Environment
VigilEnt Security Agent for iSeries 5.4/7.0
Profile and Password Management (PPM)
Situation
How to use TCP/IP to configure Password Synchronization in Profile and Password Management?
Resolution
ANYNET Set-up (APPC over
TCP/IP)
System-A ß à System-B
Pending system name . . .
. . . . . . . . . . . :
Local network ID . . . . . . . . . . . . . . . . . . . .
: APPN
Local control point name . . . . . . . . . . . . . . : PENTA421
Default local location . . . . . . . . . . . . . . . . : PENTA421
Default mode . . . . . . . . . . . . . . . . . . . . . . .
: PENTA
Server network ID/control point name . . . :
*LCLNETID *ANY
Allow ANYNET support . . . . . . . . . . . . . . : *YES
Network Attributes
System: B
Pending system
name .
. . . . . . . . . . . . . :
Local network ID . . . . . . . . . . . . . . . . . . . .
: APPN
Local control point name . . . . . . . . . . . . . . : S102D21M
Default local location . . . . . . . . . . . . . . . . : S102D21M
Default mode . . . . . . . . . . . . . . . . . . . . . . .
: BLANK
Server network ID/control point name . . . :
*LCLNETID *ANY
Allow ANYNET support . . . . . . . . . . . . . . : *YES
1.) Prerequisite: You must have both SNADS and TCP/IP running on both systems.
2.)
Make sure the Network Attributes for both systems (A
& B) specify “Allow ANYNET support:
*YES”. If the value of this
parameter was “*NO” and changed to
“*YES”, it will be necessary to vary off all communications controllers, for
each system the value was changed, then vary back on those communications
controllers.
3.)
Add Host Table Entries on each system, for the IP
addresses of the target systems. On
each system enter CFGTCP at the AS/400 command prompt. Then select Option-10 (Work with TCP/IP host
table entries). Next, if the IP address
does not already exist in the Host Table, enter a “1” in the Opt field and the
IP address in the Internet Address field, then press enter to show the Add
TCP/IP Host Table Entry display. If the
IP address does in fact exist in the Host Table, then enter “2” in the Opt
field next to that IP address and press enter to show the Change TCP/IP Host
Table Entry display. From either the
Add TCP/IP Host Table Entry (ADDTCPHTE) or Change TCP/IP Host Table Entry
(CHGTCPHTE) screen, enter a “+” in the Host names field and press enter to add
the Host name (HOSTNAME) of the target system.
The name must be in the form system name.appn.sna.ibm.com in order to
conform to the SNA standard for AnyNet.
After entering the Host name, then keep pressing enter until you have
returned to the Configure TCP/IP menu.
From the Configure TCP/IP menu press function key F3 (Exit) to return to
the AS/400 command prompt. The following
shows the entries for our example:
a)
System-A:
Internet Address . . . . . . . . :
192.168.128.91
Host names:
Name . . . . . . . . . . . . . . . . : DOMINO1.APPN.SNA.IBM.COM
Text
description . . . . . : DOMINO1
b)
System-B:
Internet Address . . . . . . . . :
192.168.255.92
Host names:
Name . . . . . . . . . . . . . . . . : PENTA421.APPN.SNA.IBM.COM
Text
description . . . . . : PENTA421
4.)
Create APPC controllers on each system. From the AS/400 command prompt, enter
CRTCTLAPPC and press function key F4 (prompt).
For ease of identification, it is recommended that you use the target
system name for the Controller description (CTLD). Link type (LINKTYPE) should be specified as
“*ANYNW”. The value of the Remote
control point (RMTCPNAME) should equate to the value of the Network
Attribute-Local control point name on the target system. Do not enter anything in the Attached
devices (DEV) field. For V4R1 and
later, specify “*NONE” for Autocreate device (AUTOCRTDEV). Optionally, enter a value for the text
(TEXT) field. Take the IBM parameter
defaults for all of the other parameters and press enter. The following shows the CRTCTLAPPC
parameters for our example:
Controller description . . . . > DOMINO1
Link type . . . . . . . . . . . . . > *ANYNW
Online at IPL . . . . . . . . . . . *YES
Remote network identifier
. *NETATR
Remote control point . . . .
> S102D21M
User-defined 1 . . . . . . .
. . *LIND
User-defined 2 . . . . . . .
. . *LIND
User-defined 3 . . . . . . .
. . *LIND
Text 'description' . . . . .
. . > DOMINO
Additional Parameters
Attached devices . . . . . .
. .
+ for more values
Character code . . . . . . .
. . *EBCDIC
b)
System-B:
Controller description . . . .> PENTA421
Link type . . . . . . . . . . . . . > *ANYNW
Online at IPL . . . . . . . . . . . *YES
Remote network
identifier . *NETATR
Remote control point . . .
