AS/400
AS 400 Administration Training Program
AS 400 Administration Training Program
(Vikas Vats)
[email protected]+91 9663394043
Index :-
1.Module 1:AS/400 Overviews
2.Module 2:System Concepts
3.Module 3:System Administration
4.Module 4:System Security
5.Module 5:Backup and Restoration
Module :- 1
AS/400 Overviews
Introducing the AS/400 System :-
The AS/400 system is a family of midrange computers based on a
single software architecture.AS/400 is using OS/400 as an operating
system. It provides many integrated features that from the
foundation of computer systems.
It is designed and built as a total system. It means that
facilities such as a relational database and networking capability
(and much more) are fully integrated into the Operating System and
the machine. The user communicates with all these functions through
a single control language, or by using system menus and
prompts.As/400 is designed as a general purpose business computer;
it is optimized for that environment. Its design reflects the
dominant requirements of that environment.
Advantages of As/400 :-
Layered Machine Architecture :- This insulates users from
hardware of the system. It enables the users to move towards new
hardware technology at any time, without disrupting their
application programs.
Object Orientation :- Everything that can be saved or restored
on the system is known as an Object. User can find the required
object without knowing it`s location on the system. Objects exist
to make users independent of the internal structure of the
machine.
Single-Level Storage :- Main storage and Disk storage appears
contiguous. An object is saved or restored on the system via a
device-independent addressing mechanism. This means extra main
storage or disk storage can be added to the system and used without
affecting the application programs and database. A user or a
programmer is not concerned as to where a program or a file is; if
they want to use it, they simply name it.
Hierarchy Of Microprocessors :- As well as the main system
processor, AS/400 has a large number of microprocessors. Every
Input / Output (I/O) device type on AS/400 has its own
microprocessor. This means that requests for data to or read from
any I/O device can be delegated to the processor in charge of that
device. Meanwhile, the main system processor executes another
application.
Easy To Use :- From operators and the end users point of view
the menu driven structure of AS/400 makes it very easy to
operate.
Ability to grow and improve the system without disruption.
AS/400 Hardware :-
Basic Block Diagram OF AS/400 System
The system hardware includes the processor and the main storage,
the I/O devices
and controllers, and the racks, cables and controllers that make
up the AS/400 system.the hardware design allows system components
to be located throughout the enterprise to meet the need of the
workplace. System components, such as additional racks, I/O
controllers and storage and workstation devices can be added
incrementally without reconfiguring the entire system.
Layered Machine Architecture :-
AS/400 insulates users from hardware characteristics through the
layered machine architecture. This layered architecture raises the
level of the machine interface, creating a high-level machine
instruction set is independent of the underlying hardware
implementation.
Figure 1 shows the hardware with the licensed internal code that
comprises the high-level machine. AS/400 is unusual in that the
machine is defined by software, not by hardware. The instructions
presented to the machine interface undergo a further process of
translation before they are Understood by the hardware. This
process of translation is carried out by the licensed internal
code. Hardware characteristics change as the technology changes;
the user, however, still sees the same interface.
Furthermore, some frequently-executed routines (that would
reside in the operating system of a conventional machine) have been
moved into licensed internal code. This runs faster than a higher
level languages, so any application using these routines will
realize a performance gain.
Figure 1 : AS/400 Layered Architecture
Examples of some basic supervisory and resource management
functions that are in licensed internal code are validity and
authorization checks. The high-level machine provides the user with
the ability to address 2^64 bytes of storage on the PowerPc based
Models of the As/400.
Layered machine architecture means that as new hardware and
software technologies emerge, they can be employed without
affecting applications.
The strength of this architecture was evident with the
introduction of the new range of PowerPc based AS/400 Models in
June 1995. The System Processor changed from being a 48-bit CISC to
64-bit RISC. Yet existing customer applications can run on the new
processors and take full advantage of the 64-bit capacity without
any recompilation or rewrite needed of the application.Hierarchy Of
Microprocessors :-
In As/400 system along with the main system processor, there is
a range of other processors, each dedicated to a particular I/O
device. What this means is that when the main system processor
encounters a request for data to be written to or read from any I/O
device, that request is delegated to the particular microprocessor
dedicated to that I/O device.Meanwhile, the system processor
continues with another application program.
This design provides As/400 with its outstanding performance in
the commercial, transaction-based, environment. It also means that
the latest microprocessor technology can be easily utilized at any
time without disrupting the rest of the system.
Using the N way multiprocessor capability of the As/400, the
larger modes of As/400 can have up to 4 processors.
Hierarchy Of MicroprocessorsModule: - 2
System Concepts
Object Oriented Technology :-
Everything on AS/400 that can be stored or retrieved is
contained in an Object.
Objects exists to make users independent of the implementation
techniques used in the machine. The Create Object instruction
establishes the object`s name and its type. All objects are
structured with a common object header, and a type-dependent
functional portion. An object thus combines the data and the valid
methods of using that data into one entity. Therefore only valid
methods of using that data are allowed.
This improves overall integrity of the system and its data. Thus
also permits the system to perform standard object-level functions
very efficiently; the object type then determines the way in which
a specific object can be used when retrieved. The architecture
supports multiple extends to an object.
In other word, a user is not concerned with the space his object
occupies. The system allocates space automatically.
Object orientation gives a strong foundation for new
technologies such as artificial intelligence. The object-oriented
AS/400 architecture lends itself very well to the utilization of
object-oriented techniques for the representation of knowledge in
an expert system.
With the PowerPc based Models of the AS/400, the Licensed
Internal Code that sits above the hardware has been written as
System Licensed Internal Code with an Object Based Kernel. The
Kernel has been written in C++ and is fully Object Oriented giving
all the advantages of flexibility, code reuse, programming
efficiency, and error reduction that come from Object Oriented
Programming.
Single Level Storage :-
The AS/400 system is a shared system in which all portions of
main and auxiliary storage are addressed as though they are within
a single area (or level). The system uses the object name to
determine where the object exists in the system. This means that
the user can find objects by name rather than by storage locations.
Because operations cannot be performed on an objects by name rather
than by storage locations. Because operations cannot be performed
on an object that is not in main storage, the system moves a part
or all of the object into main storage as it is needed and moves it
back into auxiliary storage when it is not needed. This transfer is
controlled by the system and does not require control by the user
or programmer
All system storage (Whether main storage or disk storage) is
addressed in the same way. This single, device-independent
addressing mechanism means that to run a program, a user calls its
name. All objets are treated as if they reside in a 2^ 64 byte
address space.
The AS/400 system`s virtual addressing is independent of an
object`s physical location, and the type, capacity and number of
disk units on the system.
What this means is that application programs do not require
modification in order to take advantage of new storage
technologies. Users can leave all storage management entirely to
the machine.
Operating System
The OS/400 licensed program supports the IBM AS/400 system. It
controls the operation of programs and provides services such as
controlling resources, scheduled jobs, controlling input and
outputs, and managing data. The OS/400 program is designed to
designed to complement and extend the advanced capabilities of the
AS/400 system to provide fully integrated support for interactive
applications. To supplement the full range of the interactive
environment, the AS/400 system also processes multiple batch
applications at the same time.
Many of the functions of the OS/400 program are directly
applicable to interactive data processing. Among these functions
are :
Database support to make up-to-date business data available for
rapid retrieval
from any workstation.
Work management support to schedule the processing of requests
from all
workstation users.
Application development support that allows online development
and testing of
new application programs to run at the same time as normal
production activities.
System operation support that allows the user responsible for
system operations to
perform work from the display station using a single control
language, complete
with prompting and help for all commands.
Message handling support that allows communication between the
system, the user
responsible for system operations, workstation users and program
running in the
system.
Security support to protect data and other system resources from
unauthorized
access.
Service support that allows service representative to diagnose
problems and install
new functions with minimal affect on the normal flow of
work.
The system can be set up and installed using system defaults for
basic functions. As the need of the business grow the use of
controls and functions can be increased without disrupting
applications that are already on the system.
The OS/400 functions are accessed either through the use of a
comprehensive set of menus or through the control language CL.
Other AS/400 licensed programs such as high-level languages and the
applications development tools also use OS/400 menus and CL.
The AS/400 system is controlled through a single consistent
control language that is supported by the Operating System. The
Control Language provides the operations normally associated with
controlling the operation of a system such as :
Controlling the operation of input and output devices attached
to the system.
Submit batch jobs.
Ending a session with the system
In addition, many advanced functions used in data processing are
provided. For e.g. Data files and programs are created, the running
of programs is controlled and workstation user can communicate with
each other by using functions requested through the control
language.
Although the control language is the interface through which the
functions of the operating system are controlled. It is not the
only interface available to the user. The data is accessed and
updated by high level language programs using OS/400 functions.
Object Management
The term object refers generally to named items (such as
programs and files) that are stored in the system. The object
management functions allow objects to be grouped and arranged in
the system. The object management system functions allow users to
create, update, and delete objects by name, without needed to
specify the exact storage location of the objects.
Work Management
The Work Management functions provides the framework through
which the system and all the work performed on the system and
controlled. These functions support an environment running more
than one computer at a time and manage competition between jobs for
main storage and other system resources. The work management
function allows work to be submitted by the user presented to the
machine to the processed, and controlled by the user responsible
for system operations.
Data Management
The data management functions support documents, database, files
and device files. Data management for documents and database
provides the functions required for creating and updating database
files and performing input and output operations on them. Data
Management for the devices provides input and output operations for
both local and remote devices attached to the system, including
many unique functions to support the display and printer
devices.
System Management
The AS/400 system integrates most major functions by making them
a part of the operating system. For e.g. a user can control the
operations of jobs and subsystems, respond to system messages,
perform save and restore operation and so on. These operations can
be performed from any workstations by authorized users and are not
restricted to a single person.
Control Language
While the menu system is the primary interface to the OS/400
program functions, the Control Language is also available to
directly access system functions and can be used at the same time
by users from different workstations. A single Control Language
statement is called a command. Commands can be entered :
Individually from a workstation.
A part of batch jobs.
As source statements to create Control Language programs.
To simplify the use of Control Language, all the commands use a
consistent naming convention. In general, the first three letters
refers to the action to be taken, the next three refers to the
object of that action and the last character if any, provide an
additional descriptor of the task to be performed. For e.g. WRKJOBQ
command tells the system that the user wants to work with a job
description. In addition, the Operating System provides prompting
support for all commands, default values for most commands
parameter, and syntax checking to ensure that a value is typed
correctly before the function is performed. Thus, the Control
Language provides a single, flexible interface to many different
system functions.
Communications
The communication structure supports multiple architecture in a
flexible and extendable fashion, by supporting multiple
communications architecture implementations and the sharing of
physical resources. Documents, Data and files can be exchanged with
remote system as well as allowing remote users to access files and
applications program on the AS/400 system.
Query / 400
Query/400 is an IBM Licensed Program and a decision support
utility that can be used to obtain information from the As/400
database. It can obtain information from any database file that
have been defined on the system using O.S./400 Data Description
Specification (DDS), O.S./400 Interactive Data Definition Utility
(IDDU) or the IBM Structural Query Language/400 (DB2/400) program.
You use query to select, arrange or analyze information (data)
stored in one or more database files to produce reports and other
data files. You can create your own query definitions and then run
them or you can run existing queries. You determine what data the
query to retrieve, the format of the report and whether it should
be printed, displayed or sent to another database file.
You can use query to obtain information from a single file or a
combined set of 32 files. You can select all the fields or a few of
the fields and organize them as you want them to appear in the type
of output chosen. You can have all reports in the files included in
the output , or you can select only a few to be included using
selected tests.
AS/400 Objects:
The object-based architecture of the machine is fundamental to
the overall design of the functions provided by the AS/400 system.
Each type of object on the system has a unique purpose within the
system. Each has an associated set of commands with which to
process that type of object.
Different object types have different operational
characteristics. These differences make each object type unique.
Each object has a name. The object name and the object type are
used to identify an object. The object name is explicitly assigned
by the system for system supplied objects or by the user when
creating an object. The object type is determined by the command
used to create it.
Libraries:
A library is an object that is used to group related objects and
to find objects by name. Thus a library is a directory to a group
of object. The no of object contained in a library and the no of
libraries on the system are limited only by the amount of storage
available. Two different objects with the same can exist in the
same library, only if
their objects types differ. However, two objects with the same
name and type can exist in different libraries.
There are three types of libraries :
1.Systems
2. User
3. Product
Folders:
A folder is a named object that is used as a directory for
documents and other folders. Folders can be filed within another
folder. Folder within folders is similar to a filing cabinet. A
folder path is a list of the folders within folders needed to find
a document or object within folder.
Files:
File is an object that contains either a set of related records
handled as a group or a stream of data. One of the most common
types of files that contains records is the database file. A
document is the type of file that contains only a stream of data.
There are different type of files on the system as follows:
1. Physical file
2. Logical file3. Display file4. Printer file5. Tape file6.
Diskette file7. Message file8. Save filePrograms:
A program is an object containing a set of instructions that
tell the system where to get information, how to process it and
where to put the results. When the system compiles the program
description, the object type identifies it as a program. Because it
is program object, the system begins to read the lines of code and
to process the commands.
Job Queue:
The system handles multiples operations at the same time and
supervises the sharing of the system resources. The jobq manages
the batch request submitted by the users. A user can then continue
to work at the workstation on other tasks while the system
processes the request.
Out Queue:
As the job processes a request to print data it gets data from a
database file and uses the print device file to format the data.
The formatted print files are placed on an output queue until the
writer is ready to send the information to the printer. Out queue
can be arranged by priority depending on users needs.
Message Queue:Communication between programs between jobs,
between users, between users and programs and between users and the
system occurs through messages. When a message is sent to program
or to a system user, it is placed on a queue associated with that
program or user. The OS/400 program, automatically provides message
queues for :
1. workstation on the system
2. user enrolled on the system
3. users responsible for the system operation
4. system history log
The users to meet any special application program requirement
can create additional message queues.
Data Queue:
When running an application consisting of several programs, it
is often necessary to pass data and variables to other programs.
Programs can set up data queues to be used by the entire
application so that all programs can refer to a single set of data
and variables passed to the programs through the queue.
User Profiles:
A user profile is an object that identifies a particular user or
a group of user to the AS/400 system. The user is known in the
system by user profile name. When a workstation signs on, the user
id is used to find the user profile setting. The password is
defined in the user profile. All AS/400 system security functions
rely on the user profile to describe each user. The user profile
identifies the authorities to that user.
A group profile is used to provide the same profile for a group
of users. This eliminates the need to assign the authority to each
user individually.
Menu:
The menu allows users to select the task they would like to
perform without having to use the system commands. This task menus
provides users with a more defined group of choices regarding tasks
or objects available.
Subsystem:
A subsystem is a single, predefined operating environment
through which the system coordinates the work flow and resource
use. The system can contain several subsystems, all operating
independently of each other. Subsystems manage resources. The
run-time characteristics of a subsystem are defined in an object
called a subsystem description. Each subsystem can run unique
operations. For instance, you can set up one subsystem to handle
only interactive jobs, while another subsystem handles only batch
jobs. Subsystems can also be designed to handle many types of work.
The system allows you to decide the number of subsystems and what
types of work each subsystem will handle. The system relies on
subsystem descriptions when starting subsystems. Therefore, if you
want to change the amount of work (number of jobs) coming from a
job queue, for example, you only need to change the job queue entry
in the subsystem description.
Module :- 3
System Administration
Subsystem :
A subsystem description is a system object that contains
information defining the characteristics of an operating
environment controlled by the system. The system-recognized
identifier for the object type is *SBSD. A subsystem description
defines how, where, and how much work enters a subsystem, and which
resources the subsystem uses to perform the work. An active
subsystem takes on the simple name of the subsystem description.
Like a set of detailed blueprints, each subsystem description is
unique, containing the specific characteristics describing the
subsystem. The description includes where work can enter the
subsystem, how much work the subsystem can handle, how much main
storage (memory) will be used, and how quickly jobs in the
subsystem can run. You can use a subsystem description supplied
with your system (with or without making changes to it), or you can
create your own.
A subsystem description consists of three parts:
1.Subsystem attributes (overall subsystem characteristics)
2.Work entries (sources of work)
3.Routing entries
Creating a Subsystem Description
You can create a subsystem description in two ways. You can copy
an existing subsystem description and change it, or you can create
an entirely new description. The following are two approaches you
can use:
1. Copying an existing subsystem description
1. Create a duplicate object, CRTDUPOBJ, of an existing
subsystem
description. (You can also use the WRKOBJ or WRKOBJPDM
commands.)
2. Change the copy of the subsystem description.
2. Creating an entirely new subsystem description
1. Create a subsystem description (CRTSBSD).
2. Create a job description (CRTJOBD).
3. Add work entries to the subsystem description.
a. ADDWSE (Add workstation entry)
b. ADDJOBQE (Add job queue entry)
c. ADDCMNE (Add communications entry)
d. ADDAJE (Add autostart job entry)
e. ADDPJE (Add prestart job entry)
4. Create a class (CRTCLS).
5. Add routing entries to the subsystem description
(ADDRTGE).
Starting a Subsystem
To start a subsystem, use the Start Subsystem (STRSBS) command
or the Work with Subsystem Description (WRKSBSD) command. To use
the STRSBS command, specify the following:
STRSBS SBSD (SBSD = library/subsystem description name)
For example
STRSBS MYLIB/MYSTORE
Ending a Subsystem
To end a subsystem:
1. Use the End Subsystem (ENDSBS) command ENDSBS SBS OPTION
(SBS=the
active subsystem name)
For example
ENDSBS MYSTORE *IMMED
2. Specify, using an option, when you want the subsystem to
end.
*IMMED
End the subsystem immediately. Use this option if there are no
users on
the system and no batch jobs running.
*CNTRLD
Allow active jobs to end themselves (if they are checking to see
if the
job is being ended). Use this option when users or batch jobs
are running in the subsystems to ensure the jobs finish before the
subsystem ends.
Deleting a Subsystem Description
To delete a subsystem description, use the Delete Subsystem
Description (DLTSBSD) command. To use the DLTSBSD command, the
subsystem cannot be active.
Active and Inactive Subsystems
An active subsystem is one that has been started, for example,
with the Start Subsystem (STRSBS) command. An inactive subsystem is
one that has been ended, for example, with the End Subsystem
(ENDSBS) command or has not been started. You cannot remove pools
from an active subsystem.
Job Management:
Job is a unit of work.On AS/400 Job is a Unit of Work Done.
There are 2 types of jobs on the system,
1. Interactive
2. Batch
3. Prestart
4. Autostart
5. Communication
User can do the following activities with the job.
1. END
2. HOLD
3. RELEASE
4. CHANGE
Every job is having priority to run on the system.1 is highest
priority and 99 is lowest priority. Administrator can even change
the jobq of the job.
1. Use following command to track a particular users jobs,
WRKUSRJOB
2. Use following command to find out jobs in JOBQ,
WRKJOBQ
3. Use following command to find scheduled jobs
WRKJOBSCDE
4. To submit a job in batch use following command.
SBMJOB
5. To find total number of active jobs on the system use the
command as,
WRKACTJOB
6. To find jobs running in particular subsystem use,
WRKSBSJOBUser Profile Management:
Create User Profile
The create User Profile (CRTUSRPRF) command identifies a user to
the system and allows you to customize the way the system appears.
When the profile is created, the profile is given *CHANGE and
*OBJMGT authorities for the profile itself. The system relies on
the profile having these authorities to itself and they should not
be removed.
Restriction : The user of this command must have
(1) *SECADM special authority,
(2) *USE authority to the initial program, initial menu, job
description, message
queue, output queue, and attention-key-handling program if
specified, and
(3) *CHANGE and Object Management Authorities to the group
profile and
supplemental group profiles if specified.
Delete User Profile :
The Delete User Profile (DLTUSRPRF) command allows a user to
delete a user profile from the system. If a User Profile is damaged
by system failure, it can be deleted by using the Delete User
Profile (DLTUSRPRF) command and re-created by using the Create User
Profile (CRTUSRPRF) command. After a user profile is re-created,
the owned objects and primary group objects can be transferred back
to it.
Restriction :(1) The user must have use (*USE) and object
existence(*OBJEXIST) authority to the
User Profile.
(2) The User must have existence, use, and delete authorities to
delete a message
queue associated with and owned by the user profile.
The User Profile cannot be deleted if a user is currently
running under the profile, or if it owns any objects and
OWNOBJOPT(*NODLT) is specified. All object in the user profile must
first either be transferred to new owners by using the Change
Object Owner (CHGOBJOWN) command or be delete the objects or
OWNOBJOPT(*CHGOWN) user profile name) to change the ownership.
Authority granted to the user does not have to be specifically
revoked by the Revoke Object Authority (RVKOBJAUT) command; it is
automatically revoked when the user profile is deleted.
Basic Operational commands
1.ASSISTANT MENU
The Operational Assistant is a series of user friendly menus. By
selecting menu options, the user can perform basic tasks.
Work with printer output
Work with jobs
Send Messages
Power On/Off tasks
System Backup
The options displayed on your Operational Assistant Menu will
vary, depending on the privileges granted to your profile.
Accessing the Operational Assistant Menu
There are two ways to access the Operational Assistant
Display.
The first method is to type go assist on the command line and
press the ENTER key. After a short wait the menu should be AS/400
Operational Assistant Menu. To leave the Operational Assistant menu
and return to the previous menu, tap the key. The second method of
is to tap the ATTENTION key. If you have mapped your keyboard using
Client Access or Mocha 5250 and are using the standard IBM mapping
the ATTENTION key will be the ESC key on your PC keyboard. If you
tap the ATTENTION key and the Operational Assistant Menu does not
display go back to the section in Getting Started (Client Access)
or Getting Started (Mocha) that taught you how to change the
keyboard mapping. To leave the Operational Assistant Menu and
return to your previous screen, tap the key. Check the system value
for the Attention key programa)Type go define on any Selection or
Command line to reach the Define or Change the System menu.
b)From the Define or Change the System menu, select 8, Work with
System Values.
c) Tap PAGE DOWN until you find the system value QATNPGM. The
system values are arranged alphabetically, and they all start with
Q.
d)Position your cursor on the option line in front of QATNPGM
and enter 5 on the option line. Tap the ENTER key.
e)The value of QATNPGM should be *ASSIST. This may not be the
case on other systems but GCIBM2 is configured so the system value
for QATNPGM is *ASSIST.
Next well confirm that your profile is set up to use the system
value. Press F12 (cancel) to return to any display with a Selection
or Command line.
a)On any Selection or Command Line, type CHGPRF and press F4 to
prompt for values.
b) Press the F10 function key to display Additional
Parameters.
c) Notice the word More at the bottom right corner. Display
another screen of parameters by tapping the PAGE DOWN key on your
keyboard.
d) Look down the left column until you Locate the description,
Attention Program.e) The parameter for Attention Program should be
*SYSVAL. If the parameter is not *SYSVAL, please position the
cursor on the first character of the value and type *SYSVAL
removing any extra characters in the field. Then press the ENTER
key.
f) Changes to the User Profile do not take affect until you sign
off and sign back on. If you made changes in step e, please signoff
and start new session. So you can utilize the ESC key to access the
AS/400 Operational Assistant Menu.
Work with Printer output. Position cursor on the line labeled
Type a menu option below. Type the option number for Work with
Printer Output and then press ENTER. The next screen will display a
list of spooled files (if you have any), These are files that are
ready to print.
System Operations :
An administrator continuously requires to Monitor following on
the system.
1. % ASP USAGE OF THE SYSTEM:
To find out the Percentage ASP utilized use following
command:
WRKSYSSTS
2. CHECKING ACTIVE JOBS:
Use following command to check active jobs as well as CPU
utilization,
WRKACTJOB
3. CHECKING SUBSYSTEM STATUS:
Use the following command to check all the active
subsystems,
WRKSBS
4. TO CHECK THE LOG:
Use following command to find out the log on the system.
DSPLOG
You can use same command to find log of a fixed time span.
5. TO CHECK STATUS OF *LIN,*DEV,*CTL :
Use following commands to find status of Lines, Devices and
Controllers respectively,
WRKCFGSTS *LIN
WRKCFGSTS *DEV
WRKCFGSTS *CTL
6. CHECKING DISK STATUS :
Use following command to check the disk status,
WRKDSKSTSMessage Handling :
Message is a means of communication between system and user.
These are system messages & User Message. In User Messages
users can send their own messages.
System Messages and Users Messages are put in the users message
queue. Messages may be
a) Informational (No reply Needed)
b) Inquiry (Reply Needed)
Even users can send messages to each other using following
commands,
1. SNDBRKMSG
2. SNDMSG
Messages may or may not break your screen depending upon its
setting in the system, You can change message queue by command
CHGMSGQ QSYSOPR del (*break). Message may have severity codes.
00 Informational, No reply needed
9 Warning, A potential error condition
20 Error, Error found, Automatic recovery procedures applied,
processing continued
30 SEVERE ERROR : - Error for severe for automatic recovery,
error is source data or program.
40 Severe Error; abnormal end of program or function, operation
ends.
50 Abnormal end of job or program The job failed to start
60 System Status Issued only to System Operator Message queue,
device, subsystem or system warning.
70. Device Integrity Issued to System Operator Message queue,
device failed.
80. System Integrity Issued to System Operator Message queue, a
condition when subsystem or system cannot function.
99 Manual Action Required
By default every message given to the administrator goes into
QSYSOPR message queue. Administrator can change this default
message queue.
To see the messages of any message queue use following
command,
DSPMSG
To check system operators message queue use,
DSPMSG QSYSOPR
Reply List :
The system reply list contains the replies that are
automatically sent in response to inquiry messages. The reply list
is only used when an inquiry message is sent by a job that has the
inquiry message reply attribute of the system reply list specified.
Use following command for this
WRKRPYLE
Managing OUTQ`s and SPOOL Files :
All the spool files created by the user as well as system goes
into a OUTQ.QPRINT is the default outq of the system. Administrator
can set default qouq for each user so that the spool files created
by that users goes to that outq only.
To work with all the outq use following command,
WRKOUTQ
To clear the outq use the following command ,
CLROUTQ < outq name >
To work with spool files created by particular user use
following command,
WRKSPLF < user id >
You can do following activities with the spool file,
1. DELETE
2. HOLD
3. RELEASE
4. CHANGE
5. SAVE
User can change the outq of the spool file.Spool file is assign
to a printer to print.User can print the spool file pagewise as per
the the requirement.LIST OF COMMON COMMANDS
1.INZTAP(Resource Name)TAP01
Volume IdentifierGiven any name
Clear*Yes
Load Option*Unload
2.WRKCFGSTS*dev
*ctl
*lin
*dev *prt
*dev *dsp
*dev *prt* (Displays printer who name starts with prt)
3.WRKWTRWork with Printers
4.WRKSPLFWork with Spooled Files
5.WRKACTJOBShows jobs currently active in the system.
6.WRKSYSACTShows which act job occupies how much space
7.WRKSYSSTSShows % CPU used, memory capacity, hdd % used
8.WRKSBSShows no. of active jobs in each sub system
9.SNDBRKMSGSend a message to user terminal. His screen gets
interrupted temporarily but his job continues
10.WHOGives Work-Station Name
11.DSPMSGDisplay messages sent and received by users.
12.DSPLOGDisplay log generate by system
13.SNDMSGSend a message to user terminal without any
interruption.
14.WRKJOBQDisplay how many jobs are in queue.
Basic OS & System Management (OS/400)
1.Go AssistOption(Operational Assist Menu)
2.Assistance Levelwrkmsg Press F2a) Basic Assist Level
b) Intermediate
Adv. Assist level available only for some displays.
3.Assistance level can be set for the following CL Commands
:
Display MessageDSPMSGHandling Message
Display System StatusDSPSYSSTSSystem Status
Work with configuration StatusWRKCFGSTSHandling Device
Status
Work with MessagesWRKMSGHandling Messages
Work with spooled filesWRKSPLFPrinter Output
Work with System StatusWRKSYSSTSSystem Status
Work with User JobsWRKUSRJOBUser Job
Work with User ProfilesWRKUSRPRFUser enrollment
Work with writersWRKWTRCheck Printers
4.The GO: Commands
(GO *all)
Go AssistGoes to Operational Assist Menu
Go BackupGoes to backup menu (INZ & SAVE)
Go cleanupGoes to cleanup menu (Cleanup for deletes old job
logs, history logs,
messages)
Go DeviceStsGoes to Config Status Screen
Go HardwareGoes to hardware resources menu
Go fileAllows you to work on files in a system
Go LibraryLibrary menu allows you to work with libraries
Go ManageSysManage System, Users, Devices (Displays what
activity is going on in
system)
Go PowerYou can display and change power on-off schedule
Go RestoreAllows you to restore info from tape or SAVF(Save
file) on the
system.
Go runbckupSpecify type of backup you want to run
Go SetupCustomize System, Users, Devices
Go StatusDisplay Status of jobs, devices & system
activities
Go TapeUse and Control tape devices.
Module :- 4
System Security
System security is an integrated function of the AS/400 system.
It is Implemented at the instruction level and controls all AS/400
software functions. Users are identified and authenticated by a
single security mechanism, at the system level, for all functions
and environments available on an AS/400, including program
development and execution, data base applications, office
applications, and so forth. All objects on an AS/400 system are
under security control, including libraries and files, display
stations, operator console functions,
programs, menus, and so on.
System Values
The first topic describes the system values that control
security on your system.
The security system values are broken into four main groups:
General system values
Other system values related to security
System values that control passwords
System values that control auditing
General Security System Values
The system values listed below can be changed through the Change
System
Value (CHGSYSVAL) command or using the Work with System
Values
(WRKSYSVAL *SEC) command. Changes to the system values become
effective
immediately, except for the security level (QSECURITY) value,
which becomes
effective only after the next IPL.
QALWOBJRST Allow objects that are security-sensitive to be
restored to the
System. Specifies whether system state objects or objects that
adopt their owners authority may be restored to the system.
QALWUSRDMN Allow user domain objects in the libraries. Specifies
which libraries are allowed to contain user domain objects of type
*USRSPC, *USRIDX, and *USRQ. These objects are a potential security
exposure on a system with high security requirements. The system
cannot audit the movement of data to and from user domain objects.
QALWUSRDMN can be left at its default value at security levels
below 40. It must be considered when going to level 40 or
higher.
QCRTAUT
Authority for New Objects. This value is used to determine the
public
authority of a newly created object, if the following conditions
are met:
# The create authority (CRTAUT) parameter for the library of the
new
object is set to *SYSVAL.
# The new object is created with public authority (AUT) of
*LIBCRTAUT (the default).
The default value is *CHANGE. It is recommended that you do
not change this value. It is better to change the CRTAUT
value
at the library level. It may impact your day-to-day
operations.
QDSPSGNINF Display Signon Information. Specifies that the signon
information display is to be shown.This displays information such
as the date of last signon, invalid signon attempts, and the number
of days until the
password expires (if applicable).This information can alert
users that there has been unauthorized attempt to access the system
using their user profile.For users requiring a value different from
the system value, the DSPSGNINF keyword for an individual user
profile can be set to
*YES (to display the information) or *NO (for no information
displayed).
QINACTITV Inactive Job Time-Out Interval. Specifies in minutes
how long the system allows a job to be inactive before taking
action. A workstation is considered to be inactive if is waiting at
a menu or display, or if it is waiting for some message input with
no user interaction. When you specify a time-out interval, if a job
reaches that interval the system will take the action specified in
the QINACTMSGQ system value. Local jobs that are currently signed
on to a remote system are excluded. PC Support/400 jobs are also
included. An inactive workstation might allow unauthorized persons
access to the system. This system value helps you to prevent users
from leaving workstations inactive. Be sure to discuss the impact
of a change of QINACTITV with the users on the system and inform
them at the time you make
the change.
QINACTMSGQ Inactive Job Time-Out Message Queue.The QINACTMSGQ
value specifies either the name of the message queue to which a
notification message is sent, or the action the system takes when
an interactive job has been inactive for a specified interval of
time. The time interval is
specified by the system value QINACTITV. There are
considerations for PC Support/400 jobs.
QLMTDEVSSN Limit Device Sessions. Specifies whether users are
limited to sign on to more than one device at one time.
QLMTSECOFR Limit Security Officer. Restricts privileged users
(with *ALLOBJ or *SERVICE authority) to specified workstations. A
privileged user who leaves the terminal unattended represents a
considerable security exposure. QMAXSIGN Maximum Number of Signon
Attempts.
Defines the maximum number of invalid signon attempts by local
or remote users. This also works for PC Router signon. Invalid
attempts are any combination of invalid password, invalid user
profile, or inadequate authority to the display station. Once a
user has reached the maximum attempts value, the system will take
the action specified in QMAXSGNACN. The value should be high enough
to allow correction for typing errors but low enough to prevent
opportunities to guess a valid user profile and password. You can
use security auditing to log signon violations. You must create
aquery, or you can use Security/400.
QMAXSGNACN Action When Signon Attempts Reached.This system value
determines what the system does when the maximum number of signon
attempts (specified in QMAXSIGN) is reached.
Possible values for QMAXSGNACN are:
3: Disable both the user profile and device.
1: Disable the device only.
2: Disable the user profile only.
With, PC Support/400, invalid attempts will only disable the
user profile, but not the device. If you create the message queue
QSYSMSG in QSYS, messages about critical system events are sent to
that message queue as well to QSYSOPR. You can use the QSYSMSG
message queue to monitor any invalid attempt to signon to the
system, just by seeing it or controlling it by a program. Refer to
Appendix A, QSYSMSG Message Queue on page A-1 for more details. The
events sent to QSYSMSG can also be logged in the audit journal. If
QSECOFR is disabled, and no other user profile has the authority to
enable it, QSECOFR can still sign on from the system console. If
the console is varied off the system must be IPLed.
QRMTSIGN
Remote Signon Control. Specifies how the system handles
remote
signon requests.
QSECURITY System Security Level. QSECURITY controls the security
level of the system. AS/400 security offers five levels of
security:
Level 10: There is no user authentication, or resource
protection. No password is required to sign on. The
system is shipped with this value. It should be
changed immediately, preferably to 30. If you wish
to move to a security level above 30, you should first
test your installation on level 30.
Level 20: Password - User authentication through user
profile
and password checking; no resource protection.
Level 30: Password and Resource - User authentication and
resource protection. Users require authority to access
objects.
Level 40: Password, Resource and Operating System Integrity
- User authentication, resource protection, and
machine interface protection.
Level 50: Password, Resource and enhanced Operating System
Integrity - User authentication, resource protection,
and machine interface protection. Security level 50 is
intended for AS/400 systems with high security
requirements and to meet C2 security requirements.
System ValueIBM Shipped ValueProduction SystemDomino System
QALWOBJRST*ALL*ALL*ALL
QDSPSGNINF000
QINACTITV*NONE30*NONE
QINACTMSGQ*ENDJOB*DSCJOB*ENDJOB
QDSCJOBITV240240240
QLMTDEVSSN000
QLMTSECOFR100******
QMAXSIGN3510
QMAXSGNACN321
QRMTSIGN*FRCSIGNON*FRCSIGNON*FRCSIGNON
QCRTAUT*CHANGE*CHANGE*CHANGE
Other Related System Values
The following system values, while not specifically
security-related, affect system functions when certain security
system values are set.
QAUTOVRT Automatic Configuration of Virtual Devices Specifies
whether
display station passthrough virtual devices and TELNET full
screen virtual devices are automatically configured.
QDSCJOBITV Disconnected Job Time-Out Interval. This system value
determines if and when the system ends a disconnected job. The
interval is specified in minutes.
System Values for Passwords
The following values apply to passwords. These values require
users to change their passwords regularly as well as enforce rules
for the creation of new passwords which prevents the use of
passwords that are trivial or easy to guess. Whenever you want to
change any of these system values, be sure to discuss the impact
with the users on the system. Do remember to inform them when any
change is made. The password composition system values are enforced
only when the password is changed using the Change Password
(CHGPWD) command, the ASSIST menu option to change a password, the
QSYCHGPW application program interface (API), or on signon when a
password expires. In addition to the values below, passwords can be
further verified by a password validation program.
QPWDEXPITV Password Expiration Interval Value. This value forces
users to change password every 1 to 366 days, or not at all. The
value must be set according to the companys security policy. This
interval can also be modified for each user through the user
profile password expiration interval parameter, PWDEXPITV.
QPWDLMTAJC Restrictions of Consecutive Digits in Passwords.
QPWDLMTCHR Restricted Characters for Passwords.
QPWDLMTREP Restriction of Repeated Character in Passwords.
QPWDMAXLEN Maximum Length of Passwords.
QPWDMINLEN Minimum Length of Passwords.
QPWDPOSDIF Position Difference of Characters in Successive
Passwords.
QPWDRQDDGT Requirement for Numeric Characters in Passwords.
QPWDRQDDIF Required Difference in Passwords.
QPWDVLDPGM Password Validation Program.
Specifies the name of a validation program.
Auditing System Values
This topic discusses the system values for controlling auditing
on your system and a description of each.
QAUDCTL
Auditing Control.
The QAUDCTL system value determines whether auditing is
performed.
QAUDENDACN Auditing End Action.
The QAUDENDACN system value determines what action the
system takes if auditing is active and the system is unable
to
write entries to the audit journal.
QAUDFRCLVL Auditing Force Level.
The QAUDFRCLVL system value determines how often new
audit journal entries are forced from memory to auxiliary
storage (disk). This system value controls the amount of
auditing data that may be lost if the system ends
abnormally.
QAUDLVL
Auditing Level.
The QAUDLVL system value determines which security-related
events are logged to the security audit journal (QAUDJRN).
QCRTOBJAUD Auditing for New Objects.
The QCRTOBJAUD system value is used to determine the
auditing for a new object, if the auditing default for the
library
of the new object is set to *SYSVAL.
Authorities : -
In AS/400 terminology, an authority is the permission to access
an object. The object owner and the security officer (or other
*ALLOBJ users) can grant or revoke authority to an object. It is
important to understand the difference between authority to an
object and authority to the data in the object. Operations such as
moving, renaming, saving, or deleting apply to the object as such.
It is possible to have authority for these operations without
having access to the data stored in the object. Likewise, one can
have full access (read, write, update, delete, execute) to the data
in an object without having full authority to manipulate the whole
object.
Structure of authorities.
Authorities
Private
Public
Authorities
Authorities
Special
Specific
Authorities
Authorities
( 8 Nos.)
Object
Data
Authorities
Authorities
( 6 Nos.)
( 5 Nos.)
Special Authorities
All security systems have special user privileges for certain
security and system administration functions. Special authorities
allow certain users to administer AS/400 security and system tasks.
There are eight special authorities. These special authorities are
not hierarchical.
*ALLOBJ All object authority is granted for accessing any system
resource
*AUDIT Allows the user to perform auditing functions
*JOBCTL Allows manipulation of job and output
*SAVSYS Used for saving and restoring the system and data
without having explicit authority to objects queues and
subsystems
*SECADM Allows administration of User Profiles and Office
*SERVICE Allows access to special service functions for problem
diagnosis
*SPLCTL Allows control of spool functions
*IOSYSCFG Allows change of system configuration
Specific authorities
Specific authorities are further divided into 2 types.
1. Object Authorities
2. Data Authorities
1. Object Authorities :
There are 6 object authorities used in AS/400.Those are as
follows.
a. *OBJOPR
( Object Operational )
b. *OBJEXIST
( Object Existence )
c. *OBJMGT
( Object Management )
d. *OBJALTER
( Object Alteration )
e. *AUTLMGT
( Authorization List Authority )
f. *OBJREF
( Object Reference )
2. Data Authorities :
There are 5 data authorities used in AS/400.Those are as
follows.
a. *READ
( Read Data )
b. *ADD
( Add Data )
c. *DLT
( Delete Data )
d. *UPD
( Change Data )
e. *EXECUTE
( Run a Program )
The following authorities are independent (not hierarchical).
For some operations a combination of authorities is required:
*OBJOPR: The object operational authority controls the use of an
object and the
capability to look at the description of the object. It is
needed to open a file andtherefore usually assigned in combination
with the desired data rights.
*OBJMGT: The object management authority controls the move,
rename, and
change attribute functions for object, and the grant and revoke
authority
functions for other users or groups.
*OBJEXIST: The object existence authority controls the delete,
save, restore, or
transfer ownership operations of an object.
*AUTLMGT: This authority is needed to manage the contents of an
authorization
list associated with the object. This is a specialized security
authorization that is not usually grouped with the other seven
object authorities.
*OBJALTER: This authority is needed to alter the attributes of
data base files
and change the attributes of SQL packages.
*OBJREF: This authority is needed to specify a data base file as
the first level in a referential constraint.
*READ: Controls the ability to read data from the object.
*ADD: Controls the ability to insert a new entry (such as a new
record in a file)
into the object.
*UPDATE: Controls the ability to modify existing entries in the
object.
*DELETE: Controls the ability to remove existing entries (for
example, records)
in the object. To delete the whole object requires *OBJEXIST
authority.
*EXECUTE: Controls the ability to run a program, service
program, or SQL package, and to locate an object in a library or a
directory. Some common
combinations of authorities have been given special names as
an
abbreviated form. For example, *USE is the combination of
*OBJOPR, *READ, and *EXECUTE.
*ALL
Allows unlimited access to the object and its data
*CHANGE Allows unlimited access to the data in the object
*USE
Allows data in the object to be read
*EXCLUDE Allows no access to the object or its data
*PUBLIC Authority
Public authority is the default authority for an object. It is
used if users do not
have any specific (private) authority to an object, are not on
the authorization list
(if one is specified) for the object, or their group(s) has no
specific authority to the object.
Authorization Lists
An authorization list is an important and commonly used security
structure. It is
used to authorize a user or a group of users to different types
of objects (such as
files or programs) secured by the authorization list. An object
may have only one authorization list associated with it. An
authorization list may secure more than one object. A user can
appear on many different authorization lists. Authorization lists
are not affected when objects secured by the authorization list are
deleted. If an object is deleted and then restored to the same
system, it is automatically linked to an existing
authorization list for the object. This is an important
advantage of authorization
lists.
Adopted Authority
Certain programs or commands called by a user may require a
higher level of
authority (for the duration of the command) than is normally
available to that user. Adopted authority provides a means for
handling this situation. Adopted authority allows a user to
temporarily gain the authority of the owner of a program (in
addition to the users own authorities) while that program is
running. This provides a method to give a user additional access to
objects, without requiring direct authority to objects.
Audit Journal
The Security Audit Journal is a facility that allows
security-related events to be logged in a controlled way that
cannot be bypassed. The following are some of the events that may
be logged:
Authorization failures
Object creations
Object deletions
Changes to jobs
Move or rename of objects
Changes to system distribution directory or office mail
actions
Obtaining authority from programs which adopt
System security violations
Printing actions, both spooled and direct print
Actions on spooled file data
Restore operations
Changes to user profiles, system values or network
attributes
Use of service tools
System management functions
Users access to audited objects
CL command strings
Information from the audit journal can be extracted into a
database file, then examined by an auditor using a tool such as
Query/400 to locate security violations or exposures.
Authority Holder
An authority holder is an object that specifies and reserves an
authority to a program-described database file before the file is
created. When the file is created, the authority specified in the
holder is linked to the file. The authority holder is for use
mainly in the System/36 Environment.
Physical Security
Physical and procedural security controls provide the basis on
which other controls such as software security are built. In
addition to physical access control and output distribution
procedures, which are necessary controls in any computing
environment and therefore not mentioned here, the AS/400 has two
unique hardware features, which are important for physical
security:
System Keylock - to enable or disable certain system service
functions
Display Station functions - keylock, and play/record keys
The History Log (QHST)
The history log (QHST) contains a subset of messages that are
sent about system operational events to the system operator message
queue. Some messages relating to system security are written in the
system history log. However, this function is now superseded by
support offered by the security audit journal. QHST should not be
used as a source for tracking security-related events as it may
have been in the past.
User Profiles
User Profiles contain information describing a system user, that
users privileges and limitations when using the system, and lists
of objects the user owns or is authorized to use. For objects owned
by a user, the profile also contains lists ofother users
authorizations to those objects.
Group Profiles
A User Profile may be linked to a group profile. This allows all
the members of the group to share common attributes, common access
to selected objects, and common ownership of objects. A user is not
required to be a member of a group. In V3R1 a user may be a member
of up to 16 different groups. In earlier releases the user can only
be a member of one group. In addition, only one level of grouping
is permissible. For example, if user profile FRED belongs to group
profile DEPTA, DEPTA cannot belong to another Group Profile. Group
profiles are used to organize users along job functions and to
simplify the assignment and administration of object authorities by
authorizing users through a smaller number of group entries. When
designing groups, it is important that the group ownership concepts
are well understood and that good naming conventions are used.
A group profile is implemented as a user profile; that is, it is
created just like a user profile, and when granting authority, the
AS/400 does not treat groups any differently than user profiles.
The two uses may be intermixed. For easy management it is better
that user and group profiles be used as separate entities. One way
to enforce this is to set the group profile password to *NONE. This
prevents any sign on to the profile.
Limited Capability
A user may be assigned limited capability. This is done when
creating orchanging a user profile. Limited capability, when used
with an appropriate initialprogram or initial menu, can restrict a
user to a desired subset of the systemsfunctions. Some local
programming (or the use of a packaged application) isnecessary to
accomplish this. Limited capability (LMTCPB keyword of CRTUSRPRF or
CHGUSRPRF commands) may be set to no, partial, or full. The
selected value will affect initial program, initial menu, current
library, the current attention program (associated with the
attention key on the terminal), and access to general system
commands.
User Classes
There are five user classes which are hierarchical in authority.
The classes represent different roles in the DP environment. These
are convenient ways to assign the special authorities listed above
to different types of users. A higher class can perform all the
functions of a lower class; for example, *SECOFR includes the
privileges of *SECADM by default. The following are the five user
classes.
*SECOFR Security Officer
*SECADM Security Administrator
*PGMR Programmer
*SYSOPR System Operator
*USER End User
The user class also affects what options are shown on the system
menus. A user with higher authorities will see more of the system
menu options. A user with less authorities will only see the menu
choices allowed by the user class. A user may be given any of the
special authorities regardless of his user class. Letting the
special authorities be assigned automatically to match the user
class is a convenient way to get started. Special authorities can
be assigned specifically, by the security officer or security
administrator, when one of the standard user classes does not have
the desired combination of authorities.
Module :- 5
Backup And Restoration
IBM iSeries and AS/400e servers offer a wide range of recovery
and availability options. Your hardware or software includes some
of the options. Others are ordered separately. They are intended to
help you do the following:
1.Make your save operations faster and more efficient.
2.Keep your system available for your users.
3.Plan and manage your backup and recovery.
Your Operating System/400 (OS/400) licensed program includes
menus and commands for save and restore. You can use the save
operations and restore operations on the system to do the
following:
1. Recover from a program or system failure.
2. Exchange information between servers.
3. Store infrequently used objects offline.
You can use commands and menu options to save individual objects
and groups of objects. You can use some save and restore operations
while your system is active. Other save and restore operations
require that no other activity is occurring on the system. You can
save and restore objects by using diskette, magnetic tape, optical
media, or a save file. You can also use communications capabilities
or an optical connection to save and restore objects with another
system. If your system is busy most of the time, you can use the
save-while-active function
to reduce the time period that the system is unavailable while
you are performing save operations.
Backup Recovery and Media Services for iSeriesOverview
The Backup Recovery and Media Services for iSeries (BRMS/400)
licensed program
offers a set of functions for defining and performing these
tasks:
1. Backup
2. Recovery
3. Archiving
4. Retrieval
5. Media management
Starting with V5R1, Backup Recovery and Media Services provides
a graphical user interface for backup and recovery that is
integrated into iSeries Navigator. You can use Backup Recovery and
Media Services to simplify and automate your backups and to manage
your media. Backup Recovery and Media Services keeps track of what
you have saved, when
you saved it, and where it is saved. When you need to do a
recovery, Backup Recovery and Media Services helps ensure that the
correct information is restored from the correct tapes in the
correct sequence.
Tivoli Storage ManagerOverview
You can use Tivoli Storage Manager to protect data on your
workstations and LAN file servers. The Tivoli Storage Manager can
automatically back up critical LAN and workstation data and archive
files that are used infrequently. It provides a disaster recovery
solution for LANs and workstations. Administer the Tivoli Storage
Manager from a client workstation that is attached to an iSeries
server. It can back up data from a variety of workstation
platforms. You can use the Backup Recovery and Media Services
(BRMS/400) program to back up user data to any Tivoli Storage
Manager when the server in a client/server environment. You can use
Backup Recovery and Media Services for iSeries to manage the data
that you save on the Tivoli Storage Manager and to manage the
backup of the system data to local media.
Save your server with the GO SAVE command
Use Go SAVE menu to take the backup on your As/400.
Overview of the GO SAVE command menu options :
Access the GO SAVE command menu by typing GO SAVE from any
command line. From the Save menu, you see option 21, option 22, and
option 23 along with many more save options. A single plus sign (+)
indicates that the option places your server into a restricted
state, which means that nothing else can be running on your system
when the menu option is selected. A double plus sign (++) indicates
that your server must be in a restricted state before you can run
this option.
Save MenuFirst Display
Page down on the Save menu to see additional options:
Save Menu Second Display
Page down on the Save menu to see additional options:Save Menu
Third Display
Save menu defaults with GO SAVE: Option 20
You can use save menu option 20 to change the default values for
the GO SAVE command, menu options 21, 22, and 23. This option
simplifies the task of setting your save parameters and helps to
ensure that operators use the options that are best for your
system. In order to change the defaults, you must have *CHANGE
authority for both theQUSRSYS library and the QSRDFLTS data area in
the QUSRSYS library. When you enter the GO SAVE command, then
select menu option 20, the server displays the default parameter
values for menu options 21, 22, and 23. If this is the first time
you have used option 20 from the Save menu, the server displays the
IBM-supplied default parameter values. You can change any or all of
the parameter values to suit your needs. For example, you can
specify additional tape devices or
change the message queue delivery default. The server saves the
new default values in data area QSRDFLTS in library QUSRSYS. The
server creates the QSRDFLTS data area only after you change the
IBM-supplied default values. Once you define new values, you no
longer need to worry about which, if any, options to change on
subsequent save operations. You can simply review your new default
options and then press Enter to start the save with the new default
parameters.
If you have multiple, distributed servers with the same save
parameters on each server, this option provides an additional
benefit. You can simply define the parameters from the Save menu,
using option 20 on one server. Then, save the QSRDFLTS data area,
distribute the saved data area to the other servers, and restore
it.
Save your whole server with GO SAVE: Option 21
Option 21 saves everything on your server and allows you to
perform the save while you are not there. Option 21 does not save
spooled files. Option 21 saves all of your data for additional
licensed programs, such as Domino or Integration for Windows Server
when you select to vary off your network servers. Also, if you have
Linux installed on a secondary logical partition, you can back up
that partition when you select to vary off your network servers.
Option 21 puts your server into a restricted state. This means that
when the save
begins, no users can access your server and the backup is the
only thing that is running on your server. It is best to run this
option overnight for a small server or during the weekend for
larger servers. If you schedule an unattended save, make sure your
server is in a secure location; after you schedule the save, you
will not be able to use the workstation where the backup is
initiated until the save is complete.
1The command omits QSYS.LIB file system because the SAVSYS
command and the SAVLIB LIB(*NONSYS) command both save it. The
command omits the QDLS file system because the SAVDLO command
saves
Save system data with GO SAVE: Option 22
Option 22 saves only your system data. It does not save any user
data. Option 22 puts your server into a restricted state. This
means that no users can access your server, and the backup is the
only thing that is running on your server.
Save user data with GO SAVE: Option 23
Option 23 saves all user data. This information includes files,
records, and other data that your users supply into your server.
Option 23 puts your server into a restricted state. This means that
no users can access your server, and the backup is the only thing
that is running on your server.
1Menu option 23 omits the QSYS.LIB file system because the
SAVSYS command, the
SAVSECDTA command, the SAVCFG command, and the SAVLIB
LIB(*ALLUSR) command
save it. The command omits the QDLS file system because the
SAVDLO command saves it.
Menu option 23 also omits the /QIBM and /QOpenSys/QIBM
directories because these
directories contain IBM supplied objects.
Save parts of your server with other GO SAVE command menu
options
You may perform the following GO SAVE command menu options.
Save Security Data (SAVSECDTA)
The Save Security Data (SAVSECDTA) command saves all security
information without requiring a system in a restricted state. The
SAVSECDTA command saves the same security information that is saved
when a SAVSYS command is run including the following:
User Profiles
Authorization Lists
Authority Holders
Information saved with the SAVSYS or SAVSECDTA command can be
restored using the RSTUSRPRF and RSTAUT commands, but a dedicated
System is required.Save Configuration Data ( SAVCFG)
The Save Configuration (SAVCFG) command saves all configuration
and system resource management (SRM) objects without requiring a
system in a restricted state. The information saved includes the
following
Line descriptions
Configuration lists
Controller descriptions
Hardware resource data
Device descriptions
Connection lists
Class-of-Service description Mode description
Network interface description NetBIOS descriptions
Network server description
Save Changed Objects:
The Save Changed Object (SAVCHGOBJ) command saves a copy of each
changed object or group of objects located in the same library.
When *ALL is specified on the Objects prompt (OBJ parameter),
objects can be saved from all user libraries or from up to 300.
Specified libraries. When saving to a save file, only one library
can be specified.
Overview of the GO RESTORE command menu options :
Figure below shows the menu options and commands that are
available for restoring information. It also shows the normal
sequence for restoring information, working from top to bottom.
Save procedures and restore procedures for file systems
Relationship Between Save and Restore Commands
Restoring User Profiles :
1. Sign on as QSECOFR.
2. Ensure the system is in a restricted state.
3. Find the most recent save media that has your user profiles.
It may be a SAVSYS
media volume or a SAVSECDTA media volume. The file on the save
media
volume is called QFILEUPR.
4. If you are using a SAVSYS media volume, type:
RSTUSRPRF DEV(media-device-name) USRPRF(*ALL) ENDOPT(*LEAVE)
If you are using a SAVSECDTA media volume, type:
RSTUSRPRF DEV(media-device-name) USRPRF(*ALL)
ENDOPT(*UNLOAD)
Restoring the Configuration
1. Find the most recent save media that has your configuration.
It may be a SAVSYS media volume or a SAVCFG media volume. The file
on the save media volume is called QFILEIOC.
2. If you are using a SAVSYS media volume, type:
RSTCFG OBJ(*ALL) DEV(media-device-name)OBJTYPE(*ALL)
ENDOPT(*LEAVE)
If you are using a SAVCFG media volume, type:
RSTCFG OBJ(*ALL) DEV(media-device-name) OBJTYPE(*ALL)
ENDOPT(*UNLOAD)Restoring Document Library Objects
1. Find your most recent save media volume that you used to save
all of the documents in the system ASP. You may have specified
ASP(1) or ASP(*ANY) for the save operation. The media volume should
have the library QDOC on it.
2. Use the following command to restore the DLOs:
RSTDLO DLO(*ALL) FLR(*ANY) ASP(1)
Restoring Libraries
Restoring entire libraries is a common way to recover user
information. Use the Restore Library (RSTLIB) command to restore a
single saved library or a group of libraries. The RSTLIB command
restores the entire library, including the library description,
object descriptions (only descriptions are restored for logical
files, job queues, message queues, output queues, user queues, and
data queues), and the contents of other objects. This command also
restores status information for programming temporary fixes (PTFs)
that were in the library at the time the library was saved. When
you use the RSTLIB command, you can use the OPTION parameter to
specify which objects in a library are restored:
Possible Values for the OPTION Parameter of the RSTLIB
Command:
*ALL
Old objects are replaced and new objects are added to a
library.
*ALL is the default.
*OLD
Only old objects that already exist on the system are replaced
in a
library.
*NEW Only objects not found on the system are added to a
library. The
old objects are not replaced.
*FREE Only those objects that have their storage freed on the
system are
restored.
Restoring a Library From a Previous Release
When you are restoring a library that was saved on a system at
an earlier release, you can use the Force object conversion
(FRCOBJCVN) parameter to specify whether programs are translated
when they are restored. This can significantly impact the time it
takes to restore the library.
Restoring Multiple Libraries
You can use the RSTLIB command to restore libraries in these
groups:
*NONSYSAll libraries that were saved with SAVLIB LIB(*NONSYS)
command, including the IBM-supplied libraries QGPL, QUSRSYS, and
licensed
program libraries.
*ALLUSRAll user libraries that were saved with SAVLIB
LIB(*ALLUSR) or SAVLIB LIB(*NONSYS).
*IBM
All IBM-supplied libraries that were saved with SAVLIB
LIB(*IBM)
or SAVLIB(*NONSYS). Only IBM-supplied libraries that contain IBM
objects are restored.
Methods for Restoring All LibrariesMultiple Save Operations
I/O
Processor
Main
Memory
I/O
Processor
Service
Processor
I/O
Processor
System
Processor
DASD
Storage
I/O
Processor
Technology Independent Machine Interface
SLIC- Object Based Kernel
OS/400
Applications
48-Bit CICS Processor
Licensed Internal Code
OS/400
Applications
64-Bit RISC Processor
Service
Processor
System
Processor
Main
Storage
I/O
Processor
I/O
Processor
I/O
Processor
I/O
Processor
EMBED Word.Picture.8
AS 400 Administration Training Program
18/11/2009
TCS Internal 1 TCS Internal 27
_1117714217.doc
