
value for each of the three varieties of blocking activities for which SWA might find himself
waiting.
Saving objects with partial transactions
Although there are three potential reasons for stopping a rapid save operation, the new
support (Ragged SWA) focuses on only one of the three: keeping a commitment control
transaction open for a long period of time.
Use of the *NOCMTBDY value is the key for instructing the SAVLIB command that you want
to capitalize on the new Ragged style of Save While Active.
Objects saved in this state cannot be restored on a release prior to V5R3. Extra information
consists of a list of the specific open transactions which are still in flight. The transactions
are identified by the journal sequence number corresponding to the SC flavored journal
entry associated with the beginning of each such open transaction.
Just because you give the SAVLIB command permission to capture a file in a ragged state,
if need be, does not mean that when SAVLIB is ready to process a particular file that it will
truly have in-flight transactions.
Only the files that were truly caught and saved in a so-called ragged state will be flagged as
ragged. The rest will appear as though they were saved with the classic SWA approach
(that is, in a clean state).
With a little detective work on your part (some from the job log, some from the specified
queries against your outfiles) you can find and list those files that were saved and restored
in a ragged state.
Since proper recovery of a ragged file is so dependent upon having the appropriate journal
receivers, once you being to employ nightly Ragged SWA saves, you need to take it upon
yourself to be sure you also have the discipline to save and also hang onto a sufficient set
of past journal receivers.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-73
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Checkpoint processing
IBM i
Notes:
How it works
IBM i objects consist of units of storage, which are called pages. When you use the
save-while-active function to save an object, the server creates two images of the pages of
the object:
• The first image contains the updates to the object with which normal server activity
works.
• The second image is an image of the object at a single point in time. The
save-while-active job uses this image to save the object to the media.
In other words, when an application makes changes to an object during a save-while-active
job, the server uses one image of the object&escape_backslash;xd5 s pages to make the
changes. At the same time, the server uses the other image to save the object to the
media. The image that the server saves does not have the changes you made during the
save-while-active job. The image on the media is as it existed when the server reached a
checkpoint.
Uempty Checkpoints
The checkpoint for an object is the instant in time that the server creates an image of that
object. The image that the server creates at that instant in time is the checkpoint image of
the object. Creating a checkpoint image is similar to taking a photograph of a moving
automobile. The point in time that you took the photograph would equate to the checkpoint.
The photograph of the moving automobile would equate to the checkpoint image. When
the server has finished making the checkpoint image of the object, the object has reached
a checkpoint. Despite the name save-while-active, you cannot change objects while the
server obtains their checkpoint images. The server allocates (or locks) objects as it obtains
checkpoint images. After the server obtains the checkpoint images, you can change the
objects.
When more than one object is being saved, you can choose whether the checkpoint
images for the objects should be synchronized. With full synchronization, the checkpoints
for all of the objects occur at the same time (actually, during a time period in which no
changes can occur to the objects). With library synchronization, the checkpoints for all of
the objects in a library occur at the same time. With system-defined synchronization, the
checkpoints for the objects may occur at different times.
The amount of time that the system is unavailable to users during the backup process is
referred to as the save outage. The easiest and recommended way to use the
save-while-active function is to reduce your save outage by ending your applications that
change objects until after the checkpoint images have been obtained. You can choose to
have the save-while-active function send a notification when the checkpoint processing is
complete and it is safe to start your applications again. When the save-while-active function
is used in this way, the save outage can be much less than with normal save operations.
The image of the object saved to the media is the conceptual image of the object after
checkpoint processing is complete.
• Time #1 - Is the save preprocessing phase of the save-while-active function. At the end
of #1, the object has reached a checkpoint.
• Time #2 - Shows an update of the object while it is being saved.
- A request is made to update C1.
- A copy of the original page is made first.
- The change is made to the object.
- The original page copied is then part of the checkpoint image for the object.
• Time #3 - Shows two additional changes, C2 and C3, have been made to the object.
• Each changed page is marked so that additional changes to that page do not require
additional processing.
• Time #4 - (save post-processing) Shows that the copied pages for the checkpoint image
are no longer needed and are discarded.
• Time #5 - Shows the object on the system has the C1, C2, and C3 changes, but the
copy of the object saved to the media does not contain these changes.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-75
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
RSTOBJ
*FILE
CUSTMAST *file Attr.PF SFxx *file Attr.SAVF
SAVOBJ SAVSAVFDTA
DEV(*SAVF) SAVF(SFxx)
SAVF(SFxx) DEV(TAP01) CUSTMAST
CUSTMAST
CUSTMAST
Notes:
Using a save file allows you to save and restore objects without first placing save media
into your save media device. You can also use a save file to send objects from one IBM i
server to another over communications lines. You can use the save file as an online
container to save the contents of a single library to run overnight. The next day, save the
contents of the save file to storage media with the Save Save File Data (SAVSAVFDTA)
command. Objects saved to a save file can be restored directly from save media, using the
RSTLIB or RSTOBJ command.
If you save to save files or optical media, you also have three choices available for software
compression: low, medium, and high. If you choose a higher form of compression, your
save will take longer, but the resulting save data will usually be smaller.
Note
While you are saving save file data, other jobs cannot use the save file until the save
operation completes unless you are using the save-while-active function. Determining the
Contents of a Save File: You can use the Display Save File (DSPSAVF) command or the
List Save File API to determine the contents of a save file.
The DSPSAVF command displays the contents of a save file. The information includes a
description of each object saved and summary information.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-77
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Use the following CL commands with save files:
CRTSAVF: The Create Save File (CRTSAVF) command creates a save file that can be used
with save and restore commands to store data. The save file stores data that would
otherwise be written to save media. A save file can also be used as a container to send
objects to another System i user on the systems network architecture distribution services
(SNADS) network.
CHGSAVF: The Change Save File (CHGSAVF) command changes one or more of the
attributes of a save file, such as the maximum number of records.
OVRSAVF: The Override Save File (OVRSAVF) command overrides or replaces certain
attributes of a save file, or overrides any file with a save file.
DSPFD: The Display File Description (DSPFD) command displays the attributes of the save
file.
CLRSAVF: The Clear Save File (CLRSAVF) command clears the contents of a save file.
Uempty DSPSAVF: The Display Save File (DSPSAVF) command displays the save and restore
information in a save file, or the contents of the save file.
SAVOBJ - SAVLIB: You can use the Save file data (SAVFDTA) parameter on the Save
Object (SAVOBJ) or the Save Library (SAVLIB) command to save the description of the
save file. You can also save the data to tape, optical media, or another save file in a
different library.
SAVSAVFDTA: The Save Save File Data (SAVSAVFDTA) command writes the contents of a
save file to either tape, optical media, or diskette.
DLTF: The Delete File (DLTF) command deletes the save file object.
SNDNETF: Objects (such as programs or commands) must be saved in a save file before
they can be sent using the SNDNETF command.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-79
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The SAV command enables you to save the following data:
• A specific object
• A directory or subdirectory
• An entire file system
• Objects that meet search value
The Objects (OBJ) parameter on the SAV command supports the use of wildcard
characters and the directory hierarchy. When you have a specific subset of similar objects
within a directory subtree that you want to save, you can use the Name pattern (PATTERN)
parameter to further define the objects that are identified in the (OBJ) parameter. For
example, you could have a directory /MyDir that contains 100 subdirectories, Dir1 through
Dir100, that each contain 100 .jpg files, Photo1.jpg through Photo100.jpg, with
corresponding backup files, Photo1.bkp through Photo100.bkp. To save all of the .jpg files
in /MyDir, but omit the backup files, you could issue the following command:
SAV OBJ(('/MyDir')) PATTERN(('*.bkp' *OMIT))
Uempty When you use the SAV command to save the current directory SAV OBJ(’*’) and the
current directory is empty (it has no files or subdirectories), the system does not save
anything. The command does not save the one *DIR object that represents the current
directory. However, when you explicitly specify the directory by name SAV
OBJ(’/mydir’) you include the *DIR object in your save operation. The same applies to
the home directory.
Another feature that the SAV command offers is the Scan objects (SCAN) parameter for
purposes such as virus protection. If exit programs are registered with any of the integrated
file system scan-related exit points, you can specify whether objects will be scanned while
being saved. This parameter also enables you to indicate whether objects that previously
failed a scan should be saved.
When you use the SAV command, you can specify OUTPUT(*PRINT) to receive a report of
what the system saved. You can also direct the output to a stream file or to a user space.
The SAV command does not provide the option to create an output file.
Reference: http://publib.boulder.ibm.com/infocenter/iseries/ > i 7.1 > IBM i 7.1 Information
Center > Systems management > Backup and recovery > Backing up your system
IBM i provides the capability to store documents and folders in a hierarchy (documents
within a folder within another folder). Documents and folders are called document library
objects (DLOs).
The Save Document Library Object (SAVDLO) command is used to save one or more
documents. Documents are not affected by this unless you specify that storage is to be
freed or deleted. You can save a single document or more than one document with this
command.
The Save Storage (SAVSTG) command copies the Licensed Internal Code and all of the
disk unit data to tape. The tape that is produced is a sector-by-sector copy of all permanent
data on configured disk units.
You cannot restore individual objects from the save storage media. The save and restore
storage processes are intended for disaster backup and recovery and are to be used along
with the standard commands for saving and restoring. They are not intended for copying or
distributing to other systems.
There are some special considerations you should consider before running the SAVSTG
command:
• The save storage process can be run only when the system is in a restricted state
• The user must have save system (*SAVSYS) special authority to use the Save Storage
(SAVSTG) command
• The SAVSTG command causes the system to power down and starts the system again
as if PWRDWNSYS RESTART(*YES) was specified. An initial program load (IPL) of the
system occurs after the command completes. The save storage function implicitly
occurs during the IPL of the system from the dedicated service tools (DST) function.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-81
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Note
Logical partitioning (LPAR) users: If you are going to use this command on the primary
partition, be sure to power off all secondary partitions before running the command. In
order to save your entire system configuration, you must save each logical partition
individually.
Uempty
• GO ASSIST
– Select 11 (Customize your system, users, and devices).
– Select 5 (Backup tasks).
Notes:
To access the Backup Tasks menu from Operational Assistant menu, select option 11
Customize your system, users, and devices then select option 5 Backup tasks or type GO
BACKUP on the command line. From the Backup menu, you can Run backup, Display
backup status, Set up backup, Initialize a tape, or Initialize a tape set.
To access the RunBackup menu from Operational Assistant, select option 10 Manage your
system, users, and devices then select option 2 Run a backup or type GO RUNBCKUP on
the command line. The Run Backup menu can also be accessed from the Backup Tasks
menu, option 1. The Run Backup menu allows you to Run daily backup, Run weekly
backup, Run monthly backup, Back up IBM-supplied libraries, or Back up the entire
system.
To access the SetUp Backup menu, select option 10 Setup backup from the Backup Tasks
menu or type GO SETUP from the command line. The Set Up Backup menu provides
options that enable you to change backup options, lists, and schedules.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-83
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
IBM i Navigator provides a graphical interface to the Operational Assistant backup
functions. You can display the information for each of the three IBM-supplied system
backup sets and change their properties by double-clicking the corresponding icon or by
displaying the icons properties page. This function is not intended for users with a complex
backup strategy, who use BRMS or who want to back up their entire system.
The BRMS support has been added through a plug-in since V5R1.
When BRMS is implemented at the system, and the BRMS plug-in is installed in IBM i
Navigator, a Backup Recovery and Media Services entry replaces the Backup entry at the
IBM i Navigator.
The same applies to IBM Systems Director Navigator for i.
Uempty
Notes:
Operational Assistant and System i Navigator have built-in defaults for backup that can be
tailored to save items daily, weekly and monthly.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-85
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
This visual shows IBM i Navigator backup support. It offers a graphical interface to the
Operational Assistant (OA) backup function. You can display or change the settings for the
three IBM-supplied system backup sets:
• Daily
• Weekly
• Monthly
Since the backup function is based on Operational Assistant, the backup functions offered
by OA, (also through the IBM i Navigator or the IBM Systems Director Navigator for i) are
intended for customers that do not require any complex backup strategies. If a customer
requires a more complex backup strategy than perhaps implementing BRMS (Backup
Recovery and Media Services) may provide a better fit to implement the customer needs.
Uempty
Notes:
On this settings page you can define what data should be backed up:
• All, none, or selected user libraries
• All, none, or selected folders
• All or no user directories in the Integrated File System
• OV/400 mail and calendars
• Security data
• Configuration data
• All selected data or changed data only
The save operation defined here always saves the access paths even though the native
save commands do not have this option enabled. Saving the access paths makes the
subsequent restore operation faster. You cannot disable the function under System i
Navigator or through OA.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-87
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
The PC program code for System i Access for Windows is stored in User Directories in the
Integrated File System. This includes the PC code for the System i Navigator function. As
this code also includes applied PTFs, we recommend that you save user directories on a
regular basis even if you do not use them to store user data. In an emergency case when
restoring the code, you do not have to reapply PTFs for System i Access for Windows.
Uempty
Notes:
The When tab provides check boxes to specify the backup schedule. This schedule affects
all three backup sets; therefore, only one backup set has to be changed. Reasonable
default settings for the backup schedule are provided, and in many cases, you might be
able to use the default settings. The Operational Assistant rules of when the three backup
sets can be run apply. For example, daily backups are automatically deselected on any day
of the week that is selected for weekly and monthly backup.
For the Monthly backup, you can specify:
• Day of week
• Time of day
• First, second, third, fourth, or last day of month (this means, that if you have selected
Saturday, the backup runs on the first, second, third, fourth, or last Saturday of the
month)
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-89
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Notes:
The Where panel has to be changed for each of the three backup sets. Use this pane to
define where the data is backed up.
All available tape hardware on your System i are automatically displayed, any of these
drives in the list can be used.
If different tape sets are being used for the daily, weekly, and monthly backup and it is
preferred that they are used rather than the mounted tape, they can be defined here. Up to
seven tape sets can be used in rotation (they are used in the specified order). The target
tape information radio button determines whether the mounted tape or one of the tape sets
is used (corresponds to option *ANY in the OA backup).
Check the Erase tape before backup option if the tape is to be cleared before it is used.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-91
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Notes:
If Backup Recovery and Media Services (BRMS) software is installed on the system then
you can download the plug-in for BRMS which completely replaces the Backup branch,
which is what was discussed in the last couple of visuals.
In this case, you will now have access to perform all of the BRMS functions through the
Navigator GUI.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-93
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Figure 11-62. IBM Systems Director Navigator for i BRMS options OL1914.1
Notes:
If Backup Recovery and Media Services (BRMS) software is installed on the system then
you can approach the BRMS functions using the IBM Systems Director Navigator for i.
Uempty
Notes:
There are some tips and hints you may find useful:
Determining what has been saved: You can use the joblog to display what objects have
been saved or you can direct the output of the save operation to a printer
(OUTPUT(*PRINT)), a database file (OUTPUT(*OUTFILE)), a stream file, or a user space.
Determining what has not been saved: If an object cannot be saved, the system skips
that object and writes an entry to the job log. You can specify OUTPUT(*OUTFILE)
INFTYPE(*ERR) on the SAVLIB, SAVOBJ, and SAVCHGOBJ commands. This creates an
output file that only contains entries for those objects that were not saved. Also, you can
look in the history file with the command DSPLOG. It is easier to find messages from the
backup job if you have additional time and date from the backup time for the PERIOD
parameter (for example, DSPLOG PERIOD((060000 130803)).
Determining when an object was last saved: You can use the Display Object Description
(DSPOBJD) command to find out when an object was last saved in a library. For objects that
are stored in directories, you can use the output from the SAV command to maintain save
history information. To use the output, you must elect to retain the save history information
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-95
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
to either *PRINT or a stream file or user space path name on the OUTPUT parameter of the
SAV command.
Damaged objects: What the system does with damaged objects depends on when the
damage is detected.
Objects damaged before the save operation cannot be saved but the save operation
continues with the next object. The operation completes with an indication of how many
objects were saved and how many were not.
If an object is damaged by the save operation, the object is marked as damaged, the save
operation ends and diagnostic messages are sent.
If an object is damaged but the system does not detect it, the object is restored normally
and you may not be able to detect the damage until you try to use the object.
Parallel tape save operations: You can perform save operations while using more than
one tape device simultaneously. The data that is produced on the save media by these
parallel save operations have a save format that is referred to as parallel.
Data in parallel format is spread across a set of tape files, called media files. The entire set
of these media files is referred to as a parallel save/restore file. A media file is identified on
save (or restore) operations by the device (DEV), sequence number (SEQNBR), volume
identifiers (VOL), and file label (LABEL) parameters. These parameters only allow one
media file to be identified. However, a parallel save (or restore) operation uses more than
one media file. This problem is solved by using a media definition.
A media definition (*MEDDFN) allows more than one media file to be identified. A media
definition defines the devices, sequence numbers, and volume identifiers that should be
used by a parallel save operation.
The devices that you specify in a media definition must be compatible stand-alone tape
devices or tape media library devices. The tape volumes that you specify must have
compatible media formats.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-97
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Save Restore
SAVSECDTA RSTUSRPRF
RSTAUT
SAVCFG RSTCFG
SAVSYS Restore Licensed Internal Code (see
chapter 10 of Backup and Recovery)
Restore operating system (see chapter 11
of Backup and Recovery)
RSTUSRPRF
RSTCFG
RSTAUT
SAVDLO RSTDLO
SAV RST
SAVSYSINF RSTSYSINF
© Copyright IBM Corporation 2012
Notes:
A restore of the system requires the installation of the operating system and may also
include the installation of the licensed internal code (distributed on CD, labeled I_Base_01
provided by IBM or on the first volume of the most recent SAVSYS tapes). Installation of LIC
requires an IPL type D of the system. The installation of the operating system is performed
through options in the IPL or Install display which follows a manual IPL.
The next two graphics show which restore commands can be used, based on how the
objects were saved.
Uempty
Restore overview
IBM i
Restore Parts of the system menu Procedure for restoring
Option on install Licensed
Licensed Internal Code Internal Code (LIC) screen
Notes:
The graphic shows the menu options and commands that are available for restoring
information. It also shows the normal sequence for restoring information, working from top
to bottom.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-99
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Restore menu (1 of 3)
IBM i
Notes:
In order to have this menu displayed, the LIC and the operating system must be installed.
Uempty
Figure 11-68. RESTORE option 21: System and user data OL1914.1
Notes:
RESTORE option 21 runs program QMNRSTE in QSYS. You can use RTVCLSRC to retrieve
the source and modify it.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-101
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Restore menu (2 of 3)
IBM i
Notes:
Additional restore options are displayed on this second of three RESTORE menus from the
IBM i menu interface.
Uempty
Notes:
RESTORE option 22 runs program QSRRSTI in QSYS.
If necessary, you can use the RTVCLSRC command to retrieve the source code for this
program and then make any necessary modifications.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-103
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
RESTORE option 23 runs program QSRRSTU in library QSYS. You can use RTVCLSRC to
retrieve its source, then modify it.
Uempty
Restore menu (3 of 3)
IBM i
Notes:
Additional restore options are displayed on the third of three RESTORE menus from the IBM
i menu interface. Also pictured is the menu that appears when option 70, Related
commands, is selected.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-105
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
An object on this system is like a container. The object has information about the container
itself, such as the owner of the object and the last time it was saved. This is the information
you see when you display the object description (DSPOBJD command). The object also has
contents, such as the records in a database file or the instructions in a program.
When you restore an object, the system takes different actions depending on the following:
• Whether the object to be restored already exists
• The allow object differences (ALWOBJDIF) parameter on the restore command
• Whether the object was saved on a different system (serial number of the processor)
With a few exceptions that relate to security, the contents of the object are always restored.
If the object exists, the system compares the object description information on the system
copy and the media copy and then makes decisions. For most information, the media
version of the information is restored. For security relevant information, such as the public
authority and the object owner, the system version is left unchanged. In a few cases, such
Uempty as the size of the object and the date it was restored, the system determines a value when
the object is restored.
The allow object differences (ALWOBJDIF) parameter on the restore commands is primarily
for security protection and integrity protection. For example, if system security is important
to you, you may want to take special action if someone attempts to restore an object whose
owner has been changed. If the member information about a database file does not match,
you may have problems with the integrity of your data. You can use the ALWOBJDIF
parameter to prevent this.
The default value for the ALWOBJDIF parameter is *NONE. This means that if important
differences exist between the media version and the system version of an object, you want
the system to take special action. Normally, you should use the default value. However,
when you are restoring your information to a different system, such as during a disaster
recovery, you should specify ALWOBJDIF(*ALL).
Since V5R3, you can specify a combination of up to four values on the ALWOBJDIF
parameter to allow specific types of differences for the restore operation: *FILELVL,
*AUTL, *OWNER, and *PGP. The *FILELVL value attempts to restore physical file data when
the file level ID or the member level ID of the physical file on the system is different than
that of the physical file on the save media. The *AUTL value allows differences in
authorization lists. The *OWNER value allows differences in object ownership. The *PGP
value allows differences in the primary group.
The advantage that ALWOBJDIF(*FILELVL *AUTL *OWNER *PGP) has over
ALWOBJDIF(*ALL) is that in addition to allowing all object differences, it attempts to
restore physical files when the file level ID or member level ID of the physical file on the
system is different than that for the physical file on the save media.
Since IBM i 7.1 a new value *COMPATIBLE has been added to the ALWOBJDIF (allow
object differences) parameter to make restores less confusing and less error prone for
database files.
Using ALWOBJDIF(*ALL) for database files is undesirable because: When a file-level
difference occurs, the original file is renamed and the saved file is restored. When a
member level difference occurs, the existing member is renamed and the saved member is
restored. Because of the duplicated files and members, system resources are wasted and
applications may produce unpredictable results. This leaves the user with a perplexing
choice between the renamed data or the restored data and leaves some clean up activities
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-107
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Notes:
When related objects are in the same library, the system restores them in the correct order.
If related objects are in different libraries, you must restore them in the correct order to
perform additional recovery steps after they are restored.
You should restore objects in this sequence:
• Journals before journaled files: If you restore a journaled file when the journal is not
on the system, you must start journaling again after the journal is restored. Use the
STRJRNPF command or the STRJRNAP command.
• Journals before journal receivers: If you restore a journal receiver when the journal is
not on the system, you must associate the journal receivers with the journal after it is
restored. Use the WRKJRN command.
• Physical files before logical files: You cannot restore a logical file if the based-on
physical files are not on the system.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-109
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Enable notification
Notes:
Many recovery procedures require that your system have no other activity on it. When no
subsystems except the controlling subsystem are active on your system, it is in a restricted
state.
Use the End Subsystem (ENDSBS) command to put your system in a restricted state. You
specify how you want the subsystems to end with the Options parameter:
• *CNTRLD Allow active jobs to end themselves. If you specify *CNTRLD, you can use the
delay parameter to set a time for the system to wait before ending subsystems
immediately.
• *IMMED End the subsystem immediately. Use this option if there are no users on the
system and no batch jobs running.
To put your system in a restricted state:
• Ensure that all users are signed off and all jobs are ended
• Enter the following command to ensure you receive notification of the SBS ending:
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-111
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Or
Notes:
A restore operation can be unsuccessful either because an error was encountered when
trying to restore an object or because the operation was interrupted. If the object existed on
the system before the restore operation, it may be damaged by the unsuccessful restore
operation.
An object is not restored when an error is encountered. The error is either recoverable or
not.
If an object cannot be restored and the error is recoverable, the following occurs:
• A diagnostic message is sent to the job log for each object that is not restored. The
message ID can vary, depending on why the object was not restored.
• Each object that is associated with the errors is not restored. However, other objects not
associated with the errors but involved in the same restore operation are restored.
• Only the save and restore status information for the objects that were successfully
restored is updated.
Uempty • A count of the number of objects successfully restored and a count of the number of
objects not restored are sent to the user in a diagnostic message.
If the error is not recoverable, the following occurs:
• Diagnostic messages are sent to the job log for each object.
• The save and restore status information for each object is not updated.
• A diagnostic message that identifies the error condition is sent to the user.
• The restore command ends immediately. No other objects are restored.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-113
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Special considerations
IBM i
• Recovering LIC
• Reclaiming storage
Notes:
Reference for detailed recovery procedures:
http://publib.boulder.ibm.com/infocenter/iseries > i 7.1 > IBM i 7.1 Information Center >
Systems management > Backup and recovery > Recovering your system
Recovering Licensed Internal Code: Licensed Internal Code is the layer of IBM i
architecture just above the hardware. You must have the Licensed Internal Code on your
machine before you can restore the operating system. You must use the control panel on
your system unit to start the recovery of the Licensed Internal Code.
