Important Updates to Cybersecurity Software
HelpSystems is updating the names of our cybersecurity software, including the Powertech product line. Don’t worry—the functionality of your products won’t change.
See the new names here > New, Clearer Names for HelpSystems Security Software.
To successfully install any Powertech product in a High Availability (HA) environment, the Powertech product must be installed on the HA system before the production system.
This is necessary because replication software could be setup with global settings to replicate non-library objects such as user profiles, authorization lists, IFS directories, etc. Many of the Powertech products check for the existence of these objects (especially user profiles) prior to installation, and will not install if these objects already exist.
In Database Monitor for IBM i, the customer has the option to use triggers or journals to monitor the activity on their files. If using journals, the customer can use Database Monitor for IBM i’s journal (DATATHREAD/DTJOURNAL) or a journal in their application library to monitor the activity.
When using Database Monitor for IBM i on a system with replication software, if you are replicating your database files by way of journaling and plan to monitor changes to those files using Database Monitor, the preferred method is to use the ‘U’ (User’s) Journal. When you select the ‘U’ (User’s) journal, Database Monitor will read the same journal entries you use for replication to record the history of the activity on the file into Database Monitor.
Synchronization of the objects needs to be done on the individual object. Never use the ‘Library Synchronization’ feature of the HA product as it will clear the product’s library and replicate just the objects that are defined to be replicated.
If 'Library Synchronization' was done, then the product will have to removed and reinstalled on the HA system again for the product to function properly and replication setup to use Object Synchronization.
Omit the following files and data queues from being replicated in the DATATHREAD library. Add an ‘Omit’ filter for each file and data queue listed below:
Note: After the ‘Omit’ filters have been set for the objects in DATATHREAD library, add an ‘Include’ filter to replicate all of the other objects in the DATATHREAD library.
‘Include’ Filter for all of the objects in the DATATHREAD.
Database Monitor for IBM i 3.06 or later has the ability to enter multiple licenses (press F7 – License List on License Setup screen). This allows you to enter the HA system’s license before the role swap so you don’t need to contact Powertech technical support for an emergency (temporary) key.
In the event that you are Not using multiple licenses, you will need to add the following object to the Omit list of objects to Not be replicated.
Role Swap done to my HA System, How do I start Database Monitor for IBM i?
Before Database Monitor for IBM i is started, the IDTJRN file can be cleared and the data queues can be deleted. The data queues will get recreated when starting Database Monitor for IBM i.
The IDTJRN file contains information on the journals used by Database Monitor for IBM i. Just in case the IDTJRN file does get replicated or restored from the source system, it is a good practice to simply clear this file before starting Database Monitor for IBM i. The IDTJRN record(s) will be recreated with the appropriate values for the journals on the target (HA) system when Database Monitor for IBM i is started. Use the following command to clear the IDTJRN file:
In the event the Data Queues were replicated or restored, it is good practice to delete the data queues in Database Monitor for IBM i. The data queues will be recreated when Database Monitor for IBM i is started. Use the following to delete the Data Queues:
WRKOBJ OBJ(DATATHREAD/IDTLOGQ*) OBJTYPE(*DTAQ)
Note: This will list the IDTLOGQ data queues. Delete all data queues in this list using option 4.
Use the following command to delete the IDTINDXQ data queue. This will also be recreated when starting Database Monitor for IBM i.
WRKOBJ OBJ(DATATHREAD/IDTINDXQ) OBJTYPE(*DTAQ)
Note: This will display the IDTINDXQ data queue, select a 4 next to it and hit ENTER to delete.(DATATHREAD will recreate the queue upon restart)
Before starting Database Monitor for IBM i on the target (the HA) system in a mirrored environment, you must first verify that the HA system has a valid permanent license, or obtain a temporary license from Powertech Sales/Support.
To verify or enter the license:
Verify or enter the Database Monitor for IBM i license.
There are 2 configuration items you may want to check or change to reflect the new system information. They are located in System Parameters; the system IP address and the email ‘from’ user. To check this:
Check the values for HTTPHOST and MAIL-FRM. Use option 2 if you wish to change the information shown.
Use STRMGR to start the jobs for Database Monitor.
Back out of this menu or use F5 to clear the screen, then:
Verify your jobs are running as expected. If you are missing a user journal job, IDT470, try the REFJRM to start it
Another way to verify that all of the Database Monitor for IBM i jobs are active in the DATATHREAD subsystem is to display the subsystem using WRKSBS, option 8 next to DATATHREAD.
|DT_WIM_SCK||PGM-IDTSOCK||(Socket Listener for Email)|
|DT_WIM_490||PGM-IDT490||(Socket Responder Email)|
Note: If job DT_MANAGER job has any messages, it may not start the other Database Monitor for IBM i jobs until the message is replied to. i.e. - If CPF9810 message, Library xxxlib not found, review your replication settings for this library on the source system to get the library on the HA system, then reply with an ‘R’ to retry the DT_MANAGER job to continue to start the other Database Monitor for IBM i jobs.
Note 2: Verify that the IDT470 job is running for each monitored journal. There will be one job for each journal used in Database Monitor for IBM i.
Note 3: Verify that the IDT475 job is active for the system audit journal (QAUDJRN).
Note 4: For email, the two jobs need to be active, the listener job - IDTSOCK and the responder job - IDT490. These two jobs require that the SMTP server jobs are active – QTSMTPxxxx in subsystem QSYSWRK. If no jobs are active, verify the SMTP setup on the HA system to the source/production system. These include the SMTP attributes and directory entries. The socket used for the these jobs is on port 3074.
Still have questions? We can help. Submit a case to Technical Support.