Before You Install or Update

Please review the following information before installing Authority Broker.
Note: When installing Authority Broker in an HA environment:

1. Stop the replication of user profiles from production to HA system by either ending the replication software or ending the replication of the user profiles.
2. Install Authority Broker on the HA and production systems.
3. Setup Authority Broker replication per the HA Setup instructions (see Authority Broker 4.x Setup in an HA Environment).
4. Start replication (including the user profiles).

Licensing

Authority Broker requires that you enter a valid license key. Contact keys@helpsystems.com if you need to request a new license key.

System Values

It is Powertech’s goal not to change system values on customer systems because we recognize that security-conscious organizations have rigorous change control processes in place for even small changes to system values. Therefore, we ask you to make any system value changes that are needed. However, the Authority Broker 4 installation process could change a system value to allow the install to proceed if a system value is not set as specified below. If the Installation Wizard changes a system value during install, it changes it back to its original value when the install completes.

To install Powertech Authority Broker 4 on your system, the following system values that control object restores must be configured as shown.

• Set QALWOBJRST to *ALWPGMADP (at a minimum) to allow the system to restore programs that adopt authority. Many Powertech Authority Broker programs adopt the authority of the product owner, rather than forcing you to give authority directly to administrators and end users. (Note: For some system configurations, *ALL is required temporarily.) 
• QALWUSRDMN controls which libraries on the system can contain certain types of user domain objects. You should set the system value to *ALL or include the name of the Authority Broker product library (PTABLIB and QTEMP as a minimum) for the product to function properly.
• Set QVFYOBJRST to 1, 2, or 3. This allows Authority Broker to restore all objects regardless of their signature. (Note: If you normally check signatures, remember to check this system value after the Authority Broker install process completes.)
• Set QFRCCVNRST (Force conversion on restore) to 0. Do not convert anything.

Auditing

Before installing Authority Broker, you must have the IBM audit Journal QAUDJRN already on the system. Newly purchased systems from IBM may not have this set up. 

System Requirements

Authority Broker 4 requires the following:

• IBM i (i5/OS, OS/400) version V7R1 or higher
• 206 MB of disk space

System Security – Exit point and access permissions

The Authority Broker 4 install wizard uses FTP and Remote commands to perform the installation. The Server’s FTP server must be started beforehand. If an exit program technology exists on the system, the profile used in the Wizard must be permitted access. IBM iSeries Navigator can also block FTP server access through the Application Administration component. The standard port reserved to establish an FTP connection to the IBM i is port 21. Consequently, it is required that this port is open and ‘listening’ on the server in order to establish a connection with the Installation Wizard and facilitate a successful installation.

Installing or Updating

Ensure the following servers are available and running prior to installation or updating:

• FTP Server
• Remote Command Server 

Do the following to perform the installation or update:

1. Download the Powertech Authority Broker installer (setupAuthorityBroker4.exe) from the Authority Broker download page. (The "Trial" download is the full product, which can be unlocked with a valid License Key). 

2. On the Choose Components panel, select which components you want to install. You can choose to install the Manuals and the Software for IBM i. Click Next.

3. If you’re only installing the Manuals, the process completes and the installer closes. The Manuals have been installed. You can skip the rest of these steps.

   Note: The manuals are installed to the following location: 
   C:\Program Files\PowerTech\Authority Broker\manuals

4. On the IBM i Details panel:

   1. Select or enter the IBM i where you want to load Authority Broker.

   2. Enter a user profile and password that’s a member of the user class *SECOFR and has at least the following special authorities: *ALLOBJ, *SECADM, *JOBCTL, *IOSYSCFG, *AUDIT, and *SERVICE. The user profile should have Limit capabilities set to *NO. This profile will be used to restore and copy objects, and for product maintenance on the IBM i.

   3. (Optional) In the Advanced Settings section:

      • Enter a port number or use the arrows if you want to change the FTP port number to something other than the default of 21.

      • Select Secure File Transfer if you want to use FTPS (FTP over SSL) during the file transfer. The default FTPS secure port is 990, but it can be changed to the required secure port for your environment.

      • In the Timeout (seconds) field, enter the number of seconds the session should be kept active during an FTP transfer. You can choose anywhere between 25 and 1800 seconds (30 minutes).

        Note: If the transfer takes longer than the amount of time specified, the session will expire.

   4. Click Next.

5. You have two options on the Product Load Options panel:

   1. Click Immediate Load if you’d like to load the product on the IBM i now.

      Note: If you're doing an update, this ends Authority Broker until the product load completes. After you are done, we’ll restart the product.

   2. Click Staged Load if you’d like to transfer the objects now and load them on the IBM i at a later time.

      Note: See "Loading Staged Objects on the IBM i" (below) for instructions on how to load the staged objects on your selected IBM i system.

6. The Product Load Progress panel for Authority Broker launches. To take advantage of the major improvements in system design and processor capabilities program conversion is required for all systems running IBM i 6.1 or later. The conversion replaces existing program objects, but each program object retains attributes such as the name, library, and owning user profile. This conversion is a one-time process on each object. To provide an uninterrupted work environment, all program conversion occurs during installation, which can extend the installation process as long as 90 minutes or more on some systems.

   If the Product Load Progress panel ends with an overall Failed message, the product upload could not complete properly. To find the reason the upload failed, click View Logs and review your logs. You can also use Download at the top of the logs to save the information for future review.

   When the processing is complete, you have two choices:

   • If this is the only installation or update of Authority Broker that you're doing, click Finish.

   • If you have installs or updates to do on other IBM i systems, click Restart. Then, return to step 4.

7. To verify that Authority Broker 4 installed successfully, enter the following command to display the Powertech Authority Broker 4 window, which shows the release and modification level of the product:

   PTABLIB/LPRDVRM

8. Add the product administrator's user profile to the POWERABADM authorization list:

   WRKAUTL POWERABADM

   Press 2 to edit and add the profile. The profile only needs *USE right.

Loading Staged Objects on the IBM i

If you chose to stage your objects during step 5b of the installation or update process, do the following to manually load them on the IBM i you identified above.

1. On the IBM i, execute the following command to display the Work with Loads panel:

   HSLOADMGR/HSWRKLOAD

2. Enter option 1, Load, next to the Load Name for Authority Broker and press Enter.

   The installation program installs Authority Broker, the PTABLIB library (as needed), and three user profiles (PLABOWN, PLABADM, and PTWRKMGTOW). It adds PTABLIB to the system portion of your library list, if required.

3. Review the information on the Install Authority Broker Host panel and make any necessary changes and additions. Select *NEW for the installation, then press Enter.

Authority Broker 4 installs the following product libraries, profiles, authorization lists, commands, objects, and exit points on your system.

Objects Installed on System

After You Are Done

After Authority Broker has been installed, the next step is to add your license key to the product. Configuration of the product may then begin. Use the command LWRKAUTBKR and take menu options 5, 14.

Note: The Authority Broker Administrator's Guide can be found at Powertech Product Manuals.