Restoring the Operating System: There might be situation were you must reload the
operating system. Some situations when you may have to reload the OS are when:
• You encounter problems with the operating system, such as damaged objects
• The System i software support center recommends it
• You replaced a disk unit in the system ASP
• You are updating your system to a new version or a new release
Uempty You need to retrieve the latest SAVSYS tapes from your storage location. Or, if these are
unavailable, you need original installation media. It is preferable that you use \SAVSYS
tapes as installing from the original media places your system back in a state without any of
the previously installed PTFs and also resets a number of system values and passwords.
Starting the System after it ends abnormally: If your system stops without having time to
shut down normally, it is called an abnormal end. Your system might end abnormally for the
following reasons:
• A power failure
• A disk failure, if you do not have mirrored protection or device parity protection
• A failure in the processor
• Failure of a critical operating system program
• Operator action (forced power down)
You will need to determine what causes your system to abnormally shut down. Once you
have solved the problem that caused your system to stop, you must start it again. In some
cases, you start the initial program load (IPL) yourself. In other cases, such as a power
loss, the system starts automatically. When you start your system again after it ends
abnormally, the system tries to put things back in order. It closes files that were in use,
rebuilds access paths that were open, and verifies file constraints. This process can take a
long time. If you want the system to determine when to rebuild and verify, perform a normal
(automatic) IPL to restart your system. If you want to view and change the schedules for
rebuilding access paths and verifying referential constraints, follow the steps in System i
Backup and Recovery Guide
Reclaiming Storage: Use the reclaim storage procedure (RCLSTG command) to recover
the addressability of lost or damaged objects. This allows you to identify and then restore
those objects that were damaged. The RCLSTG command has two parameters, SELECT
and OMIT, that allow you to perform reclaim functions in one of the following ways:
• All reclaim functions are performed
• The database cross-reference table reclaim function is performed
• All reclaim functions are performed, except for the database cross-reference table
reclaim function
Parallel Restore Operations: You can perform restore operations while using more than
one tape device simultaneously. The data that you restore in this manner must have been
saved in parallel format. You can use the Restore Library (RSTLIB) or Restore Object
(RSTOBJ) commands in conjunction with a media definition to perform a parallel restore.
It is possible to restore from a parallel save if you are using fewer devices than the save
operation used. However, IBM does not recommend this. Whenever possible, the same
number of devices that were used during the save operation should be used during a
restore operation.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-115
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Exercise: Save/restore
IBM i
Notes:
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-117
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Reference: Systems Hardware Information:
http://publib.boulder.ibm.com/infocenter/powersys/v3r1m5/index.jsp PDF file Power
Systems Logical partitioning
Logical partitioning is the ability to make a server run as if it were two or more independent
servers. When you logically partition a server, you divide the resources on the server into
subsets called logical partitions. You can install software on a logical partition, and the
logical partition runs as an independent logical server with the resources that you have
allocated to the logical partition.
Consolidating servers: A logically partitioned server can reduce the number of servers
that are needed within an enterprise. You can consolidate several servers into a single
logically partitioned system. This eliminates the need for, and expense of, additional
equipment.
Sharing resources: You can quickly and easily move hardware resources from one logical
partition to another as needs change. Technologies such as the Micro-Partitioning
technology allow for processor resources to be shared automatically among logical
Uempty partitions that use a shared processor pool. Similarly, the PowerVM Active Memory Sharing
technology allows for memory resources to be shared automatically among logical
partitions that use the shared memory pool. Other technologies, such as dynamic logical
partitioning, allow for resources to be manually moved to, from, and between running
logical partitions without shutting down or restarting the logical partitions.
Maintaining independent servers: Dedicating a portion of the resources (disk storage
unit, processors, memory, and I/O devices) to a logical partition achieves logical isolation of
software. If configured correctly, logical partitions also have some hardware fault tolerance.
Batch and 5250 online transaction processing (OLTP) workloads, which might not run well
together on a single machine, can be isolated and run efficiently in separate partitions.
Creating a mixed production and test environment: You can create a combined
production and test environment on the same server. The production logical partition can
run your main business applications, and the test logical partition is used to test software. A
failure in a test logical partition, while not necessarily planned, will not disrupt normal
business operations.
Merging production and test environments: Partitioning enables separate logical
partitions to be allocated for production and test servers, eliminating the need to purchase
additional hardware and software. When testing has been completed, the resources
allocated to the test logical partition can be returned to the production logical partition or
elsewhere as required. As new projects are developed, they can be built and tested on the
same hardware on which they will eventually be deployed.
Running integrated clusters: Using high-availability application software, your partitioned
server can run as an integrated cluster. You can use an integrated cluster to protect your
server from most unscheduled failures within a logical partition.
Tools
Hardware Management Console: The Hardware Management Console (HMC) is a
hardware appliance that you can use to configure and control one or more managed
systems. You can use the HMC to create and manage logical partitions and activate
Capacity Upgrade on Demand. Using service applications, the HMC communicates with
managed systems to detect, consolidate, and send information to service and support for
analysis. The HMC also provides terminal emulation for the logical partitions on your
managed system. You can connect to logical partitions from the HMC itself, or you can set
up the HMC so that you can connect to logical partitions remotely through the HMC.
Partition profile: A partition profile is a record on the Hardware Management Console
(HMC) that specifies a possible configuration for a logical partition. When you activate a
logical partition using a partition profile, the managed system attempts to start the logical
partition using the configuration information in the partition profile.
The Integrated Virtualization Manager is a browser-based system management interface
for the Virtual I/O Server. The Integrated Virtualization Manager provides you with the
ability to create and manage logical partitions on a single server. Virtual I/O Server is
software that provides virtual storage and shared Ethernet resources to the other logical
partitions on the managed system. Virtual I/O Server is not a general purpose operating
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-119
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
system that can run applications. Virtual I/O Server is installed on a logical partition in the
place of a general purpose operating system, and is used solely to provide virtual I/O
resources to other logical partitions with general purpose operating systems. You use the
Integrated Virtualization Manager to specify how these resources are assigned to the other
logical partitions.
Note
Virtual Partition Manager is a feature of IBM i that allows you to create and manage one
IBM i logical partition and up to four Linux logical partitions on a single IBM System i server.
You can use the Virtual Partition Manager to create logical partitions on any IBM System i
model that does not require a Hardware Management Console (HMC). To use the Virtual
Partition Manager, you must first install IBM i on a non-partitioned server. After you install
IBM i, you can initiate a console session on IBM i and use System Service Tools (SST) to
create and configure Linux logical partitions. IBM i controls the resource allocations of the
logical partitions on the server.
Uempty
HMC: Backup
IBM i
Notes:
The Hardware Management Console (HMC), must be backed up in addition to saving the
individual logical partitions. Use this window to back up hard disk information on the
Hardware Management Console (HMC). a remote system mounted to the HMC file system
(such as NFS), or sent to a remote site using File Transfer Protocol (FTP). Back up the
HMC after you make changes to the HMC or to the information associated with logical
partitions. As a part of this reinstallation, you may be prompted to insert the back up media
to restore the HMC to the state that existed.
Note
Do not power off the HMC while a back up task is running. You cannot have more than one
instance of the back up task running. This includes any scheduled HMC backup
operations.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-121
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
HMC: Restore
IBM i
Notes:
Use this window to select the remote repository option to restore critical backup data for
this HMC. Click Next to continue.
Uempty
Notes:
Reference: Recovering your system: http://publib.boulder.ibm.com/infocenter/iseries > i 7.1
> IBM i 7.1 Information Center > Systems management > Backup and recovery >
Recovering your system
You can save all the partitions at the save time if sufficient hardware resources are
available in each partition.
The Hardware Management Console (HMC), must be backed up in addition to saving the
individual logical partitions.
Refer to the System i Information Center for more details.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-123
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Notes:
Restore commands and functions remain unchanged and must be used on a
partition-to-partition basis. Refer to the Recovering your system Guide.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-125
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Enhancements have been made in the Backup and Recovery Guide to include procedures
for recovering partition data.
Basically, you select an option to copy the configuration data from another load source disk
to the partition you are restoring. More on the next visual.
Uempty
Notes:
At the Servers pane, select the profile to be activated by checking the box. Left click the [»]
button, and select the properties option. At the Properties windows, at the Settings tab,
select D for IPL source, and select the desired keylock position (Normal or Manual) Press
OK, select the operations option, and select Activate.
Important
• Starting with POWER6 models, you can do an IPL-type D from a tape device attached
by a Fibre Channel interface only when it is attached to an adapter without an
input/output processor (IOP). For other system models and configurations, a tape
device attached by a Fibre Channel interface needs to be set up as an alternate
installation device.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-127
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• If you use an alternate installation device, you need to ensure that you set up the device
and that you enable the device. You also need to have the optical media or tape media
that contains the Licensed Internal Code and your save media.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-129
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Backup methods
IBM i
Notes:
IBM i Centric backups
Because IBM i integration for Windows server combines two operating systems (Windows
NT 4.0, Windows 2000, or Windows .NET Server and IBM i), you can use IBM i, Windows
server utilities, or a combination of both to manage backups.
To back up Windows server on IBM i, you have these basic options:
• Doing a full system backup on IBM i
• A complete Windows server
• Backing up the network server description (NWSD) and the disk drives that are
associated with Windows server on IBM i
• Backing up individual Windows server files and directories by using the IBM i SAV and
RST commands
• IBM i NetServer
Uempty Your recovery options depend on how you backed up your system, as well as what you
need to recover.
Methods:
• IBM i save/restore commands
• Backup Restore Media Services (BRMS) (can have an interface to TSM)
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-131
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• The performance results for your system will vary, depending on the
configuration of your IBM i server and the load on the system. See:
http://www- 1.ibm.com/servers/eserver/iseries/windowsintegration/savbackupperf.html
Notes:
This chart shows the alternatives for save methods, comparing their relative speed when
saved to SAVFs.
As you can see from the chart, the larger save options have been optimized over the file
level saves. That is mostly a factor of our system save heritage. There are times where the
file level saves are more appropriate for their specific recoverability.
Uempty
Backup considerations
IBM i
• Objects to save
• Available tape drives
• Formatting tapes
• Saving to SAVF
• Required state of the network server description (NWSD)
Notes:
Now let's look at some things to consider when addressing the subject of backing up your
data. These include:
• Objects to save: We look at this next.
• Available tape drives: The tape drives on Power Systems with IBM i are available to the
Windows user. They are easily accessible and their speed, relative to PC devices,
makes them a great backup alternative.
• Formatting tapes: IBM i and Windows use different tape formats. Both formats can be
initialized on the System i tape drives. It is mostly a matter of formatting the tapes to the
applications that are going to access them.
• Saving to SAVF: The on-line SAVF method is recommended for its speed. Later, as time
permits, backups of the SAVFs to media is recommended.
• Required state of the Network Server Description (NWSD): Shut down the Windows
server to prevent users from updating files during the backup.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-133
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Objects to save
IBM i
• Configuration objects
– NWSD
– LIND
• Predefined network server storage spaces (C: and D:)
• User data and applications
– User-defined network server storage spaces (E: through Z:)
• Server message queue
• IBM i-based Windows server code
• PC-based Windows server code
Notes:
Treat a network server description, its predefined disk drives, and any user-defined disk
drives linked to it as a unit. Save and restore them at the same time. To Windows server,
they are a full system, and should be treated as such. Otherwise, Windows server may not
be able to reestablish items such as Windows server File System permissions.
Configuration objects: NWSD and LIND
These objects are stored in QSYS and are saved with the Full system save or the SAVCFG
command.
Network server storage spaces C: D:
The system and source drives, along with the user data on the user-defined network
storage spaces get saved with the SAV command as they are IFS objects.
User data and applications
User-defined network server storage spaces: User drives E: through Z: (as required)
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-135
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Windows disks C: to Z:
• NWSD must be varied off before the save
• Full System i backup or
• SAV command
– ASP use alters the parameters on the commands
– That is, SAV DEV('/QSYS.LIB/WINBACKUP.LIB/MYSAVF.FILE')
OBJ('/QFPNWSSTG/<NWSD>1')
© Copyright IBM Corporation 2012
Notes:
Here we look at saving just the data content from the network storage spaces. The same
technique is used for both the predefined and the user-defined storage spaces (that is,
disks C: to Z:):
• The NWSD must be varied off before the save
• Located in /QFPNWSSTG directory of Integrated File System
• Full System i backup OR
• SAV command
- That is, SAV DEV('/QSYS.LIB/WINBACKUP/MYSAVF')
OBJ('/QFPNWSSTG/<NWSD>1')
- For storage spaces created in a user disk pool, use /QFPNWSSTG/stgspc and
also dev/QASPnn/stgspc.UDFS, where stgspc is the name of the network server
storage space and nn is the number of the user disk pool
Uempty
Device sharing
IBM i
Disk drives
CD-ROM drive
Tape drives
IXS
Notes:
Windows on IXS/IXA can use IBM i tape devices
Tape device must be varied off on IBM i and locked on Windows console using Tape
Devices in the Control Panel.
Same tape media cannot contain both IBM i and Windows backups.
Methods:
• Windows Server Backup Exec
• Tivoli Storage Manager (TSM)
• Veritas Backup Exec Version
• Arcserv 2000
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-137
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• From IBM i:
– Vary off the device.
– Command entry:
• WRKCFGSTS *DEV *TAP
– IBM i Navigator:
• Make Unavailable
• From Windows:
– Lock the device.
Notes:
1. From the IBM i side, you need to vary off the device. You can do this with the
WRKCFGSTS *DEV *TAP command or from the IBM i Navigator interface (Make
Unavailable).
2. From the Windows console, using the IBM i Integration for Windows interface, you lock
the device by selecting it and either clicking the lock smart icon or selecting lock from
the right mouse menu.
Uempty
• From Windows:
– Unlock the device.
• From IBM i:
– Vary on the device.
– IBM i Navigator:
• Make Available
– Command entry:
• WRKCFGSTS *DEV *TAP
© Copyright IBM Corporation 2012
Notes:
1. From the Windows console, using the System i Integration for Windows interface, you
unlock the device by selecting it and either clicking the unlock smart icon or selecting
unlock from the right mouse menu.
2. From the System i side, you need to vary on the device. You can do this with the
WRKCFGSTS *DEV *TAP command or from the System i Navigator interface (Make
Available).
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-139
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
E: to Z:
User storage User data and
User /QFPNWSSTG SAV
spaces * applications
specified
MSGQ
Server message Messages from
User User specified SAVOBJ
queue Windows server
specified
iSeries-based
QNTAP QSYS Library SAVLIB
integration code
Notes:
This table summarizes the information, what to save, and how to save objects that are
created and used by a Windows server.
Uempty
Notes:
There are two ways to check the status of a Windows server:
Through IBM i Navigator interface:
• Expand your system
• Expand Integrated Server Administration
• Click either (depending on what type of adapter is installed on your system)
- Servers or
- ISCSI Connections then Network Server Host Adapters
• The status for each of the servers on your system is shown on the right as Started or
Shutdown
Through the 5250 green screen emulation window, issue the WRKCFGSTS command:
• Use *NWS (Network Server) for the Type (CFGTYP) parameter
• This displays the status for each of the servers on your system as varied off or active
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-141
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• IBM i
– Vary on the NWSD
– System i Navigator Start option or
– WRKCFGSTS *NWS, option 1
• Windows console
– Cannot vary on the NWSD from here
Notes:
From the IBM i
• Vary on the Network Server Description (NWSD)
• IBM i Navigator
OR
WRKCFGSTS
• Use *NWS (Network Server) for the Type (CFGTYP) parameter
• Option 1 to Vary the NWSD on
OR VRYCFG for the NWSD with the *ON option
Note
Uempty
Notes:
To Start a Windows Server through IBM i Navigator interface:
• Expand your system.
• Expand Integrated Server Administration.
• Click either one of the following (depending on what type of adapter is installed on your
system):
- Servers
- ISCSI Connections then Network Server Host Adapters
• Locate your server in the right pane, then click Start.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-143
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• System i:
– Vary off NWSD.
• Navigator Shut Down option or
• Shut Down and Restart option or
• WRKCFGSTS *NWS, option 2
– Must be restarted from System i side.
• Windows console:
– Start > Shut Down > Restart option is fine for IXS or IXA
– Start > Shut Down > Shut Down is not fine for IXA (breaks high
speed link connection). It is fine for IXS.
– Neither option varies off the NWSD.
– Restart from console or System i.
• Always shut down Windows server before
the system enters restricted state.
© Copyright IBM Corporation 2012
Notes:
Power System with IBM i
Vary off NWSD:
System i Navigator:
Expand your system.
Expand Network.
Expand Windows Administration.
Select Integrated xSeries Servers.
Right-click and select either Shut Down or Shut Down and Restart.
WRKCFGSTS Use *NWS (Network Server) for the Type (CFGTYP) parameter
Option 2 to Vary the NWSD off
OR VRYCFG for the NWSD with a *OFF option
Note
Always shut down Windows Server before the system enters restricted state or prior to
PWRDWNSYS.
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-145
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Checkpoint (1 of 3)
IBM i
1. True or False: Ideally, objects on your system should be saved frequently, while
they are only restored infrequently.
2. Which of the following is not one of the supported basic modes of operation for a
tape library?
a. Manual mode
b. Virtual mode
c. Automatic cartridge loader mode
d. Library mode
3. The command used to manage the status of your tape devices is _____.
a. WRKMLBSTS
b. WRKTAPSTS
c. WRKCFGSTS
d. MNGTAPSTS
4. The command used to manage the status of your tape library devices is _____.
a. WRKMLBSTS
b. WRKTAPSTS
c. WRKCFGSTS
d. MNGTAPSTS
© Copyright IBM Corporation 2012
Notes:
Uempty
Checkpoint (2 of 3)
IBM i
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-147
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Checkpoint (3 of 3)
IBM i
10. True or False: You can use either IBM i or Windows server
utilities or a combination of both to manage backups of
integrated xSeries servers.
Notes:
Uempty
Unit summary
IBM i
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 11. Backup and recovery strategy using save/restore 11-149
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit objectives
IBM i
Notes:
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Data file
• What if it disappeared?
$
• How would you get it back?
– RSTOBJ
– Rekey all data from last save plus data since last save
• How much time would it take?
• Do you need to shorten the recovery time for data files?
© Copyright IBM Corporation 2012
Figure 12-3. Think about your most important data file OL1914.1
Notes:
Uempty
Single-level storage
IBM i
ON
OFF
Volatile storage
Main memory N S
Data file
© Copyright IBM Corporation 2012 scatter loading
Figure 12-4. Single-level storage OL1914.1
Notes:
Journal management enables you to recover the changes to an object that have occurred
since the object was last saved. You can also use journal management to provide an audit
trail or to help replicate an object. You use a journal to define what objects you want to
protect with journal management. The system keeps a record of changes you make to
objects that are journaled and of other events that occur on the system.
1. Journal management intercepts the database record (add, update or delete).
2. Journal entry is forced to the journal receiver on a disk with a force ratio of one.
3. The database record is given to database data management.
4. The data base record is written to disk
FRCRATIO(*NONE) is recommended for journaled files.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Journal objects
IBM i
PGMX PGMY
Journal
receiver
Object A change
Object B change
Object B change
Obj. A Obj. B Obj. C
Notes:
The system keeps a record of changes you make to objects that are journaled and of other
events that occur on the system. These records are called journal entries. You can also
write journal entries for events that you want to record, or for objects other than the object
that you want to protect with journaling.
Contents of a journal entry:
• Information identifying the type of change
• Information identifying the record that was changed
• After image of the record
• Before image of the record (optional) (this is a separate journal entry)
• Information identifying the job, the user, the time of change, and so forth
• Information that identifies whether the file was opened, closed, reorganized, cleared, or
saved
• The journal identifier of the object
Uempty
Notes:
An interface is available to start and stop the replication of byte stream files. The changes
to these objects are recorded in a local journal. With remote journal support, the changes
will also be transported to a backup system. The primary target is for those environments
needing synchronous replication of the objects for continuous availability. The targeted
usage represents an autonomous operation from the end user perspective. The overall
goal is to support replication, which is defined as trapping changes, recording those
changes, transporting changed data to a backup system, and then replaying the changes
on the backup system. This enhancement, in order to support synchronous or
asynchronous replication of a byte stream file, contains the following capabilities:
• Function to start replication and end replication
• Means of knowing which objects are being replicated
• Means of associating the recorded and transported changes with the appropriate object
hooks at relevant points to record and transport changes
• Transport mechanism
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Notes:
The Display Journal (DSPJRN) command allows you to convert journal entries (contained in
one or more receivers) into a form suitable for external representation. Output of the
command can be displayed or printed with the job's spooled printer output or directed to a
database output file. If the database output file exists, records may either replace or be
added to the current data in the indicated file member. The system creates the specified
database file and member if they do not exist. Database files created by the system have a
standard format. A warning message is sent and the records are truncated if any of the
entries are longer than the specified maximum record length of the output files.
The Display Journal display shows a list of the journal entries that you requested to be
displayed. Only basic information about the journal entry is shown on this display. From this
display you can request to see all of the information for a specific journal entry.
To see all of the information for a specific journal entry, type 5 next to the journal entries
that you want more information about, and press Enter.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The Display Journal Entry display shows all of the information about a specific journal
entry. The journal entry shown is one that you requested on the Display Journal display.
Sequence - The journal sequence number
The sequence number is initially 1. Each journal entry is sequentially numbered without
any breaks until the Change Journal (CHGHRN) command resets the sequence number.
However, when journal entries are converted and displayed, there may be breaks in the
sequence numbers. The system uses some journal entries only internally and combines
some entries into one during conversion.
Incomplete data
Indicates whether this entry has entry specific data which is not being displayed for one of
the following reasons.
• The length of the entry-specific data exceeds 32,766 bytes.
Uempty • The entry is associated with a database file that has one or more fields of data type
BLOB (binary large object), CLOB (character large object), or DBCLOB (double-byte
character large object)
The possible values are:
• No - This entry has all possible data
• Yes - This entry has incomplete data
The data which is not visible through this interface can only be accessed by using the
Retrieve Journal Entries (QjoRetreiveJournalEntries) API or by specifying ENTFMT
(*TYPEPTR) on the RCVJRNE command.
Entry-specific data
This is additional information about the entry. The contents of this field are dependent on
the kind of journal entry. If there is no entry-specific data for the kind of entry being shown,
the message No Entry specific data is shown in this field. The information shown in
this field is not formatted. For a description of the format of the entry specific data, see the
IBM Power Systems with IBM i Information Center.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The Display Journal Entry Details display shows only the detail entry data for a specific
journal entry. The journal entry shown is one that you requested on the Display Journal
display.
If you see More... on the lower right side of your display, there is more information to
view. Press Page Down (or Roll Up) to move toward the end of the information. Press Page
Up (or Roll Down) to move toward the beginning of the information.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Implementing journaling
IBM i
• That is it!
Notes:
The Create Journal Receiver (CRTJRNRCV) command creates a journal receiver. Once a
journal receiver is attached to a journal (with the Create Journal (CRTJRN) or Change
Journal (CHGJRN) command), journal entries can be placed in it. A preferred auxiliary
storage pool (ASP), and a storage space threshold value can be specified for the journal
receiver.
The Create Journal (CRTJRN) command creates a journal as a local journal with the
specified attributes, and attaches the specified journal receiver to the journal. Once a
journal is created, object changes can be journaled to it or user entries can be sent to it.
The journal state of the created journal is *ACTIVE.
The different types of objects that can be journaled and the commands that you will use
are:
• Start to Journal an Access Path (STRJRNAP) command is used to start journaling the
access paths for all members of a database file to a specified journal. Any new member
that is later added to the file also has its access path journaled.
Uempty • Start to Journal a Library (STRJRNLIB) command is used to start journaling changes
(made to a library or list of libraries) to a specific journal, and optionally to start
journaling changes to objects within the library or list of libraries. Objects created in,
moved into, or restored into a journaled library may be automatically journaled to the
same journal the library is journaled to.
• Start to Journal an Object (STRJRNOBJ) command is used to start journaling changes
(made to an object or list of objects) to a specific journal. The object types which are
supported through this interface are Data Areas (*DTAARA) and Data Queues (*DTAQ).
• Start to Journal a Physical File (STRJRNPF) command is used to start journaling
changes made to a specific database physical file to a specific journal. Changes in new
members added to the file are also journaled.
• Start to Journal IFS Objects (STRJRN) command is used to start journaling changes
(made to an object or list of objects) to a specific journal. The object types which are
supported through this interface are Stream Files (*STMF), Directories (*DIR), and
Symbolic Links (*SYMLNK). Only objects of type *STMF, *DIR, or *SYMLNK that are in the
“root” (/), QOpenSys, and user-defined file systems are supported.
