Monday, 5 September 2016

Management Centrel : Properties

Management Central server


Require password on endpoint systems
Specifies that the user profile used to sign on to the central system must have the same password on each endpoint system. Even if this box is not checked, the user profile used to sign on to the central system must exist on each endpoint system. Selecting this box sets only the value for the central system. Each endpoint system must be explicitly configured to require the password for Management Central functions.

Use Secure Sockets Layer (SSL)
Specifies the use of SSL to ensure secure transmissions between the central system and the endpoint systems. SSL provides the transport and authentication of public key system certificates as well as private connection and data encryption. An SSL connection can occur only between an SSL-enabled central system and an SSL-enabled endpoint system. An SSL-enabled system is a system on which the required administration and configuration tasks have been performed.

Authentication level
If Use Secure Sockets Layer (SSL) is selected, select an authentication level.

Maximum data transfer size (MB)
Specifies the maximum size in MB for a list of fixes sent from a source system to the endpoint system. The value specified must be less than or equal to 2048. This does not apply to sending files, folders, or packages to systems or groups. Limiting the size of the list effectively limits the length of time allowed to complete the data transfer.

Maximum connections
Specifies the maximum number of endpoint systems that the central system can connect to at the same time. For example, if 200 for Maximum connections specified and then connect to 202 endpoint systems, two connections fail.

Endpoint connection time-out (seconds)
Specifies the number of idle seconds that the central system waits before the attempt to connect to an endpoint system is ended.

IP address lookup frequency
Specifies how often the IP address must be verified when connecting to an endpoint system. Select Always or Never.
•If Always is selected connecting to an endpoint system takes longer, but the IP addresses are always correct.
•If Never is selected connecting to an endpoint system is quicker because the connection uses the IP address currently stored in Management Central. Run Discover Systems at any time to update the list of IP addresses stored in Management Central.
Refer to online help for which configuration options require the user to restart the MC server jobs.


Configure Connection




In order to be designated as the Management Central system, the System i must be in the list under My Connections.

To see these windows:
1.Right-click My connections.
2.Select Connection to Servers.
3.Select Add Connection.

The final part of the process of adding a new connection is to verify the connection. It is useful to check that all components on the server are running. You can Verify Connection for an existing connection by right-clicking the server in the list of connections, then selecting Connection to Server>Verify Connection.



basic and Extended Operation


Basic support Options

System i Navigator Base Support
•Many things are included here for underlying support such as common dll and jar files

Basic Operations
•Message actions
•Ability to view spooled files

Work Management
•Job actions for job and system monitor menus

Configuration and Services
•Ability to view inventory directly
•Directly launch graph history from management collection objects
Network
•View, start and stop servers such as Management Central

File Systems
•Ability to view and select items from the file system such as files and programs
Users and Groups
•Edit and send user profiles

Command
•Create command definitions and run across a set of endpoint systems
Packages and Products
•Ability to package object and files
•Create installable products and PTFs

Monitors
•System monitors
•Job monitors
•Message monitors

Packing and Installation

Management Central is included as a component of System i Access for Windows at no additional cost.
The host System i function is integrated into base i. The client function is integrated into System i Navigator which ships as part of System i Access for Windows.
The connectivity general rule of thumb is that N-2 and N+2 releases are supported. It is recommended that your client and server be compatible as closely as possible. That would mean a V6R1 client connects to a V6R1 server.
Management Central is a subcomponent of System i Navigator and is not installed with a typical installation of System i Access for Windows. When installing, choose Custom Install. Expand the System i Navigator tree and select the appropriate components such as Monitors and Commands.

Command and Graph Interface


System i Navigator is a powerful Graphical User Interface (GUI) that provides an explorer-like view of system resources. 
The integration of System i Navigator with the Windows client desktop is an advantage for administrators and operators as well as end users who do not have an extensive knowledge of Control Language (CL) commands.
System i Navigator has been available since V3R1M1 of Client Access for Windows 95. Continuous enhancements have been made to the application to support other 32-bit windows clients and also to include additional functions such as Database, File Systems and so on.
You need the System Configuration (known as Configuration and Services in the hierarchical tree of System i Navigator) to view a list of hardware (including the operational status) and software (installed product or supported product) on the system. 
Fixes (PTFs) management and Collection Services are also available under this category if the Management Central component is installed.
You use the Network function to work with the TCP/IP configuration as well as configure and manage new communication interfaces (PPP, SLIP) using wizards. It also allows you to work with both TCP/IP servers and System i Access host servers.


The Security function provides a security wizard that runs through a set of questions and generates a security recommendation based on your answers. 
You can also manipulate security and auditing system values.

Wednesday, 24 August 2016

System Request


To prevent specific users from seeing the System Request menu, specify: GRTOBJAUT OBJ(QSYS/QGMNSYSR)OBJTYPE(*PNLGRP)  
USER(USERA)AUT(*EXCLUDE)

A user can use the system request function to suspend the current job and display the System Request Menu. The System Request Menu allows the user to send and display messages, transfer to a second job, or end the current job. This might represent a security exposure because the public authority to the System Request Menu is *USE when a system is shipped.
To call up the System Request menu:
1.Press the Sys Req key to show key an input line at the bottom of the display.
2.Press Enter to show the System Request Menu.
Each time the System Request key is pressed, the system automatically changes the current user profile of the job to the initial user profile of the job. This is done so that the user does not have any additional authority on the System Request menu or in the Presystem Request Program exit program. After the System Request function is completed, the current user profile of the job is returned to the value that it was before the System Request key was pressed.


From the System Request menu enter an option 1 to display the signon for a secondary job (Job B in this example). The original job (Job A in this example) is suspended during the time Job B is processed.
If the operator presses Sys Req and picks option 1, Job B is suspended and Job A is continued from the point it was suspended.
Thus, the operator can jump between two jobs, processing one while the other is suspended.
When the operator signs off one job (either one) the other job is given control to continue processing.

Restricting the use of system request menu options


Any of the options can be restricted by removing public

authority to the associated command.

You can prevent users from selecting specific options from the System Request Menu by restricting the authority to the associated commands


System Request


To prevent specific users from seeing the System Request menu, specify: GRTOBJAUT OBJ(QSYS/QGMNSYSR)OBJTYPE(*PNLGRP)  
USER(USERA)AUT(*EXCLUDE)

A user can use the system request function to suspend the current job and display the System Request Menu. The System Request Menu allows the user to send and display messages, transfer to a second job, or end the current job. This might represent a security exposure because the public authority to the System Request Menu is *USE when a system is shipped.
To call up the System Request menu:
1.Press the Sys Req key to show key an input line at the bottom of the display.
2.Press Enter to show the System Request Menu.
Each time the System Request key is pressed, the system automatically changes the current user profile of the job to the initial user profile of the job. This is done so that the user does not have any additional authority on the System Request menu or in the Presystem Request Program exit program. After the System Request function is completed, the current user profile of the job is returned to the value that it was before the System Request key was pressed.