AS /400 Tr ain ing P r og r am
1
Index :-
1.
Module 1
:
AS/400 Overviews
2.
Module 2
:
System Concepts
3.
Module 3
:
System Administration
4.
Module 4
:
System Security
5.
Module 5
:
Backup and Restoration
2
Module :- 1 AS/400 Overviews
3
Introducing the AS/400 System :The AS/400 system is a family of midrange computers based on a single software architecture.AS/400 is using OS/400 as an operating system. It provides many integrated features that from the foundation of computer systems. It is designed and built as a total system. It means that facilities such as a relational database and networking capability (and much more) are fully integrated into the Operating System and the machine. The user communicates with all these functions through a single control language, or by using system menus and prompts.As/400 is designed as a general purpose business computer; it is optimized for that environment. Its design reflects the dominant requirements of that environment.
Advantages of As/400 : Layered Machine Architecture :- This insulates users from hardware of the system. It enables the users to move towards new hardware technology at any time, without disrupting their application programs. Object Orientation :- Everything that can be saved or restored on the system is known as an “Object”. User can find the required object without knowing it`s location on the system. Objects exist to make users independent of the internal structure of the machine. Single-Level Storage :- Main storage and Disk storage appears contiguous. An object is saved or restored on the system via a device-independent addressing mechanism. This means extra main storage or disk storage can be added to the system and used without affecting the application programs and database. A user or a programmer is not concerned as to where a program or a file is; if they want to use it, they simply name it. Hierarchy Of Microprocessors :- As well as the main system processor, AS/400 has a large number of microprocessors. Every Input / Output (I/O) device type on AS/400 has its own microprocessor. This means that requests for data to or read from any I/O device can be delegated to the processor in charge of that device. Meanwhile, the main system processor executes another application. Easy To Use :- From operators and the end users point of view the menu driven structure of AS/400 makes it very easy to operate. Ability to grow and improve the system without disruption.
4
AS/400 Hardware :-
I/O Processor
Main Memory
I/O Processor I/O Processor
I/O Processor
System Processor
Service Processor
DASD Storage
Basic Block Diagram OF AS/400 System The system hardware includes the processor and the main storage, the I/O devices and controllers, and the racks, cables and controllers that make up the AS/400 system.the hardware design allows system components to be located throughout the enterprise to meet the need of the workplace. System components, such as additional racks, I/O controllers and storage and workstation devices can be added incrementally without reconfiguring the entire system.
Layered Machine Architecture :AS/400 insulates users from hardware characteristics through the layered machine architecture. This layered architecture raises the level of the machine interface, creating a high-level machine instruction set is independent of the underlying hardware implementation. Figure 1 shows the hardware with the licensed internal code that comprises the highlevel machine. AS/400 is unusual in that the machine is defined by software, not by hardware. The instructions presented to the machine interface undergo a further process of translation before they are “Understood” by the hardware. This process of translation is carried out by the licensed internal code. Hardware characteristics change as the technology changes; the user, however, still “sees” the same interface.
5
Furthermore, some frequently-executed routines (that would reside in the operating system of a conventional machine) have been moved into licensed internal code. This runs faster than a higher level languages, so any application using these routines will realize a performance gain.
Applications
Applications
OS/400
OS/400
Technology Independent Machine Interface Licensed Internal Code
SLIC- Object Based Kernel
48-Bit CICS Processor
64-Bit RISC Processor
Figure 1 : AS/400 Layered Architecture Examples of some basic supervisory and resource management functions that are in licensed internal code are validity and authorization checks. The high-level machine provides the user with the ability to address 2^64 bytes of storage on the PowerPc based Models of the As/400. Layered machine architecture means that as new hardware and software technologies emerge, they can be employed without affecting applications. The strength of this architecture was evident with the introduction of the new range of PowerPc based AS/400 Models in June 1995. The System Processor changed from being a 48-bit CISC to 64-bit RISC. Yet existing customer applications can run on the new processors and take full advantage of the 64-bit capacity without any recompilation or rewrite needed of the application.
Hierarchy Of Microprocessors :In As/400 system along with the main system processor, there is a range of other processors, each dedicated to a particular I/O device. What this means is that when the main system processor encounters a request for data to be written to or read from any I/O device, that request is delegated to the particular microprocessor dedicated to that I/O device.Meanwhile, the system processor continues with another application program. This design provides As/400 with its outstanding performance in the commercial, transaction-based, environment. It also means that the latest microprocessor technology can be easily utilized at any time without disrupting the rest of the system. 6
Using the N – way multiprocessor capability of the As/400, the larger modes of As/400 can have up to 4 processors.
Main Storage
I/O Processor
System Processor
I/O Processor
Service Processor
I/O Processor
I/O Processor
Hierarchy Of Microprocessors
7
Module: - 2 System Concepts
8
Object Oriented Technology :Everything on AS/400 that can be stored or retrieved is contained in an “Object”. Objects exists to make users independent of the implementation techniques used in the machine. The “ Create Object “ instruction establishes the object`s name and its type. All objects are structured with a common object header, and a type-dependent functional portion. An object thus combines the data and the valid methods of using that data into one entity. Therefore only valid methods of using that data are allowed. This improves overall integrity of the system and its data. Thus also permits the system to perform standard object-level functions very efficiently; the object type then determines the way in which a specific object can be used when retrieved. The architecture supports multiple extends to an object. In other word, a user is not concerned with the space his object occupies. The system allocates space automatically. Object orientation gives a strong foundation for new technologies such as artificial intelligence. The object-oriented AS/400 architecture lends itself very well to the utilization of object-oriented techniques for the representation of knowledge in an expert system. With the PowerPc based Models of the AS/400, the Licensed Internal Code that sits above the hardware has been written as System Licensed Internal Code with an Object Based Kernel. The Kernel has been written in C++ and is fully Object Oriented giving all the advantages of flexibility, code reuse, programming efficiency, and error reduction that come from Object Oriented Programming.
Single Level Storage :The AS/400 system is a shared system in which all portions of main and auxiliary storage are addressed as though they are within a single area (or level). The system uses the object name to determine where the object exists in the system. This means that the user can find objects by name rather than by storage locations. Because operations cannot be performed on an objects by name rather than by storage locations. Because operations cannot be performed on an object that is not in main storage, the system moves a part or all of the object into main storage as it is needed and moves it back into auxiliary storage when it is not needed. This transfer is controlled by the system and does not require control by the user or programmer All system storage (Whether main storage or disk storage) is addressed in the same way. This single, device-independent addressing mechanism means that to run a program, a user calls its name. All objets are treated as if they reside in a 2^ 64 byte address space.
9
The AS/400 system`s virtual addressing is independent of an object`s physical location, and the type, capacity and number of disk units on the system. What this means is that application programs do not require modification in order to take advantage of new storage technologies. Users can leave all storage management entirely to the machine.