For more information about the possible journal entries which can be sent, see the Journal
management topic collection in the IBM i Information Center at
http://www.ibm.com/systems/i/infocenter/. Search for “journal entry finder”.
For more information about journaling, see the Journal management topic collection in the
IBM i Information Center at http://www.ibm.com/systems/i/infocenter/. Search for “journal
entry finder”.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
It is recommended that the journal receiver name should be unique for your system, not
unique within a library. If you have two journal receivers with the same name in different
libraries and they both become damaged, RCLSTG renames both journal receivers when
they are placed in the QRCL library.
The Create Journal Receiver (CRTJRNRCV) command creates a journal receiver. Once a
journal receiver is attached to a journal (with the Create Journal (CRTJRN) or Change
Journal (CHGJRN) command), journal entries can be placed in it. A preferred auxiliary
storage pool (ASP), and a storage space threshold value can be specified for the journal
receiver.
Restrictions
• A Journal receiver cannot be created in library QTEMP.
• This command cannot be used to create a journal receiver for a remote journal.
• If the library to contain the journal receiver is on an independent ASP, then
ASP(*LIBASP) must be specified.
Uempty
Notes:
The Create Journal (CRTJRN) command creates a journal as a local journal with the
specified attributes, and attaches the specified journal receivers to the journal. Once a
journal is created, object changes can be journaled to it or user entries can be sent to it.
The journal state of the created journal is *ACTIVE.
Restrictions
1. A journal cannot be created in the library QTEMP.
2. The specified journal receivers must be created before the running of this command
and they must be empty. That is, the receivers must not have been previously attached
to a journal or have been in the process of being attached to a journal.
3. This command cannot be used to create a remote journal. See the Add Remote Journal
(QjoAddRemoteJournal) API in the IBM Power Systems with IBM i Information
Center (Programming -> APIs).
4. If the library to contain the journal is on an independent ASP, then the journal receiver
specified must be located on an independent ASP that is in the same ASP group as the
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
journal's library. Likewise, if the library to contain the journal is not on an independent
ASP, then the journal receiver specified cannot be located on an independent ASP.
5. If the library to contain the journal is on an independent ASP, then ASP(*LIBASP)
must be specified.
Uempty
Notes:
The Start Journal Access Path (STRJRNAP) command is used to start journaling the access
paths for all members of a database file to a specified journal. Any new member that is later
added to the file also has its access path journaled.
If a physical file is specified, journaling can be started for its access paths. When access
path journaling is started for a physical file, only the access paths for the physical file
members are journaled. Journaling for any logical file access paths is started only when
access path journaling is started for the logical file.
The journal entries created after running this command cannot be used in any apply or
remove journaled changes operation. These entries are used only to recover the access
path without rebuilding it after an abnormal system operation ending.
If you do not want the overhead of managing the access path journaling yourself, consider
taking advantage of the system-managed access-path protection support SMAPP which
will be covered later in this unit.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The Start Journal Library (STRJRNLIB) command is used to start journaling changes
(made to a library or list of libraries) to a specific journal, and optionally to start journaling
changes to objects within the library or list of libraries. Objects created in, moved into, or
restored into a journaled library may be automatically journaled to the same journal the
library is journaled to.
After journaling begins for the object, the user should save the journaled object to preserve
its journal attribute information. Also, the object must be saved because, for example,
journaled changes cannot be applied to a version of the object that was saved before
journaling was in effect.
Objects created, moved, or restored into the library that are eligible for journaling may
automatically start journaling to the same journal as the library. Which objects inherit the
journal state of the library and what journaling attributes they start journaling with are
determined by the inherit journaling attributes of the library.
Uempty
Notes:
The Start Journal Object (STRJRNOBJ) command is used to start journaling changes
(made to an object or list of objects) to a specific journal. The object types which are
supported through this interface are Data Areas (*DTAARA) and Data Queues (*DTAQ).
Additionally, the user can specify that only the after image or both the before and the after
images of an object of type *DTAARA be journaled. Before images are necessary to remove
journaled changes using the Remove Journaled Changes (RMVJRNCHG) command.
After journaling begins for the object, the user should save the journaled object to preserve
its journal attribute information. Also, the object must be saved because, for example,
journaled changes cannot be applied to a version of the object that was saved before
journaling was in effect.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The Start Journal Physical File (STRJRNPF) command is used to start journaling changes
made to a specific database physical file to a specific journal. Changes in new members
added to the file are also journaled.
The user can specify that only the after image or both the before and after images of
records in the journaled physical file be journaled. Before images are necessary to remove
journaled changes using the Remove Journaled Changes (RMVJRNCHG) command. In
addition, the system will automatically capture the before images for a database file if the
file is opened under commitment control.
After journaling begins for the file, and after any new members are added to the file, the
user should run the Save Changed Object (SAVCHGOBJ) command with
OBJTYPE(*FILE) and OBJJRN(*YES) specified. The file must be saved because
journaled changes cannot be applied to a version of the file that was saved before
journaling was in effect.
Uempty When the file being journaled is a distributed file, the STRJRNPF command is also
distributed, if journaling was successfully started locally. Even if the distribution request
fails, the local file remains journaled.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The Start Journal (STRJRN) command is used to start journaling changes (made to an
object or list of objects) to a specific journal. The object types which are supported through
this interface are Stream Files (*STMF), Directories (*DIR), and Symbolic Links (*SYMLNK).
Only objects of type *STMF, *DIR or *SYMLNK that are in the “root” (/), QOpenSys, and
user-defined file systems are supported.
The user can specify that only the after image or both the before and the after images of an
object of type *DTAARA be journaled. Before images are necessary to remove journaled
changes using the Remove Journaled Changes (RMVJRNCHG) command.
After journaling begins for the object, the user should save the journaled object to preserve
its journal attribute information. Also, the object must be saved because, for example,
journaled changes cannot be applied to a version of the object that was saved before
journaling was in effect.
Uempty
Notes:
There are two environments that you can use for journal management: IBM i Navigator and
the green screen 5250 emulation session. IBM i Navigator provides a graphical interface
for journaling that is easy to use and does not require the use of control language (CL)
commands. The green screen emulation interface requires the use of CL commands or
APIs, but has more functionality than IBM i Navigator.
The following is a list of journaling functions that are only available with the 5250 interface:
• Journal access paths.
• Specify a maximum receiver-size option.
• Specify that objects allow journal entries to have minimized entry-specific data.
• Specify the data that is included in the fixed-length portion of the journal entries.
• Specify the time to delay the next attempt to automatically attach or delete a new
journal receiver with system journal-receiver management.
• Specify journal caching.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Save objects
IBM i
• When?
– Immediately after STRJRNxx or if a new member is added to the file
• Why?
– Checkpoint for recovery (F/MS journal entry)
• Restore damaged object
• Apply journaled changes from *LASTSAVE
Notes:
When you start journaling for a physical file, the system assigns a unique journal identifier
(JID) to every member. The JID is part of every journal entry for the file.
The JID is used to associate the journal entry with the file. If a file is saved before journaling
is started, it does not have a JID, and if the file is restored it does not have a JID.
It is critical to save a journaled file every time a member has been added to it.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
*PGM
RCV0001
Old
receiver
RCV0002
Current
receiver
*File
Notes:
The Change Journal (CHGJRN) command changes the journal receiver, the journal
message queue, the manage receiver attribute, the delete receiver attribute, the receiver
size options, the journal state, allowing minimized entry specific data, journal caching, the
journal receiver's threshold, the journal object limit, the journal recovery count, or the text
associated with the specified journal. The command allows one journal receiver to be
attached to the specified journal. This replaces the previously attached journal receiver.
The newly-attached journal receiver begins receiving journal entries for the journal
immediately.
The sequence numbering of journal entries can be reset when the receiver is changed. If
the sequencing is not reset, an informational message is sent indicating the first sequence
number in the newly attached receiver.
The Manage receivers (MNGRCV) parameter is used to specify how the changing of journal
receivers (detaching the currently attached journal receiver and attaching a new journal
receiver) is managed. You can specify a value for the MNGRCV parameter for both the
CRTJRN and the CHGJRN commands.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
• DLTRCV(*YES) uses
– Journaling for commitment control or explicit access path protection
– Journal receiver is being replicated through remote journal
Notes:
The Manage receivers (MNGRCV) parameter is used to specify how the changing of journal
receivers (detaching the currently attached journal receivers and attaching new journal
receivers) is managed. The possible values are *USER or *SYSTEM.
The Delete receivers (DLTRCV) parameter is used to specify whether the system deletes
journal receivers when they are no longer needed or leaves them on the system for the
user to delete after they have been detached by system change-journal management or by
a user-issued CHGJRN command.
Note
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Important
Use automatic deletion of journal receivers with care if you use save-while-active
operations to save objects before they reach a commitment boundary. Ensure that you
save the journal receivers before the system deletes them. If an object is saved before it
reaches a commitment boundary it can have partial transactions. To avoid data loss, you
must have access to the journal receivers that were attached during the save-while-active
operation when you restore the objects with partial transactions.
Uempty
J PR RCV0006
RCV0007
J NR RCV0008
J PR RCV0007
RCV0008
J NR RCV0009
Notes:
PR stands for previous receiver.
NR stands for next receiver.
The PR and NR entries are automatically added when a receiver is created or changed.
They are used by the system to make recovery seamless across a journal receiver chain.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
WRKJRNA command
IBM i
Notes:
The Work with Journal Attributes display shows the current attributes of this journal and the
names of the journal receivers that are currently attached to this journal, if any.
You can use function keys to display lists of objects associated with this journal. You can
request the following lists:
• F13 - Files journaled to this journal
• F14 - Access paths journaled to this journal
• F15 - Receivers that have been used or are being used by this journal
• F16 - Remote journal information
Uempty
Note
Some of these lists or options are not available when working with an internal system
journal (*INTSYSJRN for JRN).
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The Work with Receiver Directory display shows a list of all journal receivers that are
associated with this journal, if any. The list of receivers is ordered from the oldest (first
attached) at the top of the list, to the newest (currently attached) at the bottom of the list.
You can make selections on the list to:
• 8 - Display the attributes of the selected receivers
• 4 - Delete the selected receivers
Number column
A number is associated with a journal receiver and assigned by the system which is relative
to all other receivers in the receiver directory at a given time. The first two digits identify the
journal chain number and the last three digits identify the receiver number within the chain.
A chain identifies a group of receivers that are contiguous allowing the system to process
entries across receivers within the same chain.
Uempty The chain number starts with zero and is incremented sequentially each time a new chain
is needed. New chains are started when a damaged receiver is recovered by restoring a
partial version.
Status column
The status of the receiver can be one of the following:
ATTACHED: The receiver is currently attached to the journal.
ONLINE: The receiver is online. The receiver has not been saved and it has been
detached from the journal.
SAVED: The receiver was saved after it was detached. The receiver storage was not freed
when it was saved.
FREED: The receiver was saved after it was detached. The receiver storage was freed
when it was saved.
PARTIAL: The receiver status is partial for one of the following reasons:
• It was restored from a version that was saved while it was attached to the journal.
Additional journal entries may have been written that were not restored.
• It was one of a pair of dual receivers, and it was found damaged while attached to the
journal. The receiver has since been detached. This receiver is considered partial
because additional journal entries may have been written to the dual receiver.
• It is associated with a remote journal and it does not contain all the journal entries that
are in the associated journal receiver attached to the source journal.
DELETED: The receiver has been deleted. This status is shown after option 4 (Delete)
completes. If you refresh (F5) the list, deleted receivers are removed from the list.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
DSPJRN
*JRN
FILE(names)
RCVRNG *CURRENT
RCV00010
Start(*CURRENT/name)
End(name/*CURRENT) RCV0009
RCV0008
FROMENT(*FIRST/seq#)
Receiver saved
to tape
TOENT(*LAST/seq#)
Notes:
Before starting a recovery, use the DSPJRN command to examine the journal receiver
entries to find the best starting and stopping recovery points.
To recover an object by applying or removing journaled changes, the object must be
currently journaled. The journal entries must have the same journal identifier (JID) as the
object. To ensure the journal identifiers are the same, save the object immediately after
journaling is started for the object.
If you need to recover objects that were journaled to a journal that you deleted, restore the
journal from a saved copy or create a new journal with the same name in the same library.
Then restore the object and all the needed receivers before applying or removing journaled
changes with that journal. You can use an option on the Work with Journals display to
reassociate any journal receivers that are still on the system. To use the Work with Journals
display, use the Work with Journals (WRKJRN) command.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Display Journal (1 of 5)
IBM i
Notes:
The Display Journal (DSPJRN) command allows you to convert journal entries (contained in
one or more receivers) into a form suitable for external representation. Output of the
command can be displayed or printed with the job's spooled printer output or directed to a
database output file.
The contents of selected entries in the journal receivers may be converted for output. It is
also possible to selectively limit the entries that are displayed. If no journal entries satisfy
the selection or limitation criteria, an escape message is sent indicating that fact.
Gaps may exist in the sequence numbers of the entries converted. These occur because
some of the journal entries represent internal IBM Power System with IBM i information.
These entries are not converted.
It is possible to show journal entries whose journal sequence numbers are reset in the
chain of receivers being specified.
The FILE, JRNCDE, ENTTYP, JOB, PGM, USRPRF, CMTCYCID, and DEPENT parameters can
be used to specify a subset of all available entries within a range of journal entries.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Display Journal (2 of 5)
IBM i
Notes:
Objects (OBJPATH) specifies a maximum of 300 objects whose journal entries are
converted for output. Only objects whose path name identifies an object of type *STMF,
*DIR or *SYMLNK that are in the root (/), QOpenSys, and user-defined file systems are
supported. All other objects are ignored. This parameter is not valid for remote journals.
Either the FILE parameter may be specified, or one or more of the object parameters (OBJ,
OBJPATH, OBJFID, or OBJJID) may be specified, but not both.
Directory subtree (SUBTREE) specifies whether the directory subtrees are included in
determining the objects for which journal entries are converted for output.
Name pattern (PATTERN) specifies a maximum of 20 patterns to be used to include or omit
objects for which journal entries are converted for output.
Uempty
Display Journal (3 of 5)
IBM i
Notes:
Range of journal receivers (RCVRNG) specifies the starting (first) and ending (last) journal
receivers (the receiver range) that contain the journal entries being converted for output.
The system starts with the starting journal receiver (as specified by the first value) and
proceeds through the receiver chain until the ending receiver (as specified by the last
value) is processed.
Starting large sequence number (FROMENTLRG) specifies the first journal entry that is being
considered for conversion for external representation.
Starting date and time (FROMTIME) specifies the date and time of the first journal entry
being converted for external representation.
Ending large sequence number (TOENTLRG) specifies the last journal entry being
converted for external representation.
Ending date and time (TOTIME) specifies the creation date and time of the last journal entry
being converted for external representation.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Number of journal entries (NBRENT) specifies the total number of journal entries that are
being converted for output.
Uempty
Display Journal (4 of 5)
IBM i
Notes:
Journal codes (JRNCDE) specifies the journal codes for which journal entries are converted
for output.
Journal entry types (ENTTYP) specifies whether to limit the conversion of journal entries to
those of a specified entry type.
Job name (JOB) specifies that the journal entries being converted for external
representation are limited to the journal entries for a specified job. Only journal entries for
the specified job are converted for external representation.
Program (PGM) specifies that the journal entries being converted for external representation
are limited to the journal entries created by a specified program.
User profile (USRPRF) specifies that the journal entries being considered for conversion for
external representation are limited to the journal entries created for the specified user
profile name. The user name identifies the user profile under which the job was run that
deposited the journal entries.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Commit cycle large identifier (CCIDLRG) specifies the journal entries considered for
conversion based on their associated commit cycle identifier. A commit cycle consists of all
journal entries sharing the same commit cycle identifier.
Dependent entries (DEPENT) specifies whether the journal entries to be converted for
output include the journal entries recording actions:
• That occur as a result of a trigger program
• On records that are part of a referential constraint
• That will be ignored during an Apply Journaled Changes (APYJRNCHG) or Remove
Journaled Changes (RMVJRNCHG) operation
Output format (OUTFMT) specifies whether the entry-specific data portion of the journal
entry information appears in character format or hexadecimal format. This keyword is
ignored if *OUTFILE is specified for the Output (OUTPUT) parameter.
Include hidden entries (INCHIDENT) specifies whether hidden journal entries should be
returned. Hidden entries are generated and used by the system. When hidden entries are
returned, it will be possible to display all journal entries such that no sequence numbers will
be unaccounted for.
Uempty
Display Journal (5 of 5)
IBM i
Notes:
File identifier (OBJFID) specifies a maximum of 300 file identifiers (FID) for which journal
entries are converted for output. FIDs are a unique identifier associated with integrated file
system related objects. This field is input in hexadecimal format. Only objects whose FID
identifies an object of type *STMF, *DIR, or *SYMLNK that are in the “root” (/), QOpenSys,
and user-defined file systems are supported. All other objects are ignored.
Object journal identifier (OBJJID) specifies a maximum of 300 journal identifiers for which
journal entries are converted for output. This field is input in hexadecimal format.
Hexadecimal zero is not valid. Either the FILE parameter may be specified, or one or more
of the object parameters (OBJ, OBJPATH, OBJFID, or OBJJID) may be specified, but not
both.
Output (OUTPUT) specifies whether the output from the command is shown at the
requesting work station, printed with the job's spooled printer output, or sent to the
database file specified on the File to receive output (OUTFILE) parameter.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Journal codes
IBM i
J PR Previous receiver
NR Next receiver
RS Receiver saved
__________________________________________
F JM Journaling started
MS Member saved
SS Save-while-active group saved
OP File opened
CL File closed
R PT Record added
UB Image before update
UP Image after update
DL Record deleted
U XX User entry
© Copyright IBM Corporation 2012
Notes:
Journal Code J - Journal or Receiver Operation
Journal Code F - Database File Member Operation
Journal Code R - Operation on Specific Record Journal entries
Journal Code U - User-Generated Entry
For more information about the Journal Code and the Entry Type, see the IBM Power
System with IBM i Information Center
Uempty
Notes:
The DSPJRN command is used to examine the activity against your files, to determine at
what point the good data ends, and at what point the bad (erroneous or incomplete) data
begins. At this time, application knowledge is very helpful if not required.
This example deals with a banking application. Three files are journaled: a savings account
file, a checking account file, and a money market account file.
This example deals with a program that transfers money between checking and savings. A
complete transaction is an update of both SAVE and CHECK.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
This second of two screens displaying journal entries illustrates how the DSPJRN command
can be used to view transactions in order to identify a recovery point for the journal files.
Uempty
User-generated entries
IBM i
Notes:
Instead of User Generated Entries perhaps a better name would be programmer entries,
because a programmer modifies the application program to include statements that cause
additional entries to be placed in the journal receiver.
The idea is to label the file activity more accurately or more completely. For example, when
a logical unit of works is finished, add an entry in the journal receiver to specify when the
process or the transaction had completed. This could be something as simple as a
message that says This step is complete.
User entries should make analysis of journal entries and file activity easier and faster.
This may be thought of as an alternative to commitment control.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Use the Send Journal Entry (SNDJRNE) command or the Send Journal Entry (QJOSJRNE)
API to add your own entries to a journal. The system places these entries in the journal’s
attached journal receiver along with the system-created journal entries.
Journal code: Cannot specify, always U
Entry type: Pick a two position entry type.
Entry data: This is entry-specific data. Specify up to 3000 characters, enclosed in
apostrophes. The entry can contain any information. The user may assign an entry type to
the journal entry and may also associate the journal entry with a specified physical file
member.
Uempty
Note
The Send Journal Entry (QJOSJRNE) Application Programming Interface (API) can also be
used to write a journal entry to a specific journal. Using this API may improve performance
and can provide additional functionality that is not available with this command.
Journaled physical file (FILE) specifies the name and library of a database physical file
and member with which this entry is associated.
Force journal entry (FORCE) specifies whether the journal receiver is forced to auxiliary
storage after the user entry is placed on it.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Notes:
The Work with Journals (WRKJRN command) display shows a list of journals you can work
with. You can select tasks to be performed on specific journals.
Option
Type the option you want.
2=Forward recovery
Select this option to reconstruct an object from a particular point by restoring a saved
version of the object and then applying journaled changes to the object in the same order
that they were originally made. This option is not valid for remote journals.
3=Backout recovery
Select this option to restore an object to a previous state by removing changes to the object
in the reverse order from which the changes were originally made. This option is not valid
for remote journals.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Forward recovery
IBM i
• Issue WRKJRN.
• Select option 2 (Forward recovery).
• Select option 2 (Apply journaled changes) (all PFs to recover).
– System deletes dependent LFs.
– System deletes PFs to be recovered.
– Prompts restore of PFs and allocates *EXCL until recovery complete.
– Prompts for restore of LFs.
– APYJRNCHG prompted with
FROMENT(*LASTSAVE) and TOENT(*LASTRST).
– Prompts for receivers not online.
Notes:
When the recovery process is complete, the status field for the member indicates
RECOVERED (if the operation was successful). If the operation failed, the status field
remains unchanged, and messages appear indicating why the operation failed.
To perform forward recovery by entering the commands yourself, do the following:
1. Restore the files: RSTOBJ
2. Allocate the files: ALCOBJ
3. Restore receivers: RSTOBJ
4. APYJRNCHG...FROMENT(*LASTSAVE) TOENT(*LASTRST)
5. Deallocate the files: DLCOBJ
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Option 2 (Forward recovery) on the Work with Journals screen initiates a prompted
interface to restoring and recovering an object.
Uempty
Authority prompt
IBM i
Notes:
You will be prompted with a message reminding you that proper authority is required in
order to proceed with the recovery. This was added for V5R4.
Message ID CPA6999 Severity 99
Message type Inquiry
Date sent 02/15/09 Time sent 17:01:14
Message . . . . : Ensure you have sufficient authority. (I C)
Cause . . . . . : A recovery option was chosen that may require multiple steps or involve
multiple objects. If this recovery were to fail, then additional recovery is more complicated.
To help ensure that the recovery is successful, ensure that you have sufficient authority to
the objects that will be involved and the commands that may be used.
Recovery . . . : If the forward recovery option was chosen, then the authority required by
the Apply Journaled Changes (APYJRNCHG) command will be needed to the objects
chosen for recovery and also to the APYJRNCHG command. If the objects are damaged,
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
then authority will be needed to delete the objects, to restore the objects, to the Restore
Object (RSTOBJ) command, and to the appropriate delete command for the objects.
Uempty
Notes:
Select the object type of the journaled objects you wish to recover. The system will then
display the list of objects of that object type currently being journaled to the journal you
identified on the Work with Journals screen.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The Work with Forward Recovery display shows a list of the database file members that
you have specified for forward recovery. From this display, you can select the type of action
you want to perform with each member.
The options you can select are:
1=Add member to list causes the entry typed on the line above the existing members to
be added to the list. Once added to the list, the other options can be used on the new
member.
2=Apply journaled changes applies journaled changes and changes the status to
RECOVERED (if the apply operation was successful). If the apply operation was not
successful, messages appear indicating why, and the status remains the same. If any
required receivers are missing or damaged while running the APYJRNCHG command, the
system displays prompts for the restore procedures for the missing or damaged receivers.
This option can be used on an entry typed into the empty line above the list entries, if the
typed entry already exists in the list.
Uempty 3=Restore, use this option if any members have a status of NOT FOUND. This option
prompts you for the files to restore. Members that are restored successfully have a status
of RESTORE COMPLETE. Members that are not restored keep their old status. A
message is sent indicating that the restore did not complete successfully. All members that
are restored are included in the list of members to recover. This option can be used on an
entry typed into the empty line above the list entries, if the typed entry already exists in the
list.
4=Remove member from list causes the member to be removed from the recovery list.
This option can be used on an entry typed into the empty line above the list entries, if the
typed entry already exists in the list.
Status column shows the status of the member relative to it's recovery process. The
status of each member can change as the recovery process progresses.
The status definitions are:
Blank: The member and the journal objects are all usable and everything is synchronized.
None of the journal objects need to be recovered prior to continuing recovery of the
member.
Not synchronized: The journal receivers used for this member are damaged and will need
to be recovered before the member can be recovered. To recover a member with this
status, first go back to the Work with Journals menu (F3=Exit) and take the option to
recover damaged journal receivers.
Damaged: The member is damaged and will need to be restored as part of the recovery
process. The system ensures you go through the restore step as you continue the recovery
process.
Not found: The system cannot locate the specified database file. The system will ensure
that the file has been restored before proceeding with the recovery.
Different journal: The member is not journaled to the journal you are working with. You will
need to work with the correct journal to recover this database file. Use the Display File
Description (DSPFD) command to determine the correct journal.
Not journaled: The member is not journaled to any journal. It cannot be recovered.
Restore complete: When the recovery process requires a restore of the database file, this
status is shown once the restore has successfully completed. If a restore is unsuccessful,
messages will be displayed and the status remains unchanged.
Recovered: When the recovery completes successfully, this status is shown. If the
recovery is unsuccessful, messages are displayed and the status will remain unchanged.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Backout recovery
IBM i
• Issue WRKJRN.
Notes:
To remove journaled changes with the Work With Journal (WRKJRN) command, select
option 3 (Backout recovery). The Work with Backout Recovery display shows a list of the
file members that are being journaled.
The same options on the Work with Forward Recovery display are available on the Work
with Backout Recovery display. However, the option to restore the file is not valid for
backout recovery. The status field that is shown on the Work with Backout Recovery
display is either blank or it indicates the same status as for forward recovery, except for
restore complete.
Uempty
Notes:
Select the type of object you are recovering.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-65
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Authority prompt
IBM i
Notes:
You will be prompted with a message reminding you that proper authority is required in
order to proceed with the recovery. This was added for V5R4.
Message ID CPA6999 Severity 99
Message type Inquiry
Date sent 02/15/09 Time sent 17:01:14
Message . . . . : Ensure you have sufficient authority. (I C)
Cause . . . . . : A recovery option was chosen that may require multiple steps or involve
multiple objects. If this recovery were to fail, then additional recovery is more complicated.
To help ensure that the recovery is successful ensure that you have sufficient authority to
the objects that will be involved and the commands that may be used.
Recovery . . . : If the forward recovery option was chosen, then the authority required by
the Apply Journaled Changes (APYJRNCHG) command will be needed to the objects
chosen for recovery and also to the APYJRNCHG command. If the objects are damaged,
Uempty then authority will be needed to delete the objects, to restore the objects, to the Restore
Object (RSTOBJ) command, and to the appropriate delete command for the objects.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-67
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Select the type of object you are recovering.
Uempty
Notes:
The Work with Backout Recovery display shows a list of the data file members you have
specified for backout recovery. From this display, you can select the type of action you want
to perform with each member.
The options you can select are:
1=Add member to list
This option causes the entry entered on the line above the existing members to be added
to the list. Once added to the list, the other options can be used on the new member.
2=Remove journaled changes
This option causes the Remove Journaled Changes (RMVJRNCHG) command prompt to be
shown with known values already assigned. You can then run the command to remove the
specified changes. This option can be used on an entry entered into the empty line above
the list entries, if the entry already exists in the list.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-69
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
JRN: name
TOJOBO: job-name
TOJOBC: job-name
Notes:
The Apply Journaled Changes (APYJRNCHG) command applies the changes that are
journaled (for a particular member of a database file) to a saved version of the file to
recover the file after an operational error or some form of damage.
The journaled changes are applied from the specified starting point, either the point at
which a file was last saved or a particular entry on the journal, until the specified ending
point has been reached.
The ending point can be the point at which the file has had all changes applied, the file was
last restored, a specified entry has been reached, a specified time has been reached, or
the file was opened or closed by a job (the CMTBDY parameter is used for handling changes
that are still pending in the file).
A list of physical files and members can be specified. The journaled changes for physical
file members are applied in the order that the journal entries are found on the journal, which
is the same order in which the changes are made to the physical file members.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-71
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
The difference between APYJRNCHG and APYJRNCHGX, is that with APYJRNCHGX, you can
only specify database files and *ALL files in a library. However, the APYJRNCHGX command
can apply journal entries resulting from the following SQL statements:
• CREATE INDEX
• CREATE TABLE
• CREATE VIEW
Note
The values which are underlined are the defaults for the associated parameter.
Uempty
JRN: name
End: name
TOJOBO: job-name
Notes:
The Remove Journal Changes (RMVJRNCHG) command removes the changes that have
been journaled for a particular member of a database file.
The journaled changes are removed from the file from the specified starting point to the
ending point. The journal entries are processed in reverse of the order in which they were
placed into the journal receiver, from the most recent to the oldest.
The starting point can be identified as the last journal entry in the specified journal receiver
range, the point at which a file was last saved, or a particular entry in the receiver range.
The ending point can be the first journal entry or a particular entry in the specified journal
receiver range, or the point at which a file was opened by a specified job. The CMTBDY
parameter can be used for handling changes that are pending in the file.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-73
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Some types of entries in the journal receiver cause the apply or remove process to possibly
stop. These entries are written by events that the system cannot reconstruct. Certain
illogical conditions, such as a duplicate key in a database file defined as unique, can also
cause processing to end.
Error handling: When the system encounters a journal entry it cannot process, it ends
apply processing either for that specific object or for the entire apply operation. You can
specify how the system behaves when it encounters a journal entry it cannot process with
the Object Error Option (OBJERROPT) parameter on the APYJRNCHG or APYJRNCHGX
command.
• If you specify OBJERROPT(*CONTINUE), the system ends apply processing for the
specific object that has an error, but it continues apply processing for the other objects
in the apply operation.
• If you specify OBJERROPT(*END), the system ends processing for the entire apply
operation.
Uempty The OBJERROPT parameter is also available for the Remove Journaled Changes
(RMVJRNCHG) command. Actions of applying or removing journaled changes by journal
code shows which entry types cause processing to end for an object.
After using APYJRNCHG or RMVJRNCHG, the journal receiver should be examined to see the
status or results of the operation. The journal receiver has an F/AY entry to hold the status
or results of an APYJRNCHG and likewise, an F/RC entry to hold the status or results of an
RMVJRNCHG. Look in the Count/PRN and flag fields of the entries.
Count/RRN
This field displays either the relative record number (RRN) of the record which caused the
journal entry to be written, or a count which is pertinent to the specific type of journal entry.
This field is blank except for the journal code/type combinations that follow:
F/AY
This is the number of journal entries applied by the Apply Journal Changes (APYJRNCHG)
command.
F/RC
This is the number of journal entries removed by the Remove Journal Changes
(RMVJRNCHG) command.
Flag
This field displays additional information for certain kinds of journal entries. This field is
blank except for the journal code/type combinations that follow:
F/AY, F/RC
This indicates the completion status.
• 0 - Apply or remove of journal changes completed normally
• 1 - Apply or remove of journal changes completed abnormally
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-75
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Most illogical conditions are caused by starting the apply journaled changes operation at
the wrong place in the journal with respect to the current contents of the file members.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-77
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
SAVCHGOBJ....OBJJRN(*NO)
Weekly Daily
SAVIB LIB(LIBA LIBB) CHGJRN JRN(name) JRNRCV(*GEN)
SAVCHGOBJ OBJ(*ALL) LIB(LIBA LIBB) OBJJRN(*NO)
LIBA
FILEA
FILEB Changes
FILEC occur to FILEA
FILEA on
RCVR0001
Tuesday. FILEA
JRNA RCVR0002
RCVR0001 RCVR0003
FILEA
LIBB RCVR0002
RCVR0001
RCVR0001
RCVR0002
RCVR0003
Notes:
The Save Changed Object (SAVCHGOBJ) command saves a copy of each changed object
or group of objects located in the same library. When *ALL is specified on the Objects
prompt (OBJ parameter), objects can be saved from all user libraries or from up to 300
specified libraries. When saving to a save file, only one library can be specified. For
database files, only the changed members are saved.
Objects changed since the specified date and time are saved with the following exceptions:
• If OBJJRN(*NO) is specified, database files currently being journaled are not saved,
unless journaling was started after the specified date and time. This ensures that
changes made to a physical file before journaling starts are not lost because they were
not journaled in a journal receiver.
• Freed objects (programs, files, journal receivers, and so forth) are not saved.
• User-defined messages, job and output queue definitions, logical file definitions, and
data queue descriptions are saved, but the contents of those objects are not saved.
Logical file access paths are saved if ACCPTH(*YES) is specified.
Uempty Specified objects that were changed and the libraries where they reside remain locked
during the save operation.
Saved objects can be restored with the Restore Object (RSTOBJ) command.
To determine the date and time that an object was changed, run the Display Object
Description (DSPOBJD) command with DETAIL(*FULL) specified. For database file
members that were changed, run the Display File Description (DSPFD) command.
Journaled objects (OBJJRN) specifies whether changes to objects currently being entered
in a journal as specified in the Start Journal Physical File (STRJRNPF) command are saved.
Reference date (REFDATE) specifies the reference date. Objects that have been changed
since this date are saved.
Reference time (REFTIME) specifies the reference time. Objects that have been changed
since this time on the specified date are saved.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-79
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
SAVCHGOBJ....OBJJRN(*YES)
Weekly Daily
SAVIB LIB(LIBA LIBB) CHGJRN JRN(name) JRNRCV(*GEN)
SAVCHGOBJ OBJ(*ALL) LIB(LIBA LIBB) OBJJRN(*YES)
LIBA
FILEA
FILEB Changes
FILEC
occur to
Changes
FILEB on
occur to
JRNA Wednesday.
FILEA on FILEA
Tuesday. FILEA FILEB
LIBB
FILEB
RCVR0001 FILEA
RCVR0001
RCVR0002 RCVR0001 RCVR0002
RCVR0003
RCVR0001 RCVR0002 RCVR0003
Notes:
By specifying OBJJRN(*YES) on the SAVCHGOBJ command, a user is requesting that the
journal objects should be saved as well as any other objects that have changed since the
last save. This will alter your restore strategy.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-81
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
• High change volume files are good candidates.
• Files whose changes have no written records, such as those used for telephone order
entry are good candidates.
• Consider the effect on your business during a delay to reconstruct a file.
• If you journal one file, you should journal all files related to it.
• Do not journal source files, since when a member is updated, every record is
considered changed and therefore written to the journal.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-83
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
ASP2 ASP3
ASP1
User ASP User ASP
System ASP
Library user ASP Non-library user ASP
*LIB LIBJRNA
*JRNRCV
JRCVA
*JRN JRNA
*LIB SAVFLIB
Notes:
If you are journaling many active files to the same journal, the journal receiver can become
a performance bottleneck. One solution is to put the receiver in a user ASP. This also
provides additional protection.
The system spreads journal receivers across multiple disk units to improve performance.
The journal receiver may be placed across the ten fastest disk arms in the ASP. Journal
entries are written in a round robin technique with these arms.
Uempty
Restore considerations
IBM i
Notes:
When you restore a journal, the system creates a new journal receiver and attaches it. A
new receiver chain is started.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-85
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Before images:
– Backout recovery is possible.
– Deleted records can be recovered.
– CMPJRNIMG is more meaningful.
• Journaled files should have FRCRATIO(*NONE)
• *JRNRCV spread across 10 fastest disk arms in ASP
• Size of journal receivers:
– Access path journaled also?
STRJRNPF IMAGES(*AFTER *BOTH)
OMTJRNE(*NONE *OPNCLO)
CRTJRN RCVSIZOPT(*RMVINTENT *MINFIXLEN)
Notes:
Journal entries to be omitted (OMTJRNE) specifies the journal entries that are omitted. The
possible values are:
• *NONE: No journal entries are omitted.
• *OPNCLO: Open and close entries are omitted. Open and close operations on the
specified file members do not create open and close journal entries.
Receiver size options (RCVSIZOPT) specifies the options that affect the size of the
receivers attached to the journal. The possible values are:
• *NONE: No options affect the size of the journal entries attached to the receiver. All
journal entries placed on the receiver are permanent.
• *RMVINTENT: The size of the receivers attached to the journal are reduced by automatic
removal of the internal entries required only for initial program load (IPL) recovery when
these entries are no longer required.
Uempty • *MINFIXLEN: The size of the journal entries that are deposited into the attached journal
receivers is reduced by the automatic removal of the job, program, and user profile
information.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-87
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
12
11 1
10 2
9 3
8
7
6
5
4
Decreases time required to do backup
15
Aids debugging
© Copyright IBM Corporation 2012
Notes:
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-89
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Remote journal
IBM i
Notes:
Remote journal management allows you to establish journals and journal receivers on a
remote system or to establish journal and receivers on independent disk pools that are
associated with specific journals and journal receivers on a local system.
The remote journaling function can replicate journal entries from the local system to the
journals and journal receivers that are located on the remote system or independent disk
pools after they have been established.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-91
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Call to RCVJRNE
Receive
Applications exit program
.
and .
apply jobs .
Processing........
R
DB operation
C
V
J
Communications R
transport N
E
Notes:
• Objects cannot be journaled to remote journals
• Cannot use SNDJRNE or API QJIOSJRNE to send entries to remote journal
How does it work?
• DB images transported in real time
• All transport managed below the MI (that is, in microcode)
• Memory to memory transfer - does not wait to reach a target disk
• If the communications line goes down, source applications keep executing
Four transport mechanisms:
• OptiConnect (Optical bus)
• TCP/IP
• SNA (APPC)
• ATM
Uempty
Note
All remote journal TCP connections use the TCP local port of 3777.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-93
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
• No lost transactions
• Faster switch-back
© Copyright IBM Corporation 2012
Notes:
Differences from what is in the market today:
• Less disk writes on source system than former JRN support
- Greater DASD efficiency
- Adaptive bundling
• Less CPU overhead than prior support
- Frees up CPU cycles on production/source machine
- Shifts work to the backout/target machine
• DB images can be sent to target machine in real time
- SYNC mode
- No delay
- No trapped transactions
• If you need high availability (24x7)
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-95
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Notes:
Add a remote journal with IBM i Navigator
1. In the IBM i Navigator window, expand the system you want to use.
2. Expand Database.
3. Expand the database you want to use.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-97
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
1. Expand Schemas.
2. Click the library that contains the journal to which you want to add a remote journal.
Uempty
Notes:
1. Click Journals.
2. Right-click the journal to which you want to add a remote journal and select Properties.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-99
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
1. In the Journal Properties dialog box, click Remote Journals.
Uempty
Notes:
1. To add (associate) a remote journal to this journal, click Add.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-101
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The Add a Remote Journal dialog associates a remote journal on the target system, as
identified by the relational database directory entry (WRKRDBDIRE), with the journal on the
source system. The journal on the source system may be either a local journal or another
remote journal. A maximum of 255 remote journals may be associated with a single journal
on a source system.
The remote journal is created if it does not already exist. If a remote journal with the
specified name already exists on the target system, it is reused if it was previously
associated with this journal.
Relational database name: Lists the relational database (RDB) directory entries. Select
the RDB directory entry that you want.
Journal type: Allows you to select whether the remote journal should be of Type 1 or
Type 2.The journal type default is Type 1.The remote journal type influences the
redirection capabilities, journal receiver restore operations, and remote journal association
characteristics.
Uempty Redirect receiver: Specifies whether or not to create the remote journal receivers on the
target system with a different library from that used on the source system.
Target receiver library: Allows you to specify the library on the target system where the
remote journal receivers are to be located. If this field is blank, receivers will reside in the
same libraries as on the source system.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-103
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
As an alternative to IBM i Navigator you can use the Add Remote Journal (ADDRMTJRN)
Command or the Add Remote Journal (QjoAddRemoteJournal) API to add a remote
journal.
If you set up the remote journal with IBM i Navigator, CL-command or API, there are:
• No application changes required
• No special feature to install
• No tuning mandated
• No extra housekeeping steps
Even Swap of Receivers is automated on the target.
CL-Commands:
The Add Remote Journal (ADDRMTJRN) command associates a remote journal on the
target system, as identified by the relational database directory entry, with the specified
journal on the source system. The journal on the source system may be either a local
Uempty journal or another remote journal. A maximum of 255 remote journals may be associated
with a single journal on a source system.
The Change Remote Journal (CHGRMTJRN) command is used to change the journal state
for remote journals. This command is used on the source system for a remote journal that
is associated with a source-system journal, to change the state of the remote journal from
*ACTIVE to *INACTIVE or from *INACTIVE to *ACTIVE. A journal state of *ACTIVE for a
remote journal indicates that journal entries can be received from the associated journal on
the source system. A journal state of *INACTIVE for a remote journal indicates that the
journal is not ready to receive journal entries from a source journal. This command also
allows additional attributes that are associated with the journal state to be set.
The Remove Remote Journal (RMVRMTJRN) command disassociates a remote journal on
the specified target system from the specified journal on the source system. The journal on
the source system may be either a local journal or another remote journal. The remote
journal, and any associated journal receivers, are not deleted from the target system by the
command processing. No processing is performed on the target system for the command.
The remote journal that remains on the target system may later be added back to the
remote journal definition for the journal on the source system by using the Add Remote
Journal (ADDRMTJRN) command.
The Change Journal (CHGJRN) command can be used to modify the other journal attributes
of remote journals, such as the journal message queue, deleting receivers, and text.
Special attention needs to be given to the base main storage pool size for both source and
target systems in order to keep page faulting to a minimum. Refer to the Performance
section for other performance issues when working with remote journals.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-105
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
New in V7R1
IBM i
Notes:
As an alternative to IBM i Navigator you can use the Add Remote Journal (ADDRMTJRN)
Command or the Add Remote Journal (QjoAddRemoteJournal) API to add a remote
journal.
If you set up the remote journal with IBM i Navigator, CL-command or API, there are:
• No application changes required
• No special feature to install
• No tuning mandated
• No extra housekeeping steps
Even Swap of Receivers is automated on the target.
CL-Commands:
The Add Remote Journal (ADDRMTJRN) command associates a remote journal on the
target system, as identified by the relational database directory entry, with the specified
journal on the source system. The journal on the source system may be either a local
Uempty journal or another remote journal. A maximum of 255 remote journals may be associated
with a single journal on a source system.
The Change Remote Journal (CHGRMTJRN) command is used to change the journal state
for remote journals. This command is used on the source system for a remote journal that
is associated with a source-system journal, to change the state of the remote journal from
*ACTIVE to *INACTIVE or from *INACTIVE to *ACTIVE. A journal state of *ACTIVE for a
remote journal indicates that journal entries can be received from the associated journal on
the source system. A journal state of *INACTIVE for a remote journal indicates that the
journal is not ready to receive journal entries from a source journal. This command also
allows additional attributes that are associated with the journal state to be set.
The Remove Remote Journal (RMVRMTJRN) command disassociates a remote journal on
the specified target system from the specified journal on the source system. The journal on
the source system may be either a local journal or another remote journal. The remote
journal, and any associated journal receivers, are not deleted from the target system by the
command processing. No processing is performed on the target system for the command.
The remote journal that remains on the target system may later be added back to the
remote journal definition for the journal on the source system by using the Add Remote
Journal (ADDRMTJRN) command.
The Change Journal (CHGJRN) command can be used to modify the other journal attributes
of remote journals, such as the journal message queue, deleting receivers, and text.
Special attention needs to be given to the base main storage pool size for both source and
target systems in order to keep page faulting to a minimum. Refer to the Performance
section for other performance issues when working with remote journals.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-107
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-109
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• How?
– By journaling access paths
Notes:
Without access path protection, an IPL after an abnormal system end could take several
hours.
An access path describes the order in which records in a database file are processed. A file
can have multiple access paths, if different programs need to see the records in different
sequences. If your system ends abnormally when access paths are in use, the system may
have to rebuild the access paths before you can use the files again. This is a
time-consuming process. To perform an IPL on a large, busy IBM Power System with IBM i
that has ended abnormally can take many hours.
The QSAVACCPTH system value indicates whether or not the access paths are saved
during a save operation. The access path is the order in which records in one or more
database files are organized for processing by a program
Two methods of access-path protection are available:
1. System-managed access-path protection (SMAPP)
2. Explicit journaling of access paths
Uempty
Notes:
Access path maintenance (MAINT)
Specifies, for files with key fields, the type of access path maintenance used for all
members of the physical file.
The possible values are:
*IMMED: The access path is updated each time a record is changed, added, or deleted
from a member. *IMMED must be specified for files that require unique keys.
*REBLD: The access path is completely rebuilt each time a file member is opened. The
access path is maintained until the member is closed; then the access path is deleted.
*REBLD cannot be specified for files that require unique keys.
*DLY: The maintenance of the access path is delayed until the physical file member is
opened for use. Then, the access path is changed only for records that have been added,
deleted, or changed since the file was last opened. While the file is open, changes made to
its members are immediately reflected in the access paths of those members, no matter
what is specified for MAINT. To prevent a lengthy rebuild time when the file is opened, *DLY
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-111
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
should be specified only when the number of changes to the access path between
successive opens are small; that is, when the file is opened frequently or when the key
fields in records for this access path change infrequently. *DLY is not valid for Access paths
that require unique key values.
If the number of changes between a close and the next open reaches approximately 10%
of the access path size, the system stops saving changes and the access path is
completely rebuilt the next time the file is opened.
Access path recovery (RECOVER)
Specifies for files with immediate or delayed access path maintenance, when recovery
processing of the file is performed if the access path is being changed when a system
failure occurs. This parameter is valid only for a file with a keyed access path.
If *IMMED is specified for the MAINT parameter, the access path can be rebuilt during initial
program load (IPL) (before any user can run a job), or after IPL has ended (during jobs
running at the same time), or when the file is next opened. While the access path is being
rebuilt, the file cannot be used by any job.
During the IPL, an Override Access Path Recovery display lists those access paths that
must be recovered and the RECOVER parameter value for each access path. The user can
override the RECOVER parameter value on this display. More information on access paths is
in the IBM Power Systems with IBM i Information Center.
If *REBLD is specified for the MAINT parameter, the access path is rebuilt the next time its
file is opened.
The possible values are:
*NO: The access path of the file is rebuilt when the file is opened. *NO is the default for all
files that do not require unique keys. The file's access path, if not valid, is rebuilt when the
file is next opened.
Note
*NO is the default for all files that do not require unique keys.
*AFTIPL: The access path of the file is rebuilt after the initial program load (IPL) operation
is completed. This option allows other jobs not using this file to start processing
immediately after the completion of the IPL. If a job tries to allocate the file while its access
path is being rebuilt, a file open exception occurs.
Note
*AFTIPL is the default for all files that require unique keys.
Uempty *IPL: The access path of the file is rebuilt during the IPL operation. This ensures that the
file's access path is rebuilt before the first user program tries to use it. However, no jobs
can start running until after all files that specify RECOVER(*IPL) have their access paths
rebuilt.
Force keyed access path (FRCACCPTH)
Specifies, for files with key fields, whether access path changes are forced to auxiliary
storage along with the associated records in the file. FRCACCPTH(*YES) minimizes (but
does not remove) the possibility that an abnormal job end may cause damage to the
access path that requires it to be rebuilt.
The possible values are:
*NO: The access path and associated records are not forced to be written to auxiliary
storage when the access path is changed.
*YES: The access path and associated records are forced to be written to auxiliary storage
when the access path is changed. *YES cannot be specified if *REBLD is specified on the
Access path maintenance prompt (MAINT parameter).
FRCACCPTH(*YES) slows the response time of the IBM Power System with IBM i if the
access path is changed in an interactive job. If the access path is changed frequently, the
overall performance of the IBM Power System with IBM i is decreased.
Note
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-113
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
This display appears during an attended IPL after an abnormal system end.
The Edit Rebuild of Access Paths display shows the names of the file members that have
immediate or delayed maintenance access paths that are not valid.
The display allows you to rebuild the access path for a given member of the file. The
access path for a file member is marked as not valid when the system ends abnormally and
the file member is in use.
Files with journaled access paths and files with rebuild maintenance of the access path are
not shown on the Edit Rebuild Access Path display.
When a sequence value is selected and the Enter key is pressed, the status field is
updated to show the current rebuild condition of the access path.
The following sequence values can be selected:
1-99=Rebuild sequence
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-115
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
As mentioned earlier, if your system ends abnormally when access paths are in use, the
system may have to rebuild the access paths before the database can be used again.
To perform an IPL on a large, busy IBM Power System with IBM i that has ended
abnormally can take many hours.
Two methods of access-path protection are available:
• Explicit journaling of access paths
• System-managed access-path protection
Explicit journal management may be used to keep a record of changes to access paths.
This greatly reduces the amount of time it takes the system to perform an IPL after it ends
abnormally. However, this method requires the user to decide which access paths should
be journaled and how the journaling should be controlled.
The need to protect some access paths may have be obvious but, for other access paths,
the need may not be so obvious. For example, the use of a file may vary from time-to-time
during the day or even over a cycle as long as a year. It is easy to omit an access path.
Uempty Protecting every access path may consume system resources unnecessarily and omission
of the wrong path could affect availability in the event of an abnormal termination.
Most users make a decision based on their experience with their applications.
An alternative to a user controlled access path protection scheme is to use the System
Managed Access Path Protection (SMAPP) facility.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-117
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Automatic:
– Determines which access paths to journal
– Adjusts for system hardware and file changes
– Files not journaled: Uses internal journal and receiver
– Files already journaled: Uses same journal and receiver
Notes:
You can allow the system to determine which access paths to protect. You specify target
recovery times for access paths for the entire system or for auxiliary storage pools (ASPs).
Your system has a default recovery time for access paths for the entire system of 90
minutes when it is shipped. You can use the Edit Recovery for Access Paths (EDTRCYAP)
command to see and change the target recovery times for access paths and to see how
much space the IBM Power System with IBM i is using for system-managed access-path
protection (SMAPP).
SMAPP provides a simple method to reduce your recovery time after an abnormal system
end. SMAPP manages the required environment for you. You do not need to use any type
of journal management to use SMAPP.
• Automated
- You need not take any action to benefit
- Adapts to new LFs and APs as they arrive
- No files get overlooked
Uempty - Uses an algorithm somewhat similar to journaling without as much disk space or
CPU overhead
• Can be customized to your needs
- You get to dial the level of protection you require
- You tell the system how much recovery time you can afford and the system tries to
match it
Is expected to have minimal performance impact/overhead
- Perhaps as low as 3 - 4%
- Even less if you want to specify a slightly longer recovery time
• Completely compatible with any journaling you are already using
- No need to change any of your current practices
- Does not require set up of a private User ASP
Some access paths are not eligible for protection by SMAPP including the following:
• Those defined for file that specifies MAINT(*REBLD)
• Any access path that is already explicitly journaled
• Any access path in the QTEMP library
• Any access path whose underlying physical files are journaled to different journals
• Any access path for a physical file that was created specifying FRCACCPTH(*YES)
• Any encoded vector access path
• Any access path that uses an international component for unicode (ICU) sort sequence
table
• A file journaled to a journal in standby state
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-119
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Specify target recovery times either for entire system or ASPs, but not
both
Notes:
• Disk space consumed
- AP JRN requires customer to change Journal receivers, can overflow an ASP, and
consumes hundreds of megabytes per day
- SMAPP logging area is circular and consumes less space
• JRNRCVR placement
- AP JRN requires Journal placement on user ASP to achieve best performance
- SMAPP spreads logging area among ten fastest arms, with affinity for arms with
write cache, bundles writes to 32 KB, and performs 10 writes in parallel
• Performance impacts
- AP JRN performs a synchronous write to the disk for each DB operation (Add,
Delete, Update)
- SMAPP provides just as good protection with bundled async writes thereby reducing
total number of writes and performance overhead
Uempty
Notes:
The Edit Recovery for Access Paths display shows a list of access path recovery times
for the system and for auxiliary storage pools (ASP) that are currently active on the system.
The information shown reflects the current target and estimated access path recovery
times. Access path and access path recovery information is shown also for all auxiliary
storage pools (ASPs) if they are active and if system-managed access-path protection has
not been turned off (the system access path recovery time value is not *OFF). On this list,
you can type changes for the target access path recovery times for the system and for the
ASPs. You can also view updated access path recovery status information.
Note
The ASP information is not shown when the system ASP (ASP 1) is the only ASP that is
active. The system does not keep track of the access path rebuild exposure when SMAPP
protection is set to *OFF.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-121
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-123
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The F16=Display details function displays SMAPP tuning information.
All access paths with estimated rebuild times greater than the internal threshold will be
protected by SMAPP. The internal threshold value may change if the number of access
paths or their estimated rebuild times change.
The last retune field shows the most recent date and time the internal threshold was
changed.
The last recalibrate field shows the most recent date and time that the operating system
needed to recalibrate internal structures in order to optimize SMAPP efficiency.
Uempty
SMAPP contribution to system performance
(1 of 2)
IBM i
• The lower the target recovery time you specify for access
paths, the greater this effect might be.
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-125
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
When journaled files (that have large access paths built over them) are modified while the
journal is in a standby state, processor use is increased and system performance may be
impacted.
Uempty
SMAPP summary
IBM i
• Automatic
• Not much DASD consumed
• Not much performance overhead
• Does not miss any files
• Needs no special setup; no ASPs required
• No special hardware
• Covers broad spectrum of outage causes
• Substantial IPL/recovery time reductions
Notes:
There are several advantages to SMAPP that make its use worth investigating.
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-127
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Checkpoint (1 of 6)
IBM i
3. What is the first object that needs to be created when you start
journaling?
a. Journal audit trail
b. Journal receiver
c. Journal
d. Journal access path
Notes:
Uempty
Checkpoint (2 of 6)
IBM i
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-129
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Checkpoint (3 of 6)
IBM i
7. The _____ command is used to see the attributes associated with your journal.
a. WRKJRN
b. CRTJRN
c. DSPJRNA
d. WRKJRNA
9. True or False: When displaying journal information, you can specify to only show
transactions performed by a specific program.
10. True or False: User-generated entries get placed into a journal receiver when the
user selects an option to generate a system message.
© Copyright IBM Corporation 2012
Notes:
Uempty
Checkpoint (4 of 6)
IBM i
13. True or False: Journaling and saving changed objects are two
recovery methods that cannot be used together or at the same time
with the same objects.
14. Which of the following is the command used to save those objects that
have changed since the last time that object was changed.
a. SAVLIBCHG
b. SAVOBJCHG
c. SAVCHGOBJ
d. SAVCHGLIB
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-131
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Checkpoint (5 of 6)
IBM i
15. True or False: Objects that have a high change volume are
prime candidates that should be journaled.
Notes:
Uempty
Checkpoint (6 of 6)
IBM i
20. True or False: Access path protection will cut down on the amount of
time it takes a system to IPL after an abnormal system end.
21. True or False: Journaling can also be used to protect access paths.
22. True or False: At IPL time, the system will show you a screen that lists
all of those objects whose access paths are being protected
(journaled) and have already been recovered (basically, a screen to
show you what has already be recovered).
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 12. Journal management 12-133
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit summary
IBM i
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit objectives
IBM i
Notes:
Uempty
Notes:
You can use commitment control to design an application so the system can restart the
application if a job, an activation group within a job, or the system ends abnormally.
With commitment control, you can have assurance that when the application starts again,
no partial updates are in the database due to incomplete transactions from a prior failure.
A transaction is a group of individual changes to objects on the system that appears as a
single atomic change to the user.
Note
IBM i Navigator uses the term transaction, while the 5250 user (also called command line
or character based) interface uses the term Logical Unit of Work (LUW). The two terms are
interchangeable.
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
In an environment where multiple users are keying in transactions using the same
application and the same data files, it is possible that journaling may not provide the best
solution to recover from an abnormal system or application end.
If you are only using journaling, there may not be a single recovery point that can be used
to recover all of the completed transactions. A single point recovery under these conditions
might require rekeying on the part of most of the users.
Commitment control provides a recovery method in which each user may have a unique
recovery point. It allows you to define and process a complex transaction (multiple changes
to the database) as a single unit of work.
Using commitment control, you can design an application that can be restarted for each job
that terminates abnormally. It ensures that all changes within a transaction are completed
for the files affected. It also provides facilities to remove changes when a user determines
that a transaction is not considered a complete transaction or is in error.
Uempty
Notes:
The example on the visual shows that the transactions that are considered complete are:
• Sequence #20 and sequence #23
• Sequence #21 and sequence #22
• Sequence #25 and sequence #27
• Sequence #26 and sequence #28
If you choose to start the recovery at sequence #20 through Sequence #28, the problem is
that sequence #24 is not a complete transaction and thus produces data that is damaged
or corrupted.
On the other hand, you choose to start the recovery at sequence #20 through Sequence
#23, now the problem is that several transactions that are considered complete (sequence
#25 - #28) is work that will have to be redone, data that will have to be rekeyed.
This is a problem that will grow exponentially as more and more operators are keying in
data in this application environment.
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Journal Entries
C BC . . . . . . . . . . . . . STRCMTCTL
CALL
Commitment definition
F OP . . . . . . . . . . . . . . . . .OPEN FILES
C SC . . . . . . . . . . . . . . . . .READ ITEM
Commit
READ DETAIL
JOB
cycle
F CL . . . . . . . . . . . . . . . . .CLOSE FILES
C EC . . . . . . . . . . . . . ENDCMTCTL
SIGNOFF
Notes:
A commitment definition includes:
• Parameters on the STRCMTCTL command
• Current status of the commitment definition
• Information about database files and other committable resources that contain changes
that are made during the current logical unit of work.
An application transaction should fall exactly within a commit cycle. A commit cycle is the
time from one commitment boundary to the next. The system assigns a commit cycle
identifier to associate all of the journal entries for a particular commit cycle together. Each
journal that participates in a transaction has its own commit cycle and its own commit cycle
identifier.
Reprogramming of an application is required to implement commitment control.
Specifically:
• To use commit in a program, the files have to be opened for commitment control.
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Rollback event
IBM i
Notes:
A rollback operation removes all changes made within a transaction since the previous
commit operation or rollback operation. During a rollback operation, the system also
releases locks related to the transaction. If the system contains thousands of transactions,
the system can take hours to complete a rollback operation. These long-running rollbacks
can consume critical processor time, lock resources or take up storage space.
Before you end a long-running rollback, you need to know which commitment definitions
are being rolled back and what state the commitment definitions are in. The State field for
commitment definitions that are rolling back is set to ROLLBACK IN PROGRESS.
Use the Work with Commitment Definitions (WRKCMTDFN) command to check the status of
a rollback by following these steps:
• Type WRKCMTDFN JOB(*ALL) from the character-based interface.
• Press F11 to display the State field.
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Rollback event
32 J IA 12:20:00
33 R UR ITEM After ADMCTL W22 12:21:15
34 R BR ITEM Before ADMCTL W22 12:21:18
35 C RB W22 12:21:30
36 R UR ITEM After ADMCTL W1 12:21:40
37 R BR ITEM Before ADMCTL W1 12:21:45
38 C RB W1 12:21:55
© Copyright IBM Corporation 2012
Notes:
1. Before the Rollback event, the transaction for job W333 is complete, but the
transactions for W1 and W22 are incomplete.
2. Then a Rollback event occurs, it could be one of the following:
a. A implicit Rollback originating from the system
b. A Rollback originating from a program Rollback instruction
3. The completed transaction for job W333 is unaffected by the Rollback.
4. The incomplete transactions for jobs W1 and W22 are rolled back.
The system rolls back any uncommitted transactions.
• Record before image is entered in the journal as type UR.
• The image after the rollback is entered as type BR.
• DR identifies record deleted or rollback.
• IA identifies an IPL following an abnormal system termination.
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
If only after images are specified to be journaled, the system also journals the before
images of the files while those files are under commitment control.
Uempty
Notes:
The Start Commitment Control (STRCMTCTL) command is used to establish either a job
level or activation group level commitment definition.
This command also specifies the level of record locking that occurs for the commitment
definition to be started. Also, a notify object can be specified.
Before a commitment definition is established, the user must ensure that all database files
that are to be opened under commitment control for a single commitment transaction are
journaled. If only the after images are being journaled, the IBM Power System with IBM i
implicitly begins journaling both the before and the after images for the duration of the
changes being made to files opened under this commitment definition.
A default journal can be specified. Entries that describe all journals and systems involved in
a commitment control operation can be placed in this journal.
Commitment definition scope (CMTSCOPE)
The scope of a commitment definition determines which programs use that commitment
definition, and how locks acquired during transactions are scoped. The interface that starts
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
the commitment definition determines the scope of the commitment definition. Specifies the
scope for the commitment definition to be started. The possible values are:
• *ACTGRP: An activation-group-level commitment definition is started for the activation
group associated with the program issuing the command.
• *JOB: The job-level commitment definition is started for the job. It specifies text that
briefly describes the commitment definition to be started. It specifies the default journal.
The default journal contains entries identifying each of the resources involved in a unit
of work. Entries can also be placed when each unit of work starts or ends due to a
commit or rollback operation, depending on the OMTJRNE parameter value.
Journal entries to be omitted (OMTJRNE)
Specifies the journal entries to omit from the default journal. If *NONE is specified on the
DFTJRN parameter, this is ignored. The possible values are:
• *NONE: No journal entries are omitted.
• *LUWID: The journal entry that contains the Logical Unit of Work Identifier (LUWID) and
all the resources involved in the logical unit of work, are omitted if the logical unit of
work is committed or rolled back successfully. If an error occurs while committing or
rolling back the logical unit of work, the entry will always be sent regardless of this
value.
Note
Uempty
• STRCMTCTL LCKLVL ( )
– *CHG: Record adds, updates, and deletes are protected from changes
by other jobs until commit or rollback.
Notes:
Lock Level (LCVLVL)
Specifies the default level of record locking that occurs for the commitment definition to be
started. This is a required parameter.
The possible values are:
*CHG
Every record read for update (for a file opened under commitment control) is locked. If a
record is changed, added, or deleted, that record remains locked until the transaction is
committed or rolled back. Records that are accessed for update operations but are
released without being changed are unlocked.
*CS
Every record accessed for files opened under commitment control is locked. A record that
is read, but not changed or deleted, is unlocked when a different record is read. Records
that are changed, added, or deleted are locked until the transaction is committed or rolled
back.
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
*ALL
Every record access for files opened under commitment control is locked until the
transaction is committed or rolled back.
Refer to Information Center for details.
Uempty
Notes:
The notify object parameter is specified on the STRCMTCTL command.
Notify Object (NFYOBJ)
It specifies the name and type of the object where notification is sent regarding the status of
a transaction for a commitment definition.
For a system failure, the commitment identifier is placed in the notify object after the next
successful initial program load (IPL). For a job that ends with uncommitted changes or with
a nonzero completion code, the commitment identifier is placed in the notify objects during
end job processing. For an activation group that ends with uncommitted changes or ends
normally, the notification text is placed in the notify object during activation group end
processing.
*NONE
No notification is sent after an abnormal system or process end.
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Object-name
Specify the name (library-name/object-name) of the object to receive notification of the last
transaction that is successfully committed. You must have correct authority for the object
specified. The possible object type values are:
• *MSGQ: The text identifying the last commitment boundary is placed on the specified
message queue.
• *DTAARA: The text identifying the last commitment boundary is placed in the specified
data area. The data area specified must be of type character, and unique to this job.
The text is padded or truncated to fit the data area.
• *FILE: The text identifying the last commitment boundary is added to the specified
physical file.
COBOL's commit operation does not have the capability to supply a commit identification.
Uempty
Notes:
Notify object is used as part of programmer-written error handling procedure.
After an abnormal end, a program upon restart, could interrogate the notify object to get
information about restarting the application.
During normal processing of the application, the programmer would include on the commit
operation, after each transaction, a commit identification to identify that transaction.
Each application should have its own notify object if the object type is *FILE or *MSGQ and
the commit identification should include an identification of the job or user who made the
transaction.
If the notify object is a *DTAARA, there should be a notify object for each combination of
application and user.
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
1. Prepare wave
2. Vote
Notes:
Two-phase commit is intended to ensure that committable resources on multiple systems
remain synchronized.
• LUW = Logical Unit of Work
• Prepare wave: The resource manager that initiated the commit request informs all other
resource managers that the LUW is ready to be committed.
• Vote: All resource managers must respond that they are ready to commit.
• Committed wave: The resource manager that initiated the commit request decides what
to do, based on the outcome of the prepare wave.
- If the prepare wave completes successfully and all participants vote ready, the
resource manager instructs all other resource managers to commit the LUW.
- If the prepare wave does not complete successfully, all the resource managers are
instructed to roll back the LUW.
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
IBM i supports two-phase commit in accordance with the SNA LU 6.2 architecture. For
more detailed information about the internal protocols used by the system for two-phase
commit, refer to the SNA Transaction Programmer’s Reference for LU Type 6.2,
GC30-3084-05. All supported releases of IBM i support the Presumed Nothing protocols of
SNA LU 6.2 and the Presumed Abort protocols of SNA LU 6.2.
Two-phase commit is also supported using TCP/IP as a Distributed Unit of Work (DUW)
DRDA protocol. To use TCP/IP DUW connections, all of the systems (both the application
requester and the application server) must be at V5R1M0 or newer. For more information
about DRDA see the Open Group Technical Standard, DRDA V2 Vol. 1: Distributed
Relational Database Architecture at the Open Group web site.
Uempty
Notes:
If a rollback occurs, file cursor position is also rolled back.
Refer to Information Center for additional considerations.
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Transaction
Begin COMMIT:
trans Rollback to End trans
A B Savepoint B
Timeline
Savepoint A Savepoint B
Notes:
The SAVEPOINT statement sets a savepoint within a unit of work to identify a point in time
within the unit of work to which relational database changes can be rolled back.
Faster transaction recovery with database savepoints. Instead of starting over from the
beginning of related transactions, start from a known interim step.
• ROLLBACK TO <savepoint>: This statement rolls back changes only to the
specified savepoint instead of all changes made by the transaction.
• RELEASE SAVEPOINT: This statement deletes a savepoint.
• COMMIT or ROLLBACK: Savepoints in a distributed transaction are scoped to the
current connection.
Uempty
Notes:
Independent disk pools and independent disk pool groups, can each have a separate IBM i
SQL database. You can use commitment control with these databases.
QRECOVERY library considerations
When you start commitment control, the commitment definition is created in the
QRECOVERY library.
Each independent disk pool or independent disk pool group has its own version of a
QRECOVERY library. On an independent disk pool, the name of the QRECOVERY library is
QRCYxxxxx, where xxxxx is the number of the independent disk pool. Furthermore, if the
independent disk pool is part of a disk pool group, only the primary disk pool has a
QRCYxxxxx library.
When you start commitment control, the commitment definition is created in the
QRECOVERY library of the independent disk pool that is associated with that job, making
commitment control active on the independent disk pool.
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty - Commitment definitions residing on the independent disk pool become unusable.
- Commitment definitions residing on the independent disk pool, but not attached to a
job, release transaction scoped locks.
Remote database considerations
• You cannot use an LU6.2 SNA connection (protected conversations or Distributed Unit
of Work (DUW)) to connect to a remote database from an independent disk pool
database. You can use unprotected SNA conversations to connect from an independent
disk pool database to a remote database.
• When commitment control is active for a job or thread, access to data outside the
independent disk pool or disk pool group to which the commitment definition belongs is
only possible remotely, as if it were data that resides on another system. When you
issue an SQL CONNECT statement to connect to the relational database (RDB) on the
independent disk pool, the system makes the connection a remote connection.
• The system disk pool and basic disk pools do not require a remote connection for read
only access to data that resides on an independent disk pool. Likewise, an independent
disk pool does not require a remote connection for read-only access to data that resides
on the system disk pool or a basic disk pool.
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
DB2 UDB for IBM i can participate in X/Open global transactions
The Open Group has defined an industry standard model for transactional work that allows
changes made against unrelated resources to be part of single global transaction. An
example of this is changes to databases that are provided by two separate vendors. This
model is called the X/Open Distributed Transaction Processing model (DTP model).
In the XA environment, each database is considered a separate resource manager. When
a transaction manager wants to access two databases under the same transaction, it must
use the XA protocols to perform two-phase commit with the two resource managers.
Since each independent disk pool is a separate SQL database, in the XA environment
each independent disk pool is also considered a separate resource manager. For an
application server to perform a transaction which targets two different independent disk
pools, the transaction manager must also use a two-phase commit protocol.
Application Program (AP): Implements the desired function of the end user by specifying
a sequence of operations that involves resources such as databases. It defines the start
Uempty and end of global transactions, accesses resources within transaction boundaries, and
normally makes the decision whether to commit or roll back each transaction.
Transaction Manager: Manages global transactions and coordinates the decision to start
them, and commit them, or roll them back in order to ensure atomic transaction completion.
The TM also coordinates recovery activities with the RMs after a component fails.
Resource Manager (RM): Manages a defined part of the computer's shared resources,
such as a database management system. The AP uses interfaces defined by each RM to
perform transactional work. The TM uses interfaces provided by the RM to carry out
transaction completion.
Communications Resource Manager (CRM): Allows an instance of the model to access
another instance either inside or outside the current TM domain. CRMs are outside the
scope of DB2 UDB for IBM i and are not discussed here.
Communication Protocol: This refers to the protocols used by CRMs to communicate
with each other. This is outside the scope of DB2 UDB for IBM i and is not discussed here.
The XA Specification is the part of the DTP model that describes a set of interfaces that is
used by the TM and RM components of the DTP model. DB2 UDB for IBM i implements
these interfaces as a set of UNIX style APIs and exit programs. See XA APIs for detailed
documentation of these APIs and for more information on how to use DB2 UDB for IBM i as
an RM.
IBM i Navigator and XA transactions
IBM i Navigator supports the management of XA transactions as Global transactions. A
Global transaction may contain changes both outside and within DB2 UDB for IBM i. A
global transaction is coordinated by an external Transaction Manger using the Open Group
XA architecture, or another similar architecture.
An application commits or rolls back a global transaction using interfaces provided by the
Transaction Manager. The Transaction Manager uses commit protocols defined by the XA
architecture, or another architecture, to complete the transaction. DB2 UDB for IBM i acts
as an XA Resource Manager when participating in a global transaction. There are two
types of global transactions:
• Transaction-scoped locks: Locks acquired on behalf of the transaction are scoped to
the transaction. The transaction can move from one job or thread to another.
• Job-scoped locks: Locks acquired on behalf of the transaction are scoped to the job.
The transaction cannot move from the job that started it.
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
You can use IBM i Navigator to display information about all transactions (logical units of
work) on the system. You can also look at information about the job, if any, associated with
a transaction.
Uempty
IBM i Navigator: Support for commitment control
(2 of 6)
IBM i
Notes:
This display shows the following:
• Unit of Work ID
• Unit of Work State
• Job
• User
• Number
• Resynchronization in Progress
• Commitment Definition
If you choose a Transaction and right-click it, you can get more information about the
transaction, such as:
• Jobs
• Resource Status
• Properties
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
This System i Navigator screen shows the general properties information of selected
commitment control transactions on your system. This is achieved by right-clicking a
specific transaction, selecting Properties and choosing the General tab.
Uempty
IBM i Navigator: Support for commitment control
(4 of 6)
IBM i
Notes:
This System i Navigator screen shows the detail information of selected commitment
control transactions on your system. This is achieved by right-clicking a specific
transaction, selecting Properties and choosing the Detail tab.
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
This System i Navigator screen shows the commitment options information of selected
commitment control transactions on your system. This is achieved by right-clicking a
specific transaction, selecting Properties and choosing the Commitment Options tab.
Uempty
IBM i Navigator: Support for commitment control
(6 of 6)
IBM i
Resource
status for
transaction
Jobs for
transaction
Notes:
This System i Navigator screen shows the detail resource status information of selected
commitment control transactions on your system.
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Commitment control:
Lab exercise
© Copyright IBM Corporation 2012
Notes:
Uempty
Checkpoint
IBM i
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 13. Commitment control: Overview 13-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit summary
IBM i
Notes:
References
IBM i Information Center:
http://publib.boulder.ibm.com/iseries > i 7.1 > IBM i 7.1
Information Center > Systems management > Backup
and recovery > Planning a backup and recovery
strategy
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit objectives
IBM i
Notes:
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The cost of implementing availability features must be offset by the cost of failure multiplied
by probability of failure.
Uempty
IBM i
Notes:
If you were to loose a key application, for example order entry, could you recover it and
how long would it take to recover?
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The timeline for backup and recovery begins when you save the information and ends
when your system is fully recovered after a failure.
Refer to this timeline as you read this information and make the decisions. Your strategies
for saving and availability determine these things:
• Whether you can successfully complete each step in the chart.
• How long does it take you to complete each step.
Use the timeline to develop specific examples.
• What if the known point (1) is Sunday evening and the failure point (2) is Thursday
afternoon?
• How long does it take to get back to the known point?
• How long does it take you to get to the current point (6)?
• Is it even possible with the save strategy that you have planned?
Uempty
Notes:
The answer to the question of what you need to save is simple: everything. To be prepared
for a site loss or certain types of disk failures, you need to be able to recover everything on
your system. Saving the right things determines whether you can recover to point 4 (the
last save) shown in the backup and recovery timeline, in the previous visual.
In an ideal world, how often you need to save is also an easy question.
• Every day, save the parts of your system that change often.
• Every week, save the parts of your system that do not change often.
Saving the right things at the right time determines how much information you need to
recover to get from point 4 to point 5 in the backup and recovery timeline in the previous
visual.
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
This table shows the parts of the system that change often, and should be saved daily.
This table shows the parts of the system that do not change often; you can save these on a
weekly basis.
