Important Updates to Cybersecurity Software
HelpSystems is updating the names of our cybersecurity software, including the Powertech product line. Don’t worry—the functionality of your products won’t change.
See the new names here > New, Clearer Names for HelpSystems Security Software.
To successfully install any Powertech product in a High Availability (HA) environment, the Powertech product must be installed on the HA system before the production system.
This is necessary because replication software could be setup with global settings to replicate non-library objects such as user profiles, authorization lists, IFS directories, etc. Many of the Powertech products check for the existence of these objects (especially user profiles) prior to installation, and will not install if these objects already exist.
Command Security has two profiles: PTADMIN and PTUSER.
Command Security has one authorization list: PTADMIN.
After you have installed Command Security on your target (HA system) and source (production system), you need to setup replication to the HA system. For Command Security, all of the objects can be setup for replication—in order to setup replication for objects pertaining to the licensing, see step VI below.
Note: Reports for Command Security will only be from the time Command Security is activated on the HA system (ie – after a role swap is performed). No history from the source system will be available on the HA system.
Command Security only has one authorization list: PTADMIN.
Replication for this authorization list should be setup on a scheduled, weekly basis to reflect any changes. Because these changes are not as frequent as the other changes, a weekly update would be sufficient.
Synchronization of the objects needs to be done on the individual object. Never use the ‘Library Synchronization’ feature of the HA product as it will clear the product’s library and replicate just the objects that are defined to be replicated. Because the licensed objects cannot be replicated from the source to the HA system (see Step V - Command Security Files to Omit below) the product will not function on the HA system because the licensed objects were deleted. If ‘Library Synchronization’ was performed, the product will have to be removed and reinstalled on the HA system again for the product to function properly.
Add an 'Include' filter to replicate the following user indexes as these are the objects that contain the rules and actions in Command Security.
Library | OBJECT | TYPE |
PTCSLIB | PCSACT | *USRIDX |
PTCSLIB | PCSCND | *USRIDX |
PTCSLIB | PCSIPC | *USRIDX |
PTCSLIB | PCSLNK | *USRIDX |
PTCSLIB | PCSNAM | *USRIDX |
PTCSLIB | PCSSET | *USRIDX |
PTCSLIB | PCSSSS | *USRIDX |
PTCSLIB | PCSUOR | *USRIDX |
Command Security version 1.03 or later has the ability to enter multiple licenses using the License List function. If the product only has one license code entered, press F7 to access the license list function, then F6 to add a new one. Once the product has more than one license code entered, the License Setup option on the menu will show the multiple licenses. This allows you to enter the HA system's license key before the role swap so you aren't required to contact Technical Support for an emergency (temporary) key.
In the event that you are using multiple licenses, you will need to setup the following objects for replication:
Library | OBJECT | TYPE |
PTCSLIB | PCS9800U | *USRSPC |
PTCSLIB | PCS9800U2 | *USRSPC |
PTCSLIB | PCS9802DA1 | *DTAARA |
PTCSLIB | PCS9802DA2 | *DTAARA |
Before Command Security can be used on the HA system, the exit points must be registered. This step must be done after the role swap but before anyone or any jobs start executing on the HA system. Failure to run this command will result with Command Security not knowing about the command, so access to the command will be based upon the object’s authority. In other words, Command Security would not be in control of the commands.
Run the PTCSLIB/PCSUPDREG program to register the exit points with the Command Security program. The PCSUPDREG program will iterate the list of monitored commands and ensure that a registry entry exists for each command that is setup in Command Security.
To verify whether the program was run, use the WRKREGINF command and view the exit programs for the QIBM_QCA_CHG_COMMAND exit point. There will be an entry for each command that has been added to Command Security. The exit program for each entry will be the same exit program, which is PTCSLIB/PCS1000. View the entry to find which commands are registered.
Still have questions? We can help. Submit a case to Technical Support.