Operating System The OS/400 licensed program supports the IBM AS/400 system. It controls the operation of programs and provides services such as controlling resources, scheduled jobs, controlling input and outputs, and managing data. The OS/400 program is designed to designed to complement and extend the advanced capabilities of the AS/400 system to provide fully integrated support for interactive applications. To supplement the full range of the interactive environment, the AS/400 system also processes multiple batch applications at the same time. Many of the functions of the OS/400 program are directly applicable to interactive data processing. Among these functions are : •
Database support to make up-to-date business data available for rapid retrieval from any workstation.
•
Work management support to schedule the processing of requests from all workstation users.
•
Application development support that allows online development and testing of new application programs to run at the same time as normal production activities.
•
System operation support that allows the user responsible for system operations to perform work from the display station using a single control language, complete with prompting and help for all commands.
•
Message handling support that allows communication between the system, the user responsible for system operations, workstation users and program running in the system.
•
Security support to protect data and other system resources from unauthorized access.
•
Service support that allows service representative to diagnose problems and install new functions with minimal affect on the normal flow of work.
10
The system can be set up and installed using system defaults for basic functions. As the need of the business grow the use of controls and functions can be increased without disrupting applications that are already on the system. The OS/400 functions are accessed either through the use of a comprehensive set of menus or through the control language CL. Other AS/400 licensed programs such as high-level languages and the applications development tools also use OS/400 menus and CL. The AS/400 system is controlled through a single consistent control language that is supported by the Operating System. The Control Language provides the operations normally associated with controlling the operation of a system such as : •
Controlling the operation of input and output devices attached to the system.
•
Submit batch jobs.
•
Ending a session with the system
In addition, many advanced functions used in data processing are provided. For e.g. Data files and programs are created, the running of programs is controlled and workstation user can communicate with each other by using functions requested through the control language. Although the control language is the interface through which the functions of the operating system are controlled. It is not the only interface available to the user. The data is accessed and updated by high level language programs using OS/400 functions.
Object Management The term object refers generally to named items (such as programs and files) that are stored in the system. The object management functions allow objects to be grouped and arranged in the system. The object management system functions allow users to create, update, and delete objects by name, without needed to specify the exact storage location of the objects.
Work Management The Work Management functions provides the framework through which the system and all the work performed on the system and controlled. These functions support an environment running more than one computer at a time and manage competition between jobs for main storage and other system resources. The work management function allows work to be submitted by the user presented to the machine to the processed, and controlled by the user responsible for system operations.
11
Data Management The data management functions support documents, database, files and device files. Data management for documents and database provides the functions required for creating and updating database files and performing input and output operations on them. Data Management for the devices provides input and output operations for both local and remote devices attached to the system, including many unique functions to support the display and printer devices.
System Management The AS/400 system integrates most major functions by making them a part of the operating system. For e.g. a user can control the operations of jobs and subsystems, respond to system messages, perform save and restore operation and so on. These operations can be performed from any workstations by authorized users and are not restricted to a single person.
Control Language While the menu system is the primary interface to the OS/400 program functions, the Control Language is also available to directly access system functions and can be used at the same time by users from different workstations. A single Control Language statement is called a command. Commands can be entered : • • •
Individually from a workstation. A part of batch jobs. As source statements to create Control Language programs.
To simplify the use of Control Language, all the commands use a consistent naming convention. In general, the first three letters refers to the action to be taken, the next three refers to the object of that action and the last character if any, provide an additional descriptor of the task to be performed. For e.g. WRKJOBQ command tells the system that the user wants to work with a job description. In addition, the Operating System provides prompting support for all commands, default values for most commands parameter, and syntax checking to ensure that a value is typed correctly before the function is performed. Thus, the Control Language provides a single, flexible interface to many different system functions.
12
Communications The communication structure supports multiple architecture in a flexible and extendable fashion, by supporting multiple communications architecture implementations and the sharing of physical resources. Documents, Data and files can be exchanged with remote system as well as allowing remote users to access files and applications program on the AS/400 system.
Query / 400 Query/400 is an IBM Licensed Program and a decision support utility that can be used to obtain information from the As/400 database. It can obtain information from any database file that have been defined on the system using O.S./400 Data Description Specification (DDS), O.S./400 Interactive Data Definition Utility (IDDU) or the IBM Structural Query Language/400 (DB2/400) program. You use query to select, arrange or analyze information (data) stored in one or more database files to produce reports and other data files. You can create your own query definitions and then run them or you can run existing queries. You determine what data the query to retrieve, the format of the report and whether it should be printed, displayed or sent to another database file. You can use query to obtain information from a single file or a combined set of 32 files. You can select all the fields or a few of the fields and organize them as you want them to appear in the type of output chosen. You can have all reports in the files included in the output , or you can select only a few to be included using selected tests.
13
AS/400 Objects: The object-based architecture of the machine is fundamental to the overall design of the functions provided by the AS/400 system. Each type of object on the system has a unique purpose within the system. Each has an associated set of commands with which to process that type of object. Different object types have different operational characteristics. These differences make each object type unique. Each object has a name. The object name and the object type are used to identify an object. The object name is explicitly assigned by the system for system supplied objects or by the user when creating an object. The object type is determined by the command used to create it. Libraries: A library is an object that is used to group related objects and to find objects by name. Thus a library is a directory to a group of object. The no of object contained in a library and the no of libraries on the system are limited only by the amount of storage available. Two different objects with the same can exist in the same library, only if their objects types differ. However, two objects with the same name and type can exist in different libraries. There are three types of libraries : 1. Systems 2. User 3. Product Folders: A folder is a named object that is used as a directory for documents and other folders. Folders can be filed within another folder. Folder within folders is similar to a filing cabinet. A folder path is a list of the folders within folders needed to find a document or object within folder. Files: File is an object that contains either a set of related records handled as a group or a stream of data. One of the most common types of files that contains records is the database file. A document is the type of file that contains only a stream of data. There are different type of files on the system as follows: 1. Physical file 2. Logical file 3. Display file 4. Printer file 14
5. 6. 7. 8.
Tape file Diskette file Message file Save file
Programs: A program is an object containing a set of instructions that tell the system where to get information, how to process it and where to put the results. When the system compiles the program description, the object type identifies it as a program. Because it is program object, the system begins to read the lines of code and to process the commands. Job Queue: The system handles multiples operations at the same time and supervises the sharing of the system resources. The jobq manages the batch request submitted by the users. A user can then continue to work at the workstation on other tasks while the system processes the request. Out Queue: As the job processes a request to print data it gets data from a database file and uses the print device file to format the data. The formatted print files are placed on an output queue until the writer is ready to send the information to the printer. Out queue can be arranged by priority depending on users needs. Message Queue: Communication between programs between jobs, between users, between users and programs and between users and the system occurs through messages. When a message is sent to program or to a system user, it is placed on a queue associated with that program or user. The OS/400 program, automatically provides message queues for : 1. workstation on the system 2. user enrolled on the system 3. users responsible for the system operation 4. system history log The users to meet any special application program requirement can create additional message queues.