Table 2: What to save weekly: Parts of the system that do not change often
Item description IBM-supplied? When changes occur
PTFs or new release of the
Licensed Internal Code Yes
operating system
Operating system objects in PTFs or new release of the
Yes
QSYS library operating system
Operating System/400
PTFs or new release of the
optional libraries (QHLPSYS, Yes
operating system
QUSRTOOL)
Uempty Table 2: What to save weekly: Parts of the system that do not change often
Item description IBM-supplied? When changes occur
Licensed program libraries Updates to licensed
Yes
(QRPG, QCBL, Qxxxx) programs
Licensed program folders Updates to licensed
Yes
(Qxxxxxxx) programs
Licensed program libraries
Updates to licensed
directories Yes
programs
(/QIBM/QOpenSys/QIBM)
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Save window
– System and data at known point
– Not changing for period of time
8 - 12 hours with no
Simple
system activity
4 - 6 hours with no
Medium
system activity
Notes:
Realistically, when you run the save procedures, how you run your save procedures and
what you save, all of these things depend on the size of your save window. Your save
window is the amount of time that your system can be unavailable to users while you
perform your save operations. To simplify your recovery, you need to save when your
system is at a known point and your data is not changing.
To determine which save strategy is the best strategy for your business, you will have to
balance what your users think is an acceptable save window versus the value of the data
you might lose and the amount of time it may take to recover that data in case it is lost or
damaged.
If your system is so critical to your business that you do not have a manageable save
window, you probably cannot afford an unscheduled outage either. In this case you should
seriously evaluate all of the availability options of IBM i, including implementing a dual
systems environment.
Uempty Based on the size of your save window, you will choose one of the following save
strategies. Then reevaluate your decision based on how your save strategy positions you
for a recovery.
• Simple save strategy: If you have a long save window, 8 to 12 hours available daily
with no system activity including batch work, then implementing a simple save strategy
is the best option.
• Medium save strategy: If you have a shorter block of time, 4 to 6 hours available with
no system activity during this time, then implementing a medium save strategy is the
best option.
• Complex save strategy: You have a short save window, which means that there is little
or no time when your system is not being used for interactive or batch work, then
implementing a complex save strategy is the best option.
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Or
• Save everything once per week and save all user data nightly.
– Issue GO SAVE; then select option 23 (All user data).
Notes:
The simplest save strategy is to save everything every night or during the off-shift hours.
The simplest way to save the entire system is to use option 21 – Save Entire system from
the Save menu. You can schedule option 21 to run without an operator (unattended) at a
specified time.
You can also use this method to save your entire system after you upgrade to a new
release or apply program temporary fixes (PTFs).
You may find that you do not have enough time or enough tape unit capability to run option
21 without an operator. You can still employ a simple strategy:
• Daily: Save everything that changes often.
• Weekly: Save the things that do not change often.
Choosing Option 23 – Save all user data on the Save menu saves those things that change
regularly. Option 23 can be scheduled to run attended or unattended. To run unattended
you must have enough online backup media capacity.
Uempty If your system has a long period of inactivity on the weekend, your save strategy might look
like this:
Friday night: Save menu option 21
Monday night: Save menu option 23
Tuesday night: Save menu option 23
Wednesday night: Save menu option 23
Thursday night: Save menu option 23
Friday night: Save menu option 21
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Or
Daily: Save journal receivers.
Or
Save changed objects
Daily:
(SAVCHGOBJ, SAVDLO, SAV).
Or
Save groups of libraries, folders, and
Daily:
directories (simplified with BACKUP menu).
Notes:
You might find that you do not have a long enough save window to use the simple save
strategy. Perhaps you run large batch jobs on your system at night. Or, you have very large
files that take a long time to save. If this is the case, you may need to develop a medium
save strategy, which means that the complexity for saving and for recovery is medium.
When developing a medium save strategy apply this principle: the more often the data
changes, the more often you should save that data. When using the medium save strategy
you need to be more detailed in evaluating how often your data changes.
Several techniques are available to help you implement a medium save strategy. You can
use one or several or a combination of these strategies.
• Saving changed objects
• Journaling
• Database files and saving the journal receivers
• Saving groups of libraries, folders, or directories
Uempty
Notes:
A very short save window requires implementing a complex save strategy for both saving
your data and for performing a recovery of this data in case of a system failure or a loss of
user data. You will use the same tools and techniques that are described for a medium
save strategy but you will be implementing these strategies at a greater level of detail. For
example, you may need to save specific critical files at specific times of the day or week. If
you will be implementing a complex save strategy then you may also want to consider
using IBM i Backup Recovery and Media Services (BRMS).
Saving your system while it is active is often necessary when implementing a complex save
strategy. The save-while-active (SAVACT) parameter is supported on the following
commands:
• Save Library (SAVLIB)
• Save Object (SAVOBJ)
• Save Changed Objects (SAVCHGOBJ)
• Save Document Library Object (SAVDLO)
• Save (SAV)
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
If you use save-while-active support, you can significantly reduce the amount of time that
files are made unavailable. When the system has established a checkpoint for all objects
being saved, the objects can be made available for use. Save-while-active support can be
used in combination with journaling and commitment control to simplify the recovery
procedure. If you choose to use save-while-active support, make sure that you understand
that process and monitor how well checkpoints are being established on your system.
You can also reduce the amount time that files are unavailable by performing save
operations on more than one save device at a time, or performing concurrent save
operations. For example, you can save libraries to save device number one, folders to save
device number two, and save directories and other IFS objects to a third save device.
Another way to set up a concurrent save operations is to save different sets of libraries or
objects to different save devices.
Another time saving strategy to your data is to use multiple save devices simultaneously by
performing a parallel save operation. This is useful if most of your data is contained in a
single library. To perform a parallel save operation, you need Backup Recovery and Media
Services or an application that allows you to create media definition objects.
For more information on save-while-active support, concurrent save operations, and
parallel save operations, refer to the Systems Management Recovering Your System
Guide SC41-5304.
If your situation requires a medium save strategy or a complex save strategy, it also
requires regular review, of the following:
• Are saving everything occasionally?
• What do you need to do, to recover to the known point (4) on the backup and recovery
timeline?
• Are you using options like journaling or saving changed objects to help you recover to
the failure point (5)? Do you know how to recover using those options?
• Have you added new applications? Are the new libraries, folders, and directories being
saved?
• Are you saving the IBM-supplied libraries that contain user data (QGPL and QUSRSYS)?
• Have you tested your recovery?
The best way to test if your save strategy is a sound strategy is to perform a full recovery.
Although you can test a recovery on your own system, doing so can be risky. If you have
not saved everything successfully, you may lose information when you attempt to restore
the data. A number of organizations offer recovery testing as a service. IBM Business
Recovery Services is one organization that can assist you with recovery testing.
Uempty
Availability options
IBM i
Planning complexity:
- Hardware Minimal Careful planning Careful planning
- Software Significant Minimal Minimal
Operational and
management Average Minimal Minimal
complexity
Possibly more disk and Double the disk; possibly One or two disk units per
Additional hardware
separate ASPs more controllers and IOPs parity set
Notes:
Data loss after a Minimal loss to file None of the data is None of the data is
single disk failure. data if good lost. lost.
backups are
available.
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Has this relative impact on the recovery time for these failure types:
Program
This save or availability option: DASD System Power loss failure Site loss
Save operations + + + + +
File journaling ++ ++ ++ +
User ASPs ++
Notes:
The availability options (save operations, journaling, access path protection, mirroring, and
so forth.) are rated in terms of relative impact on recovery time for various failure types
(DASD, power failure, site loss, system loss, and so forth).
The number of plus signs (+) in a column indicates that option's impact compared to the
other options. An option with more pluses has greater relative impact.
Uempty
Program
This save or availability option: DASD System Power loss failure Site loss
Save operations
File journaling
User ASPs
Mirrored protection ++
Dual systems + + +
Notes:
The number of plus signs (+) in a column indicates that option's impact compared to the
other options. For example, mirrored protection is more likely to prevent you from having to
recover from a DASD failure than device parity protection and dual systems. However,
device parity protection and dual systems, while not as effective as mirrored protection, are
more effective than the other options.
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Notes:
The objective of a disaster recovery plan is to ensure that you can respond to a disaster or
other emergency that affects information systems and minimize the effect on the operation
of the business.
When you have prepared the information described in this topic collection, store your
document in a safe. This safe should be in a location that is off site, that is easily and
readily accessible and ideally, this would be a fireproof safe.
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
IBM i Information Center:
http://publib.boulder.ibm.com/infocenter/iseries/ > i 7.1 > IBM i 7.1 Information Center >
Systems management > Backup and recovery > Planning a backup and recovery strategy
Describes a method, in 13 sections, how to create and maintain a detailed Disaster
recovery plan.
Section 1. Major goals of this plan (as shown by the previous slide)
Section 2. Personnel, including a table describing all required information of involved
personnel.
Section 3. Application profile: Use the Display Software Resources (DSPSFWRSC)
command to complete this table.
Section 4. Inventory profile: Use the Work with Hardware Products (WRKHDWPRD)
command to complete this table. A second table with miscellaneous inventory should be
filled in.
Section 5. Information services backup procedures
Uempty Section 6. Disaster recovery procedures: For any disaster recovery plans, the following
elements should be addressed:
• Emergency response procedures
• Backup operations procedures
• Recovery actions procedures
• Disaster action checklist:
• Recovery start-up procedures for use after a disaster
Section 7. Recovery plan: Mobile site including a checklist, and:
• Mobile site setup plan
• Communication disaster plan
• Electrical service
Section 8. Recovery plan – hot site: The disaster recovery service provides an alternate hot
site. The site has a backup system for temporary use while the home site is being
reestablished.
Section 9. Restoring the entire system: To get your system back to the way it was before
the disaster, use the procedures on recovering after a complete system loss in Systems
management: Backup and recovery.
Section 10. Rebuilding process
Section 11. Testing the disaster recovery plan
Section 12. Disaster site rebuilding
Section 13. Record of plan changes: Keep your current plan. Keep records of changes to
your configuration, your applications, and your backup schedules and procedures.
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Comment Legend:
1. Runs daily.
2. Runs weekly on _________.
3. Runs monthly on _________.
Application profile
Manufacturer Description Model Serial No. Owned or Cost
Leased
Note:
1. This list should be audited every _______________months.
2. This list should include:
Processing units System printer
Disk units Tape and diskette units
Models Controllers
Workstation Controllers I/O Processors
Personal computers General data communication
Spare workstations Spare displays
Telephones Racks
Air conditioner or heater Humidifier or dehumidifier
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Miscellaneous inventory
Description Quantity Comments
Related reference
Section 12. Disaster site rebuilding
Use this information to do disaster site rebuilding.
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
4. Contact power and telephone service suppliers and schedule any necessary service
connections.
5. Notify ___________ immediately if any related plans should change.
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Related tasks
Disaster action checklist
This checklist provides possible initial actions that you might take following a disaster.
Related reference
Section 9. Restoring the entire system
You can learn how to restore the entire system.
Electrical service
You can attach the electrical service diagram here.
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Not
Item Yes No Applicable Comments
Applicable
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Not
Item Yes No Applicable Comments
Applicable
Areas to be tested
1. Recovery of individual
application systems by
using files and
documentation stored
off-site
2. Reloading of system save
media and performing an
initial program load (IPL)
by using files and
documentation stored
off-site
3. Ability to process on a
different computer
4. Ability of management to
determine the priority of
systems with limited
processing
5. Ability to recover and
process successfully
without key people
6. Ability of the plan to
clarify areas of
responsibility and the
chain of command
7. Effectiveness of security
measures and security
bypass procedures
during the recovery
period
8. Ability to accomplish
emergency evacuation
and basic first-aid
responses
9. Ability of users of real
time systems to cope with
a temporary loss of online
information
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Uempty
Checkpoint
IBM i
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 14. Backup and recovery planning 14-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit summary
IBM i
Notes:
References
Basic System Operations Topic in IBM Power Systems with IBM i
Information Center or view New IBM i User
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit objectives
IBM i
Notes:
We review where to look for information about activity in the system. You learn steps that
you can take to improve system performance and avoid system problems.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Problem determination
IBM i
Notes:
We begin with a basic review of problem determination aids on the IBM Power System with
IBM i.
Uempty
• Problem determination:
– Identifying the problem
– Identifying the effects of this problem
Notes:
The terms problem determination and problem source identification are often joined
together into yet another acronym, PD/PSI. While this might seem to be an unnecessary
duplication of terms, it conveys that there is an important distinction between the following
components of problem analysis:
• Problem determination (PD): The process of finding out exactly what the problem is
and what its effects are
• Problem source identification (PSI): The process of finding out what has caused the
problem
In some cases, it is not possible to give a complete explanation of the cause of a problem.
Your service provider, with the assistance of appropriate diagnostic information, can
recommend a course of action to recover from a problem.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Classification of symptoms
IBM i
Notes:
External symptoms
The first objective of problem isolation is to define the external symptoms accurately. The
external symptoms are the attributes of the incident that first drew attention to the existence
of a problem. One or more of the following symptoms can be present:
• Incorrect output: The displayed or printed output from a job is not as expected.
• Messages: There are error messages in the job log, system operator message queue,
or the system history log.
• Wait: A job, many jobs, or the entire system can stop processing with little CPU activity.
• Loop: A job, or many jobs, can consume large amounts of CPU, precluding normal
processing.
Uempty
Hint
The job or IBM Power System with IBM i is either in a loop or a wait state. There is no such
thing as a “hang”.
Internal symptoms
The second objective of problem isolation is to find one or more internal symptoms. Any
number of internal symptoms can contribute to an external symptom. Each internal
symptom has a special diagnostic plan that requires the collection of specific information.
• Where messages are concerned, it is necessary to record any return codes, sense
codes, dump identifiers, and qualifiers.
• When a loop is encountered, it is necessary to determine if there is a single job involved
in the loop or if the entire IBM Power System with IBM i is affected.
• When a wait condition is encountered, it is necessary to determine whether the wait is
at a job or a system level.
• Messages are the key indicators in determining if a lock condition is held within a job
environment or between jobs.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
IBM Syste
ms
Director
Navigato WRKS
Y
r for i DSPL SSTS
DSPM O G Q
S G Q HST
S Y SO
CPYSCN PR
STR
OB
WRKJ OG WRKP
L
JOB TJOB RB
C
WRKA
Notes:
The system cannot solve all problems for you, so to help you, IBM i provides you with the
description of a problem and tools to help solve it. These tools (CL commands, menus,
displays, message queues, and logs) are provided as part of IBM i.
How your server manages problems:
The problem analysis functions that are provided by your server allow you to manage both
system-detected and user-defined problems. Your server provides functions for problem
analysis, problem logging and tracking, problem reporting, and problem correction. The
structured problem management server helps you and your service provider quickly and
accurately manage problems as they occur on the server.
Here is an example of the flow when managing a problem:
1. The server detects a hardware error.
2. An error notification is sent to the server.
3. A problem record is created with configuration information, a system reference code,
the name of the reporting device, and other information.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The contents of this Redbook are:
Part 1 Service tools for operators
Chapter 1 Problem determination overview
Chapter 2 IBM Power System with IBM i information documents
Chapter 3 Easy data collection
Chapter 4 Collecting messages
Chapter 5 Job information, job logs and spooled files
Chapter 6 Collecting the history log (QHST)
Chapter 7 Problem log and Save APAR Data
Chapter 8 Power problems
Part 2 Service provider and advanced service aids
Chapter 9 Initial program load (IPL)
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Notes:
The Work with Active Jobs (WRKACTJOB) command allows you to work with performance
and status information for the active jobs in the system. The sequence of jobs can be
changed with the Sequence (SEQ) parameter or through operations on the display. Other
parameters allow the selection of jobs to be shown on the display.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The Work with Active Jobs display shows the performance and status information for jobs
that are currently active on the system. All information is gathered on a job basis. The jobs
are ordered on the basis of the subsystems in which they are running. Jobs that run in a
subsystem (autostart jobs, interactive jobs, batch jobs, readers, and writers) are
alphabetized by job name and indented under the subsystem monitor job field they are
associated with. Subsystem monitors (with the jobs in the subsystem grouped under each
monitor job) are alphabetized and presented before system (SYS) jobs. The system jobs
(SCPF, QSYSARB, QLUS) are alphabetized by job name and presented following the
subsystem monitors and jobs within the subsystems.
Uempty
Notes:
The Work with Job and the Display Job menus allow you to select options to work with or to
change information related to a user job.
Information about the following options can be shown regardless of where the job is located
in the system (on a job queue, on an output queue, or active):
• Job status attributes
• Job definition attributes
• Spooled file information
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The Work with Job Run Attributes display, and the Display Job Run Attributes display, show
run attributes that are defined in the class object associated with the job. Note that F9 from
this display, allows you to change job attributes.
Uempty
Notes:
The Display All Messages display shows you the commands processed by the job and the
messages returned from running those commands. All available messages are shown,
including those not normally seen on the original display.
If you are displaying a batch job, you can see commands that are still to be processed
(identified by "..").
For specific information about messages, put the cursor on the message you want
information about and press the Help key. An additional message information display will
then be shown.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Ending a job
IBM i
Notes:
Option 4=End
Use this option to run the End Job (ENDJOB) command; the job's spooled files are not
deleted unless the default for the Delete spooled file (SPLFILE) parameter is overridden by
using the Parameter's input field. Unless the OPTION parameter is overridden by using the
Parameter's input field, a controlled end is performed as if the End Job (ENDJOB) command
were typed with all the default parameter values assumed. The End Reader (ENDRDR) or
End Writer (ENDWTR) command (with OPTION(*CNTRLD)) is issued if this option is selected
for a spooling reader or spooling writer job. This option is not valid for system or subsystem
monitor jobs. END replaces the status field if the command runs successfully.
The End Job (ENDJOB) command ends the specified job and any associated inline data
files. The job can be on a job queue, it can be active, or it can have already completed
running.
Uempty
Notes:
The End Job Abnormal (ENDJOBABN) command ends a job that cannot be ended
successfully by running the End Job (ENDJOB) command with *IMMED specified for the
How to end (OPTION) parameter. The ENDJOBABN command cannot be issued against a
job until 10 minutes have passed following the request for immediate ending. This allows
sufficient time for normal job ending functions to be attempted.
When the ENDJOBABN command is issued, most of the end-of-job processing is bypassed
(including spooling of the job log, the end of job display for interactive jobs, and the
end-of-job processing for the specific functions that are being performed). The part of the
end-of-job processing that is attempted is allowed only five minutes to complete. If it does
not do so in five minutes, the job is forced to end at that point. Because some of the job
cleanup is not performed, the ENDJOBABN command should only be used when a job that
is in the process of immediate ending does not finish ending and resources in use by the
job are needed by another job or by the system. When the ENDJOBABN command is used,
some resources in use by the ended job may be left unavailable until the next IPL.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The Display Messages (DSPMSG) command is used by the display station user to show the
messages received at the specified message queue. If the message queue is not allocated
to the job in which this command is entered or to any other job, it is implicitly allocated by
this command for the duration of the command. When the messages are shown, options
are also shown that allow the user to either remove one or more messages from the queue
or to enter a reply to each inquiry message.
To display the system operator message queue enter the DSPMSG QSYSOPR command.
Uempty
History log
IBM i
• System history
– Automatically logs system activity
• Job information (start/stop times)
• Component failures
• Critical IBM Power Systems with IBM information
– Storage thresholds
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Collection of messages
summarizing system
activity:
– IBM Power Systems with QHSTyydddn
IBM i information
QHSTLOGSIZ
– Job information
– Device status changes
– System operator messages
'A LOG VERSION'
– PTF activity
Notes:
Uempty
DSPLOG
IBM i
Notes:
The Display Log (DSPLOG) command shows the system history log (QHST). The history log
contains information about the operation of the system and system status.
The display contains the messages sent to the log, the date and time the message was
sent, and the name of the job that sent it.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
DSPLOG QHST
IBM i
Notes:
This view of the log shows all system activity.
Uempty
Notes:
The Work with Files (WRKF) screen allows you to see and perform housekeeping on the
system history log (QHST*) files.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Copy screen
IBM i
I need some
assistance.
STRCPYSCN
Let me see
what is happening
Remote assistance on your
workstation.
or problem determination
Notes:
The Start Copy Screen (STRCPYSCN) command allows you to copy the screens of another
display station on your display station to observe what is happening and diagnose
problems.
If the STRCPYSCN command is used to copy displays from a source device that has the
wide-display feature to an output device with a regular-width display, the command is
accepted, but wide-display images are not shown and an informational message is sent to
the target work station indicating that the display was not shown.
If the STRCPYSCN command is used to copy displays from a source device that supports
graphic DBCS characters, the command is accepted and character information is shown,
but graphic DBCS characters appear as single byte. No message is sent.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
A wealth of information is available about the jobs on your system. Expand your IBM Power
Systems with IBM i icon and Work Management. Double-click Active Jobs.
From the menu bar, select Options and Columns. The information available to display in
the right panel has to do with the jobs performance statistics of the jobs. Select any or all of
the columns of interest, particularly any columns that seem to relate to the problem at
hand.
Right-clicking a job gives access to the following information about the job:
• Call stack
• Library list
• Locked objects
• Open files
• Threads
• Transactions
• Elapsed performance statistics
• SQL
Uempty
Notes:
One of the details (right-clicking the job name) is the job log (a history of the job's activity).
Additional details of the job log can be seen by selecting additional columns of information.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
This is another way to get a job's performance statistics.
Uempty
Notes:
Job properties will show you all of the information related to your job. Consider how
knowing or being aware of the information displayed through these panels could be helpful
when solving problems related to your jobs.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
These System i Navigator screens of a job's attributes allow a user to monitor and alter the
job's performance metrics and control printed output.
Uempty
Notes:
These System i Navigator screens of a job's attributes allow a user to change how
messages and the job log are handled within the job.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
These System i Navigator screens of a job's attributes allow a user to monitor and alter the
job's server and security attributes.
Uempty
Notes:
These System i Navigator screens of a job's attributes allow a user to monitor and alter the
job's date, time and international attributes.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
These System i Navigator screens of a job's attributes allow a user to monitor and alter the
job's thread and resource attributes.
Uempty
End a job
IBM i
Notes:
If you need to end a job, right-click the job name and select Delete/End. Note the job
name, number, and user. These three items are the unique job identification.
When a controlled end is chosen, the job is given a time limit to end. When the time limit
expires, the job begins an immediate end.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Obtain the complete job identification from the active jobs display.
If you have requested an end to a user’s job, but after ten minutes it still has not ended, you
can use ENDJOBABN.
Use ENDJOBABN only when you must, since it does not close any files the job has open.
The same applies for any other end-of-job processing.
Uempty
Notes:
By checking the performance statistics of the memory pools, you might be able to identify
some system performance problems.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
These System i Navigator screens allow a user to monitor the system operator message
queue.
Uempty
Notes:
A variety of system messages can indicate conditions that range from simple typing errors
to problems with system devices or programs. Error messages can be sent to a message
queue or to a program and shown on a display. Messages may be one of the following:
• An error message on your current display
• A message regarding a system problem that is sent to the system operator message
queue, QSYSOPR
• A message regarding a device problem that is sent to the message queue specified in a
device description
• A message regarding a potential sever system condition that is sent to the QSYSMSG
message queue, the system operator message queue, and other message queues
specified by the users
• An unexpected error message that is not handled by a program (shown on the Display
Program Messages display)
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Notes:
It is vital for the system to shut down normally so that internal directories can be written to
auxiliary storage. Damage to internal directories results in a very long IPL. It is also
important from your application point of view that any changes made to data are also
written to auxiliary storage.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Figure 15-40. Power down initiation using power push button or power switch OL1914.1
Notes:
Powering off your system by using the Power Switch.
What function does this action perform?
It allows the system to complete machine interface (MI) instructions that would be
interrupted during abnormal system end.
What happens on the system?
Objects referred to by MI instruction are marked as usable.
This will avoid a lengthy IPL.
When to perform this type of power down?
Perform this action when you cannot execute the PWRDWNSYS command. You should only
use the Power Switch if normal shutdown is not possible. You should use the Power Switch
instead of the Emergency Power Off switch.
Uempty
• You can:
– Recognize normal versus abnormal.
• System performance
• Job mix
– Get rid of unneeded objects.
• Clean up your system
Notes:
It is very important that you start observing your system using the commands shown
previously in this unit so that you are aware of the values presented under normal
circumstances. Then, when something abnormal does occur, it is easier for you to identify
it.
You also should do housekeeping on your system on a regular basis, so that the IBM
Power System with IBM i is not tracking unnecessary jobs or objects.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Uempty
Notes:
When you IPL, the system does some housekeeping of system jobs and workspace,
resulting in a more efficient IBM Power System with IBM i.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-47
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
GO CLEANUP, option 1 (or GO ASSIST, option 11, 2, then 1), allows you to change the
automatic cleanup options for messages, job logs and other system output, system
journals, and system logs. You have the option of keeping any of these items and still doing
automatic cleanup for the others. The number of days shown on this visual is the default.
