Prepare to upgrade an instance checklist - Assure_Secure_File_Transfer_ - Assure_Elevated_Authority_Manager_(EAM) - Assure_Secure_File_Transfer_PGP - Assure_Encryption - Assure_Secure_File_Transfer - Required_for_All_Modules - Assure_Monitoring_and_Reporting_(AMR) - Assure_Security_Multi-Factor_Authentication_(MFA) - Assure_DB2_Data_Monitor_(DB2MON) - Assure_System_Access_Manager_(SAM) - Assure_Secure_File_Transfer_with_PGP - 7.0

Assure Security Installation (Manual) Guide

Product type
Software
Portfolio
Integrate
Product family
Assure
Product
Assure Security > Assure Elevated Authority Manager (EAM)
Assure Security > Assure Encryption
Assure Security > Assure Secure File Transfer
Assure Security > Required for All Modules
Assure Security > Assure Monitoring and Reporting (AMR)
Assure Security > Assure Security Multi-Factor Authentication (MFA)
Assure Security > Assure DB2 Data Monitor (DB2MON)
Assure Security > Assure System Access Manager (SAM)
Assure Security > Assure Secure File Transfer with PGP
Version
7.0
Language
English
Content type
Installation (Manual) Guide
Product name
Assure Security
Title
Assure Security Installation (Manual) Guide
Copyright
2023
First publish date
1999
Last updated
2025-01-05
Published on
2025-01-05T12:58:06.220000

Use the checklist and these supporting topics to prepare your environment before upgrading Assure Security. Generally, plan to install software outside of normal business hours when system information activity is low.

Important! This checklist includes steps that apply to any Assure Security instance as well as steps that are applicable only when specific licensed features are used.

This checklist identifies recommended actions to prepare your environment for upgrading an instance of Assure Security and situations that may require modifying your environment before upgrading:
  1. Supported upgrades. Confirm that an upgrade of your existing Assure Security instance is supported using Supported upgrades.

  2. Media choice. To confirm that your installation media choice is appropriate for your environment, see Installation media choices and considerations.

  3. Requirements. Review the software installation requirements identified in General requirements for installing or upgrading for details about the minimum IBM i operating system and user profile requirements for upgrading. Also, you may need to modify your environment to address storage and communications requirements or to temporarily change system values.

  4. Exit point conflicts. If you use the Assure System Access Manager licensed feature or the Assure Secure File Transfer licensed feature on the same system where you use other software applications that use IBM i exit points, you may need to end those other applications before upgrading Assure Security. See Exit point considerations before upgrading.

  5. Web application. If you use the Assure Multi-Factor Authentication licensed feature and have not previously used either its web listener or its web user interface (web UI), verify that the system meets the operational requirements for the web application server identified in Assure Security application server requirements.

  6. IBM PTFs. Check for and apply the latest IBM PTFs associated with IBM i releases that pertain to your environment. See Check for required IBM i PTFs.

  7. High availability integration. If you have Assure Security installed on a system where a high availability product such as Assure MIMIX or Assure QuickEDD exists, you must take action to ensure that the security product’s objects are properly identified for inclusion or exclusion from replication according to your environment’s needs. You may need to make configuration changes to the high availability product before upgrading, or you may need to address upgrading Assure Security on multiple systems before resuming replication activity following an upgrade. Use the information in Integration with a high availability environment.

  8. Additional information. Check the following sources available from Support for Assure Security version 7.0 for additional information:
    • Release Notes - The Assure Security Release Notes contains details about enhancements and fixes delivered in each software service pack, and may include special instructions for any actions to be performed before or after installing the service pack.
    • Technical Alerts - Technical Alerts, if any exist, identify significant scenarios that may affect your environment and what actions to take to avoid or resolve problems.
  9. License Manager. Use Verify authorization requirements for License Manager to check whether your environment has enabled product-level security for License Manager. If your environment has enabled this capability for License Manager, the user profile you use to upgrade must have at least management (*MGT) authority.
    Note: This step is only required if you have any of the following products installed:
    • Assure MIMIX version 10.0.11.00 or later
    • iTERA version 6.2.21 or later
    • Assure Security version 7.0.09.00 or later
  10.  User-defined objects. Move any user-created objects or programs in the LAKEVIEW and VSI001LIB libraries to a different location before installing this service pack. These locations are used by multiple Precisely products. Any user-created objects or programs in these locations will be deleted during the installation process.

