Determining the Actual Security Level of System

To determine the actual security level of a system, do one of the following:

At R370 or later:
Running the DSPSECA command shows the following screen:

User ID number . . . . . . . . . . . . . . : 2840

Group ID number . . . . . . . . . . . . : 177
Security level . . . . . . . . . . . . . . : 40
Pending security level . . . . . . . . . : 50
Password level . . . . . . . . . . . . . . : 0
Allow change of security related system
values . . . . . . . . . . . . . . . . . : *YES
Allow add of digital certificates . . . . : *YES
Allow service tools user ID with default
and expired password to change its own
password . . . . . . . . . . . . . . . . : *YES
If the actual security level is the same as the QSECURITY system value, the 'Pending security level' is not displayed.


At any release:

On the operating system command line, type the following:

DMPSYSOBJ QSYUPTBL QSYS TYPE(0E) SUBTYPE(C5)
Press the Enter key. Then, type the following:
WRKSPLF
Press the Enter key. In the index entries:

QSECURITY entry at offset '21'X,
'0032'X = level 50
'0028'X = level 40
'001E'X = level 30
'0014'X = level 20
'000A'X = level 10

IBM OS/400 Security ToolKit

The Security ToolKit for IBM System i system is a set of tools to audit and manage security and users. The Security ToolKit provides the following menus:

The SECTOOLS (Security Tools) menu is used to run Security ToolKit commands interactively.

The SECBATCH (Submit or Schedule Security Reports to Batch) menu is used to run the Security ToolKit report commands in batch. The SECBATCH menu has two parts. The first part of the menu uses the Submit Job (SBMJOB) command to submit reports for immediate processing in batch. The second part of the menu uses the Add Job Schedule Entry (ADDJOBSCDE) command. You use it to schedule security reports to be run regularly at a specified day and time.

 

Notes: 1 The QSECLIB library must be in the library list. If the primary language on your system is not one of the Security ToolKit languages, the appropriate QSYS29xx libraries must also be in your library list.

2 Review information APAR II09315 for answers to commonly asked questions, known problems, and associated PTFs. To order the cover letter, use the SNDPTFORD command.

SECTOOLS

The SECTOOLS menu options and commands that relate to users profiles are described briefly below. To access this menu, at the operating system command line type GO SECTOOLS.

Check profiles for default passwords: Use the Check Default Passwords (CHKDFTPWD) command to report on and take action on user profiles that have a password equal to the user profile name.

Display active profile list: Use the Display Active Profile List (DSPACTPRFL) command to display or print the list of user profiles that are exempt from PRCINACTPRF or ANZPRFACT processing.

Change active profile list: Use the Change Active Profile List (CHGACTPRFL) command to add and remove user profiles from the exemption list for the PRCINACPRF and ANZPRFACTcommands. A user profile that is on the active profile list is permanently active (until you remove the profile from the list). The PRCINACPRF and ANZPRFACT commands do not disable a profile that is on the active profile list, no matter how long the profile has been inactive.

Process inactive profiles: Use the Process Inactive Profiles (PRCINACPRF at V3R1 or V3R6) or Analyze Profile Activity (ANZPRFACT at V3R2, V3R7 and later) command to disable user profiles that have not been used for a specified number of days. Specify the number of days of inactivity before user profiles are disabled. The job is run daily at 1:00 A.M. You can use the CHGACTPRFL command to exempt user profiles from being disabled.

Display activation schedule: Use the Display Activation Schedule (DSPACTSCD) command to display or print information about the schedule for enabling and disabling specific user profiles. You create the schedule with the SCDPRFACT command.

Schedule profile activation: Use the Schedule Profile Activation (SCDPRFACT) command to make a user profile available for sign on only at certain times of the day or week. For each user profile that you schedule, the system creates job schedule entries for the enable and disable times.

Display expiration schedule: Use the Display Expiration Schedule (DSPEXPSCD) command to display or print the list of user profiles that are scheduled to be disabled or removed from the system in the future. You use the SCDPRFEXP command to set up user profiles to expire.

Schedule profile expirations: Use the Schedule Profile Expiration (SCDPRFEXP) command to schedule a user profile for removal. You can remove it temporarily (by disabling it) or you can delete it from the system. This command uses a job schedule entry that runs every day at 00:01 (1 minute after midnight).

Change security auditing: Use the Change Security Auditing (CHGSECAUD) command to set up security and to change the system values that control security auditing.

Display security auditing: Use Display Security Auditing (DSPSECAUD) command to display information about the security audit journal and the system values the control security auditing.

SECBATCH

The SECBATCH menu options and associated commands for security reports are described briefly below. To access this menu, at the operating system command line type GO SECBATCH. The menu options on your system may differ slightly because some menu options are not available on every version of the operating system.

Adopted object information: Use the Print Adopted Object Information (PRTADPINF) command to print a list of objects that adopt the authority of the specified user profile.

Audit record report: Use the Print Audit Record Report (PRTAUDRPT) command to display or print information about entries in the security audit journal.

Authorization list authorities: When you use the Print Private Authorities (PRTPVTAUT) command for *AUTL objects, you receive a list of all the authorization lists on the system. The report includes the users who are authorized to each list and what authority the user have to the list.

Command authority: This option uses the Print Publicly Authorized Objects (PRTPUBAUT) command for object type (*CMD) to submit a batch job that will print a list of commands in a library that do not have public authority of *EXCLUDE.

Communications information: Use the Print Communications Information (PRTCMNINF) command to print the security related settings for objects that affect communications on your system.

Document authority: This option uses the Print Publicly Authorized Objects (PRTPUBAUT) command for object type (*DOC) to submit a batch job that will print a list of documents in a folder that do not have public authority of *EXCLUDE.

File authority: This option uses the Print Publicly Authorized Objects (PRTPUBAUT) command for object type (*FILE) to submit a batch job that will print a list of files in a library that do not have public authority of *EXCLUDE.

Folder authority: This option uses the Print Publicly Authorized Objects (PRTPUBAUT) command for object type (*FLR) to submit a batch job that will print a list of folders on the system that do not have public authority of *EXCLUDE.

Job description authority: Use the Print Job Description Authority (PRTJOBDAUT) command to print a list of job descriptions that specify a user profile and have public authority that is not *EXCLUDE.

Library authority: This option uses the Print Publicly Authorized Objects (PRTPUBAUT) command for object type (*LIB) to submit a batch job that will print a list of libraries on the system that do not have public authority of *EXCLUDE.

Object authority: Use the Print Publicly Authorized Objects (PRTPUBAUT) command to print a list of objects whose public authority is not *EXCLUDE.

Private authority: Use the Print Private Authorities (PRTPVTAUT) command to print a list of the private authorities to objects of the specified type in the specified library or folder.