Uempty
Journals Journals
• DIA files journal • Security journal
• DSNX journal • All user journals
• Problem databases journal
• Performance adjustment journal
• Job accounting journal
• OSI Message Services/400 journal
• Managed System Service/400 journal
• Application Enabler OFC files journal
• Application program driver files journal
• SNMP journal
Notes:
This chart shows exactly what is handled by the automatic cleanup and what objects you
still need to clean up manually.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-49
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
This visual continues the list of system objects that automatic cleanup affects.
Uempty
• RTVCLSRC
– PGM(QSYS/QEZUSRCLNP) SRCFILE(SOURCE-LIB/SOURCE-
FILE)
• STRPDM
– Use SEU to code additional functions.
Notes:
The IBM-supplied automatic cleanup program is called QEZUSRCLNP. You can add
additional function to this program if you choose.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-51
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Reorganize file
IBM i
DELETED
MEMBER SIZE_ _ _ _ _ _ _ _RECORDS RECORDS
Notes:
The Reorganize Physical File Member (RGZPFM) command removes deleted records from
(compresses) one member of a physical file in the database, and it optionally reorganizes
that member.
A file description shows how many deleted rows (records) it has.
Also check large files for deleted records.
Reorganizing a file frees the space occupied by deleted records and can re sequence the
records so that it lends itself to faster processing.
Uempty
Notes:
Check the number of rows and the number of deleted rows of your large files. The space
occupied by deleted records/rows can be regained by reorganizing the file.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-53
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
*FILE *SAVF
SAVSAVFDTA
SAVOBJ CUSTMAST
CUSTMAST CUSTMAST
Wasted
space on
system
CLRSAVF FILE(SAVE-FILE-NAME)
Notes:
Once a save file has been copied to tape (SAVSAVFDTA), the information in the save file no
longer needs to be kept on disk. Running CLRSAVF frees up disk space, but leaves the
save file itself there for the next time it is needed.
Uempty
Notes:
To run RCLSTG, the system must be in a restricted state. Depending on the amount of
DASD on your system and the number of objects, RCLSTG may take a number of hours to
run. It can, however, clear up problems with objects that cannot be addressed any other
way.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-55
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
RCLSTG command
IBM i
Notes:
The RCLSTG command attempts to correct objects that were incompletely updated such as
database files, libraries, device descriptions, user profiles with incorrect object ownership
information, directories and stream files. Any unusable objects or fragments are deleted.
The command has four parameters: Estimate, Select, Omit and ASPDEV.
ESTIMATE – specifies whether to calculate an estimate of the amount of time that the
RCLSTG command will take to run. The estimate is calculated by using statistics collected
during previous RCLSTG operations and the values specified for the other RCLSTG
parameters. The options are *YES or *NO, with *NO as the default.
SELECT – specifies whether to run all reclaim functions or only one specific reclaim
function. The choices for this parameter are *ALL, *DBXREF and *DIR. *ALL is the default.
This parameter tells the system to reclaim the database cross reference table and all file
objects or the directory and its IFS objects, or both.
Uempty
OMIT – specifies the reclaim functions that you would like omitted during the reclaim
process. The choices are *NONE, *DBXREF or *DIR. *NONE is the default.
ASPDEV – specifies the auxiliary storage pool (ASP) that is to be reclaimed. The options
are *SYSBAS (pools 1 through 32), an auxiliary-storage-pool-device-name (pools higher
than 32) or an auxiliary-storage-pool-group-name (wherein the primary and secondary
ASPs within the ASP group named) will be reclaimed. The default is *SYSBAS.
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-57
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Library QRCL
– Examine after running RCLSTG
– DSPLIB QRCL
Notes:
After running RCLSTG, examine the contents of QRCL and QReclaim directory. The
QReclaim directory is for lost objects from the Root File system, while the QRCL is for lost
objects that normally reside in libraries.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-59
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Problem determination:
Lab exercise
© Copyright IBM Corporation 2012
Notes:
Uempty
Checkpoint (1 of 2)
IBM i
1. True or False: The process of finding out exactly what is the problem is problem
source identification.
3. The command to work with all of the active jobs on the IBM Power System with
IBM i is:
a. WRKJOB
b. WRKACTJOB
c. WRKSBMJOB
d. WRKSPLJOB
4. True or False: When displaying your job’s run attributes, you can select the F9 key
to change your job.
5. True or False: If your job has not ended after five minutes, you can submit the
ENDJOBABN command.
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-61
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Checkpoint (2 of 2)
IBM i
Notes:
Uempty
Unit summary
IBM i
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 15. Problem determination 15-63
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
References
Basic System Operations Topic in IBM i Information Center on View
New System i User
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Unit objectives
IBM i
Notes:
References: http://publib.boulder.ibm.com/infocenter/iseries/v7r1m0/topic/rzai8/rzai8.pdf
Uempty
Notes:
Backup Recovery and Media Services (BRMS) provides a robust, easy-to-use graphical
user interface to perform save and recovery operations and to manage media.
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Licenses
Networking 1 1 1
Notes:
This chart outlines the program numbers and options for the Backup Recovery and Media
Services software.
Reference: http://publib.boulder.ibm.com/infocenter/iseries/ IBM i 7.1 > IBM i 7.1
Information Center > Systems management > Backup and recovery
Uempty
Primary functions:
Backup and recovery (license *BASE option)
Notes:
BRMS is an integrated and comprehensive tool for managing the backup, archiving, and
recovery environment for a single system or multiple systems in a site, or across a network
where data exchange by tape is required.
Backup
The key to maximizing the availability of a system is to reduce the backup window, while
still allowing for simple system recovery. BRMS is designed to perform very complex
backups easily. Backups are easy to define, and easy to change. Full error checking is
performed by BRMS to ensure that errors do not go unnoticed by operators. BRMS offers
full-function backup facilities, including keywords to match the normal save keywords (such
as *IBM and *ALLUSR), *EXITs to allow processing of user commands or programs during
the backup procedures, full incremental or noncumulative incremental saves, saves to
save files, saves to virtual tape, and save while active.
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Recovery
BRMS offers a step-by-step recovery which is in the form of a report printed during the
maintenance command. BRMS has full and detailed feedback during the recovery process
- with an auto-refresh screen, updated as each library is restored.
Networking
The BRMS Network feature enables a BRMS system to interconnect through a network to
other BRMS networked systems. A networked BRMS system can share the inventory and
policies that are associated with media that is managed by a central BRMS system. A
BRMS networked system can be another System i platform or System i logical partition.
You can also use the network feature to distribute messages sent to the Backup and
Recovery Log. You can send up to 5000 bytes of any message electronically to a cellular
telephone, pager, or mailbox which uses an Internet address.
Archival of data
Data archiving is important in sites where large volumes of history data must be kept and
rapid access to this information is not required. BRMS will archive data from DASD to tape
and track information about objects that have been archived. Locating data in the archives
is very easy, and the restore can be triggered from a work-with screen.
Dynamic retrieval
It allows archived data to be dynamically restored back to DASD. Dynamic retrieval
provides support for all database files. At file open, BRMS will restore the file with no
interaction required other than tape mounts. In a tape library environment no operator
intervention is required.
Hierarchical storage management (HSM)
Hierarchical storage management (HSM) provides an automatic way of managing and
distributing data between the different storage layers in order to meet the users' needs for
accessing data while minimizing the overall cost. The concept of HSM involves the
placement of data items in such a way as to minimize its accessibility. BRMS provides an
interface to utilize this feature.
Uempty
Features
Graphical interfaces
Tailored save operations
Lotus server online and incremental saves
Enhanced save-while-active functions
Parallel save and restore support
Network feature
Media and device management
Step-by-step disaster recovery
Notes:
On the IBM i operating system, you can perform backup and recovery operations in several
ways. You can use local save and restore commands or the Save menu options, or you can
create CL programs. However, BRMS provides a more dynamic solution for your backup
and recovery needs, enables you to manage your media, provides archiving capabilities for
infrequently used objects. It also maintains a history of all saved items, which simplifies the
restore process and enables BRMS to create a detailed recovery report. BRMS provides
the following added functions that other backup solutions do not have:
Graphical interface
The BRMS graphical interfaces are available as a plug-in for the IBM i Navigator client and
for the IBM Systems Director web environment. The BRMS interface provides more
granular backups of individual files and directories, the ability to create control groups to
manage archives and backups on your system, a simple save history query function to
quickly locate items to restore, and an easy, effective method of managing media and
devices used for BRMS save operations.
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Note
It is recommended that after every scheduled backup, you print your disaster recovery
report. In the event of an unplanned system outage, this report will guide you through a
recovery of your entire system.
Uempty
Notes:
BRMS is an IBM product and has the familiar IBM i look and feel. Just as for IBM i, base
BRMS function is accessed through the standard IBM i system interface. BRMS has its
own CL commands. These can be included into a CL or HLL program.
BRMS has a significant amount of online help text. This is available through the standard
pop-up windows, with function keys for full screen display. Some functions have up to 30
screens of help text associated with them.
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-9
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
BRMS: Restrictions
IBM i
Restrictions
Tape volumes (physical and virtual) must have a unique volume ID.
There is no support for:
Diskette
Unlabelled or nonstandard labeled tapes
It does not support SAVSTG, CPYTOTAP, or CPYFRMTAP natively.
It cannot run on the same system as other tape management
software.
Notes:
Incompatible with other tape management solutions.
If you have another tape management solution installed on your system when BRMS is
installed, the existing tape management solution may no longer work correctly. This is due
to a low-level tape routine provided by IBM to many non-IBM tape management system
vendors. This routing intercepts any tape activity and calls a nominated program. If BRMS
is installed after one of these other products (even if for a trial), this routine will call the
BRMS program for checking tape activity, rather than the routine for the original product.
You can use the CPYTOTAP and CPYFRMTAP using BRMS by issuing the SETMEDBRM
command first.
Uempty
Notes:
The web site captured in the visual is the best place to get the most up-to-date details
about what specific tape hardware is supported for attachment to your IBM i system.
http://www-03.ibm.com/systems/storage/product/tape.html
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-11
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
FlashCopy creates a copy of the source system onto a second set of disk drives, which are
then attached and used by another system or logical partition (LPAR). The BRMS
implementation of FlashCopy provides a way to perform a backup on a system that has
been copied by FlashCopy and a BRMS history appears, as the backup is performed, on
the production system.
Important
If you plan to use online Domino backup, you must do the backup on the production
system. You must save all journal receivers on the production system to avoid journal
receiver conflict and to enable point-in-time recovery.
BRMS stores backup history and media information in a library called QUSRBRM. The files
in this library define both the setup of the BRMS environment and the dynamic information
gathered as a result of doing BRMS operations such as saves and restore tasks. This
Uempty information is critical to the recovery of the system. When using FlashCopy to create a full
system image, QUSRBRM is also copied from the production system to the backup system.
The slide shows two partitions:
1. A production partition for normal day-to-day processing
2. A backup partition for taking offline backups
The BRMS FlashCopy function requires the BRMS Network Feature product 5770-BR1
(IBM I 7.1). In order to use BRMS to perform a backup of the copy system, FlashCopy
function must be enabled on the production system. After you enable the BRMS FlashCopy
function, all backups that are performed on the backup system look like they were
performed on the production system.
For more Information see ITSO Redbooks: SG24-7120 iSeries and Total Storage: A Guide
to Implementing External Disk on eServer – found at the following site:
http://www.redbooks.ibm.com/abstracts/sg247120.html
SG24-7103 IBM System Storage Copy Services and IBM i: A Guide to Planning and
Implementation - found at the following site:
http://www.redbooks.ibm.com/redbooks/pdfs/sg247103.pdf
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-13
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
GO BRMS shows the BRMS main menu
The options 3, 4, and 5 only appear if the advanced functions (license option 2) are
installed.
Uempty
Notes:
The Work with Media using BRM (WRKMEDBRM) command (or option 1 and then option 2 of
the BRMS main menu) works with active, expired, requiring initialization, in error, or all
media volumes in the BRMS media inventory by creation and expiration date for any or all
locations. Like all other IBM i commands, there are several parameters that are used with
this command to tailor the display or printed report that are generated. The report that is
produced is the Media report. The report, if printed, is written to printer file QP1AMM.
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-15
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The Work with Media display is used to add, change, and remove media volumes in the
media inventory.
Perform media-related processes on single or groups of volumes in the media inventory.
Creation and expiration dates as well as current storage location, current container, and
last move dates are displayed for each volume.
Use F11 to view more information, such as cartridge type, virtual catalog, volume statistics,
and so on.
From this display, most media management functions can be accessed and performed.
Uempty
Notes:
The Work with Media Information using BRMS (WRKMEDIBRM) command displays media
information based on libraries, date ranges, and sequences. This command can be started
from the command line, or through option 13 at the WRKMEDBRM display. The display shows
the date and time each library was saved, the type of save, the volume serial, and its
associated expiration date, the number of objects that were saved, and the number that
were not saved.
Using the default on the command will display all of the BRMS save history, with the most
recent save information displayed first.
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
A new column of Parallel Devices was added at V5R4. This column will display how many
device resources were used during parallel processing.
This display lists all saved items (libraries, special values, integrated file system information
and so on) saved by BRMS with their accompanying save information.
This screen allows you to remove saved items from the save history, display saved items or
restore saved items.
You can select object detail to review or restore objects from selected saves, provided
information was saved at that level. (option 9)
Uempty
Notes:
The backup function is the cornerstone of the BRMS product. It is the option that controls
the save process, which ultimately determines how effectively a system can be restored.
Careful planning is required in determining a backup strategy before using BRMS.
Once the backup control group has been defined, performing a backup is simply a matter
of issuing a command STRBKUBRM (Start Backup using BRM), naming a single backup
control group, and specifying immediate or delayed start, and interactive or batch options.
The delayed option submits the backup job to run at a scheduled time. This is a 24-hour
clock submission time.
Conceptually, a backup control group is very much like a control language program (CLP).
A CLP consists of a list of commands that will run as part of calling up the CL program. A
backup control group is very similar in that it is used to identify a list of objects that are to be
saved as part of running this control group.
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-19
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
A control group defines a group of libraries, lists, and special values (starting with *) to be
backed up.
The WRKCTLGBRM display is used to create, change, copy, or delete control groups. You
can add, edit, or delete entries for subsystems to end or restart and hold or release job
queues.
You can perform an IPL after the backup.
Uempty
Recovery
IBM i
Notes:
BRMS provides facilities to allow you to document a recovery plan using contact lists and
activity lists.
Three recovery reports are printed during the maintenance command. The 'Recovery
Analysis Report' gives you step-by-step instructions to guide you through recovering your
system.
When using the *RESTORE option on a full system recovery, the information is displayed on
the screen and is used to guide you through the recovery. You need only use options on a
work-with screen that is refreshed automatically as libraries are restored.
Using BRMS networking allows you to restore information to a system different from the
system that performed the save.
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-21
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
The WRKMEDIBRM command will list data that has been backed up using BRMS.
From this screen, I can choose option 7 to restore a specific object that is being tracked by
BRMS. Using this method, makes the recovery or restore of this object very simple
because the system is keeping track of where this data is stored. BRMS will call for the
specific tape required and will know what sequence number on that tape to get the data
from. All of this information is automatically filled into the recovery command.
Uempty
Archive (1 of 4)
IBM i
Archive
Locate and list objects that have not been used recently.
Move these objects to tape and erase from disk.
This frees up disk space.
Retrieval
Restore objects back to disk when needed.
For *FILE, IFS, and DLO objects, BRMS optionally should auto-recall
when touched by a user, provided that they are archived with
STG(*FREE).
Notes:
Archiving is a save and delete in one operation.
Auto-recall (retrieval) can be transparent to a user when using a tape library. Auto-recall
can only be accomplished with a stand-alone if the volume with the information to be
retrieved is mounted and ready in the tape device. A normal restore operation would be
required otherwise.
BRMS archive and auto-recall functions are considered part of hierarchical storage
management. (This is part of the Option 2 – Advanced functions).
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-23
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Archive (2 of 4)
IBM i
Notes:
The first screen (Control group entries) is the result of option 2 at the WRKCTLGBRM
TYPE(*ARC) display. It shows which objects the archive job has to judge to determine if
they become an archive candidate. In this case, the objects residing in library ARH, and
those defined in the archive link-list ARHARCL are examined. The archive link-list can be
defined similar to the definitions used in the SAV command. (in this case it includes all
objects of the /home/arh subdirectory). The second screen Control group attributes) is the
result of option 8 at the WRKCTLGBRM TYPE(*ARC) display. Each BRMS control group
(Backup as well as Archive) is provided with lots of attributes. With Archive the specific
attributes that define the selection of archive candidates are shown in this slide. Actually, all
objects that are inactive for more than 30 days, are archive candidates.
Uempty
Archive (3 of 4)
IBM i
Notes:
The STRACRBRM command generates two reports based on the criteria specified when
creating the Archive control group. (1st report of the library objects. Spooled file: QP1AARC.
2nd report of the subdirectory objects. Spooled file: QP1A1ARC) You must change the
default from *REPORT to *ARCHIVE in order to initiate the archive operation.
The report generated, first shows the criteria that you used to determine what objects are to
be archived. Then it lists the objects that are candidates to be archived, down to the
member level.
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-25
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Archive (4 of 4)
IBM i
Notes:
The report generated due to the archive link-list, also first shows the criteria that you used
to determine what objects are to be archived. Then it lists the objects that are candidates to
be archived.
Create a control group using WRKCTLGBRM *ARC with a list of items to compare with your
criteria.
Uempty
Notes:
Through the migration function, BRMS offers a full-functioned HSM solution whereby data
can be migrated between user ASPs according to policies, and then migrated to tape for
later auto-recall. Objects that are eligible for migration between ASPs are full libraries, and
root level folders. Spoolfiles can be moved between user ASPs using the MOVSPLFBRM
command.
“Compressed DASD” is available which gives existing disk units the ability to store 2-4
times as much data, when compressed by a compression-capable IOP. The DASD
performance will be slightly reduced due to the compression.
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-27
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Only libraries, root folders, and spool files are eligible for migration.
Specify criteria for objects to migrate.
*DEMOTE or *PROMOTE through the hierarchy chain of user ASPs one
storage level at a time.
Notes:
Use the WRKCTLGBRM TYPE(*MGR) to create a control group that will list items to compare
with the criteria you specify. Option 8 again provides the option to change the attributes. In
this case, all objects in the library ARH (as defined through option 2 on the control group)
must have a size of greater or equal to 1 MB before the library is promoted to a faster
medium. And all objects in the library ARH must be older than 364 days, before the library
is demoted to a slower medium.
Use the STRMGRBRM command to generate a report listing the items that are candidates for
migration.
Change the default from *REPORT to *MIGRATE to initiate the migration.
Uempty
Notes:
BRMS offers the option to send the saved user data to the Tivoli Storage Manager (TSM)
backup tool.
You would set up the communications protocol that will be used by this interface to connect
to the Tivoli server.
Once Tivoli is set up and working, then there is a set of APIs to download from the BRMS
web site along with the instructions on how to set up the APIs. Once these are in place, you
can use the standard BRMS interface as the way to manage the backup and recovery of
your data. The only difference, and the way to tie this into Tivoli, is that when it comes time
to back up the data, instead of pointing to a tape device you tell it the name of the
communications device used by the Tivoli interface. Now the save is being sent through
this communications device to the Tivoli server.
The old name of the TSM application, was ADSM. BRMS still uses the special value *ADSM
to configure the interface with TSM.
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-29
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Note
Only user data can be saved to a Tivoli server. You can not save system data using this
method of backup. This solution is used by infrastructures, where IBM i server(s) form a
minor part. If more than 100 GB – 150 GB of data is to be saved each night at an IBM i
server, it is not recommended to use the Tivoli Storage Manager interface.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-31
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
IBM i Navigator
IBM i
Notes:
Uempty
Notes:
As an alternative to the character-based interface, BRMS provides a full function graphical
user interface (GUI). The BRMS GUI is a plug-in for the IBM i Navigator installed client
application and the IBM Systems Director Navigator for i web browser environment.
Save file encryption and optical media encryption are not supported.
If you are using encrypted independent auxiliary storage pools (ASPs) and want to have
the data remain encrypted when you save them to tapes, you need to use the software
encryption function provided in the backup and archive control groups to encrypt the data;
otherwise, the data will be decrypted when you save them to tapes.
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-33
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
Both System i Navigator and System Director Navigator for i have plug-in support for
Backup Recovery and Media Services.
Uempty
Notes:
Excellent web site to know about and to get the most up-to-date information regarding
BRMS and Navigator.
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-35
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
BRMS functions supported by System i Navigator and System Director Navigator for i vary
by release of the operating system and they can be explored in the IBM i Information
Center.
Uempty
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-37
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Notes:
This visual pictures the BRMS web site for more information.
Uempty
Notes:
Product information links for BRMS are displayed.
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-39
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Publications
IBM i
Notes:
For more information, check the following publications:
SC41-5345-07, BRMS Reference,
SC41-5309, Automated Tape Library and Planning, and
SG24-4840, A Practical Approach to Managing BRMS for OS/400.
www.redbooks.ibm.com
Uempty
IBM i Navigator
http://www-03.ibm.com/servers/eserver/iseries/navigator/
Storage Web site (tape)
http://www-03.ibm.com/servers/eserver/iseries/hardware/storage/
IBM i Network
http://www.systeminetwork.com/
Backup basics and BRMS chapters
System i Magazine backup and recovery FAQs
Commonly asked backup and recovery questions
IBM i Information Center
http://publib.boulder.ibm.com/iseries/
Notes:
IBM i Navigator
http://www-03.ibm.com/servers/eserver/iseries/navigator/
Storage Web site (tape)
http://www-03.ibm.com/servers/eserver/iseries/hardware/storage/
IBM i Network
http://www.systeminetwork.com/
• Backup basics and BRMS chapters
• System i Magazine backup and recovery FAQs
• Commonly asked backup and recovery questions
IBM i Information Center
http://publib.boulder.ibm.com/iseries/
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-41
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Education
AS28/OV28 Backup, Recovery and Media Services (BRMS)
for IBM i
Notes:
Uempty
Checkpoint (1 of 2)
IBM i
1. True or False: If you only need to save and restore your data, you only
need to install the *Base BRMS software.
3. True or False: BRMS requires that all of the volumes that it is going to
manage must have a unique volume ID.
4. True or False: BRMS will work systems that are part of an SAN.
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-43
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Checkpoint (2 of 2)
IBM i
8. True or False: The BRMS home page has useful links to help
you learn how to use this software to its maximum potential.
Notes:
Uempty
Unit summary
IBM i
Notes:
© Copyright IBM Corp. 1995, 2012 Unit 16. Introduction to Backup Recovery and Media Services 16-45
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Checkpoint solutions (1 of 2)
IBM i
Checkpoint solutions (2 of 2)
IBM i
Checkpoint solutions
IBM i
Checkpoint solutions
IBM i
3. Which of the following is not one of the modes you can select for your
system?
a. Manual
b. Normal
c. Automatic
d. Secure
e. Lockdown
The answer is lockdown.
© Copyright IBM Corporation 2012
Checkpoint solutions
IBM i
Checkpoint solutions (1 of 3)
IBM i
1. True or False: User profiles are one of the security components available to
implement security on the system.
The answer is true.
3. The *ALLOBJ special authority allows a user access to all system resources.
a. *ALLOBJ
b. *JOBCTL
c. *SPLCTL
d. *SECADM
e. *SERVICE
The answer is *ALLOBJ.
Checkpoint solutions (2 of 3)
IBM i
Checkpoint solutions (3 of 3)
IBM i
7. The maximum number of group profiles that a user can belong to is?
a. 16
b. 32
c. 64
d. *NOLIMIT
The answer is 16.
8. True or False: With Management Central you can send a user profile to other systems in
your network.
The answer is true.
9. True or False. The same QSECOFR user ID and password is used to sign on to the
operating system and to service tools.
The answer is false.
10. True or False. I can recover the QSECOFR service tool profile by signing on with the IBM
i QSECOFR profile and using the CHGDSTPWD command.
The answer is true.
Checkpoint solutions (1 of 3)
IBM i
1. True or False: An object can be owned by multiple users on the system.
The answer is false.
2. True or False: The name of the primary group and its authority to the object are
stored in the object header.
The answer is true.
3. When an object does not have an owner specified, it gets assigned to the
QDFTOWN user profile.
a. *USER
b. *SECOFR
c. *SYSOPR
d. QDFTOWN
The answer is QDFTOWN.