  11. System values. You may need to temporarily change system values. The system library list (QSYSLIBL) system value has specific requirements for what can and cannot be included. Other system values also require specific values. Use the command WRKSYSVAL to access system values and use options 5 (Display) and 2 (Change) as needed to specify the values required by the installation process. See System value requirements for installing software for details.

  12. End other applications. End activity in other applications that interact with the licensed features of Assure Security. Applications that normally interact with security features at any time cannot be allowed access for the duration of the upgrade. The upgrade process cannot start when other applications are interacting with the Assure Security objects. The upgrade process will lock product objects so they cannot be used by other applications for the duration of the upgrade process. Examples of activity that may need to be ended or prevented before upgrading then restarted after the upgrade completes include:
    • Preventing users from logging in (due to Assure Multi-Factor Authentication)
    • Accessing interfaces (due to Assure Elevated Authority Manager)
    • Preventing SQL statements from starting (due to Assure System Access Manager)
    • Controlling access using field procedures (due to Assure Encryption)
    • Accessing files that are protected by Assure Db2 Data Monitor
    • Running Session Timeout Manager jobs
    • Implementing automated archiving using the User Profile Archive
  13.  End queries. This step is required if you use the Assure Monitoring and Reporting (AMR) licensed feature. Use the following commands to stop all queries that are running in iterative or continuous modes:

    product-library/ENDQJF QJ(*ALL)
    product-library/ENDQJC QJ(*ALL)
  14. End MOM. This step is required if you use the Monitoring Messages (MOM) tool. Do the following:
    1. Access the Monitor Message display using the command:
      product-library/WRKQJMOM
    2. Check the status of all MOM jobs listed on the Monitor Messages display. All MOM jobs should have a status of *OFF before upgrading software. If necessary, use option 10 (*ON/*OFF) to stop the job.
    3. Verify that there are no jobs with names that begin with MOM in the product subsystem. Use the command:
      WRKACTJOB SBS(product-library-name) JOB(MOM*)
    4. Verify that there are no watch (WCH) sessions with a status of ACTIVE using the command:
      WRKWCH WCH(*STRWCH)
  15. End EAM. This step is required if you use Assure Elevated Authority Manager (EAM) licensed feature. Do the following:
    1. The size of Assure Elevated Authority Manager log files may affect the amount of time needed for the software upgrade. If necessary, reduce the size of the log to what you are required to keep for auditing requirements. Use the RMVQSLOGE command to remove log entries that are no longer needed.
    2. Use the following command to check the status of Assure Elevated Authority Manager jobs:
      product-library/WRKQSPRF
      On the Work with EAM Jobs display, the S column displays job status and can also be used to filter the list. Verify there are no jobs with these status values: S (Started), M (Message), H (Held), or W (Waiting for approval).
    3. Do one of the following:
      • If you have licenses for both Assure Elevated Authority Manager and Assure System Access Manager, skip to Step 16.
      • If you have only an Assure Elevated Authority Manager license, use the following command to change the status of all control points to *OFF:
        product-library/VRYQXPNT PNT(*ALL) PNTTYPE(*ALL) STATUS(*OFF) UPDAUTOSTR(*YES)
        By specifying UPDAUTOSTR(*YES), the points that were on before running the command will be tracked and can be more easily started after the upgrade completes.
  16. End SAM. This step is required if you use the Assure System Access Manager (SAM) licensed feature. You must stop all activity for SAM and ensure that services that use the control points are stopped and services associated with the control points are not using them.

    Do the following:
    1. Print a copy of the configuration report for reference using the command:
      product-library/PRTQXCFG
    2. Use the following command to change the status of all control points to *OFF:
      product-library/VRYQXPNT PNT(*ALL) PNTTYPE(*ALL) STATUS(*OFF) UPDAUTOSTR(*YES)
      By specifying UPDAUTOSTR(*YES), the points that were on before running the command will be tracked and can be more easily started after the upgrade completes.
    3. The size of Assure System Access Manager log files may affect the amount of time needed for the software upgrade. For this reason, you must verify the size of log file EXLOG001 in the product library before starting the upgrade. If necessary, reduce the size of the log to what you are required to keep for auditing requirements. Use the CPRQXLOGE and RMVQXLOGE commands to compress or remove log entries.
      Note: Step 16d through Step 16h stop services associated with the exit points and verify that the points will not be called during the upgrade. If you run IBM i communication jobs in subsystems other than the default subsystems QSERVER and QUSRWRK, specify the subsystems you use in Step 16f. Alternatively, you can perform an IPL.
    4. Stop FTP using the command:
      ENDTCPSVR *FTP
    5. Identify the active jobs in the QSERVER and QUSRWRK subsystems and record the jobs and users in case you need to reactivate the jobs manually.
      WRKACTJOB SBS(QSERVER QUSRWRK)
    6. Stop the QSERVER and QUSRWRK subsystems using the commands:
      ENDSBS QSERVER *IMMED
      ENDSBS QUSRWRK *IMMED
    7. Ensure that the corresponding jobs are all stopped.
      WRKACTJOB SBS(QSERVER QUSRWRK)
    8. Verify that there are no jobs using points or controls registered using the command:
      product-library/WRKQXPNT
      • From the Work with Points display, use the options XJ (to display a list of registered jobs), XL to display a list of jobs for which configuration updates are waiting), and XU (to display a list of jobs’ user spaces). You may be able to use option 5 on the resulting displays for more detail.
      • The resulting displays should not list any jobs. If any jobs are still attached to the Assure System Access Manager or CONTROLER exit points, you must either end them manually, or, if they are system jobs in QSYSWRK you must perform an IPL to free the jobs.
  17. Deny MFA access. This is required if you use the Assure Multi-Factor Authentication (MFA) licensed feature. The MFA login screen will not be available for the duration of the upgrade. All users who have logged in to a system protected by the MFA licensed feature must be logged out, and you must prevent users from logging in for the duration of the upgrade.

    Do the following:
    1. Prevent users from logging in for the duration of the upgrade.
      • Use the following command to temporarily deny access to users who access the system through Assure Multi-Factor Authentication:
         product-library/CHGQAACT DECISION(*DENY)
      • If you need to ensure that no user can log in without MFA protection, you may need to end interactive subsystems.
    2. This step applies only when the instance to be upgraded is currently running Assure Security service pack 6.0.01.00 through 6.0.05.00. To make future upgrades easier,  Precisely recommends that you do the following to change settings so that users who log in with Assure Multi-Factor Authentication will not have the installation library and secondary library automatically added to their library list:
      • Access the Assure Security Settings display using the command:
         product-library/WRKQJSET
      • Page down to locate the setting CILASOFT SETLIBL ADD.IJRN.IJRNEXIT.
      • Type 2 (Change) next to the setting and press Enter.
      • The display changes to Edit mode. At the bottom of the display, type *NO on the input line for the Value field.
      • Press Enter to validate the field.
      • Press Enter again to save the value.
  18. End application server. If you use the web listener for Assure MFA authentication or if you use the web UI provided by the Assure Security application server, you must end the application server in the instance. Use the command:

    product-library/ENDAPPSVR
  19. End subsystem. This step is required for all upgrades. End the Assure Security product’s subsystem. In the following command, the subsystem name is the same as the name of the product library for the Assure Security product being upgraded:

    ENDSBS SBS(product-library-name) OPTION(*IMMED)
  20. Prevent user access. This step is required for all upgrades. Ensure that all users of all Assure Security licensed features, including administrator users, are logged out of the product and have exited product interfaces.

  21. Check for object locks. This step is optional. (The upgrade process does check for locks.) Use the following command to check for locks on the installation and secondary libraries by users:

    WRKOBJLCK OBJ(QSYS/library-name) OBJTYPE(*LIB)
  22. You are ready to start upgrading an instance of Assure Security using Upgrade a product instance using commands.