1. HelpSystems Community
  2. Knowledge Base
  3. Powertech
  4. Powertech Compliance Monitor for IBM i
  5. Installing Powertech Compliance Monitor for IBM i

Installing Powertech Compliance Monitor for IBM i

Important Updates to Cybersecurity Software

HelpSystems is updating the names of our cybersecurity software, including the Powertech product line. Don’t worry—the functionality of your products won’t change.

See the new names here > New, Clearer Names for HelpSystems Security Software.

System Requirements

  • IBM i version 7.2 or higher
  • Java 1.6 32-bit (required minimum)
  • Java 1.7 32-bit or Java 1.8 32-bit for 7.3
  • Library QICU – International Components for Unicode for 7.2 and 7.3, option 39
  • 256 MB of disk space
  • PASE (Portable Applications Solutions Environment), option 33
  • A fully-qualified hostname or IP address in the Host Name Table (CFGTCP - option 10)
  • IBM V7R2: PTF SI54166

Note: During installation an FTP connection is initiated. The FTP server responds with messages that prompt for FTP login credentials. The standard port reserved to establish an FTP connection to the IBM i is port 21. Consequently, it is required that this port is open and ‘listening’ on the server in order to establish a connection with the Installation Wizard and facilitate a successful installation.

If FTP is not available, you must install the product manually. See Manual Installation of Powertech IBM i Products.

Before You Install

Please review the following information before installing Compliance Monitor. 

Note: When installing Compliance Monitor in an HA environment:

  1. Stop the replication of user profiles from production to HA system by either ending the replication software or ending the replication of the user profiles. 
  2. Install Compliance Monitor on the HA and production systems.
  3. Setup Compliance Monitor replication per the HA Setup instructions (see Compliance Monitor Setup in an HA Environment)
  4. Start replication (including the user profiles).

Licensing

Compliance Monitor requires that you enter a valid license key. Contact [email protected] if you need to request a new license key.

System Values

It is Powertech’s goal not to change system values on customer systems because we recognize that security-conscious organizations have rigorous change control processes in place for even small changes to system values. Therefore, we ask you to make any system value changes that are needed. To install Powertech Compliance Monitor on your system, the following system values that control object restores must be configured as shown.

  • Set QALWOBJRST to *ALWPGMADP (at a minimum) to allow the system to restore programs that adopt authority. Many Powertech Compliance Monitor programs adopt the authority of the product owner, rather than forcing you to give authority directly to administrators and end users. (Note: For some system configurations, *ALL is required temporarily.)
  • QALWUSRDMN controls which libraries on the system can contain certain types of user domain objects. You should set the system value to *ALL or include the name of the Compliance Monitor product libraries (PTCMT2 [Consolidator], PTCMT3 [Endpoint], and QTEMP as a minimum) for the product to function properly.
  • Set QVFYOBJRST to 1, 2, or 3. This allows Compliance Monitor to restore all objects regardless of their signature.
  • Set QFRCCVNRST (Force conversion on restore) to 0, Do not convert anything.

Installation

The Compliance Monitor installation process is completely automated.

Ensure the system is not in a restricted state and that the following servers are available and running prior to updating:

  • FTP Server
  • Remote Command Server 
  • File Host Server 

If the File Host server is not active: Run the commands 

STRSBS QSYS/QSERVER

STRHOSTSVR SERVER(*FILE)

Do the following to install Compliance Monitor:

  1. Download the Compliance Monitor Installer from the Compliance Monitor download page. (The "Trial" download is the full product, which can be unlocked with a valid License Key).
  2. Double-click the .exe file to start the Installation Wizard. When prompted, enter the name of the system on which you want to install Compliance Monitor, a user profile, and password.

    Note: Make sure the user profile is a member of the user class *SECOFR and has at least the following special authorities: *ALLOBJ, *SECADM, *JOBCTL, *IOSYSCFG, and *AUDIT. The user profile should have Limit capabilities set to *NO.

  3. Specify how you want to load Compliance Monitor on your system, from the following:
    • Consolidator only
    • Endpoint only
    • Both (Installs both the Consolidator and Endpoint programs on the same system; this is the default selection. 

      Note: The Consolidator does not have to be an Endpoint.)