15
Data Queue: When running an application consisting of several programs, it is often necessary to pass data and variables to other programs. Programs can set up data queues to be used by the entire application so that all programs can refer to a single set of data and variables passed to the programs through the queue. User Profiles: A user profile is an object that identifies a particular user or a group of user to the AS/400 system. The user is known in the system by user profile name. When a workstation signs on, the user id is used to find the user profile setting. The password is defined in the user profile. All AS/400 system security functions rely on the user profile to describe each user. The user profile identifies the authorities to that user. A group profile is used to provide the same profile for a group of users. This eliminates the need to assign the authority to each user individually. Menu: The menu allows users to select the task they would like to perform without having to use the system commands. This task menus provides users with a more defined group of choices regarding tasks or objects available.
Subsystem: A subsystem is a single, predefined operating environment through which the system coordinates the work flow and resource use. The system can contain several subsystems, all operating independently of each other. Subsystems manage resources. The run-time characteristics of a subsystem are defined in an object called a subsystem description. Each subsystem can run unique operations. For instance, you can set up one subsystem to handle only interactive jobs, while another subsystem handles only batch jobs. Subsystems can also be designed to handle many types of work. The system allows you to decide the number of subsystems and what types of work each subsystem will handle. The system relies on subsystem descriptions when starting subsystems. Therefore, if you want to change the amount of work (number of jobs) coming from a job queue, for example, you only need to change the job queue entry in the subsystem description.
16
Module :- 3 System Administration
17
Subsystem: A subsystem description is a system object that contains information defining the characteristics of an operating environment controlled by the system. The systemrecognized identifier for the object type is *SBSD. A subsystem description defines how, where, and how much work enters a subsystem, and which resources the subsystem uses to perform the work. An active subsystem takes on the simple name of the subsystem description. Like a set of detailed blueprints, each subsystem description is unique, containing the specific characteristics describing the subsystem. The description includes where work can enter the subsystem, how much work the subsystem can handle, how much main storage (memory) will be used, and how quickly jobs in the subsystem can run. You can use a subsystem description supplied with your system (with or without making changes to it), or you can create your own. A subsystem description consists of three parts: 1. 2. 3.
Subsystem attributes (overall subsystem characteristics) Work entries (sources of work) Routing entries
Creating a Subsystem Description You can create a subsystem description in two ways. You can copy an existing subsystem description and change it, or you can create an entirely new description. The following are two approaches you can use: 1. Copying an existing subsystem description 1. Create a duplicate object, CRTDUPOBJ, of an existing subsystem description. (You can also use the WRKOBJ or WRKOBJPDM commands.) 2. Change the copy of the subsystem description. 2. Creating an entirely new subsystem description 1. Create a subsystem description (CRTSBSD). 2. Create a job description (CRTJOBD). 3. Add work entries to the subsystem description. a. ADDWSE (Add workstation entry) b. ADDJOBQE (Add job queue entry) c. ADDCMNE (Add communications entry) d. ADDAJE (Add autostart job entry) e. ADDPJE (Add prestart job entry) 4. Create a class (CRTCLS). 5. Add routing entries to the subsystem description (ADDRTGE).
18
Starting a Subsystem To start a subsystem, use the Start Subsystem (STRSBS) command or the Work with Subsystem Description (WRKSBSD) command. To use the STRSBS command, specify the following: STRSBS SBSD (SBSD = library/subsystem description name) For example STRSBS MYLIB/MYSTORE Ending a Subsystem To end a subsystem: 1. Use the End Subsystem (ENDSBS) command ENDSBS SBS OPTION (SBS=the active subsystem name) For example ENDSBS MYSTORE *IMMED 2. Specify, using an option, when you want the subsystem to end. *IMMED End the subsystem immediately. Use this option if there are no users on the system and no batch jobs running. *CNTRLD Allow active jobs to end themselves (if they are checking to see if the job is being ended). Use this option when users or batch jobs are running in the subsystems to ensure the jobs finish before the subsystem ends.
Deleting a Subsystem Description To delete a subsystem description, use the Delete Subsystem Description (DLTSBSD) command. To use the DLTSBSD command, the subsystem cannot be active. Active and Inactive Subsystems An active subsystem is one that has been started, for example, with the Start Subsystem (STRSBS) command. An inactive subsystem is one that has been ended, for example, with the End Subsystem (ENDSBS) command or has not been started. You cannot remove pools from an active subsystem.
19
Job Management: Job is a unit of work. On AS/400 Job is a Unit of Work Done. There are 2 types of jobs on the system, 1. 2. 3. 4. 5.
Interactive Batch Prestart Autostart Communication
User can do the following activities with the job. 1. END 2. HOLD 3. RELEASE 4. CHANGE Every job is having priority to run on the system.1 is highest priority and 99 is lowest priority. Administrator can even change the jobq of the job. 1. Use following command to track a particular user’s jobs, WRKUSRJOB 2. Use following command to find out jobs in JOBQ, WRKJOBQ 3. Use following command to find scheduled jobs WRKJOBSCDE 4. To submit a job in batch use following command. SBMJOB 5. To find total number of active jobs on the system use the command as, WRKACTJOB 6. To find jobs running in particular subsystem use, WRKSBSJOB
20
User Profile Management: Create User Profile The create User Profile (CRTUSRPRF) command identifies a user to the system and allows you to customize the way the system appears. When the profile is created, the profile is given *CHANGE and *OBJMGT authorities for the profile itself. The system relies on the profile having these authorities to itself and they should not be removed. Restriction : The user of this command must have (1) *SECADM special authority, (2) *USE authority to the initial program, initial menu, job description, message queue, output queue, and attention-key-handling program if specified, and (3) *CHANGE and Object Management Authorities to the group profile and supplemental group profiles if specified.
Delete User Profile : The Delete User Profile (DLTUSRPRF) command allows a user to delete a user profile from the system. If a User Profile is damaged by system failure, it can be deleted by using the Delete User Profile (DLTUSRPRF) command and re-created by using the Create User Profile (CRTUSRPRF) command. After a user profile is re-created, the owned objects and primary group objects can be transferred back to it. Restriction: (1) The user must have use (*USE) and object existence(*OBJEXIST) authority to the User Profile. (2) The User must have existence, use, and delete authorities to delete a message Queue associated with and owned by the user profile. The User Profile cannot be deleted if a user is currently running under the profile, or if it owns any objects and OWNOBJOPT(*NODLT) is specified. All object in the user profile must first either be transferred to new owners by using the Change Object Owner (CHGOBJOWN) command or be delete the objects or OWNOBJOPT(*CHGOWN) user profile name) to change the ownership. Authority granted to the user does not have to be specifically revoked by the Revoke Object Authority (RVKOBJAUT) command; it is automatically revoked when the user profile is deleted.
21
Basic Operational commands 1.
ASSISTANT MENU The Operational Assistant is a series of user – friendly menus. By selecting menu options, the user can perform basic tasks. • • • • •
Work with printer output Work with jobs Send Messages Power On/Off tasks System Backup
The options displayed on your Operational Assistant Menu will vary, depending on the privileges granted to your profile. Accessing the Operational Assistant Menu There are two ways to access the Operational Assistant Display. •
The first method is to type go assist on the command line and press the ENTER key. After a short wait the menu should be AS/400 Operational Assistant Menu. To leave the Operational Assistant menu and return to the previous menu, tap the key.