Print queue: Use the Print Queue Report (PRTQAUT) command to print the security settings for output queues and job queues on your system.

Subsystem descriptions: Use the Print Subsystem Description (PRTSBSDAUT) command to print the security related communications for the subsystem descriptions on your system.

System security attributes: Use the Print System Security Attributes (PRTSYSSECA) command to print a list of security related system values and network attributes to a spooled file.

Trigger programs: Use the Print Trigger Programs (PRTTRGPGM) command to print a list of trigger programs that are associated with database files on your system.

User objects: Use the Print User Objects (PRTUSROBJ) command to print a list of the user objects (objects not supplied by IBM) that are in a library.

User profile information: Use the Print User Profile Information (PRTUSRINF) command to analyze user profiles that meet specified criteria.

Check object integrity: Use the Check Object Integrity (CHKOBJITG) command to determine whether operable objects (such as programs) have been changed without using a compiler.

How to FTP a Save File Stored in the IFS to a Library on the Same System

To FTP a save file stored in the IFS to a library on the same system, you should perform the following steps:

1. Create a save file that has the same name as the save file stored in the IFS in the library of your choice.
CRTSAVF FILE(YOURLIB/YOURSAVF)
Note: Replace YOURSAVF with the name of the savf stored in the IFS. Replace YOURLIB with the library you would like the savf stored in.
2. On a command line, FTP to the current system you are logged onto:
FTP sysname
Note: Replace sysname with the name or IP address of your system.
3. Use the following example as a guide for the FTP prompts. In this example, replace the following information with your information:
USERID = Your IBM i user ID
/IFSDIRECTORY/YOURSAVF = The path to the IFS directory containing the savf
YOURLIB/YOURSAVF = The library and savf you specified in Step 1
File Transfer Protocol
Previous FTP subcommands and messages:
Connecting to host sysname.domain at address x.x.x.xxx using port 21.
220-QTCP at sysname.domain.
220 Connection will close if idle more than 15 minutes.
> USERID
331 Enter password.
230 USERID logged on.
OS/400 is the remote operating system. The TCP/IP version is "V6R1M0".
250 Now using naming format "0".
257 "QGPL" is current library.
> bin
200 Representation type is binary IMAGE.
> quote site namefmt 1
250 Now using naming format "1".
> get /IFSDIRECTORY/YOURSAVF YOURLIB/YOURSAVF (REPLACE
229 Entering Extended Passive Mode (13492).
150 Retrieving file /IFSDIRECTORY/YOURSAVF
226 File transfer completed successfully.
42240 bytes transferred in 0.046 seconds. Transfer rate 920.293 KB/sec.

4. The save file should now be stored in YOURLIB/YOURSAVF. You can issue a DSPSAVF YOURLIB/YOURSAVF to verify the contents of the savf and use RSTxxx commands to restore the contents of the savf.

Data Transfer from an IBM System i or iSeries or AS400

To access Data Transfer From iSeries Server, use one of the following methods:

1. Open the iSeries Access group of icons, and select the Data transfer from iSeries icon.

2. Using menus, go to Start, Programs, IBM iSeries Access for Windows, and Data transfer from iSeries.

3. Right-click on the Desktop, select New, and select Data transfer from iSeries.

4. From a PC5250 emulation screen, click on the Recv button (or use the menu options under Transfer).

First, check the IBM System i system name, and ensure it is the system you want to transfer data from.

For this example, we used a table from the QIWS library called QCUSTCDT. IBM includes this file with Option 12 (Host Servers) of the operating system. It is a simple file containing 12 records. The records contain character and numeric data.

The options available for the File name are to type in the library/filename, Browse for the library/filename, or Browse after entering the desired library so that the desired library is added to the list (used if you know the library name and the library is not in the initial library list associated with the job description on the user profile making the connection. For example, the library is not in the list when clicking on Browse without typing anything in the box).

The next option, PC Output Device, can be set to transfer the file to the Display, File (most commonly used), HTML, or Printer.

The last option on this screen is to type the PC File name (if you select the File option previously mentioned). The PC file name should include the path and can be a new file name you want to create, a file name you want to overwrite, or a file name you want to append to.

Once all of the parameters are selected, the window looks similar to the following:

 

 

 

 

 

 

 

 

 

 

 

 

You will notice that we typed in the full path for the file we want to use on the PC and gave it a .TXT extension. If we were going to transfer the file as an Excel file, we would have typed in C:\QCUSTCDT.XLS. It is a good idea to add a file extension; however, is not necessary in all cases.

Check the transfer details by clicking on the Details button. A screen similar to the following is shown:

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

The top frame contains information about the file that is to be created. The top option (Overwrite existing File) indicates whether to overwrite the file on the PC, if it already exists. In our case, data transfer will look for C:\QCUSTCDT.TXT and, if it is found, the file will be overwritten. The next parameter is File Type. The default is ASCII text, which in our case is fine. Different file types can be specified using the pulldown list.

The lower frame is where you will specify if you will be saving information about the file. The File Description File (FDF) is an ASCII text file that contains information such as field names, the type of file, and file format options. This option should be selected if you plan to send the file back to the System i database.

The PCFDF indicates that this is a PC File Description File. PCFT 1 indicates that this is an ASCII text file layout. PCFO defines File Options (time-format, date-format, and so on). Each of the PCFL lines indicate a field description. The field name is listed in addition to the data format type (1 = ASCII Text, 2 = Numeric) and the length of the field (along with the specified decimal places on Numeric fields).

Once all of the desired information is specified, click OK to return to the main transfer screen. Then, click the Transfer data from iSeries button. The following screen is shown if the file is large enough:

The record count will increment as records are brought down from the operating system. Note that the record count above is large. Data transfer was too fast to capture this screen on a 13-record file. After the transfer completes, a screen similar to the following is shown:

In our scenario, we now have two new files on the PC. Both are in the root directory. One is called C:\QCUSTCDT.TXT and contains the data we downloaded. The other file is called C:\QCUSTCDT.FDF and contains the File Description File information.

When you close the data transfer session, you are given the option to save the data transfer request. If you select Yes, you will be presented with a window where you enter a File name for the .dtf file that will be created when you complete the save. You can specify the path where you would like to save the transfer request. Once the transfer request is saved, you can run the transfer by clicking on the saved transfer request. You can also either put the saved transfer request on your desktop, or you can create a shortcut to the transfer request.

Configuring iSeries Session

Once you have Client access installed on your system, do the following to configure a client access session for your iSeries or AS400 or System i

1. Click on Start>>All Programs>>IBM iSeries Access for Windows>>Emulator>> Start or configure Session

2. Once you will click on start or configure session, you will see the following screen.

3. Click on New Session, it will open a new screen as shown below

4. Type IP address of your AS400 server in system name field and click OK
5. Next a session screen will open, select User to prompt every time and click OK.

6. You will see a screen asking for User Name and password.Provide your user and password in respective fields to proceed with login.

Memory Pools

A memory pool is a logical division of main memory or storage that is reserved for processing a job or group of jobs. On your system, all main storage can be divided into logical allocations called memory pools. By default, the system manages the transfer of data and programs into memory pools. The memory pool from which user jobs get their memory is always the same pool that limits their activity level.

How data is handled in memory pools?

If data is already in main storage, it can be referred to independently of the memory pool it is in. However, if the needed data does not exist in any memory pool, it is brought into the same memory pool for the job that referred to it (this is known as a page fault). As data is transferred into a memory pool, other data is displaced and, if changed, is automatically recorded in auxiliary storage (this is called paging). The memory pool size should be large enough to keep data transfers (paging) at a reasonable level as the rate affects performance.

Type of Memory pools

• Private Memory Pools
• Shared Memory Pools
• Special Shared Pools (*MACHINE & *BASE)
• General Shared Pools (*INTERACT,*SPOOL,*SHRPOOL1-*SHRPOOL60)

Pool numbering schemes

Pools have two sets of numbering schemes: one is used within a subsystem and one is system-wide. The subsystem uses a set of numbers that refer to the pools it uses. Thus, when you create or change a subsystem description you can define one or more pools and label them 1, 2, 3, and so on. These are the designations of the subsystem pools, and they do not correspond to the pool numbers shown on the Work with System Status (WRKSYSSTS) display. A different set of numbers is used to keep track of all pools on the system. The Work with Subsystems (WRKSBS) display relates the subsystem pool identifiers and the column headings to the system pool identifiers.

How a subsystem starts?

When a subsystem starts, the system allocates several items and starts autostart and prestart jobs before the subsystem is ready for work. The subsystem description is used to determine how items are allocated. The following list represents the sequence of events that occur when the subsystem starts:

1. Request to start subsystem is issued.
2. Memory pools are allocated.
3. Prestart jobs are started.
4. Autostart jobs are started.
5. Display stations are allocated (signon displays are up).
6. Job queues are allocated.
7. Communications devices are allocated.
8. The Environment is ready for work.

Work & Routing Entries

Work Entries

Work entries identify the sources where jobs can enter a subsystem. Specific types of work entries are used for different types of jobs. Work entries are part of the subsystem description. The following information describes the different types of work entries and how to manage them. There are five types of work entries:

1. autostart job entries
2. communication entries
3. job queue entries
4. prestart job entries and
5. workstation entries

Autostart job entries: Autostart job entries identify the autostart jobs to start as soon as the subsystem starts. When a subsystem starts, the system allocates several items and starts autostart and prestart jobs before it is ready for work. "An autostart job is a batch job doing repetitive work."

Communications entries: The communications work entry identifies to the subsystem the sources for the communications job it will process. The job processing begins when the subsystem receives a communications program start request from a remote system and an appropriate routing entry is found for the request.

Job queue entries: Job queue entries in a subsystem description specify from which job queues a subsystem is to receive jobs. When the subsystem is started, the subsystem tries to allocate each job queue defined in the subsystem job queue entries.

Prestart job entries: You define the prestart job by using a prestart job entry. A prestart job entry does not affect the device allocation or program start request assignment. The job attributes of a prestart job are not changed by the subsystem when a program start request attaches to the prestart job. However, server jobs generally change job attributes to those of the swapped user profile. The Change Prestart Job (CHGPJ) command allows the prestart job to change some of the job attributes to those of the job description (specified in the job description associated with the user profile of the program start request or in the job description specified in the prestart job entry).

Workstation entries: An interactive job is a job that starts when a user signs on to a display station and ends when the user signs off. For the job to run, the subsystem searches for the job description, which may be specified in the workstation entry or the user profile.

Routing Entries

The routing entry identifies the main storage subsystem pool to use, the controlling program to run (typically the system-supplied program QCMD), and additional run-time information (stored in the class object). Routing entries are stored in the subsystem description. A routing entry can be likened to a single entry in a shopping mall directory. Customers that cannot find the store they need may use a directory to help send them in the right direction. The same is true on your system. Routing entries guide the job to the correct place. Routing entries in a subsystem description specify the program to be called to control a routing step for a job running in the subsystem, which memory pool the job will use, and from which class to get the run-time attributes. Routing data identifies a routing entry for the job to use. Together, routing entries and routing data provide information about starting a job in a subsystem. Routing entries consist of these parts:

1. the subsystem description
2. class
3. comparison data
4. maximum active routing steps
5. memory pool ID
6. program to call
7. thread resources affinity
8. resources affinity group and
9. the sequence number.

Work Management - Subsystems

The subsystem is where work is processed on the system. A subsystem is a single, predefined operating environment through which the system coordinates the work flow and resource use. The system can contain several subsystems, all operating independently of each other. Subsystems manage resources. All jobs, with the exception of system jobs, run within subsystems. Each subsystem can run unique operations. For instance, one subsystem may be set up to handle only interactive jobs, while another subsystem handles only batch jobs. Subsystems can also be designed to handle many types of work. The system allows you to decide the number of subsystems and what types of work each subsystem will handle.The run-time characteristics of a subsystem are defined in an object called a subsystem description.

The Controlling Subsystem

The controlling subsystem is the interactive subsystem that starts automatically when the system starts, and it is the subsystem through which the system operator controls the system via the system console. It is identified in the Controlling subsystem/library (QCTLSBSD) system value. IBM supplies two complete controlling subsystem descriptions: QBASE (the default controlling subsystem) and QCTL. Only one controlling subsystem can be active on the system at any time. When the system is in the restricted condition, most of the activity on the system has ended, and only one workstation is active. The system must be in this condition for commands such as Save System (SAVSYS) or Reclaim Storage (RCLSTG) to run. Some programs for diagnosing equipment problems also require the system to be in a restricted condition. To end this condition, you must start the controlling subsystem again. Note: There is also a batch restricted state in which one batch job can be active. When all of the subsystems, including the controlling subsystem are ended, a restricted condition is created. You can end each subsystem individually or you can use the ENDSBS SBS(*ALL) OPTION(*IMMED).

Note: The system cannot reach the restricted state until there is only one job remaining in the controlling subsystem. Sometimes it may appear as though there is a single job remaining, but the system does not go into the restricted state. In this case you need to verify that there are no suspended system request jobs, suspended group jobs, or disconnected jobs on the remaining active display. Use the Work with Active Jobs (WRKACTJOB) command and press F14=Include to display any suspended or disconnected jobs. If these jobs exist, you need to end them in order for the system to reach the restricted state. The ENDSYS and ENDSBS functions will send a CPI091C information message to the command issuer when this condition is detected.

Why Consider Multiple Subsystems?

As the number of users on the system increases, a single subsystem for a set of work is often insufficient. By dividing your users into multiple subsystems you gain several advantages.

1. Improved manageability of work

You get better control over what work is running in each subsystem. For example, for server jobs, you might want to isolate all of the database server jobs to one subsystem, the remote command server jobs to a different subsystem, the DDM server jobs to yet a different subsystem and so on. Additionally, by using multiple subsystems you can isolate groups of jobs with their own memory pools. In this way, one group does not adversely impact other jobs.

2. Reduced downtime impact for users

For example, if every Friday afternoon you must bring the system to the restricted state for backup purposes, you can gradually take users offline by ending one subsystem at a time.

3. Improved scalability and availability

By having a single subsystem do work for fewer users, the subsystem is less busy and can be more responsive to the work requests it handles.

4. Improved error tolerance in interactive subsystems

By spreading the work across multiple subsystems, should a network failure occur, multiple subsystems can manage the device recovery processing.

5. Improved interactive subsystem startup time

You can keep the subsystem startup times shorter by subdividing the work across multiple subsystems.

6. Additional options for performance tuning

By using multiple subsystems you can set up the subsystems with a small number of routing entries.

Subsystem Description

A subsystem description is a system object that contains information defining the characteristics of an operating environment controlled by the system. The system-recognized identifier for the object type is *SBSD. A subsystem description defines how, where, and how much work enters a subsystem, and which resources the subsystem uses to perform the work. An active subsystem takes on the simple name of the subsystem description.Subsystem description attributes are common overall system attributes. When you create a subsystem, the first step is to define the subsystem attributes.

Subsystem attributes include:

a)  The name of the subsystem description and the library where it is stored 

b)  All of the memory pool definitions that this subsystem uses A subsystem definition can have a maximum of 10 memory pool definitions specified. Included in the subsystem definition are:

– Pool definition identifier: This is the identifier inside the subsystem description, of the storage pool definition. – Size: This is the size of the storage pool expressed in KB (1K=1024 bytes) multiples and is the amount of main storage that the pool can use.

– Activity level: This is the maximum number of threads that can run at the same time in the pool.

c)  The maximum number of jobs that can be active in the subsystem at the same time v A text description of the subsystem description

d) The name and library of the signon display file that is used to show signon displays at work stations that are allocated to the subsystem

e) A subsystem library name that you can use if you want to specify a library that should be entered ahead of other libraries in the system portion of the library list (This parameter allows you to use a secondary language library.)

Also included in the subsystem description is information about authority levels to the subsystem. This information is kept by Security and is not stored with the other attributes of the subsystem description. You can view the subsystem description authority by using the Display Object Authority (DSPOBJAUT) command.

Work Management - A Job's Life

The life of a simple batch job begins when you submit it to the system. The job is then sent to a job queue where it waits to enter a subsystem where it can run. After the job moves to the subsystem it is allocated memory in which to run. The printer output file (also called spooled files) is then sent to the output queue to await further instruction on what to do (for example, printing). While not every job follows this exact path, you can better understand how other work is completed on the system by learning more about this typical job life cycle.

Submit the job → Job enters the job queue → Job enters the subsystem → The memory pool allocates memory to the subsystem → The job finishes and moves to the output queue

1. Submitting a job

When a job is submitted, it is created and enters the system. At this time, the attributes are given to the job. The job description holds attributes that the job will use to go through the work management life cycle. These attributes include the user profile the job will start to run under, the request data (which tells the job what it will do), and the initial user portion of the library list, and so on. The job description also holds information that tells the job which job queue to enter and the routing data. The routing data is later used by the subsystem to find the routing entry that contains information needed for the job to start running. The output queue is also defined within the job description. It tells where printer output (also called spooled files) from a job will go. After the job receives its values (initialization, customization) for its job attributes, it moves to the job queue where it waits to enter the subsystem.

2. The job enters the job queue

Job queues are work entry points for batch jobs to enter the system. They can be thought of as ″waiting rooms″ for a subsystem. A number of factors affect when the job is pulled off the job queue into the subsystem, such as the job priority on the job queue, the sequence number of the job queue, and the maximum active jobs. When all of these factors work together, the job will be pulled off the job queue to start running in the subsystem. When the job enters the job queue, it is available to a subsystem that has the job queue allocated to it. Because subsystems can have more than one job queue feeding into them (however, job queues cannot feed into more than one subsystem), a sequence number in the subsystem determines when the subsystem processes a job queue. The subsystem looks at the sequence number of the job queue before the job priority of the jobs in the job queue. The subsystem uses the priority on the job queue to determine when a job can enter relative to other jobs on the job queue. The job priority and the maximum active jobs determine when a job enters the subsystem.

3. The job enters the subsystem

Subsystems are operating environments where the system manages the resources that jobs use and controls the jobs that run within them. After jobs are running in the subsystem, the subsystem job carries out user requests on a job such as holding, releasing, and ending a job. When the job enters the subsystem it becomes active. Like jobs, subsystems have descriptions that carry important information needed to complete the work. In the subsystem description is the routing entry. The routing entry references the class object, which contains the attributes that control the run-time environment. However, before the job can get its routing entry, the routing data must make a match with a compare value in the routing entry. If this association is not made, the job will not run. After the association between the routing data and the routing entry is made, the class object the job will use is determined. Some of the attributes that control the run-time environment include the run priority, the time slice, the maximum wait time, the maximum processing time, the maximum temporary storage, and the maximum number of threads. The subsystem description defines the memory pools that will be allocated to the subsystem. The subsystem description also contains the maximum active jobs, which is the maximum number of active jobs at one time in the subsystem. Until a job gets its activity level and is assigned a memory pool, it cannot run. The subsystem description, like the job description, carries information, such as the memory pool to use, the routing entry, the maximum active jobs, and the number of active jobs currently in the subsystem.

4. The subsystem uses memory from the memory pool to run the job

Memory is a resource from the memory pool that the subsystem uses to run the job. The amount of memory in a memory pool, as well as how many other jobs are competing for memory, affect how efficiently a job runs. Memory pools provide jobs with memory in which to run. Many factors affect how the job runs in the memory pool, such as the size of the memory pool, the activity level in the memory pool, and paging and faulting. The activity level in memory pools directly relates to the number of threads that are allowed to run in the memory pool at one time. Remember, every job has at least one active thread, but some can have multiple threads. Threads give a job the ability to do more than one thing at a time. For example, one thread can go out and do calculations while another thread waits for more data to process. Paging is the movement of data in and out of memory, both synchronously and asynchronously. Pages can be written out to storage or removed from memory without being written if they have not been changed. Faulting causes paging to occur on the server. Faulting occurs when a referenced page, or piece of data, is not in memory. This causes programs to stop because they must wait for the data to be paged in. Subsystems use different memory pools to support different types of jobs that run within them.

