fhg
Volume 8, Number 13 -- April 2, 2008

Admin Alert: How System i Boxes Impersonate Each Other, Part 2

Published: April 2, 2008

by Joe Hertvik

Last week, I began covering how to change the communications identity on an i5/OS box so that it can impersonate another system and take its place on the network. This week, I'll conclude demonstrating my i5/OS impersonation techniques and offer a checklist for making one System i box look like another System i box on your network.

Why We Impersonate?

As covered last issue, system impersonation techniques come in handy in the following situations:

  • When replacing an existing System i machine with a new box. During testing, setup, and cutover, both systems may need to run side-by-side and you may have to change system identities to complete the migration process.
  • When a System i box fails over to a Capacity BackUp (CBU) system for testing or in the event of an emergency. The CBU will have to assume the role of the i5/OS machine it is temporarily replacing on the network. On fail back, both the CBU and the production machine it impersonates will need to run side-by-side to resynchronize their databases.
  • When failing back in a disaster recovery situation. Here you may also temporarily need to run the recovered machine and the disaster recovery machine side-by-side in order to restore and restart the production box.

Seven Steps To a Successful Impersonation

As I also covered last week, you will need to perform the following steps to enable one System i box to impersonate another System i box on the network:

  1. Set up a new IP interface for the IP address, subnet mask, and TCP/IP routes (if necessary) that you want the machine to run under.
  2. If necessary, change the Local Adapter Address (Ethernet) on the line description that you're using for communicating with the network.
  3. Change the TCP/IP Host Name and Domain Name for the machine.
  4. Change the machine's network attributes.
  5. If necessary, change any relevant system distribution directory entries that are used by i5/OS or application programs to exchange information on the machine.
  6. If necessary, check and change/create any necessary Relational Database Directory entries that are machine and IP address specific.
  7. Change the Server name and the Domain name for your iSeries NetServer configuration, if you have users and applications that access NetServer to retrieve data.

Last week, I went through the first three items on the list. This week, I'll cover the rest of the list and present a checklist that you can use when you perform your own system impersonations. Where available, I'll show you how to change these settings from both the green screen and through iSeries Navigator (OpsNav). Be warned, however, for many of these steps, you will only be able to change these settings through a 5250 green screen; many of these impersonation techniques don't have comparable change options in OpsNav.

Step 4: Changing the Machine's Network Attributes

The System i's network attributes contain control information about the system's communication environment.

To start changing a system's network attributes, print the network attribute values from the source machine that you want to impersonate. Inside a 5250 green screen, you can view and print a system's network attributes by typing in the following Display Network Attributes (DSPNETA) command.

DSPNETA OUTPUT(*PRINT)

To change any of a system's network attributes on a 5250 screen, type in the Change Network Attributes (CHGNETA) command and press the F4 key to prompt for the fields that you want to change.

CHGNETA

There are approximately 41 different network attribute values that you can change inside i5/OS, so you will need to check all the values on the DSPNETA list that you retrieved from your source machine to make sure the target machine values match the source values. In particular, you will want to ensure that the following network attributes are changed to match the source system.

  • System name--The name assigned to the system. This name shows up on the system sign-on screen, the job name of every job that is started on the system, and in many other places. System name is a core value that must be changed for an effective impersonation.
  • Local network ID, local control point name, default location name--These values are used by a number of different applications, particularly when talking between two System i partitions.
  • Various other values used for IBM's Advanced Peer-to-Peer Networking (APPN) protocol and for System Network Architecture Distribution Service (SNADS).

In writing this article, I searched for a place in iSeries Navigator (OpsNav) where you can change a system's network attributes, but I was unable to find if or how you can use OpsNav to change these values.

Step 5: Change Relevant System Distribution Directory Entries

Many applications in i5/OS use system distribution directory entries to locate information about where to direct object distributions generated by an application or a program. This can be especially important for a number of applications so it's best to review the directory on your source system so that you can add or replace any entries on the target system needed for your applications to function after impersonation.

One good example of the need to check your directory entries occurs if you're using SNADS to transfer spool files between systems. On an impersonated system, you may find that you cannot send spool files between systems unless the entry for the QNETSPLF user is correct in the distribution directory. This recently happened to me after I brought up a new production system on an i550 box and I was trying to transfer spooled files from the old system to the new system. The SNADS spooled files transfer would not work until I adjusted the QNETSPLF directory entry to contain the new system name that was now assigned to the partition.

On the green screen, you can view, add, and change directory entries by using the Work with Directory Entries (WRKDIRE) command. To individually add a directory entry, you can also use the Add Directory Entry (ADDDIRE) command. To delete individual directory entries, use "option 4=Remove" in front of the entry in the WRKDIRE command.