. >
PENTA421
Autocreate device . . . . . .
> *NONE
Autodelete device . . . . . . . . 1440
User-defined 1 . . . . . . .
. . . . *LIND
User-defined 2 . . . . . . .
. . . . *LIND
User-defined 3 . . . . . . .
. . . . *LIND
Text 'description' . . . . .
. . . . *BLANK
Attached devices . . . . . .
. .
5.) Create an
APPC device for each controller created in step-4. From the AS/400 command prompt, enter
CRTDEVAPPC and press function key F4 (prompt).
Once again for ease of identification, it is recommended that you use
the target system name for the Device description (DEVD). The value of the Remote location name
(RMTLOCAME) should equate to the value of the Network Attribute-Local control
point name on the target system.
Specify, for the Attached controller parameter (CTL), the name of the
corresponding controller created in step-4.
The value for the Mode (MODE) should equate to the value of the Network
Attribute-Default mode on the target system.
Optionally, enter a value for the text (TEXT) field. Take the IBM parameter defaults for all of
the other parameters and press enter.
The following shows the CRTDEVAPPC parameters for our example:
a) System-A:
Device description . . . . .
. . DOMINO1
Remote location . . . . . . . . S102D21M
Online at IPL . . . . . . . . . *YES
Local location . . . . . . .
. . . . . . *NETATR
Remote network
identifier . . . *NETATR
Attached controller . . . . . . . . DOMINO1
Mode . . . . . . . . . . . .
. . . . . . . BLANK
+ for more values
Message queue . . . . . . . . . . . QSYSOPR
Library
. . . . . . . . . . .
*LIBL
APPN-capable . . . . . . . .
. . *YES
Single session:
Single session capable . . . . *NO
Number of conversations . . .
Text 'description' . . . . .
. . Domino device
b) System-B:
Device description . . . . .
. . PENTA421
Remote location . . . . . . . . PENTA421
Online at IPL . . . . . . . . . *YES
Local location . . . . . . .
. . . . . . *NETATR
Remote network
identifier . . . *NETATR
Attached controller . . . . . . . . PENTA421
Mode . . . . . . . . . . . .
. . . . . . . PENTA
+ for more values
Message queue . . . . . . . . . . . QSYSOPR
Library
. . . . . . . . . . .
*LIBL
APPN-capable . . . . . . . .
. . *YES
Single session:
Single session capable . . . . *NO
Number of conversations . . .
Text 'description' . . . . .
. . *BLANK
6.)
Vary on controllers and devices created in steps 4
& 5. From the AS/400 command
prompt, enter WRKCFGSTS *CTL and press enter.
Search for the name of the controller created in step-4 and enter a “1”
in the Opt field next to that controller.
This should vary on both the controller and the attached device and set
the status to ACTIVE. At this point, press
enter to return to the AS/400 command prompt.
Note: it may take a moment to
vary on both the controller and the device.
You can update the status shown on your display by pressing function key
F5 (Refresh) until the status shown for both the controller and the device is
ACTIVE.
7.)
Configure the Distribution Services to create the
Distribution Queues and Routing Table entries.
From the AS/400 command prompt, enter CFGDSTSRV and press enter.
a.) Enter
“1” in the type of distribution services to configure field. From the Configure Distribution Queues
screen, press function key F6 (Add distribution queue) to display the Add
Distribution Queue screen. Again, for
ease of identification, it is recommended that you use the target system name
for the Queue name. Queue type should
be *SNADS. The value of the Remote
location name (RMTLOCAME) should equate to the value of the Network
Attribute-Local control point name on the target system. The value for the Mode (MODE) should equate
to the value of the Network Attribute-Default mode on the target system. Take the IBM defaults for the remaining
parameters and press enter. Press
function key F12 (Cancel) until you return to the Configure Distribution
Services screen.
b.) Next,
enter “2” in the type of distribution services to configure field. From the Configure Routing Table screen,
press function key F6 (Add routing table entry). At the Add Routing Table Entry screen, enter
the target system name in the first parameter of the System name/Group
field. Optionally, enter a description
identifying the target system. For all the
Queue names, enter the name of the Queue which you created in step-7a (this
should be the name of the target system) and take the IBM default (“*DFT”) for
the Maximum hops and press enter.
(Queue entry)
Queue . . . . . . . . . . .
. . . :
DOMINO1
Queue type . . . . . . . . . :
*SNADS
Remote location name : S102D21M
Mode
. . . . . . . . . . . . . . : BLANK
Remote net ID . . . . . . . : *LOC
Local location name . . . : *LOC
Normal priority:
Send time:
From/To . . . . . . . . : :
:
Force . . . . . . . . . : .