5. The job finishes and moves to the output queue

A job’s printer output (also called spooled files) is sent to an output queue where it waits to be sent to a printer or file. The output queue is similar to the job queue in that it controls how the output is made available to the printer. The output queue allows the user to control what files are printed first. Output queues are areas where printer output files wait to be processed and sent to the printer. Printer output is created either by the system or by the user using a print file. A print file is similar to a template or a guideline where the default values for the attributes of printer output are set. It is the beginning of the printer output life cycle.

The print file contains the output queue (OUTQ) and print device (DEV) attributes, which dictate how the printer output is to be directed. The default settings are typically *JOB, meaning that the job attributes of the output queue and printer device determine how the printer output is directed. The job attributes of the output queue and printer device settings are based on information obtained when the job is created. This is based on information from the user profile that the job is running under, the job description, the workstation device description, and the Default printer (QPRTDEV) system value. When the printer output is ready to be created, the system checks the print file and the job attributes (in this order) to see what output queue will process the printer output and which printer device the system will use. If a specified output queue cannot be found, the printer output will be directed to QGPL/QPRINT. After the printer output file is ready to be printed, a writer job, a job that processes the printer output from the output queue to the printer device, takes data from the printer output file and sends it to the designated printer.

Work Management - Concepts

Work Management Terms

A complex system (shopping mall) is a compilation of many simple systems (stores). These simple systems are called subsystems.

Any piece of work within the business is considered a job. An example of a piece of work might be a customer letter, a telephone call, an order, or nightly cleanup. The same can be said about the System i product. On the system, each job has a unique name.

A job description describes how to handle the work coming into the subsystem. Job descriptions contain pieces of information such as user IDs, job queues, and routing data. Information in the job description might compare to descriptions of jobs in a small business.

What does the business look like?

Every store has blueprints or store plans. These plans are really just descriptions, in varying detail, of the physical makeup of the business. Maybe the business has a store with: 2 floors, 5 doors, 3 mailboxes, and 2 telephones. On your system, a subsystem description contains all the information about the subsystem.

Where does the work come from?

For the carpenter, the work comes from customer calls, from references, and from people that stop in. On your system, the work can come from many places. Examples include job queues, workstations, communications, autostart jobs, and prestart jobs.

Where do they find the space?

Within the mall, each business (subsystem) has a certain amount of floor space. On the system, memory pools allow you to control the main storage (or floor space) each subsystem (business) gets to do its work. The more floor space a store (subsystem) has, the more customers, or jobs, can fit in the store. How does the work come in? Customers that cannot find the store they need may find an information booth to help send them in the right direction. The same is true on your system. Routing entries are similar to store directories or an information booth. After the routing entry is found, it guides the job to its correct place. The routing entry needs to be found first, however. That is done through routing data. Routing data is what the job uses to find the right routing entry.

How is the work treated?

A carpenter needs to place a priority on each job. The chair due at the end of the week should be done before the bookshelf due at the end of the month. On your system, classes provide information about how the job is handled while in the subsystem. This information includes priority while running, maximum storage, maximum CPU time, and time slice. Each of these attributes contribute to how and when a job is processed. Just as there are rules that affect all the stores in the mall, there are rules that affect all the subsystems on your system. An example of these rules is a system value. System values are pieces of information that 4 System i: Systems management Work management apply to the whole system. System values include information such as, date and time, configuration information, signon information, system security and, storage handling.

iSeries Work Management

Work management is an important building block within the iSeries server operating system. Its functions

are the foundation through which all work enters the system, is processed, run, and completed on iSeries

servers. Whether you run a simple batch job once a week or you call an application daily (like Lotus

Notes), work management helps manage the jobs and objects that run on your system. It also supports

the commands and internal functions necessary to control system operations and allocate resources to

applications when needed.

Work management supports the commands and internal functions necessary to control system operation and the daily workload on the system. In addition, work management contains the functions that you need to distribute resources for your applications so that your system can handle your applications. The purpose of your system is to perform work. Work enters, work is processed, and work leaves the system. If you think of work management in these three terms, work management will be easier to understand. Work management describes where work enters the system, where and with what resources work is processed, and where output from work goes.

Manage daily work

As a system operator or administrator, one of your tasks is to keep your server running smoothly. This

means you monitor, manage, and ensure that your jobs, job queues, subsystems, memory pools, job logs,

and output queues function properly.

1. Monitor system activity
2. Manage Jobs and Threads
3. Manage Job Queues
4. Manage Subsystems
5. Manage Memory Pools
6. Manage Job Logs
7. Manage Output Queues

Key Mappings for the HMC 5250 Console

The HMC 5250 console function uses the 5250 emulator from the IBM iSeries Access for Linux product. Emulator documentation is available on the HMC by using the Help menu option on the emulator or the setup panel.

Control Functions

Control functions are available from the 5250 emulation session Control menu. To send a control key, click the Control menu, then select any of the following keys:

Reset key

System Request Key (SysRq, also commonly known at the sysreq key)

Attention Key

Help Key

Enter Key

The control functions can also be accessed by using a key sequence.

Default Key Sequences

The default key sequences can be viewed by clicking the Help menu and selecting the Key Sequences topic. The current keyboard mappings can also be viewed by clicking on Option > Keyboard Remapping. Some examples follow:

Attention: Esc

Copy to clipboard: Shift + left-click (click and drag to select, release to copy)

Paste from clipboard: Shift + right-click

Note: On the HMC, the Print Screen, Scroll Lock and Pause/Break keys are reserved for the window manager. All default mappings using those keys are disabled. This includes the default mapping for the System Request Key (Alt+Print Screen).

Keyboard Remapping

The 5250 emulator keyboard mapping can be customized. To change or view the current mappings, do the following:

1. Start a 5250 emulation session.

2. Click on the menu item Option > Keyboard Remappings. If the menu item is missing or disabled (grayed out) then verify that it is enabled in the IBM 5250 Setup panel. The setup panel can be launched by doing the following:

a Right-click on the desktop and select Terminals > IBM5250.

b In the 5250 Setup panel, click Preferences > 5250.

c Verify the keyboard mapping setting is enabled.

3. The Keyboard Remappings panel can be used to change the default mappings. For example, the system request can be mapped to Shift + Print Screen.

4. Click the Apply changes to session button to apply the changes to the current emulation session.

5. Click the Save button to save the changes. The user can select to save the changes as the new mapping for all user sessions or for this emulation session only. The changes are scoped to the current HMC user profile.