•
The second method of is to tap the ATTENTION key. If you have mapped your keyboard using Client Access or Mocha 5250 and are using the standard IBM mapping the ATTENTION key will be the ESC key on your PC keyboard. If you tap the ATTENTION key and the Operational Assistant Menu does not display go back to the section in Getting Started (Client Access) or Getting Started (Mocha) that taught you how to change the keyboard mapping. To leave the Operational Assistant Menu and return to your previous screen, tap the key.
•
Check the system value for the “Attention key program” a)
Type go define on any Selection or Command line to reach the “Define or Change the System” menu.
b)
From the “Define or Change the System” menu, select 8, Work with System Values.
c)
Tap PAGE DOWN until you find the system value QATNPGM. The system values are arranged alphabetically, and they all start with Q.
22
•
d)
Position your cursor on the option line in front of QATNPGM and enter 5 on the option line. Tap the ENTER key.
e)
The value of QATNPGM should be *ASSIST. This may not be the case on other systems but GCIBM2 is configured so the system value for QATNPGM is *ASSIST.
Next we’ll confirm that your profile is set up to use the system value. Press F12 (cancel) to return to any display with a Selection or Command line. a)
On any Selection or Command Line, type CHGPRF and press F4 to prompt for values.
b)
Press the F10 function key to display Additional Parameters.
c)
Notice the word More … at the bottom right corner. Display another screen of parameters by tapping the PAGE DOWN key on your keyboard.
d)
Look down the left column until you Locate the description, “Attention Program”.
e)
The parameter for “Attention Program” should be *SYSVAL. If the parameter is not *SYSVAL, please position the cursor on the first character of the value and type *SYSVAL removing any extra characters in the field. Then press the ENTER key.
f)
Changes to the User Profile do not take affect until you sign off and sign back on. If you made changes in step e, please signoff and start new session. So you can utilize the ESC key to access the AS/400 Operational Assistant Menu.
Work with Printer output. Position cursor on the line labeled “Type a menu option below”. Type the option number for Work with Printer Output and then press ENTER. The next screen will display a list of spooled files (if you have any), These are files that are ready to print.
23
System Operations : An administrator continuously requires to Monitor following on the system. 1. % ASP USAGE OF THE SYSTEM: To find out the Percentage ASP utilized use following command: WRKSYSSTS 2. CHECKING ACTIVE JOBS: Use following command to check active jobs as well as CPU utilization, WRKACTJOB 3. CHECKING SUBSYSTEM STATUS: Use the following command to check all the active subsystems, WRKSBS 4.
TO CHECK THE LOG: Use following command to find out the log on the system. DSPLOG You can use same command to find log of a fixed time span.
5. TO CHECK STATUS OF *LIN,*DEV,*CTL : Use following commands to find status of Lines, Devices and Controllers respectively, WRKCFGSTS *LIN WRKCFGSTS *DEV WRKCFGSTS *CTL 6. CHECKING DISK STATUS : Use following command to check the disk status, WRKDSKSTS
Message Handling : Message is a means of communication between system and user. These are system messages & User Message. In User Messages users can send their own messages. System Messages and Users Messages are put in the user’s message queue. Messages may be a) b)
Informational (No reply Needed) Inquiry (Reply Needed)
Even users can send messages to each other using following commands, 1. SNDBRKMSG 2. SNDMSG
24
Messages may or may not break your screen depending upon its setting in the system, You can change message queue by command CHGMSGQ QSYSOPR del (*break). Message may have severity codes. 0 9 20 30 40 50 60 70. 80. 99
Informational, No reply needed Warning, A potential error condition Error, Error found, Automatic recovery procedures applied, processing continued SEVERE ERROR : - Error for severe for automatic recovery, error is source data or program. Severe Error; abnormal end of program or function, operation ends. Abnormal end of job or program – The job failed to start System Status – Issued only to System Operator Message queue, device, subsystem or system warning. Device Integrity – Issued to System Operator Message queue, device failed. System Integrity – Issued to System Operator Message queue, a condition when subsystem or system cannot function. Manual Action Required
By default every message given to the administrator goes into QSYSOPR message queue. Administrator can change this default message queue. To see the messages of any message queue use following command, DSPMSG To check system operators message queue use, DSPMSG QSYSOPR Reply List : The system reply list contains the replies that are automatically sent in response to inquiry messages. The reply list is only used when an inquiry message is sent by a job that has the inquiry message reply attribute of the system reply list specified. Use following command for this WRKRPYLE
25
Managing OUTQ`s and SPOOL Files : All the spool file created by the user as well as system goes into a OUTQ.QPRINT is the default outq of the system. Administrator can set default qouq for each user so that the spool files created by those users goes to that outq only. To work with all the outq use following command, WRKOUTQ To clear the outq use the following command , CLROUTQ < outq name > To work with spool files created by particular user use following command, WRKSPLF < user id > You can do following activities with the spool file, 1. DELETE 2. HOLD 3. RELEASE 4. CHANGE 5. SAVE User can change the outq of the spool file. Spool file is assign to a printer to print. User can print the spool file page wise as per the requirement.
26
LIST OF COMMON COMMANDS 1.
INZTAP
(Resource Name) Volume Identifier Clear Load Option
TAP01 Given any name *Yes *Unload
2.
WRKCFGSTS
*dev *ctl *lin *dev *prt *dev *dsp *dev *prt* (Displays printer who name starts with prt)
3.
WRKWTR
Work with Printers
4.
WRKSPLF
Work with Spooled Files
5.
WRKACTJOB
Shows jobs currently active in the system.
6.
WRKSYSACT
Shows which act job occupies how much space
7.
WRKSYSSTS
Shows % CPU used, memory capacity, hdd % used
8.
WRKSBS
Shows no. of active jobs in each sub system
9.
SNDBRKMSG
Send a message to user terminal. His screen gets interrupted temporarily but his job continues
10.
WHO
Gives Work-Station Name
11.
DSPMSG
Display messages sent and received by users.
12.
DSPLOG
Display log generate by system
13.
SNDMSG
Send a message to user terminal without any interruption.
14.
WRKJOBQ
Display how many jobs are in queue.
27
Basic OS & System Management (OS/400) 1. 2.
Go Assist Assistance Level
Option wrkmsg Press F2
3.
Assistance level can be set for the following CL Commands : Display Message DSPMSG Display System Status DSPSYSSTS Work with configuration Status WRKCFGSTS Work with Messages WRKMSG Work with spooled files WRKSPLF Work with System Status WRKSYSSTS Work with User Jobs WRKUSRJOB Work with User Profiles WRKUSRPRF Work with writers WRKWTR
(Operational Assist Menu) a) Basic Assist Level b) Intermediate
Adv. Assist level available only for some displays.
4.