Step 6: Make Any Necessary Relational Database Directory Entries

i5/OS contains a relational database directory to define different database names (and their associated network parameters) that can be directly accessed by system applications. Its entries also specify whether database connections are made by using an Internet Protocol (IP) address and port or whether the database can be reached through an associated SNADS network identifier and logical unit name (LU).

When changing an i5/OS partition to impersonate another partition, it may be important to also change the mimicking partition's Relational Database Directory entries to match the entries on the source system. To do that, print out all the relational database directory entries on your source system and add those same entries to the target system.

To locate and work with the relational database entries on the impersonating system, use the options in the Work with Relational Database Directory Entries (WRKRDBDIRE) command. Be sure to take printouts of any RDB entries that you delete or change on the target system so that they can be restored again if you are planning on returning the target system back to its original identity later on.

Step 7: Change the Server Name and the Domain Name for Your iSeries NetServer Configuration

The last impersonation parameter to change is the Server name and Domain that are assigned to your iSeries NetServer configuration. NetServer provides System i file folder support to Windows PCs. Many i5/OS applications such as Fax servers also make use of stream files located in the AS/400 Integrated File System (AS/400 IFS), and those applications use NetServer to locate and serve files.

Unlike some of our other steps, iSeries NetServer configuration can only be performed inside iSeries Navigator. There are no green screen commands to modify your NetServer configuration, and the only way that I know of to update NetServer on the green screen is to use the APIs listed in the iSeries NetServer API Guide.

Because you have to use OpsNav to change your NetServer parameters, the catch is that TCP/IP needs to be active in order to make the changes. To modify your NetServer Server name and Domain name, perform the following steps inside OpsNav.

  • Under the OpsNav path that contains your target i5/OS partition, open the Network→Servers→TCP/IP node. This will show all the TCP/IP servers on your target system.
  • Right-click on the iSeries NetServer entry that appears in the right-hand pane of OpsNav. Select Properties from the pop-up menu that appears.
  • Select the General tab from the iSeries NetServer Properties menu. This will display the system's current iSeries NetServer startup properties, including the NetServer Server name and Domain name. Click on the Next Start button on this screen.
  • The iSeries NetServer General Next Start panel shows the Server name and Domain name that will be used the next time the iSeries NetServer server is started on this partition. Change these values to the values that you retrieved from your source system.
  • Stop and restart your iSeries NetServer server and the server will start using your new values when it restarts.

And That's All????

Although it's been my experience that these seven steps cover the majority of tasks needed to make one System i box impersonate another, they may not be all inclusive for every situation. Use this checklist as a base but be sure to also perform your own investigation to uncover any addition impersonation techniques that are specific to your organization.

About Our Testing Environment

Configurations described in this article were tested on an i5 550 box running i5/OS V5R4. Many of the commands may also be available in earlier versions of the operating system running on iSeries or AS/400 machines. iSeries Navigator (OpsNav) features were tested with the OpsNav version that is shipped with iSeries Access for Windows V5R3M0. If a command is present in earlier versions of the i5/OS or OS/400 operating systems, you may notice some variations in the pre-V5R4 copies of these commands. These differences may be due to command improvements that have occurred from release to release.


Checklist: Enabling One System i Box To Impersonate Another on the Network

Impersonation step

Method for performing step

Change the IP address, subnet mask, and TCP/IP routes

   Configure TCP/IP menu option 1, Work with TCP/Interfaces, and option 2, Work with TCP/IP Routes

   OpsNav NetworkTCP/IP Configuration options for IPv4 and IPv6

Change the Local Adapter Address on a communications line

   Change Line Desc (Ethernet) command (CHGLINETH) - Local Adapter Address parameter (ADPTADR)

   No OpsNav equivalent

Change the TCP/IP Host Name and Domain Name for the machine

   Configure TCP/IP menu, option 12, Change TCP/IP Domain Information

   OpsNav right-click on NetworkTCP/IP Configuration and select Properties from the pop-up menu that appears

Change the machine's network attributes

   Change Network Attributes (CHGNETA) command from the green-screen

   No OpsNav equivalent

Change any relevant system distribution directory entries

   Work with Directory Entries command (WRKDIRE) to make adds, changes, and deletions for existing entries

   Add Directory Entry command (ADDDIRE) for adding individual entries

   No OpsNav equivalent

Make any necessary Relational Database Directory entries

   Work with Relational Database Entry command (WRKRDBDIRE)

   No OpsNav equivalent

Change the Server name and the Domain name for your iSeries NetServer configuration

   Right-click on OpsNav NetworkServersTCP/IP node, select Properties off the pop-up menu, click on Next Start under the General tab of the iSeries NetServer General Next Start screen

   No green-screen command for changing names but there are APIs for changing these values

Perform any custom changes for your system

   Investigate and add homegrown procedures needed for your specific i5/OS machine to impersonate another server

 


RELATED STORIES

How System i Boxes Impersonate Each Other, Part 1

iSeries NetServer API Guide, IBM



                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot


Sponsored By
GUILD COMPANIES

Internet Programming for AS/400, iSeries & System i

Available NOW from the IT Jungle Bookstore

This guide from author Hideyuki Yahagi, an IBM Certified IT Specialist
with Internet and open source programming expertise, is suited for
programmers with traditional skills who want to quickly learn to use
the built-in Web serving capabilities of the System i.