Using Other Emulators

The HMC remote 5250 console function allows other emulators to be used. If a user has already created customized macros, keypads, keyboard mappings, and so on for another emulator, it might be easier to use that emulator over a remote 5250 console than to re-create the customization on the HMC.

SRC A9002000 on an HMC-Managed System after Installing from a SAVSYS

A restore was completed from a V5R1 system to a new Model 570 at V5R3 following the procedure for a slip migrate release. At the point where the users were ready to do a B-IPL, they could not access the system console, which was a HMC console. They received an SRCA9002000, which indicates the system console cannot be found. A manual B-IPL works fine through DST and locates the console.

The problem was with the old controller type that was brought over with the restore from the V5R1 system. WRKCTLD showed controllers, but these were brought over from a V5R1 configuration. They did not work because the controllers used for an HMC console are of a different type. There was a 2746 Twinax CTLD varied on with no device under it. They had 5 CTL0x twinax controllers.

To resolve the problem, vary off all old CTLDs from the V5R1 system and turn on QAUTOCFG. After the normal IPL starts, it will autoconfigure a CTLD for the HMC console that is the correct type, and the console will have a sign on screen.

HMC 5250 Console Disconnects After a Period of Inactivity

Problem

After upgrading to HMC V4R2.1_0902, the HMC 5250 console can disconnect from a partition after 2 hours of inactivity. If the partition is running IBM® i5/OS™ with MF33488 or later, the console returns to the DST sign on screen. The user will see the 'resume' screen after logging back in. For earlier levels of i5/OS, the console session is lost. If the user attempts to reconnect, the console will hang with the message "0043 Connected - waiting for screen data".

Recovery

For i5/OS levels before MF33488, the only recovery is to IPL the partition.

To prevent the console hang problem from recurring until an e-fix is available, connect with a shared console or apply MF33488 or later to each i5/OS partition. Both methods allow console recovery without requiring an IPL of the partition.

HMC Console Error: "0099 Unknown Error Occurred - Contact Service"

If one HMC has an active 5250 console connection to a partition, an attempt to open another 5250 Console connection to the same partition from a redundant HMC will fail. The error message differs depending on the version of the HMC.

Version 4 Release 2.0 and earlier of the HMC returns the error: 00FF Unknown Error Occurred - Contact Service.

Version 4 Release 2.1 and later of the HMC returns the error: 0008 Session already in use.

In the case of networks with redundant HMCs, only one of the HMCs can have an active console connection. Console sharing (two or more consoles sharing the same session) is only available using the remote 5250 console function through one direct connected HMC.

To resolve the problem, first locate all redundant HMCs. On each redundant HMC, end any active local 5250 console session and any remote 5250 console session connected through that HMC.

CPFA0AC When Trying to Do a RMDIR or RM of an IFS Directory

When doing a RMDIR or RM to delete a sub directory or directory, if the directory is not empty, the following message is issued:


CPFA0AC - Request cannot be completed. Directory contains objects.

The only file systems that support RMVLNK(*YES) are QDLS, QSYS.LIB, and IASP QSYS.LIB. The root, QOpenSys, and user-defined file systems do not support this.

Copying an IFS Directory Using OS/400 Commands

The CPY command may be used to copy individual or groups of files (using wildcards) within the Integrated File System. CPY does not, however, copy nested subdirectories even if a wildcard value is specified. In many cases, the easiest method for copying an entire directory tree from one location to another in the Integrated File System is through the use of IBM iSeries NetServer functionality and a copy tool such as XCOPY or Microsoft Windows Explorer. If a PC is not available, a directory tree may be copied from an IBM iSeries family of servers system using only green screen commands. Using a SAVF as a go-between allows you to bypass the limitations of the CPY command when dealing with nested directories.

For example:

A user has a directory /MYDATA off the Integrated File System root. /MYDATA has three subdirectories:

/MYDATA/MEMOS
/MYDATA/FINANCE
/MYDATA/FINANCE/QUARTER
/MYDATA/FINANCE/ANNUAL
/MYDATA/INVOICE
/MYDATA/INVOICE/WORKING
/MYDATA/INVOICE/SHIPPED
/MYDATA/INVOICE/SHIPPED/LOCAL
/MYDATA/INVOICE/SHIPPED/AWAY

Each of these directories contains various files that the company wishes to make available to its employees. They do not want to give everyone authority to the user's /MYDATA directory and prefer to create a /PUBLIC directory that contains all of the information from /MYDATA.

To do this, perform the following steps:
1 To create a save file to hold your data, on the operating system command line type the following:
CRTSAVF FILE(MYLIB/MYSAVF)
Press the Enter key.
2 Save the desired Integrated File System directory to the save file using the SAV command. (Full parameters are shown in the screen shot.) On the OS/400 or i5/OS command line, type the following:
SAV DEV('/QSYS.LIB/MYLIB.LIB/MYSAVF.FILE') OBJ(('/MYDATA'))
Press the Enter key.

3 Restore the directory to a new location, in this example /PUBLIC. (Full parameters are shown in screen shot.) On the OS/400 or i5/OS command line, type the following:

RST DEV('/QSYS.LIB/MYLIB.LIB/MYSAVF.FILE') OBJ(('/MYDATA' *INCLUDE '/PUBLIC'))
Press the Enter key.

 
In addition to the original /MYDATA directory tree, there is now a /PUBLIC directory tree with copies of all of the files and directories from the original directory.

Digital Certificate Manager

This document provides steps for configuring Digital Certificate Manager (DCM) on the IBM System i system.

Step 1: To start the HTTP ADMIN instance (if it is not already active), do the following:

1 To determine if the ADMIN instance is active, run the following command:

WRKACTJOB SBS(QHTTPSVR) JOB(ADMIN)

2 If there are no active ADMIN jobs, run the following command:

STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)

3 Run the WRKACTJOB SBS(QHTTPSVR) JOB(ADMIN) command again, and press F5 (Refresh) until at least 3 ADMIN jobs are in *SIGW status.

http://ipaddressorhostname:2001/

Step 2: To sign into Digital Certificate Manager, do the following:

1 Using a browser, access the following Web site:

Where is the IP address or host name of the System i™ system.

2 You are prompted to type a profile and password. Use a system administrator level profile.

3 The browser will display the i5/OS TASKS or iSeries TASKS page. Click the link for Digital Certificate Manager.

Step 3: To create a *SYSTEM store, do the following:

1 On the left panel, click Select a Certificate Store. If there is an option for *SYSTEM, you already have a *SYSTEM store.

2 If there is no option for *SYSTEM, on the left panel, click Create New Certificate Store. Click the bullet next to *SYSTEM, and then click Continue.

3 Click the bullet next to No - Do not created a certificate in the certificate store, and then click Continue.

4 Type a password for the *SYSTEM store (must be letters and numbers only with no punctuation nor spaces), and click Continue.

5 Click OK.

6 Click Cancel.

Step 4: To create a Local Certificate Authority, do the following:

1 On the left panel, click Select a Certificate Store. If there is an option for Local Certificate Authority (CA), you already have a Local CA.

2 If there is no option for Local Certificate Authority (CA), on the left panel, click Create a Certificate Authority (CA).

3 Type a password (letters and numbers only).

4 Provide a unique Certificate Authority (CA) name; for example, the name of your company, the name of your System i™ system, and Local CA MyCompany i5 Local CA.

5 Complete the remaining fields as appropriate. Specifying the maximum value for the Validity Period is recommended (unless your Security Administrator requires further limitations). Then, click Continue.

6 The option to install the certificate will be available later. Click Continue.

7 Setting the Validity Period for Server Certificates to the maximum value is recommended (unless your Security Administrator requires further limitations). Then, click Continue.

8 At this time, you do not need to have any applications trust this CA. Continue clicking Continue until you are asked if you want to create the default signing store. At that point, click Cancel.

Step 5: To create a Local Server Certificate, do the following:

1 Click the button: Select a Certificate Store.

2 Click the bullet next to *SYSTEM, and click Continue.

3 Enter the password to the store, and click Continue.

4 On the left panel, click the triangle next to FastPath to expand the section.

5 Under FastPath, click Work with server and client certificates.

6 Click the button: Create.

7 Click the bullet next to Local Certificate Authority (CA), then click Continue.

8 Fill in the fields on the form. For the Certificate Label, use a unique name. For example: MyCompany i5 Local Server Cert. For the common name, use the same value as the label. However, if this certificate will be used for HTTP, use the host identifier that you will be using in the URL. For example: www.i5.mycompany.com. (It is not necessary to complete any of the fields under Subject Alternative Name.) Click Continue.

9 You do not need to assign the certificate to any applications at the moment. Click Continue. Click Ok.

Step 6: To assign the Server Certificate to your applications, do the following:

1 Assuming that you are still signed into the *SYSTEM store, on the left panel under FastPath, click Work with server and client certificates.

2 If there are multiple certificates, click the bullet next to the one you want to work with.

3 Click Assign to Applications.

4 Check the box next to the application(s) you want to use the certificate, and click Continue. Click OK.

5 For server applications, end and start the server application for the newly assigned certificate to be in use. For client applications, sign on to a new character-based user interface (if necessary, sign off and on again) to pick up the changes in DCM.

6 The ADMIN instance is required only for configuration purposes and can now be ended. Run the following command:

ENDTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)

Sending Data to IBM System i5 Software Support

To send data to IBM System i5 Software Support, the data must be in ASCII text. The best way to get the file from the system is to use IBM iSeries Navigator to pull the files down to your PC. Highlight the files QSYSPRT and QPCSMPRT, as in the following print screen. (You might have only one of these files.) Then drag the files to your desktop (only the drag operation is supported).

To send the files to IBM Remote Technical Support, do the following:

1. Use a data compression utility such as PKZIP, PKZIP for Microsoft Windows, or WinZip to create a single binary file containing all of the data that must be sent to the Rochester Support Center. After dragging the files to your desktop, open the text file in Notepad: Top left of Notepad:

- Select File

- Select Save AS

- Change Encoding from UNICODE to ANSI

Note: When changing the encoding, this cuts most file sizes in half. To make sure you have the correct file name:

- Create a new folder

- xxxxx.bbb.ccc.yyy.yyy

- Drag the file(s) to the folder

- Zip or compress the folder

where xxxxx is the PMR number, bbb is the branch number, ccc is the country code (such as 12345.7TD.000), and yyy.yyy is a short description for the folder (such as 12345.ZIP or 12345.7TD.000.12345.ZIP for a zip file, or 12345.SAVF or 12345.7TD.000.12345.SAVF for a save file downloaded from the system).

2. After you have created the ZIP file, you can send it to your Rochester Support Center representative using FTP or e-mail.

3. To send the ZIP file using e-mail, contact your Rochester Support Center representative and get his or her e-mail address. Then attach the file to the e-mail and send it to their e-mail address. Specify the PMR in the subject line of the e-mail.

There is a 10 MB limit for attachments when sending an e-mail to IBM. If the file is larger than 10 MB, use the FTP option specified in Step 4. Otherwise, skip to Step 5.

4. To send the file using FTP, use an FTP program to upload the file in binary format to testcase.boulder.ibm.com in folder toibm/os400 and login using the anonymous user ID and your e-mail address as the password, or bring up a Windows command prompt and type the following commands:

ftp testcase.boulder.ibm.com

user anonymous

password (for example, your e-mail address)

cd toibm/os400

bin

put xxxxx.bbb.ccc.yyy.yyy

quit

where xxxxx is the PMR number, bbb is the branch number, ccc is the country code (such as 12345.7TD.000) and yyy.yyy is a short description for the file type (such as 12345.ZIP or 12345.7TD.000.12345.ZIP for a zip file, or 12345.SAVF or 12345.7TD.000.12345.SAVF for a save file downloaded from the system).

The testcase.boulder.ibm.com FTP site can also be accessed through a Web browser at ftp://testcase.boulder.ibm.com/ or https://testcase.boulder.ibm.com/.

5. After the file has been successfully sent or uploaded, notify your Support Center representative so they know to expect it.

Collecting System Dump

To collect a PHYP platform dump or System Dump, use Option 42 from the control panel. The system must be in manual mode.

Note: This will take down all partitions on the system.

If the system does not have a control panel, this Dump can be initiated from Advanced System Management.

Leave the default settings as shown, and click on Save settings and initiate dump:

 

 

 

 

 

 

 

 

 

Electronic Service Agent (V5R4M0) Jobs

The following are descriptions of V5R4M0 IBM Electronic Service Agent jobs:

QS9PALMON - This job periodically monitors the product activity log for errors. The start hour and analysis interval are set in GO SERVICE Option 1. PAL analysis will run 10 minutes after the hour. For example, 00 means the start hour is at midnight, and the PAL analysis interval is 4, so it will run at 00:10, 4:10, 8:10, 12:10, and 16:10 daily.

QS9PRBMON - This job monitors problem log entries and routes them to the appropriate data queue (data queue QS9HDW for hardware problems and data queue QS9SFW for software problems).

QS9HDWMON - This job analyzes hardware problems sent from QS9PRBMON and determines if they should be reported to the service provider. If they should be reported, it sends them to data queue QS9SND.

QS9SFWMON - This job analyzes software problems sent from QS9PRBMON and determines if they should be reported to the service provider. If they should be reported, it sends them to data queue QS9SND.