  4. When the confirmation window displays, click Start to upload and install Compliance Monitor on your IBM i.
  5. The Compliance Monitor Consolidator and Endpoint install processes run pre-checker programs that evaluate your system to verify that the install can proceed, including that you have the proper authority, that the operating system and PTFs are at the correct level, and that the default port (3035) used by Compliance Monitor is available. If the pre-checkers find any problems, you should review the message logs (CM2INSTP for the Consolidator, PCMINSTP for the Endpoint) for more information. 

    Note: Compliance Monitor installs a work management subsystem, PTWRKMGT, that allows Powertech products to submit long-running batch jobs without interfering with customer job queues. The PTWRKMGT subsystem also is used by other Powertech products, so if you have another Powertech product installed, it is not installed again. The PTWRKMGT library consists of a subsystem description, a class description, job queue descriptions for Powertech products, and job descriptions for Powertech products and features. PTWRKMGT is activated when a product needs to use it. All jobs in PTWRKMGT are submitted jobs; there are no prestart or auto-start jobs.

  6. When the install completes on the system, you can view the install log or select “Restart and load another system” to install on another system. Follow the instructions to install the Endpoint program on additional systems. You can install the Endpoint program on as many systems as you want, one at a time.
  7. When you are finished installing on all systems, click Finish to remove the Wizard from your PC. 

The installation process displays the job log name, user, and job log number. Use the WRKSPLF command to display the job log for complete information on the Compliance Monitor install.

Setting Up Compliance Monitor

After you’ve installed Compliance Monitor, do the following to complete the setup:

On the Consolidator System

  1. Add the Compliance Monitor Consolidator library to your library list:

    ADDLIBLE PTCMT2

  2. Enter the following command to display the License Setup panel:

    CALL CM2280

    Enter your Compliance Monitor license code.

  3. Enter the following command to start the Compliance Monitor monitor job, QP0ZSPWT, in the PTWRKMGT subsystem:

    STRPTCMCSL

    When prompted for a user name and password, enter the following:

    • Password: Enter a password of your choice and assign it to the PLCM2ADM profile.

On the Endpoint Systems

Sign on to each Endpoint system and do the following:

  1. Add the Compliance Monitor Consolidator library to your library list:

    ADDLIBLE PTCMT3

  2. Enter the following command to display the License Setup panel:

    CALL PCM280

    Enter your Compliance Monitor license code. The Endpoint license code is different from the Consolidator license code.

From Your Browser

  1. Enter the following to connect to the Consolidator system:

    HTTP://SYSNAME:3035/PTCM/

    where

    • sysname is the name of the system where the Consolidator is installed
    • 3035 is the default port number used by Compliance Monitor
  2. When the Login window displays, enter the following user name and password:
    • PLCM2ADM—the Compliance Monitor administrator profile
    • password—the password you specified for PLCM2ADM

      The first time you log on to Compliance Monitor, you must sign on as the administrator.

  3. Define each Endpoint system to the Consolidator. Display the online help for complete information on defining Endpoint systems.
  4. Set up the users and groups who will be allowed to sign in to Compliance Monitor. Display the online help for complete information on setting up users and groups.

Note: The Compliance Monitor Administrator's Guide can be found at Powertech Product Manuals.

Objects Installed on System for Compliance Monitor V3.x

Product

Installed on System Description

Product Libraries

PTSAVF

Consolidator

Installed on System Description

Product Libraries

PTCMT2

User Profiles

PLCM2ADM
PLCM2OWN

Authorization Lists

PLCM2ADM
PLCM2DTA
PLCM2PGM

Directory

/PowerTech/ComplianceMonitor

Commands in QGPL

ENDPTCMCSL (end consolidator)
STRPTCMCSL (start consolidator)
PLCMASMT (request assessment)

PowerTech-created Unregistered Exit Points:

POWERLOCK_CM2 (unregistered)

Endpoint

Installed on System Description

Library

PTCMT3

User Profiles

PLCMADM
PLCMOWN

Authorization List

PLCMADM

Commands in QGPL

ENDPTCMEPT (end endpoint job)
STRPTCMEPT (start endpoint job)

PowerTech-created Unregistered Exit Points:

POWERLOCK_CM (unregistered)

Still have questions? We can help. Submit a case to Technical Support.

New to PowerTech? Learn more, or sign up for a free trial.

Last Modified On: July 17, 2019
+1 800-328-1000
[email protected]
Cybersecurity
Compliance & Audit Reporting
IT Operations Management
IT Infrastructure Monitoring
Business Intelligence
Document & Forms Management

Copyright © 2019 HelpSystems