Important Updates to Cybersecurity Software
HelpSystems is updating the names of our cybersecurity software, including the Powertech product line. Don’t worry—the functionality of your products won’t change.
See the new names here > New, Clearer Names for HelpSystems Security Software.
Compliance Monitor has two features, the consolidator and an endpoint.
Note: Object size consideration
Large amounts of data may be retained in the product library. The largest objects typically are the CMTDJE* files. The save file of the library will contain these files, so implications of disk usage should considered when making a copy of the objects. Also, the process outlined in this document describes using FTP to transfer the save file. Using FTP for this can take a very long time and we have no ability to predict all the factors affecting the speed at which FTP can move the save file. If you have alternative means to transfer these to your target system, you may want to consider using them.
The Compliance Monitor Consolidator and Endpoint must be installed on the new system using the software installer so the user profiles and authorization lists are created.
Review the Compliance Monitor Installation Instructions prior to installing the product, especially the IBM required program products and PTFs.
Run the Compliance Monitor Pre-Checker prior to the installation on the new system, as it will check the system for the required IBM program products and PTFs.
Verify whether the new system will use the same mail server as the existing server. If a different server will be used, obtain the IP address or fully qualified name of the server.
Compliance Monitor reporting consists of different types of auditing that must be setup on the new system. Verify that the QAUDJRN journal is setup and collecting the proper information by comparing the appropriate systems values on the new system to the current system. The system values to check are QAUDCTL, QAUDLVL and QAUDLVL2.
If Automatic Collection is used, the journal entries selected in Automatic Collections must also be verified with the new system’s audit values (system values above) to ensure that necessary information is collected.
The users and administrators of the Compliance Monitor WUI must have user profiles created on the IBM i. Verify that these user profiles exist on the new system.
Verify the users setup in these authorization lists on the new system are the same users setup on the current system.
Consolidator: PLCM2ADM, PLCM2DTA and PLCM2PGM
Endpoint: PLCMADM
Compliance Monitor Browser Interface does support SSL (Secured Sockets Layer). If SSL was setup on the current system and will also be used on the new system, refer to the Using Secure Sockets Layer (SSL) with the Compliance Monitor Browser Interface document for these setup instructions.
Obtain a license key for the Consolidator and/or Endpoint for the new system from the Powertech Sales team.
Note: After normal business hours, contact technical support for a temporary key.
To successfully move Compliance Monitor from one system to another (i.e. a D/R system), you must first install Compliance Monitor on the destination system using the software installer.
The installer creates the required user profiles and authorization lists for Compliance Monitor.
Consolidator:
Endpoint:
Note: If the user profiles or authorization lists exist, installation will fail. If installation fails, delete these user profiles and/or authorization lists and try the installation again.
If the new system is in an HA environment, please refer to the Compliance Monitor Setup in an HA Environment for more information.
After the Compliance Monitor Consolidator and/or Endpoint products have been installed, you can save and restore the following objects on the new system.
Moving Consolidator:
Moving Endpoint:
ADDLIBLE PTCMT3
CALL SETLCLFTR
Note: If an empty screen appears, then no endpoint filters have been setup and there is no need to save and restore the PTCMT3 library.
Compliance Monitor version 3.12 and higher has the ability to enter multiple licenses on the Consolidator and/or the Endpoint (press F7 – License List on License Setup screen). This allows you to enter multiple licenses in preparation of a move or an event such as a role swap.
Note: In the event that you are using the multiple license feature and have added the new system’s license on the current system, you do not need to obtain a new license when migrating to the new system.
Also note: If you are not using the multiple license feature, you will need to install a new license after restoring the product libraries.
ENDPTCMCSL
Monitor the QP0ZSPWT job’s termination in the PTWRKMGT/PTWRKMGT subsystem.
CRTSAVF FILE(QGPL/CM2LIBSAVF) TEXT('Move Consolidator Compliance Library Savefile')
CRTSAVF FILE(QGPL/CM2IFSSAVF) TEXT('Move Consolidator IFS Savefile')
SAVLIB LIB(PTCMT2) DEV(*SAVF) SAVF(QGPL/CM2LIBSAVF)
SAV DEV('/QSYS.LIB/QGPL.LIB/CM2IFSSAVF.FILE') OBJ(('/PowerTech/ComplianceMonitor')) SUBTREE(*ALL)
Note: Target release (TGTRLS) must be determined by the customer.
RSTLIB SAVLIB(PTCMT2) DEV(*SAVF) SAVF(QGPL/CM2LIBSAVF) MBROPT(*ALL) ALWOBJDIF(*ALL)
RST DEV('/QSYS.LIB/QGPL.LIB/CM2IFSSAVF.FILE') OBJ(('/PowerTech*')) SUBTREE(*ALL) ALWOBJDIF(*ALL)
The endpoint was installed in Step II. If there are no endpoint local filters configured on the current system, this step can be skipped.
WRKACTJOB SBS(PTWRKMGT)
Check for active CM0000B jobs, these are the jobs which would be running if an assessment or an automatic collection is running. These jobs can be ended using the ENDJOB *IMMED option, however this will cancel the assessment on the Consolidator.
Note: Powertech recommends that you plan the move so these jobs will not be affected.
ENDPTCMEPT
Monitor the PLCMMON job’s termination in the PTWRKMGT/PTWRKMGT subsystem.
CRTSAVF FILE(QGPL/CM3LIBSAVF) TEXT('Move Endpoint Library Savefile')
SAVLIB LIB(PTCMT3) DEV(*SAVF) SAVF(QGPL/CM3LIBSAVF) PVTAUT(*YES)
Note: Target release (TGTRLS) must be determined by the customer.
RSTLIB SAVLIB(PTCMT3) DEV(*SAVF) SAVF(QGPL/CM3LIBSAVF) MBROPT(*ALL) PVTAUT(*YES) ALWOBJDIF(*ALL)
Review the following authorization lists and add the users from the current system to the new system:
Consolidator: PLCM2ADM, PLCM2DTA and PLCM2PGM
Endpoint: PLCMADM
After the product has been installed and the files restored, start the Compliance Monitor jobs.
On the Consolidator:
ADDLIBLE PTCMT2
CALL CM2280
On the Endpoint:
ADDLIBLE PTCM3
CALL PCM280
Enter the url for the new system http://xxxxxxxxxx:3035/ptcm
Still have questions? We can help. Submit a case to Technical Support.