QS9PRBSND - This job monitors data queue QS9SND for problems that must be sent to the service provider and sends them to the QS9PRBCALL job.

QS9PRBCALL - This job initiates ECS activity and sends the problem.

QS9AUTOPTF - This job completes a transaction to the SDR (data receiver), which contains a list of PTFs deemed critical by IBM Service (Service Agent related and a few hardware PTFs). If the PTFs are not on the system or on a logical partition, it will download the save file or cover letter based on the parameters selected in GO SERVICE Option 1.

QS9AUTOTST - This job periodically sends a test problem to the service provider by using ECS. It runs weekly and when its interval is met, the job will send the test problem. For the weeks when sending the test problem is not done, the job will simply end normally and take no action. Note: This does not use HTTP connectivity; due to the type of transaction, it uses only VPN connectivity.

QS9SACOL - This is a service information collection and transmission job. It runs daily to collect and send the service information to IBM. If the settings in GO SERVICE Option 1 for the Send time element of the Service information parameter is set to *COLLECT, then QS9SACOL will collect and send the service information. If the send time is not *COLLECT, then QS9SACOL will only collect the service information and not send it.

QS9SASND - This is a service information transmission job. It runs daily to send the service information to IBM only if the send time is different than *COLLECT, which is immediately after the collection time based on the settings in GO SERVICE Option 1. If the settings in GO SERVICE Option 1 for the Send time element of the Service information parameter is set to *COLLECT, then this job is not needed and it will not exist. If the send time is not *COLLECT, then QS9SASND will be scheduled and only send the service information.

QSJHEARTBT - This job does a verification transaction to IBM to test the service information connection configuration. The default is 7 days; however, it can be changed in GO SERVICE Option 1, Connection Verification Timer. It can be changed from 1 through 21 days.

QSJERRRPT - This job sends problems immediately to IBM. It was implemented with PTF SI25871 at V5R4.

CL Command to Configure Internal Modem for ECS (V5R1-V5R3)

When the Electronic Customer Service (ECS) on the new internal modems made its debut, the only way to configure it was the Universal Connection Wizard from within Operations Navigator. Users who did not have the need to use Client Access or Operations Navigator were required to configure a PC to set up and configure the internal modem.

Although this remains the recommended way to configure the internal modem, there is now the ability to configure ECS using CL Commands provided in the following PTFs:  

1. For R510: SI07187 and SI07188 (prereq SI05752)
2. For R520: SI06847 and SI06848

CL Commands Included in the PTF: The following CL commands are included:

CRTSRVCFG - Create Service Configuration: This CL command allows you to configure a TCP/IP Point-to-Point *DIAL service connection to IBM via AT&T Global Network Services. *IOSYSCFG special authority is required.

DLTSRVCFG - Delete Service Configuration: This CL command allows you to delete an existing AT&T Global Network Services, TCP/IP Point-to-Point service configuration, and the associated line description. *IOSYSCFG special authority is required.

CHGSRVCFG - Change Service Configuration: This CL command allows you to change an existing AT&T Global Network Services, TCP/IP Point-to-Point service configuration. *IOSYSCFG special authority is required.

VFYSRVCFG - Verify Service Configuration: This CL command allows you to verify an AT&T Global Network Services, TCP/IP Point-to-Point service configuration by starting the profile and attempting to connect to the remote host via the dial access number specified in the profile. *USE authority to the STRTCPPTP and ENDTCPPTP CL commands is required.

Modem Types Supported

The following modem types are supported: 2699* Two-line WAN IOA.

 

2720* PCI WAN/Twinaxial IOA.

2721* PCI Two-line WAN IOA.

2745* PCI Two-line WAN IOA (replaces IOA 2721).

2742* Two line IOA (replaces IOA 2745).

2761 Eight-port analog modem IOA.

2771 Two-port WAN IOA with a V.90 integrated modem on port 1 and a standard communications interface on port 2. To use port 2 of the 2771 adapter, an external modem or ISDN terminal adapter with the appropriate cable is required.

2772 Two port V.90 integrated modem WAN IOA.

2793* Two port WAN IOA with a V.92 integrated modem on port 1 and a standard communications interface on port 2. To use port 2 of the 2793 adapter, an external modem or ISDN terminal adapter with appropriate cable is required. This replaces IOA model 2771.

2805 Four port WAN IOA with an integrated V.92 integrated analog modem. This replaces models 2761 and 2772.

Note: These adapters require an external V.90 modem (or above), or ISDN terminal adapter, and an RS232 or compatible cable.

 

Configuring Electronic Customer Support on the Internal Modem

To prepare for the configuration of ECS on the internal modem, perform the following steps:

1 Load and apply the appropriate PTF for your release with its prerequisites.

2 Set the system value QRETSVRSEC to 1. This allows the IBM® iSeries® family of servers to store and exchange information necessary to set up the communications with the AT&T Global Network.

3 Set the Modem Country ID to ‘US’ in the Network Attributes. On the operating system command line, type the following:

CHGNETA MDMCNTRYID(US)

Press the Enter key. Now you are ready to configure ECS on the internal modem. To configure ECS on the internal modem, do the following:

1 Using the CRTSRVCFG command with the following parameters, you will be allowed to choose the values for each of the required fields (note that this is all one CL command that is wrapped to fit). On the operating system command line, type the following:

CRTSRVCFG CNNTYPE(*PTP) SERVICE(*ECS) REFSRVCFG(*NONE) CNTRYID(*SELECT) STATE(*SELECT) TELNBR1(*SELECT) TELNBR2(*SELECT) RSRCNAME(*SELECT) MODEM(*SELECT)

Press the Enter key.

2 You will be prompted for the country. Select the country using Option 1.

 

 

 

 

 

 

 

 

3 You will then be prompted for the State. Select it with Option 1.

 

 

 

 

 

 

 

 

 

 

 

4 Next is the Primary Telephone Number - select the number desired, but verify it is still up-to-date with ATT by using their Web site at help.attbusiness.net and select the Access Numbers link in the left column. Make sure that the number you choose is V.90-capable because some ATT numbers are ISDN-capable only.

 

 

 

 

 

 

 

 

 

 

 

5 You will be given the opportunity to change this number to include a preceding 9, if required, or to remove the area code (if not required) or to change the number altogether if it does not match the current number from the ATT Web site given above.

 

 

 

 

 

 

 

 

 

6 Do the same for the backup number.

Note: If selecting the nationwide toll as a backup, do not select the 800-586-3089 number because ATT has changed this to a ISDN-capable only number.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

7 Select the *INTMODEM Communications Resource from the list.

 

8 Select the modem type to match your resource from the list:

 

 

 

 

 

 

 

 

 

You should then get the message that the profile was created.