Handling Message System Status Handling Device Status Handling Messages Printer Output System Status User Job User enrollment Check Printers
The “GO: Commands (GO *all)
Go Assist Go Backup Go cleanup messages) Go DeviceSts Go Hardware Go file Go Library Go ManageSys system) Go Power Go Restore system. Go runbckup Go Setup Go Status Go Tape
Goes to Operational Assist Menu Goes to backup menu (INZ & SAVE) Goes to cleanup menu (Cleanup for deletes old job logs, history logs, Goes to Config Status Screen Goes to hardware resources menu Allows you to work on files in a system Library menu allows you to work with libraries Manage System, Users, Devices (Displays what activity is going on in You can display and change power on-off schedule Allows you to restore info from tape or SAVF(Save file) on the Specify type of backup you want to run Customize System, Users, Devices Display Status of jobs, devices & system activities Use and Control tape devices.
28
Module :- 4 System Security
29
System security is an integrated function of the AS/400 system. It is Implemented at the instruction level and controls all AS/400 software functions. Users are identified and authenticated by a single security mechanism, at the system level, for all functions and environments available on an AS/400, including program development and execution, data base applications, office applications, and so forth. All objects on an AS/400 system are under security control, including libraries and files, display stations, operator console functions, programs, menus, and so on.
System Values The first topic describes the system values that control security on your system. The security system values are broken into four main groups: · General system values · Other system values related to security · System values that control passwords · System values that control auditing
General Security System Values The system values listed below can be changed through the Change System Value (CHGSYSVAL) command or using the Work with System Values (WRKSYSVAL *SEC) command. Changes to the system values become effective immediately, except for the security level (QSECURITY) value, which becomes effective only after the next IPL. QALWOBJRST
Allow objects that are security-sensitive to be restored to the system. Specifies whether system state objects or objects that adopt their owner¢s authority may be restored to the system.
QALWUSRDMN
Allow user domain objects in the libraries. Specifies which libraries are allowed to contain user domain objects of type *USRSPC, *USRIDX, and *USRQ. These objects are a potential security exposure on a system with high security requirements. The system cannot audit the movement of data to and from user domain objects. QALWUSRDMN can be left at its default value at security levels below 40. It must be considered when going to level 40 or higher.
QCRTAUT
Authority for New Objects. This value is used to determine the public authority of a newly created object, if the following conditions are met: # The create authority (CRTAUT) parameter for the library of the new object is set to *SYSVAL. # The new object is created with public authority (AUT) of *LIBCRTAUT (the default). The default value is *CHANGE. It is recommended that you do 30
not change this value. It is better to change the CRTAUT value at the library level. It may impact your day-to-day operations. QDSPSGNINF
Display Signon Information. Specifies that the signon information display is to be shown.This displays information such as the date of last signon, invalid signon attempts, and the number of days until the password expires (if applicable).This information can alert users that there has been unauthorized attempt to access the system using their user profile.For users requiring a value different from the system value, the DSPSGNINF keyword for an individual user profile can be set to *YES (to display the information) or *NO (for no information displayed).
QINACTITV
Inactive Job Time-Out Interval. Specifies in minutes how long the system allows a job to be inactive before taking action. A workstation is considered to be inactive if is waiting at a menu or display, or if it is waiting for some message input with no user interaction. When you specify a time-out interval, if a job reaches that interval the system will take the action specified in the QINACTMSGQ system value. Local jobs that are currently signed on to a remote system are excluded. PC Support/400 jobs are also included. An inactive workstation might allow unauthorized persons access to the system. This system value helps you to prevent users from leaving workstations inactive. Be sure to discuss the impact of a change of QINACTITV with the users on the system and inform them at the time you make the change.
QINACTMSGQ
Inactive Job Time-Out Message Queue.The QINACTMSGQ value specifies either the name of the message queue to which a notification message is sent, or the action the system takes when an interactive job has been inactive for a specified interval of time. The time interval is specified by the system value QINACTITV. There are considerations for PC Support/400 jobs.
QLMTDEVSSN
Limit Device Sessions. Specifies whether users are limited to sign on to more than one device at one time.
QLMTSECOFR
Limit Security Officer. Restricts privileged users (with *ALLOBJ or *SERVICE authority) to specified workstations. A privileged user who leaves the terminal unattended represents a considerable security exposure. QMAXSIGN Maximum Number of Signon Attempts. Defines the maximum number of invalid signon attempts by local or remote users. This also works for PC Router signon. Invalid attempts are any combination of invalid password, invalid user profile, or inadequate authority to the display station. Once a user has reached the maximum attempts value, the system will take the action specified in 31
QMAXSGNACN. The value should be high enough to allow correction for typing errors but low enough to prevent opportunities to guess a valid user profile and password. You can use security auditing to log signon violations. You must create aquery, or you can use Security/400. QMAXSGNACN
Action When Signon Attempts Reached.This system value determines what the system does when the maximum number of signon attempts (specified in QMAXSIGN) is reached. Possible values for QMAXSGNACN are: · 3: Disable both the user profile and device. · 1: Disable the device only. · 2: Disable the user profile only. With, PC Support/400, invalid attempts will only disable the user profile, but not the device. If you create the message queue QSYSMSG in QSYS, messages about critical system events are sent to that message queue as well to QSYSOPR. You can use the QSYSMSG message queue to monitor any invalid attempt to signon to the system, just by seeing it or controlling it by a program. Refer to Appendix A, “QSYSMSG Message Queue” on page A-1 for more details. The events sent to QSYSMSG can also be logged in the audit journal. If QSECOFR is disabled, and no other user profile has the authority to enable it, QSECOFR can still sign on from the system console. If the console is varied off the system must be IPLed.
QRMTSIGN
Remote Signon Control. Specifies how the system handles remote signon requests.
QSECURITY
System Security Level. QSECURITY controls the security level of the system. AS/400 security offers five levels of security: · Level 10: There is no user authentication, or resource protection. No password is required to sign on. The system is shipped with this value. It should be changed immediately, preferably to 30. If you wish to move to a security level above 30, you should first test your installation on level 30. · Level 20: Password - User authentication through user profile and password checking; no resource protection. · Level 30: Password and Resource - User authentication and resource protection. Users require authority to access objects. · Level 40: Password, Resource and Operating System Integrity 32
- User authentication, resource protection, and machine interface protection. · Level 50: Password, Resource and enhanced Operating System Integrity - User authentication, resource protection, and machine interface protection. Security level 50 is intended for AS/400 systems with high security requirements and to meet C2 security requirements. System Value
IBM Shipped Value
Production System
Domino System
QALWOBJRST QDSPSGNINF QINACTITV QINACTMSGQ QDSCJOBITV QLMTDEVSSN QLMTSECOFR QMAXSIGN QMAXSGNACN QRMTSIGN QCRTAUT
*ALL 0 *NONE *ENDJOB 240 0 1 3 3 *FRCSIGNON *CHANGE
*ALL 0 30 *DSCJOB 240 0 0 5 2 *FRCSIGNON *CHANGE
*ALL 0 *NONE *ENDJOB 240 0 0****** 10 1 *FRCSIGNON *CHANGE
Other Related System Values The following system values, while not specifically security-related, affect system functions when certain security system values are set. QAUTOVRT Automatic Configuration of Virtual Devices Specifies whether display station passthrough virtual devices and TELNET full screen virtual devices are automatically configured. QDSCJOBITV
Disconnected Job Time-Out Interval. This system value determines if and when the system ends a disconnected job. The interval is specified in minutes.