4. True or False: The QCRTAUT system value is used to determine the public
authority for a newly created object.
The answer is true.
5. True or False: Read, add, and update are authorities that can be specified to the
object management authority for a specific object.
The answer is false.
© Copyright IBM Corporation 2012
Checkpoint solutions (2 of 3)
IBM i
6. True or False: OBJOPR, OBJMGT, and OBJEXIST are authorities that can be
specified to the data authority for a specific object.
The answer is false.
7. The very first thing that a system checks when determining if a user is allowed to
access an object is:
a. Group authority
b. Authorization list
c. Private authorities
d. All object access
The answer is all object access.
8. The maximum number of authorization lists that a user can be specified in is:
a. 16
b. 32
c. 64
d. No maximum
The answer is no maximum.
Checkpoint solutions (3 of 3)
IBM i
Checkpoint solutions
IBM i
Checkpoint solutions
IBM i
1. True or False: It is recommended that you only secure those objects that require
securing.
The answer is true.
Checkpoint solutions (1 of 3)
IBM i
1. True or False: Whenever there is a disk failure on the system, this will
force a full recovery of all data.
The answer is false.
2. Which of the following is a hardware availability function designed to
protect data from loss due to two disk unit failures or because of
damage to two disks?
a. RAID 5
b. RAID 6
c. Mirroring
d. Concurrent maintenance support
The answer is RAID 6.
3. Which of the following provides a means to save an object while the
system remains active and users are working with the data?
a. Parallel save
b. Save of all user data
c. Save changed objects
d. Save-while-active
The answer is save-while-active.
© Copyright IBM Corporation 2012
Checkpoint solutions (2 of 3)
IBM i
4. The maximum number of partitions supported on POWER4-based hardware is 32.
The maximum number of partitions supported on POWER5 and POWER6-based hardware is 254.
The maximum number of partitions supported on POWER7-based hardware is 1000.
a. POWER4 = 32 POWER5 and POWER6 = 254 POWER7 = 1000
b. POWER4 = 64 POWER5 and POWER6 = 128 POWER7=512
c. POWER4 = 128 POWER5 and POWER6 = 64 POWER7=254
d. POWER4 = 254 POWER5 and POWER6 = 32 POWER7=128
e. POWER4, 5, and 6 support the same number of partitions, but POWER7 supports 1000.
The answer is POWER4 = 32, POWER5 and POWER6 = 254, and POWER7 = 1000.
5. Which of the following are resources that can be allocated to an LPAR? Select all that apply.
a. Only whole processors
b. Memory
c. I/O adapters
d. Disk drives
e. Operating system software
The answers are memory, I/O adapters, and disk drives.
6. Which of the following is not supported in an IBM Power System with IBM i partition?
a. AIX
b. Linux
c. IBM i
d. Windows server software
The answer is Windows server software.
Checkpoint solutions (3 of 3)
IBM i
7. True or False: Each LPAR requires a separate license from IBM for the OS installed in that LPAR.
The answer is false.
8. Which of the following is one of the supported type of clusters that can be set up?
a. Separate servers
b. Switchable DASD
c. Cross site mirrors
d. System storage copy services
e. Hot site immediate switchover
The answer is hot site immediate switchover.
10. Which of the following cannot be shared on an IBM Power System with IBM i and integrated
xSeries server?
a. Tape drive
b. DASD
c. Memory
d. CD-ROM drive
The answer is memory.
Checkpoint solutions (1 of 3)
IBM i
1. True or False: The terms disk pool and IASP are terms that are not
interchangeable.
The answer is false.
2. The maximum number of basic ASPs you can create is 32, and the maximum
number of IASPs you can create is 255.
a. 32 and 255
b. 64 and 128
c. 128 and 64
d. 255 and 32
e. The number is the same for both
The answers are 32 and 255.
3. RAID-5 is a hardware function that protects data from being lost because of one
disk unit failure or damage to the disk drive.
a. Mirroring
b. RAID-5
c. RAID-6
d. IASPs
The answer is RAID-5.
© Copyright IBM Corporation 2012
Checkpoint solutions (2 of 3)
IBM i
4. Mirroring is a type of disk protection that is implemented through software.
a. RAID-5
b. RAID-6
c. Mirroring
d. ASPs
The answer is mirroring.
6. True or False: The ability to access and manage disk units is a function that is
automatically available when you install IBM i Navigator.
The answer is false.
Checkpoint solutions (3 of 3)
IBM i
7. True or False: The OS security officer user ID and password are different from the
service tools security officer user ID and password.
The answer is true.
8. Which of the following is not usually the cause of an abnormal system end?
a. Power failure
b. Disk failure
c. User error
d. Failure of critical IBM i program
The answer is user error.
9. True or False: During a normal IPL, after there has been an abnormal end, the
system determines which access paths need to be rebuilt.
The answer is true.
10. True or False: During an attended IPL, after there has been an abnormal end, the
user is not presented with any options for rebuilding access paths.
The answer is false.
Checkpoint solutions (1 of 3)
IBM i
1. True or False: Ideally, objects on your system should be saved frequently, while they are only
restored infrequently.
The answer is true.
2. Which of the following is not one of the supported basic modes of operation for a tape library?
a. Manual mode
b. Virtual mode
c. Automatic cartridge loader mode
d. Library mode
The answer is virtual mode.
3. The command used to manage the status of your tape devices is WRKCFGSTS.
a. WRKMLBSTS
b. WRKTAPSTS
c. WRKCFGSTS
d. MNGTAPSTS
The answer is WRKCFGSTS.
4. The command used to manage the status of your tape library devices is WRKMLBSTS.
a. WRKMLBSTS
b. WRKTAPSTS
c. WRKCFGSTS
d. MNGTAPSTS
The answer is WRKMLBSTS.
© Copyright IBM Corporation 2012
Checkpoint solutions (2 of 3)
IBM i
5. True or False: The SAVCHGOBJ command does not require that any
other command has been previously used if this command is used in
your save strategy.
The answer is false.
6. True or False: The SAVSYSINF command is the new command that is
a replacement for the SAVSYS command.
The answer is false.
7. The command parameter that allows you to save data while users are
still working with that data is SAVACT.
a. ACTDTA
b. SYSDTA
c. ACTSAV
d. SAVACT
The answer is SAVACT.
© Copyright IBM Corporation 2012
Checkpoint solutions (3 of 3)
IBM i
Checkpoint solutions (1 of 6)
IBM i
1. Which of the following is not a valid object that can be journaled?
a. Database files
b. Data area
c. Data queue
d. Root folders
The answer is root folders.
3. What is the first object that needs to be created when you start journaling?
a. Journal audit trail
b. Journal receiver
c. Journal
d. Journal access path
The answer is journal receiver.
© Copyright IBM Corporation 2012
Checkpoint solutions (2 of 6)
IBM i
4. Which object contains the images and details of the objects that are being
journaled?
a. Journal audit trail
b. Journal receiver
c. Journal
d. Journal access path
The answer is journal receiver.
Checkpoint solutions (3 of 6)
IBM i
7. The WRKJRNA command is used to see the attributes associated with your journal.
a. WRKJRN
b. CRTJRN
c. DSPJRNA
d. WRKJRNA
The answer is WRKJRNA.
9. True or False: When displaying journal information, you can specify to only show
transactions performed by a specific program.
The answer is true.
10. True or False: User-generated entries get placed into a journal receiver when the
user selects an option to generate a system message.
The answer is false.
Checkpoint solutions (4 of 6)
IBM i
11. True or False: When a bad batch of transactions is performed against an object
being journaled, the only way to bring that object back to a good point is to restore
that object off of your backup media and rekey a good batch of records.
The answer is false.
12. True or False: When performing a forward recovery, the system assists you with
the recovery of journaled objects by prompting you with the missing object name.
The answer is true.
13. True or False: Journaling and saving changed objects are two recovery methods
that cannot be used together or at the same time with the same objects.
The answer is false.
14. Which of the following is the command used to save those objects that have
changed since the last time that object was changed.
a. SAVLIBCHG
b. SAVOBJCHG
c. SAVCHGOBJ
d. SAVCHGLIB
The answer is SAVCHGOBJ.
Checkpoint solutions (5 of 6)
IBM i
15. True or False: Objects that have a high change volume are prime
candidates that should be journaled.
The answer is true.
16. True or False: For the best performance on your system, it is better to
have just one journal for all of the objects being journaled on the
system.
The answer is true.
17. True or False: Journaled files must be in the same library ASP as the
journaled file.
The answer is false.
18. True or False: The following are all valid transport mechanisms for
remote journaling: OptiConnect, TCP/IP, SNA, and ATM.
The answer is true.
Checkpoint solutions (6 of 6)
IBM i
20. True or False: Access path protection will cut down on the amount of
time it takes a system to IPL after an abnormal system end.
The answer is true.
21. True or False: Journaling can also be used to protect access paths.
The answer is true.
22. True or False: At IPL time, the system will show you a screen that lists
all of those objects whose access paths are being protected
(journaled) and have already been recovered (basically, a screen to
show you what has already be recovered).
The answer is false.
Checkpoint solutions
IBM i
Checkpoint solutions
IBM i
2. True or False: The LIC and all of the Q libraries should be saved on a
daily basis.
The answer is false.
3. Which of the following is not one of the save strategies that was
covered in the lecture?
a. Simple
b. Medium
c. Full
d. Complex
The answer is full.
Checkpoint solutions (1 of 2)
IBM i
1. True or False: The process of finding out exactly what is the problem is problem
source identification.
The answer is false.
2. The two classifications of problem symptoms are:
a. Messages
b. External symptoms
c. SRC
d. Internal symptoms
The answers are external symptoms and internal symptoms.
3. The command to work with all of the active jobs on the IBM Power System with
IBM i is:
a. WRKJOB
b. WRKACTJOB
c. WRKSBMJOB
d. WRKSPLJOB
The answer is WRKACTJOB.
4. True or False: When displaying your job’s run attributes you can select the F9 key
to change your job.
The answer is true.
5. True or False: If your job has not ended after five minutes, you can submit the
ENDJOBABN command.
The answer is false.
© Copyright IBM Corporation 2012
Checkpoint solutions (2 of 2)
IBM i
Checkpoint solutions (1 of 2)
IBM i
1. True or False: If you only need to save and restore your data, you only need to
install the *Base BRMS software.
The answer is true.
2. True or False: In order to do software encryption as part of your save, you would
need to install BRMS Option 1: Networking software.
The answer is false.
3. True or False: BRMS requires that all of the volumes that it is going to manage
must have a unique volume ID.
The answer is true.
4. True or False: BRMS will work systems that are part of an SAN.
The answer is true.
Checkpoint solutions (2 of 2)
IBM i
7. True or False: IBM i Navigator will have a different look and feel
depending on what version and release is installed.
The answer is true.
8. True or False: The BRMS home page has useful links to help you
learn how to use this software to its maximum potential.
The answer is true.
Security tips
Helpful hints
Note
Security exposures
What should I look for to close possible security exposures?
• Users with *ALLOBJ authority
• Users with *SERVICE authority
• Group profiles with *ALLOBJ or *SERVICE special authority
• Programs that adopt an owner with *ALLOBJ authority
© Copyright IBM Corp. 1995, 2012 Appendix B. Security tips and checklists B-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
• Libraries with public authority. *READ on the library allows the public authority to find
any object in the library
Note
If you revoke authority to commands (for example, SIGNOFF), you should provide an
adoptive program that performs that function.
• You may prevent all options by revoking authority to the system request menu
GRTOBJAUT QGMNSYSR *PNLGRP USER *EXCLUDE
or
RVKOBJAUT QGMNSYSR *PNLGRP *PUBLIC *ALL
GRTOBJAUT QGMNSYSR *PNLGRP BEAR *USE
Notification queue
Use the command CRTMSGQ QSYSMSG to create a message queue in QSYS.
If QSYSMSG message queue exists, i5/OS sends messages about important system
events.
•CPF1397 Signon limit exceeded
•CPF1269 Invalid EVOKE request
•CPI9014 DIA log-on failed
•CPF0907 Storage threshold warning
•CPI0955 System ASP storage exceeded
•CPI0954 ASP storage limit exceeded
Put the message queue in *BREAK mode at security console and build a break handling
CL program to handle anticipated problems.
Note
QSECOFR password
Lock hardcopy in safe/desk.
More than one person with password.
Program to reset password.
Create CL program.
PGM
CHGUSRPRF USRPRF(QSECOFR) PASSWORD(QSECOFR)
ENDPGM
• Compile under QSECOFR profile
• Create RESET user profile
• Add Reset PGM to profile as INLPGM
• Make INLMNU parameter in profile *SIGNOFF
© Copyright IBM Corp. 1995, 2012 Appendix B. Security tips and checklists B-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Security monitoring
Regularly monitor the status of primary security controls.
• System values
- QSECURITY and QMAXSIGN
• Keylock position
• Critical profiles
- User profiles with special authorities such as *ALLOBJ
- User profiles with PASSWORD(*NONE)
- Use the DSPAUTUSR and DSPUSRPRF commands
• Critical objects
- Production libraries containing source programs and files
- QSYS, QUSRSYS, QHLPSYS libraries should specify *PUBLIC *USE
• Journals and History Logs
- DSPLOG QHST: Look for messages in CPF2200 range
- For QAUDLVL *AUTFAIL, or *PGMFAIL, check journal entry type AF
- PRTSBSDAUT, PRTSYSSECA, PRTCMNSEC, PRTJOBDAUT, DSPSECAUD,
DSPAUDJRNE, CHGSECAUD
Recommendations
• Use *PUBLIC authority where possible
• Use library security to secure an object
• Make group profiles the owners of objects
• Use EITHER authorization lists OR private authorities to secure an object, not both
• Use a combination of strategies
- Menu security
- Library security
- Object security
• Isolate programmers from production
• Use consistent naming conventions
• Set and monitor security type system values
• Implement password management
• Monitor physical security regularly
• Use system-supplied journaling as basis for audits
Security checklist
An organization can implement items from the following list that meet its security
requirements.
Physical security
• Physical access to the system console is restricted
• Offline backup media are protected from damage and theft
• Security officer signon is limited to specific devices
System value QLMTSECOFR(1) will restrict users with *ALLOBJ or *SERVICE special
authority to specific devices
• Key removed from system console and stored in a secure location
© Copyright IBM Corp. 1995, 2012 Appendix B. Security tips and checklists B-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Security policy
• Change the system value QSECURITY to 30 or 40 to activate resource security
• Employees are removed from the system immediately upon notification of transfer or
termination
• Programmers are restricted from production libraries.
• *USE authority allows access to objects but does not allow creation of new objects in
library
• Owners of objects annually verify the authorized users including *PUBLIC access
• Management annually verifies the users authorized to the system.
Password controls
• The IBM-supplied profiles have their password changed
• The IBM-dedicated service passwords are changed
• Password expiration active
• System value QPWDEXPITV(60) requires users to change their password every 60
days
• Trivial passwords are prevented by selecting QPWDxxxx system values
• Users do not share a common password
• Limit user signon to one device at a time
System value QLMTDEVSSN(1) limits users to one signed-on device.
Programs
• Programs prevent use of DEBUG facilities to change variables by removing *ADD
authority
• The source for programs is captured when programs are moved into the production
environment. The source is used to create the version of the program that is placed into
production
• Specify SECURE(*YES) on override statements to prevent the file name being
redirected to another file
• Control the library list in applications to prevent a library that contains a trojan horse
object being added before the production libraries
© Copyright IBM Corp. 1995, 2012 Appendix B. Security tips and checklists B-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
Auditing access
• Activate logging of security relevant events.
System value QAUDJRN should be *AUTHFAIL *SECURITY *SAVRST; use of
*DELETE is optional.
• Entries in audit journal that report authorization failures are reviewed for repeated
offenders.
• Restrict profiles with *ALLOBJ authority to menu options that record commands entered
in audit journal.
• Periodically review changes to user profiles.
Use the OUTFILE option on DSPUSRPRF to detect changes in security structure.
• System value QMAXSIGN limits number of access attempts.
• Message queue QSYSMSG is created in library QSYS and monitored.
• The message CPF1116 shown when the user is about to exceed the retry limit for
passwords appears the same as the invalid password message CPF1107. This
prevents the user from knowing the next attempt notifies the security officer.
Communications
• Dial-in support is protected by call-back procedures.
• Encryption is used on sensitive data.
• Subsystems prevent the user of default user DFTUSR so that user ID is required to
start a session.
© Copyright IBM Corp. 1995, 2012 Appendix C. Sample security tools reports C-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
C-2
System Security Attributes Page 1
i System Administration
*NOQTEMP
QAUDLVL *NONE *AUTFAIL *CREATE
*DELETE *SECURITY
*SAVRST
QAUTOCFG 1 0
QAUTORMT 1 0
QAUTOVRT 300 0
QCMNRCYLMT 0 0 0 0
QCRTAUT *CHANGE Control at library level.
QCRTOBJAUD *NONE Control at library level.
QDEVRCYACN *DSCMSG *DSCMSG
QDSCJOBITV 240 120
QDSPSGNINF 0 1
QINACTITV *NONE 60
QINACTMSGQ *ENDJOB *ENDJOB
QLMTDEVSSN 0 1
QLMTSECOFR 0 1
QMAXSIGN 3 3
QPWDEXPITV *NOMAX 60
QPWDLMTCHR *NONE AEIOU@$#
QPWDLMTREP 0 1
QPWDLVL 0
C-4
SEQ(*USRPRF)
Display Authorized Users Page 1
5761SS1 V6R1M0 080215 I520DVL2 10/01/08 22:07:48 EDT
Password Level Level Local
User Group Last No 0 or 1 2 or 3 Netserver Pwd
Profile Profile Changed Password Password Password Password Mgt Text
AMY 01/30/08 *YES *YES *YES *YES Amy Cox
Student Notebook
i System Administration
* * * * * E N D O F L I S T I N G * * * * *
SEQ(*GRPPRF)
Display Authorized Users Page 1
5761SS1 V6R1M0 080215 I520DVL2 10/01/08 22:09:05 EDT
Password Level Level Local
Group User Last No 0 or 1 2 or 3 Netserver Pwd
Profile Profile Changed Password Password Password Password Mgt Text
AS24GR 03/03/08 *YES *YES *YES *YES Group Prf AS24
AS24B01 03/03/08 *YES *YES *YES *YES User prf AS24 Web labs
AS24B02 03/03/08 *YES *YES *YES *YES User prf AS24 Web labs
AS24ERIK 03/03/08 *YES *YES *YES *YES SysOpr - prob det prf
AS24MARIA 03/03/08 *YES *YES *YES *YES SysOpr - prob det prf
AS2401 04/09/08 *YES *YES *YES *YES User QSYSOPR prf AS240
AS2402 03/03/08 *YES *YES *YES *YES User QSYSOPR prf AS240
OL50GROUP 09/02/08 X *NO *NO *NO *YES Used in Security lab
OL5001 09/02/08 *YES *YES *YES *YES System Adm & Ctl
OL5002 09/28/08 *YES *YES *YES *YES System Adm & Ctl
OL5003 09/02/08 *YES *YES *YES *YES System Adm & Ctl
* * * * * E N D O F L I S T I N G * * * *
C-6
User profiles with default passwords. Page 1
5761SS1 V6R1M0 080215 I520DVL2 10/01/08 23:38:38 EDT
Action taken against profiles . . . . . . : *NONE
User
Profile STATUS PWDEXP Text
Student Notebook
i System Administration
* * * * * E N D O F L I S T I N G * * * * *
C-8
Publicly Authorized Objects (Full Report) Page 1
5761SS1 V6R1M0 080215 I520DVL2 10/02/08 00:24:07 EDT
Object type . . . . . . . . . : *PGM
Specified library . . . . . . : OL50LIB
Student Notebook
i System Administration
OL50LIB LAB3X *SYSBAS QSECOFR *NONE *CHANGE X X X X X X
OL50LIB LAB7 *SYSBAS QSECOFR *NONE *CHANGE X X X X X X
OL50LIB PDDEMO *SYSBAS QSECOFR *NONE *USE X X X
OL50LIB PROBDET *SYSBAS QSECOFR *NONE *CHANGE X X X X X X
OL50LIB SAVEOL50 *SYSBAS QSECOFR *NONE *CHANGE X X X X X X
OL50LIB SIGNON *SYSBAS QSECOFR *NONE *CHANGE X X X X X X
OL50LIB TEST *SYSBAS QSECOFR *NONE *CHANGE X X X X X X
OL50LIB USRENT *SYSBAS QSECOFR *NONE *CHANGE X X X X X X
OL50LIB VER *SYSBAS EJJACKS *NONE *CHANGE X X X X X X
* * * * * E N D O F L I S T I N G * * * * *
* * * * * E N D O F L I S T I N G * * * * *
C-11
Print Subsystem Description Output (PRTSBSDAUT)
Subsystem Description (Full Report) Page 1
5761SS1 V6R1M0 080215 I520DVL2 10/02/08 17:36:39 EDT
Specified library . . . . . . : *ALL
Default ------------------Special Authorities------------------
Subsystem Subsystem ASP Subsystem User *ALL *AUD *IOSYS *JOB *SAV *SEC *SER *SPL
Library Name Device Owner Profile OBJ IT CFG CTL SYS ADM VICE CTL
Student Notebook
QRECOVERY QADBERAP *SYSBAS Q__QRECOVERY_QADBE > *SYS QSYS QDBERAPTRG Before Update Change Yes
QSYS QADBCCST *SYSBAS Q__QSYS_QADBCCST__ > *SYS QSYS QDBXESND After Insert Yes
QSYS QADBCCST *SYSBAS Q__QSYS_QADBCCST__ > *SYS QSYS QDBXESND After Update Change Yes
QSYS QADBCCST *SYSBAS Q__QSYS_QADBCCST__ > *SYS QSYS QDBXESND After Delete Yes
QSYS QADBFCST *SYSBAS Q__QSYS_QADBFCST__ > *SYS QSYS QDBXESND After Insert Yes
QSYS QADBFCST *SYSBAS Q__QSYS_QADBFCST__ > *SYS QSYS QDBXESND After Update Change Yes
QSYS QADBFCST *SYSBAS Q__QSYS_QADBFCST__ > *SYS QSYS QDBXESND After Delete Yes
QSYS QADBFDEP *SYSBAS Q__QSYS_QADBFDEP__ > *SYS QSYS QDBXESND After Insert Yes
C-13
Print User Objects Output (PRTUSROBJ)
User Objects (Full Report) Page 1
5761SS1 V6R1M0 080215 I520DVL2 10/02/08 18:02:06 EDT
Specified library . . . . . . : OL50LIB
ASP
Library Object Type Device Attribute Owner Description
OL50LIB BLDJRN *PGM *SYSBAS CLP QSECOFR SNDJRNE to team journal
OL50LIB BUILD *PGM *SYSBAS RPG QSECOFR Customer File Maintenance Program
Student Notebook
OL50LIB CLEANUP *PGM *SYSBAS CLP QSECOFR Delete student objects and profiles
OL50LIB DST *PGM *SYSBAS CLP QSECOFR Ded Serv Tools lab
OL50LIB GRTUSRAUT *PGM *SYSBAS CLP QSECOFR prompt GRTUSRAUT command, adopting QSECOFR auth.
OL50LIB LAB1 *PGM *SYSBAS CLP QSECOFR Run by students in Security lab
OL50LIB LAB3 *PGM *SYSBAS CLP QSECOFR checksum and ASP simulation
OL50LIB LAB3X *PGM *SYSBAS CLP QSECOFR checksum and ASP simulation - old version
C-15
Print Audit Record Report Output (DSPAUDJRNE)
QUERY NAME . . . . . QSECAF
LIBRARY NAME . . . . QSYS
FILE LIBRARY MEMBER FORMAT
QASYAFJ4 QTEMP QASYAFJ4 QASYAFJ4
DATE . . . . . . . . 10/02/08
TIME . . . . . . . . 19:14:36
Student Notebook
AP
© Copyright IBM Corp. 1995, 2012 Appendix C. Sample security tools reports C-17
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
5761BR1 V6R1M0 080215 Recovery Volume Summary Report I520DVL2 5/23/08 17:42:49 Page 2
****************************************************************************************************
------------------------------
© Copyright IBM Corp. 1995, 2012 Appendix D. Task list for new administration and control D-1
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
© Copyright IBM Corp. 1995, 2012 Appendix D. Task list for new administration and control D-3
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
© Copyright IBM Corp. 1995, 2012 Appendix D. Task list for new administration and control D-5
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
© Copyright IBM Corp. 1995, 2012 Appendix D. Task list for new administration and control D-7
Course materials may not be reproduced in whole or in part
without the prior written permission of IBM.
backpg
Back page