Important Updates to Cybersecurity Software
HelpSystems is updating the names of our cybersecurity software, including the Powertech product line. Don’t worry—the functionality of your products won’t change.
See the new names here > New, Simpler Names for HelpSystems Security Software.
To successfully install any Powertech product in a High Availability (HA) environment, the Powertech product must be installed on the HA system before the production system.
This is necessary because replication software could be setup with global settings to replicate non-library objects such as user profiles, authorization lists, IFS directories, etc. Many of the Powertech products check for the existence of these objects (especially user profiles) prior to installation, and will not install if these objects already exist.
In Database Monitor for IBM i, the customer has the option to use triggers or journals to monitor the activity on their files. If using journals, the customer can use Database Monitor for IBM i’s journal (DATATHREAD/DTJOURNAL) or a journal in their application library to monitor the activity.
The preferred method when using Database Monitor for IBM i with a replication software is to setup Database Monitor for IBM i to use the ‘U’ (User’s) journal. Use this ‘U’ (user’s) journal as the HA journal to send the transactions from the source to the HA system.
Synchronization of the objects needs to be done on the individual object. Never use the ‘Library Synchronization’ feature of the HA product as it will clear the product’s library and replicate just the objects that are defined to be replicated. The licensed objects should never be replicated from the source to the HA system (see Step IV – Database Monitor for IBM i Replication below). The product will not function on the HA system because the licensed objects would be deleted and restored from the source system if ‘Library Synchronization’ was performed.
If 'Library Synchronization' was done, then the product will have to removed and reinstalled on the HA system again for the product to function properly and replication setup to use Object Synchronization.
Omit the following files and data queues from being replicated in the DATATHREAD library. Add an ‘Omit’ filter for each file and data queue listed below:
Note: After the ‘Omit’ filters have been set for the objects in DATATHREAD library, add an ‘Include’ filter to replicate all of the other objects in the DATATHREAD library.
‘Include’ Filter for all of the objects in the DATATHREAD.
Database Monitor for IBM i 3.06 or later has the ability to enter multiple licenses (press F7 – License List on License Setup screen). This allows you to enter the HA system’s license before the role swap so you don’t need to contact Powertech technical support for an emergency (temporary) key.
In the event that you are Not using multiple licenses, you will need to add the following object to the Omit list of objects to Not be replicated.
Role Swap done to my HA System, How do I start Database Monitor for IBM i?
Before Database Monitor for IBM i is started, the IDTJRN file can be cleared and the data queues can be deleted. The data queues will get recreated when starting Database Monitor for IBM i.
The IDTJRN file contains information on the journals used by Database Monitor for IBM i. Just in case the IDTJRN file does get replicated or restored from the source system, it is a good practice to simply clear this file before starting Database Monitor for IBM i. The IDTJRN record(s) will be recreated with the appropriate values for the journals on the target (HA) system when Database Monitor for IBM i is started. Use the following command to clear the IDTJRN file:
In the event the Data Queues were replicated or restored, it is good practice to delete the data queues in Database Monitor for IBM i. The data queues will be recreated when Database Monitor for IBM i is started. Use the following to delete the Data Queues:
WRKOBJ OBJ(DATATHREAD/IDTLOGQ*) OBJTYPE(*DTAQ)
Note: This will list the IDTLOGQ data queues A-G, select option '4' next to each one and hit ENTER to delete them.
Use the following command to delete the IDTINDXQ data queue. This will also be recreated when starting Database Monitor for IBM i.
WRKOBJ OBJ(DATATHREAD/IDTINDXQ) OBJTYPE(*DTAQ)
Note: This will display the IDTINDXQ data queue, select a 4 next to it and hit ENTER to delete.(DATATHREAD will recreate the queue upon restart)
Before starting Database Monitor for IBM i on the target (the HA) system in a mirrored environment, you will need to first verify that the HA system has a valid, permanent license or get a temporary license from Powertech Sales/Support.
Another way to verify that all of the Database Monitor for IBM i jobs are active in the DATATHREAD subsystem is to display the subsystem using WRKSBS, option 8 next to DATATHREAD.
|DT_WIM_SCK||PGM-IDTSOCK||(Socket Listener for Email)|
|DT_WIM_490||PGM-IDT490||(Socket Responder Email)|
Note: If job DT_MANAGER job has any messages, it may not start the other Database Monitor for IBM i jobs until the message is replied to. i.e. - If CPF9810 message, Library xxxlib not found, review your replication settings for this library on the source system to get the library on the HA system, then reply with an ‘R’ to retry the DT_MANAGER job to continue to start the other Database Monitor for IBM i jobs.
Note 2: Verify that the IDT470 job is running for each monitored journal. There will be one job for each journal used in Database Monitor for IBM i.
Note 3: Verify that the IDT475 job is active for the system audit journal (QAUDJRN).
Note 4: For email, the two jobs need to be active, the listener job - IDTSOCK and the responder job - IDT490. These two jobs require that the SMTP server jobs are active – QTSMTPxxxx in subsystem QSYSWRK. If no jobs are active, verify the SMTP setup on the HA system to the source/production system. These include the SMTP attributes and directory entries. The socket used for the these jobs is on port 3074.
Still have questions? We can help. Submit a case to Technical Support.