System Values for Passwords The following values apply to passwords. These values require users to change their passwords regularly as well as enforce rules for the creation of new passwords which prevents the use of passwords that are trivial or easy to guess. Whenever you want to change any of these system values, be sure to discuss the impact with the users on the system. Do remember to inform them when any change is made. The password composition system values are enforced only when the password is changed using the Change Password (CHGPWD) command, the ASSIST menu option to change a password, the QSYCHGPW application program interface (API), or on signon when a 33
password expires. In addition to the values below, passwords can be further verified by a password validation program. QPWDEXPITV
Password Expiration Interval Value. This value forces users to change password every 1 to 366 days, or not at all. The value must be set according to the company¢s security policy. This interval can also be modified for each user through the user profile password expiration interval parameter, PWDEXPITV.
QPWDLMTAJC
Restrictions of Consecutive Digits in Passwords.
QPWDLMTCHR
Restricted Characters for Passwords.
QPWDLMTREP QPWDMAXLEN
Restriction of Repeated Character in Passwords. Maximum Length of Passwords.
QPWDMINLEN
Minimum Length of Passwords.
QPWDPOSDIF
Position Difference of Characters in Successive Passwords.
QPWDRQDDGT
Requirement for Numeric Characters in Passwords.
QPWDRQDDIF
Required Difference in Passwords.
QPWDVLDPGM
Password Validation Program. Specifies the name of a validation program.
Auditing System Values This topic discusses the system values for controlling auditing on your system and a description of each. QAUDCTL
Auditing Control. The QAUDCTL system value determines whether auditing is performed.
QAUDENDACN
Auditing End Action. The QAUDENDACN system value determines what action the system takes if auditing is active and the system is unable to write entries to the audit journal.
QAUDFRCLVL
Auditing Force Level. The QAUDFRCLVL system value determines how often new audit journal entries are forced from memory to auxiliary storage (disk). This system value controls the amount of auditing data that may be lost if the system ends abnormally. 34
QAUDLVL
Auditing Level. The QAUDLVL system value determines which security-related events are logged to the security audit journal (QAUDJRN).
QCRTOBJAUD
Auditing for New Objects. The QCRTOBJAUD system value is used to determine the auditing for a new object, if the auditing default for the library of the new object is set to *SYSVAL.
Authorities : In AS/400 terminology, an authority is the permission to access an object. The object owner and the security officer (or other *ALLOBJ users) can grant or revoke authority to an object. It is important to understand the difference between authority to an object and authority to the data in the object. Operations such as moving, renaming, saving, or deleting apply to the object as such. It is possible to have authority for these operations without having access to the data stored in the object. Likewise, one can have full access (read, write, update, delete, execute) to the data in an object without having full authority to manipulate the whole object. Structure of authorities. Authorities Private Authorities Special Authorities ( 8 Nos.)
Public Authorities Specific Authorities
Object Authorities ( 6 Nos.)
Data Authorities ( 5 Nos.)
35
Special Authorities All security systems have special user privileges for certain security and system administration functions. Special authorities allow certain users to administer AS/400 security and system tasks. There are eight special authorities. These special authorities are not hierarchical. *ALLOBJ
All object authority is granted for accessing any system resource
*AUDIT
Allows the user to perform auditing functions
*JOBCTL
Allows manipulation of job and output
*SAVSYS
Used for saving and restoring the system and data without having explicit authority to objects queues and subsystems
*SECADM
Allows administration of User Profiles and Office
*SERVICE
Allows access to special service functions for problem diagnosis
*SPLCTL
Allows control of spool functions
*IOSYSCFG Allows change of system configuration
Specific authorities Specific authorities are further divided into 2 types. 1. Object Authorities 2. Data Authorities 1.
Object Authorities : There are 6 object authorities used in AS/400.Those are as follows. a. *OBJOPR ( Object Operational ) b. *OBJEXIST ( Object Existence ) c. *OBJMGT ( Object Management ) d. *OBJALTER ( Object Alteration ) e. *AUTLMGT ( Authorization List Authority ) f. *OBJREF ( Object Reference )
2.
Data Authorities : There are 5 data authorities used in AS/400.Those are as follows. a. *READ ( Read Data ) b. *ADD ( Add Data ) 36
c. d. e.
*DLT *UPD *EXECUTE
( Delete Data ) ( Change Data ) ( Run a Program )
The following authorities are independent (not hierarchical). For some operations a combination of authorities is required: *OBJOPR:
The object operational authority controls the use of an object and the capability to look at the description of the object. It is needed to open a file andtherefore usually assigned in combination with the desired data rights.
*OBJMGT: The object management authority controls the move, rename, and change attribute functions for object, and the grant and revoke authority functions for other users or groups. *OBJEXIST: The object existence authority controls the delete, save, restore, or transfer ownership operations of an object. *AUTLMGT: This authority is needed to manage the contents of an authorization list associated with the object. This is a specialized security authorization that is not usually grouped with the other seven object authorities. *OBJALTER: This authority is needed to alter the attributes of data base files and change the attributes of SQL packages. *OBJREF:
This authority is needed to specify a data base file as the first level in a referential constraint.
*READ:
Controls the ability to read data from the object.
*ADD:
Controls the ability to insert a new entry (such as a new record in a file) into the object.
*UPDATE:
Controls the ability to modify existing entries in the object.
*DELETE:
Controls the ability to remove existing entries (for example, records) in the object. To delete the whole object requires *OBJEXIST authority.
*EXECUTE: Controls the ability to run a program, service program, or SQL package, and to locate an object in a library or a directory. Some common combinations of authorities have been given special names as an
37
abbreviated form. For example, *USE is the combination of *OBJOPR, *READ, and *EXECUTE. *ALL
Allows unlimited access to the object and its data
*CHANGE
Allows unlimited access to the data in the object
*USE
Allows data in the object to be read
*EXCLUDE Allows no access to the object or its data
*PUBLIC Authority Public authority is the default authority for an object. It is used if users do not have any specific (private) authority to an object, are not on the authorization list (if one is specified) for the object, or their group(s) has no specific authority to the object.
Authorization Lists An authorization list is an important and commonly used security structure. It is used to authorize a user or a group of users to different types of objects (such as files or programs) secured by the authorization list. An object may have only one authorization list associated with it. An authorization list may secure more than one object. A user can appear on many different authorization lists. Authorization lists are not affected when objects secured by the authorization list are deleted. If an object is deleted and then restored to the same system, it is automatically linked to an existing authorization list for the object. This is an important advantage of authorization lists.
Adopted Authority Certain programs or commands called by a user may require a higher level of authority (for the duration of the command) than is normally available to that user. Adopted authority provides a means for handling this situation. Adopted authority allows a user to temporarily gain the authority of the owner of a program (in addition to the user¢s own authorities) while that program is running. This provides a method to give a user additional access to objects, without requiring direct authority to objects.
Audit Journal The Security Audit Journal is a facility that allows security-related events to be logged in a controlled way that cannot be bypassed. The following are some of the events that may be logged: · Authorization failures 38
· Object creations · Object deletions · Changes to jobs · Move or rename of objects · Changes to system distribution directory or office mail actions · Obtaining authority from programs which adopt · System security violations · Printing actions, both spooled and direct print · Actions on spooled file data · Restore operations · Changes to user profiles, system values or network attributes · Use of service tools · System management functions · Users¢ access to audited objects · CL command strings Information from the audit journal can be extracted into a database file, then examined by an auditor using a tool such as Query/400 to locate security violations or exposures.
Authority Holder An authority holder is an object that specifies and reserves an authority to a programdescribed database file before the file is created. When the file is created, the authority specified in the holder is linked to the file. The authority holder is for use mainly in the System/36 Environment.
Physical Security Physical and procedural security controls provide the basis on which other controls such as software security are built. In addition to physical access control and output distribution procedures, which are necessary controls in any computing environment and therefore not mentioned here, the AS/400 has two unique hardware features, which are important for physical security: · System Keylock - to enable or disable certain system service functions · Display Station functions - keylock, and play/record keys
The History Log (QHST) The history log (QHST) contains a subset of messages that are sent about system operational events to the system operator message queue. Some messages relating to system security are written in the system history log. However, this function is now superseded by support offered by the security audit journal. QHST should not be used as a source for tracking security-related events as it may have been in the past.
User Profiles 39
User Profiles contain information describing a system user, that user¢s privileges and limitations when using the system, and lists of objects the user owns or is authorized to use. For objects owned by a user, the profile also contains lists ofother users¢ authorizations to those objects.
Group Profiles A User Profile may be linked to a group profile. This allows all the members of the group to share common attributes, common access to selected objects, and common ownership of objects. A user is not required to be a member of a group. In V3R1 a user may be a member of up to 16 different groups. In earlier releases the user can only be a member of one group. In addition, only one level of grouping is permissible. For example, if user profile FRED belongs to group profile DEPTA, DEPTA cannot belong to another Group Profile. Group profiles are used to organize users along job functions and to simplify the assignment and administration of object authorities by authorizing users through a smaller number of group entries. When designing groups, it is important that the group ownership concepts are well understood and that good naming conventions are used. A group profile is implemented as a user profile; that is, it is created just like a user profile, and when granting authority, the AS/400 does not treat groups any differently than user profiles. The two uses may be intermixed. For easy management it is better that user and group profiles be used as separate entities. One way to enforce this is to set the group profile password to *NONE. This prevents any sign on to the profile.
Limited Capability A user may be assigned limited capability. This is done when creating or changing a user profile. Limited capability, when used with an appropriate initial program or initial menu, can restrict a user to a desired subset of the systems functions. Some local programming (or the use of a packaged application) is necessary to accomplish this. Limited capability (LMTCPB keyword of CRTUSRPRF or CHGUSRPRF commands) may be set to no, partial, or full. The selected value will affect initial program, initial menu, current library, the current attention program (associated with the attention key on the terminal), and access to general system commands.
User Classes There are five user classes which are hierarchical in authority. The classes represent different roles in the DP environment. These are convenient ways to assign the special authorities listed above to different types of users. A higher class can perform all the functions of a lower class; for example, *SECOFR includes the privileges of *SECADM by default. The following are the five user classes. *SECOFR
Security Officer 40
*SECADM *PGMR *SYSOPR *USER
Security Administrator Programmer System Operator End User
The user class also affects what options are shown on the system menus. A user with higher authorities will see more of the system menu options. A user with less authorities will only see the menu choices allowed by the user class. A user may be given any of the special authorities regardless of his user class. Letting the special authorities be assigned automatically to match the user class is a convenient way to get started. Special authorities can be assigned specifically, by the security officer or security administrator, when one of the standard user classes does not have the desired combination of authorities.
41
Module :- 5 Backup And Restoration
42
IBM iSeries and AS/400e servers offer a wide range of recovery and availability options. Your hardware or software includes some of the options. Others are ordered separately. They are intended to help you do the following: 1.Make your save operations faster and more efficient. 2.Keep your system available for your users. 3.Plan and manage your backup and recovery. Your Operating System/400 (OS/400) licensed program includes menus and commands for save and restore. You can use the save operations and restore operations on the system to do the following: 1. Recover from a program or system failure. 2. Exchange information between servers. 3. Store infrequently used objects offline. You can use commands and menu options to save individual objects and groups of objects. You can use some save and restore operations while your system is active. Other save and restore operations require that no other activity is occurring on the system. You can save and restore objects by using diskette, magnetic tape, optical media, or a save file. You can also use communications capabilities or an optical connection to save and restore objects with another system. If your system is busy most of the time, you can use the save-while-active function to reduce the time period that the system is unavailable while you are performing save operations.
Backup Recovery and Media Services for iSeries–Overview The Backup Recovery and Media Services for iSeries (BRMS/400) licensed program offers a set of functions for defining and performing these tasks: 1. Backup 2. Recovery 3. Archiving 4. Retrieval 5. Media management Starting with V5R1, Backup Recovery and Media Services provides a graphical user interface for backup and recovery that is integrated into iSeries Navigator. You can use Backup Recovery and Media Services to simplify and automate your backups and to manage your media. Backup Recovery and Media Services keeps track of what you have saved, when you saved it, and where it is saved. When you need to do a recovery, Backup Recovery and Media Services helps ensure that the correct information is restored from the correct tapes in the correct sequence.
43
Tivoli Storage Manager–Overview You can use Tivoli Storage Manager to protect data on your workstations and LAN file servers. The Tivoli Storage Manager can automatically back up critical LAN and workstation data and archive files that are used infrequently. It provides a disaster recovery solution for LANs and workstations. Administer the Tivoli Storage Manager from a client workstation that is attached to an iSeries server. It can back up data from a variety of workstation platforms. You can use the Backup Recovery and Media Services (BRMS/400) program to back up user data to any Tivoli Storage Manager when the server in a client/server environment. You can use Backup Recovery and Media Services for iSeries to manage the data that you save on the Tivoli Storage Manager and to manage the backup of the system data to local media.
44
Save your server with the GO SAVE command Use Go SAVE menu to take the backup on your As/400.
45
Overview of the GO SAVE command menu options : Access the GO SAVE command menu by typing GO SAVE from any command line. From the Save menu, you see option 21, option 22, and option 23 along with many more save options. A single plus sign (+) indicates that the option places your server into a restricted state, which means that nothing else can be running on your system when the menu option is selected. A double plus sign (++) indicates that your server must be in a restricted state before you can run this option.
Save Menu–First Display Page down on the Save menu to see additional options:
46
Save Menu– Second Display Page down on the Save menu to see additional options:
47
Save Menu– Third Display
Save menu defaults with GO SAVE: Option 20 You can use save menu option 20 to change the default values for the GO SAVE command, menu options 21, 22, and 23. This option simplifies the task of setting your save parameters and helps to ensure that operators use the options that are best for your system. In order to change the defaults, you must have *CHANGE authority for both theQUSRSYS library and the QSRDFLTS data area in the QUSRSYS library. When you enter the GO SAVE command, then select menu option 20, the server displays the default parameter values for menu options 21, 22, and 23. If this is the first time you have used option 20 from the Save menu, the server displays the IBM-supplied default parameter values. You can change any or all of the parameter values to suit your needs. For example, you can specify additional tape devices or change the message queue delivery default. The server saves the new default values in data area QSRDFLTS in library QUSRSYS. The server creates the QSRDFLTS data area only after you change the IBM-supplied default values. Once you define new values, you no longer need to worry about which, if any, options to change on subsequent save operations. You can simply review your new default options and then press Enter to start the save with the new default parameters.
48
If you have multiple, distributed servers with the same save parameters on each server, this option provides an additional benefit. You can simply define the parameters from the Save menu, using option 20 on one server. Then, save the QSRDFLTS data area, distribute the saved data area to the other servers, and restore it.
Save your whole server with GO SAVE: Option 21 Option 21 saves everything on your server and allows you to perform the save while you are not there. Option 21 does not save spooled files. Option 21 saves all of your data for additional licensed programs, such as Domino or Integration for Windows Server when you select to vary off your network servers. Also, if you have Linux installed on a secondary logical partition, you can back up that partition when you select to vary off your network servers. Option 21 puts your server into a restricted state. This means that when the save begins, no users can access your server and the backup is the only thing that is running on your server. It is best to run this option overnight for a small server or during the weekend for larger servers. If you schedule an unattended save, make sure your server is in a secure location; after you schedule the save, you will not be able to use the workstation where the backup is initiated until the save is complete.
1The command omits QSYS.LIB file system because the SAVSYS command and the SAVLIB LIB(*NONSYS) command both save it. The command omits the QDLS file system because the SAVDLO command saves Save system data with GO SAVE: Option 22
49
Option 22 saves only your system data. It does not save any user data. Option 22 puts your server into a restricted state. This means that no users can access your server, and the backup is the only thing that is running on your server.
Save user data with GO SAVE: Option 23 Option 23 saves all user data. This information includes files, records, and other data that your users supply into your server. Option 23 puts your server into a restricted state. This means that no users can access your server, and the backup is the only thing that is running on your server.
1Menu option 23 omits the QSYS.LIB file system because the SAVSYS command, the SAVSECDTA command, the SAVCFG command, and the SAVLIB LIB(*ALLUSR) command save it. The command omits the QDLS file system because the SAVDLO command saves it. Menu option 23 also omits the /QIBM and /QOpenSys/QIBM directories because these 50
directories contain IBM supplied objects.
Save parts of your server with other GO SAVE command menu options You may perform the following GO SAVE command menu options.
Save Security Data (SAVSECDTA) The Save Security Data (SAVSECDTA) command saves all security information without requiring a system in a restricted state. The SAVSECDTA command saves the same security information that is saved when a SAVSYS command is run including the following: User Profiles Authorization Lists Authority Holders Information saved with the SAVSYS or SAVSECDTA command can be restored using the RSTUSRPRF and RSTAUT commands, but a dedicated System is required.
Save Configuration Data ( SAVCFG) The Save Configuration (SAVCFG) command saves all configuration and system resource management (SRM) objects without requiring a system in a restricted state. The information saved includes the following Line descriptions Controller descriptions Device descriptions Class-of-Service description Network interface description Network server description
Configuration lists Hardware resource data Connection lists Mode description NetBIOS descriptions
51
Save Changed Objects: The Save Changed Object (SAVCHGOBJ) command saves a copy of each changed object or group of objects located in the same library. When *ALL is specified on the Objects prompt (OBJ parameter), objects can be saved from all user libraries or from up to 300. Specified libraries. When saving to a save file, only one library can be specified.
Overview of the GO RESTORE command menu options : Figure below shows the menu options and commands that are available for restoring information. It also shows the normal sequence for restoring information, working from top to bottom.
52
Save procedures and restore procedures for file systems
53
54
Relationship Between Save and Restore Commands
Restoring User Profiles : 1. Sign on as QSECOFR. 2. Ensure the system is in a restricted state. 3. Find the most recent save media that has your user profiles. It may be a SAVSYS media volume or a SAVSECDTA media volume. The file on the save media volume is called QFILEUPR. 4. If you are using a SAVSYS media volume, type: RSTUSRPRF DEV(media-device-name) USRPRF(*ALL) ENDOPT(*LEAVE) If you are using a SAVSECDTA media volume, type: RSTUSRPRF DEV(media-device-name) USRPRF(*ALL) ENDOPT(*UNLOAD)
Restoring the Configuration 1. Find the most recent save media that has your configuration. It may be a SAVSYS media volume or a SAVCFG media volume. The file on the save media volume is called QFILEIOC.
55
2. If you are using a SAVSYS media volume, type: RSTCFG OBJ(*ALL) DEV(media-device-name)OBJTYPE(*ALL) ENDOPT(*LEAVE) If you are using a SAVCFG media volume, type: RSTCFG OBJ(*ALL) DEV(media-device-name) OBJTYPE(*ALL) ENDOPT(*UNLOAD)
Restoring Document Library Objects 1. Find your most recent save media volume that you used to save all of the documents in the system ASP. You may have specified ASP(1) or ASP(*ANY) for the save operation. The media volume should have the library QDOC on it. 2. Use the following command to restore the DLOs: RSTDLO DLO(*ALL) FLR(*ANY) ASP(1)
Restoring Libraries Restoring entire libraries is a common way to recover user information. Use the Restore Library (RSTLIB) command to restore a single saved library or a group of libraries. The RSTLIB command restores the entire library, including the library description, object descriptions (only descriptions are restored for logical files, job queues, message queues, output queues, user queues, and data queues), and the contents of other objects. This command also restores status information for programming temporary fixes (PTFs) that were in the library at the time the library was saved. When you use the RSTLIB command, you can use the OPTION parameter to specify which objects in a library are restored: Possible Values for the OPTION Parameter of the RSTLIB Command: *ALL *OLD *NEW *FREE
Old objects are replaced and new objects are added to a library. *ALL is the default. Only old objects that already exist on the system are replaced in a library. Only objects not found on the system are added to a library. The old objects are not replaced. Only those objects that have their storage freed on the system are restored.
56
Restoring a Library From a Previous Release When you are restoring a library that was saved on a system at an earlier release, you can use the Force object conversion (FRCOBJCVN) parameter to specify whether programs are translated when they are restored. This can significantly impact the time it takes to restore the library. Restoring Multiple Libraries You can use the RSTLIB command to restore libraries in these groups: *NONSYS
All libraries that were saved with SAVLIB LIB(*NONSYS) command, including the IBM-supplied libraries QGPL, QUSRSYS, and licensed program libraries.
*ALLUSR
All user libraries that were saved with SAVLIB LIB(*ALLUSR) or SAVLIB LIB(*NONSYS).
*IBM
All IBM-supplied libraries that were saved with SAVLIB LIB(*IBM) or SAVLIB(*NONSYS). Only IBM-supplied libraries that contain IBM objects are restored.
Methods for Restoring All Libraries–Multiple Save Operations
57