Progressing from basic to advanced, this tutorial includes
programming tips, snippets of sample code, and a CD.

Price: $49.95
Buy Now!


Senior Technical Editor: Ted Holt
Technical Editors: Howard Arner, Joe Hertvik, Shannon O'Donnell, Kevin Vandever
Contributing Technical Editors: Joel Cochran, Wayne O. Evans, Raymond Everhart,
Bruce Guetzkow, Brian Kelly, Marc Logemann, David Morris
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

LANSA:  It's Time for 4 days of education at the LANSA User Conference, May 4 7, in Orlando
Northeast User Groups:  18th Annual Conference, April 14-16, 2008, Sheraton Hotel, Framingham, MA
Vision Solutions:  A Rewind Button for i5 Data? Read the Whitepaper


 

IT Jungle Store Top Book Picks

Easy Steps to Internet Programming for AS/400, iSeries, and System i: List Price, $49.95
Getting Started with PHP for i5/OS: List Price, $59.95
The System i RPG & RPG IV Tutorial and Lab Exercises: List Price, $59.95
The System i Pocket RPG & RPG IV Guide: List Price, $69.95
The iSeries Pocket Database Guide: List Price, $59.00
The iSeries Pocket Developers' Guide: List Price, $59.00
The iSeries Pocket SQL Guide: List Price, $59.00
The iSeries Pocket Query Guide: List Price, $49.00
The iSeries Pocket WebFacing Primer: List Price, $39.00
Migrating to WebSphere Express for iSeries: List Price, $49.00
iSeries Express Web Implementer's Guide: List Price, $59.00
Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95
Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
Getting Started with WebSphere Express for iSeries: List Price, $49.00
WebFacing Application Design and Development Guide: List Price, $55.00
Can the AS/400 Survive IBM?: List Price, $49.00
The All-Everything Machine: List Price, $29.95
Chip Wars: List Price, $29.95


 
The Four Hundred
Progress Is Our Most Important Product

i5/OS V6R1: Raining on the Armadillo Day Parade

Oracle's Business Grows in Fiscal Q3, But Not As Much as Expected

As I See It: Misera Plebs Contribuens

Novell Previews Features in SUSE Linux Enterprise 11

The Linux Beacon
Novell Previews Features in SUSE Linux Enterprise 11

Making the Case for System z10 Server Consolidation

Sun Backs Into the SMB Customer Space

CMDB: A Journey, Not a Destination

Disk Array Capacity and Sales Still Growing at Historical Rates

Four Hundred Stuff
BCD Widens Modernization Options with 'Presto'

IBM Changes Name Back to AS/400, Promises Return to Glory, TV Ads

Lawson Makes Progress on Landmark Journey

Symark Tackles Tough Access Control Problems

IBM Updates Content Manager with V6R1

Big Iron
System z10 Sales: Banking on IBM

Top Mainframe Stories From Around the Web

Chats, Webinars, Seminars, Shows, and Other Happenings

System i PTF Guide
March 22, 2008: Volume 10, Number 12

March 15, 2008: Volume 10, Number 11

March 8, 2008: Volume 10, Number 10

March 1, 2008: Volume 10, Number 9

February 23, 2008: Volume 10, Number 8

February 16, 2008: Volume 10, Number 7

The Windows Observer
Microsoft Gets 'Feature Complete' Hyper-V Out the Door

Xangati Launches End-User Network Troubleshooter

Marathon Launches Fault Tolerance for Xen on Windows

Dell Inks OEM Deal with Egenera for Server Management Software

IBM Places Mobile Computing, Composite Apps on UC Pedestal

The Unix Guardian
Yen Steps Down as Microelectronics Head, Exits Sun

Sun Bags $44.3 Million DARPA Contract for Funky Chip Interconnect

Disk Array Capacity and Sales Still Growing at Historical Rates

CMDB: A Journey, Not a Destination

Dell Inks OEM Deal with Egenera for Server Management Software

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

THIS ISSUE SPONSORED BY:

WorksRight Software
Help/Systems
Guild Companies


Printer Friendly Version


TABLE OF CONTENTS
An Alternative to Externally Described Printer Files, Take 2

Performance Advice from a Mysterious Friend, Part 3

Admin Alert: How System i Boxes Impersonate Each Other, Part 2

Four Hundred Guru

BACK ISSUES

From the IT Jungle Forums
Data Type *DEC in MSGF

How to identify when the OS upgrade was performed ???

FTP in arrival sequence

S36 environment problem

QSH won't write in batch!





 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement