Admin Alert: V6R1 Changes for the i5/OS Administrator, Part 2
Published: April 16, 2008
by Joe Hertvik
Last week, I started making a list of some of the more memorable V6R1 operating system enhancements for the i5/OS administrator. This week, I continue the list and point out some other V6R1 functions that you should be on the lookout for.
Before starting, please note that all the information contained here comes from available information about the new release as well as information I picked up at the COMMON user conference from IBMers and various System i experts. Since V6R1 is brand new and not installed in the wider base of i5/OS shops yet, there isn't a lot of practical hands-on experience out there. This article deals with early release information, which will be vetted out in the coming months as more people start working with the new operating system.
New Wrinkles for System Backup and Restore
There are some interesting things happening with IBM's old familiar Save (SAVxxx) and Restore (RSTxxx) commands. Here are some of the more intriguing features that you can explore with the new release.
- Save and restore private authorities for objects with the new Private Authority (PVTAUT) parameter on all of the SAVxxx, RSTxxx, and SAVRSTxxx commands. When PVTAUT is set to *YES, you will be able to save and restore the private authorities attached to your saved objects. These updated commands will store and restore Public Authorities, Owner and object authorities, Primary group and primary group authorities, and the names of authorizations lists linked to the saved object. However, IBM cautions that you will want to use this ability for individual objects only because PVTAUT increases the amount of time needed to save an object. It's not recommended that you use private authority save for large scale backup and recovery of user data.
- Encrypted backups can be accomplished by using two techniques. First, you can use IBM's Backup, Recovery, and Media Services product (BRMS) and a tape drive that support encryption, such as an IBM Ultrium 4 tape drive. In this case, the tape devices need to be part of a tape library that supports encryption capabilities. The second method is to use the software encryption capability that IBM built into the most recent version of BRMS. The BRMS-only technique uses cryptographic services to perform an encrypted backup, and it only allows you to encrypt user data. The software only technique is hardware independent, meaning that you don't have to use a tape drive that supports encryption to get an encrypted backup.
- For save-while-active backups, you can fully synchronize check pointed data over multiple save operations by using the Start Save Synchronization (STRSAVSYNC) command. When issued before any of your SAVxxx operations, STRSAVSYNC creates a named synchronized checkpoint that other interactive or batch saves can access to ensure that all the data saved through different SAVxxx commands is synchronized to the same checkpoint. This will allow you to fully synchronize your entire save operation over multiple commands, rather than synchronizing saves only to the current SAVxxx command that is being processed. The other cool thing about this technique is that after setting your synchronized checkpoint with STRSAVSYNC, you can submit multiple batch jobs that save data to different tape drives using the same synchronization ID.
- V6R1 also offers relief for problems that occur when you try to restore logical files that are dependent on physical files that haven't yet been restored to the system. In earlier versions, this was a particularly nasty problem that resulted in searching out and finding missing logical and physical files and then performing multiple restores over the same data to make sure that all of your logicals were restored correctly. To combat this problem and to allow you to restore logical and physical files in different orders, IBM changed the way that the Restore Library (RSTLIB) and Restore Object (RSTOBJ) commands work. Big Blue also added a new command to i5/OS called Restore Deferred Objects (RSTDFROBJ) to complete your restores. To activate this support and to make sure that all dependent physical files are present on the system before restoring a logical file, you would first designate a Defer ID parameter (DFRID) on your Restore Library (RSTLIB) or Restore Object (RSTOBJ) command. The DFRID tells your command to cache any logical files for which there are dependent files that are not currently present on the system. Once you have completed your restore and all the logicals depended on physical files are restored to the system, you can then run the new Restore Deferred Objects (RSTDFROBJ) command and the system will restore all the logical files that it deferred restoring until the previous RST command ended. By using the DFRID parameter and the RSTDFROBJ command, you can restore all your physical and logical files in one pass without having to rerun your RSTxxx commands multiple times as you had to do in previous versions.
- Other V6R1 enhancement for system backup and restore include the ability to save and restore mounted user-defined files systems (UDFS) and improvements to saving/restoring data that resides on an integrated Windows or Linux server.
If you have a requirement to journal all the objects in a data library, V6R1 allows you to set up journaling at the library level. This means that you can set up an entire library as a journal library, and object level journaling will automatically be started for any object that is created, moved into, or restored into the journaled library. Under this scenario, you will not have to worry about journaling each object individually and you can rely on the system to take care of library level journaling needs. A journal library will automatically journal database files, data areas, and data queue objects as they are moved into the library.
Stop Users From Quickly Changing Their Password
In some shops, users will play tricks on the system where they change their password to a new value and then immediately change it back to the previous value or a value closer to their old password. V6R1 attempts to block successive password changes by adding the Minimum Time Between Password Changes (QPWDCHGBLK) system value. QPWDCHGBLK sets up a minimum time that the user must wait to change their password again after they last successfully changed the password.
Doing the Time Zone Warp
i5/OS V6R1 provides several new time zones with this release, including time zone values in the Pacific, Australia, Sao Paulo, Saint Johns, Los Angeles, and Tijuana. Time zone descriptions also contain three new offsets for year, daylight savings time shift, and an alternate name value.
Changes to PTFs
With i5/OS V6R1, PTFs will now be delivered on DVD-ROM media, which will result in fewer disks being shipped and handled with each order.
Printer Support in System i Navigator
V6R1 System i Navigator has an Add Printer Wizard that will guide you through creating a TCP/IP attached printer. The wizard creates the printer device description and its associated objects for you. This feature is designed as an alternative to using CL commands for printer configuration.
Sensibly Limiting User Device Sessions
In previous versions, the Maximum Number Of Device Sessions A User Can Have (QLMTDEVSSN) system value was frustrating to use, because you could only set one of two values for QLMTDEVSSN. You could use it to allow a user to start unlimited sessions (do not limit) or you could set it so that each user could only sign on to one workstation at a time (limit). Prior to V6R1, there was no middle ground, where you could tell the system that you wanted your users to be able to start a reasonable, but not excessive, number of device sessions.
With V6R1, IBM added that reasonable middle ground to QLMTDEVSSN. Rather than just picking between having your users start one session or starting an unlimited amount of sessions, the V6R1 QLMTDEVSSN system value allows you to tell i5/OS either to allow unlimited sessions for all users or to allow each user to start between one to nine sessions.
Not The End
This issue and last, I attempted to chronicle some of the more interesting new V6R1 features for managing your system. This is not an exhaustive list and I invite any of my readers to write in with feedback as they deploy V6R1 administrative functions. I realize that for most shops, deployment to V6R1 is still a year or two away. However, it's interesting to take a look ahead and see what new capabilities are waiting when we upgrade our current systems.
Correction on Backup/Restore Spooled File Support
Last issue, I mistaken presented i5/OS' Save Library (SAVLIB) and Restore Library (RSTLIB) spooled file support as being introduced in i5/OS V6R1, when it actually premiered in i5/OS V5R4. Several readers wrote in to correct me on this gaffe, including Matthew Karwowski, Ernie McCormack, Deb Saugen, and Richard Shearwood. I apologize for the mistake (boy, is my face red) but there is a silver lining to this particular piece of bad information. The description of the Spooled File Data (SPLFDTA) parameter is accurate for both V5R4 and V6R1, so you can use this capability in either version. Thanks to everyone who wrote in to correct my mistake.
Admin Alert: V6R1 Changes for the i5/OS Administrator, Part 1
New Web Console Debuts with i5/OS V6R1
Eliminating Easy-to-Guess User Passwords
IBM i5/OS & OS/400 release support Web page
Post this story to del.icio.us
Post this story to Digg
Post this story to Slashdot