:
Send depth
. . . . . . . . . : 1
High priority:
Send time:
From/To . . . . . . . . : :
:
Force . . . . . . . . . : . . :
Send depth
. . . . . . . . . : 1
Number of retries . . . . .
. : 3
Number of minutes
between retries . . . . . . . : 5
To ignore time/depth
values
while receiving:
Send queue
. . . . . . : N
(Routing Table Entry)
Destination system
name/Group . . . . . : DOMINO1
Description . . . . . :
Penta421 to Domino1
Service level:
Fast:
Queue name . . . . : DOMINO1
Maximum hops . . . : *DFT
Status:
Queue
name . . . . : DOMINO1
Maximum hops . . . : *DFT
Data high:
Queue name . . . . : DOMINO1
Maximum hops . . . : *DFT
Data low:
Queue name . . . . : DOMINO1
Maximum hops . . . : *DFT
b)
System-B:
(Queue entry)
Queue . . . . . . . . . . .
. . . :
PENTA421
Queue type . . . . . . . . . :
*SNADS
Remote location name : PENTA421
Mode
. . . . . . . . . . . . . . : PENTA
Remote net ID . . . . . . . : *LOC
Local location name . . . : *LOC
Normal priority:
Send time:
From/To . . . . . . . . : :
:
Force . . . . . . . . . : .
:
Send depth
. . . . . . . . . : 1
High priority:
Send time:
From/To . . . . . . . . : :
:
Force . . . . . . . . . : . . :
Send depth
. . . . . . . . . : 1
Number of retries . . . . .
. : 3
Number of minutes
between retries . . . . . . . : 5
To ignore time/depth
values
while receiving:
Send queue
. . . . . . : N
(Routing Table Entry)
Destination system
name/Group . . . . . : PENTA421
Description . . . . . :
Domino1 to Penta421
Service level:
Fast:
Queue name . . . . : PENTA421
Maximum hops . . . : *DFT
Status:
Queue name . . . . : PENTA421
Maximum hops . . . : *DFT
Data high:
Queue name . . . . : PENTA421
Maximum hops . . . : *DFT
Data low:
Queue name . . . . : PENTA421
Maximum hops . . . : *DFT
8.)
Add the necessary Directory entries to the System
Distribution Directory.
a) Source
system:
Make an
entry in the distribution directory to enable the transmission from the source
system to the target system. The User
ID should be specified as “*ANY” with an Address matching the name of the
target system. Optionally enter a
description for the directory entry.
Enter the target system name in the first parameter of the System
name/Group field. Take the IBM defaults
for the remaining parameters and press enter.
b) Target
system:
Make an
entry in the distribution directory to enable the receipt of a transmission,
from a source system, by a user on the target system. The User ID should specify the name of a
valid user profile with an Address matching the name of the system which the
entry is being made on. Optionally
enter a description of the directory entry.
Enter the current system name (name of the system which the entry is
being made on) in the first parameter of the System name/Group field. The User profile should be the same as the
User ID entered in the first part of the User ID/Address. Take the IBM defaults for the remaining
parameters and press enter.
Note: the following shows the Directory Entries used in our example. This example will enable user GAS to transmit to and receive from the Domino1 machine to the Penta421 machine and vice versa.
System-A:
a) User ID/Address . . . . . . : *ANY DOMINO1
Description
. . . . . . . . . . : Any user to DOMINO1
System
name/Group . . . : DOMINO1
User
profile . . . . . . . . . :
Network
user ID . . . . . . : *ANY DOMINO1
b) User ID/Address . . . . . . : GAS PENTA421
Description
. . . . . . . . . . : Gary
A. Smith
System
name/Group . . . : PENTA421
User
profile . . . . . . . . .. : GAS
Network
user ID . . . . . . : GAS PENTA421
System-B:
a) User ID/Address . . . . . . : *ANY PENTA421
Description
. . . . . . . . . . : Any user
(Penta421)
System
name/Group . . . : PENTA421
User
profile . . . . . . . . . :
Network
user ID . . . . . . : *ANY PENTA421
b) User ID/Address . . . . . . : GAS DOMINO1
Description
. . . . . . . . . . : Gary
A. Smith
System
name/Group . . . : DOMINO1
User
profile . . . . . . . . .. : GAS
Network
user ID . . . . . . : GAS DOMINO1
This completes our example
of configuring ANYNET communications (APPC over TCP/IP) between the two AS400
systems, PENTA421 and DOMINO1. This is
just one approach, which we feel is the most straight forward and simplest
method to use. However, other
variations may be used which may better fit your installations and
requirements.
https://download.netiq.com/KB/files/NETIQKB30867.doc