Integration with a high availability environment - Assure_Secure_File_Transfer_ - Assure_Elevated_Authority_Manager_(EAM) - Assure_Secure_File_Transfer_PGP - Assure_Encryption - Assure_Secure_File_Transfer - Required_for_All_Modules - Assure_Monitoring_and_Reporting_(AMR) - Assure_Security_Multi-Factor_Authentication_(MFA) - Assure_DB2_Data_Monitor_(DB2MON) - Assure_System_Access_Manager_(SAM) - Assure_Secure_File_Transfer_with_PGP - 7.0

Assure Security Installation (via Wizard) Guide

Product type
Software
Portfolio
Integrate
Product family
Assure
Product
Assure Security > Assure Elevated Authority Manager (EAM)
Assure Security > Assure Encryption
Assure Security > Assure Secure File Transfer
Assure Security > Required for All Modules
Assure Security > Assure Monitoring and Reporting (AMR)
Assure Security > Assure Security Multi-Factor Authentication (MFA)
Assure Security > Assure DB2 Data Monitor (DB2MON)
Assure Security > Assure System Access Manager (SAM)
Assure Security > Assure Secure File Transfer with PGP
Version
7.0
Language
English
Content type
Installation (Wizard) Guide
Product name
Assure Security
Title
Assure Security Installation (via Wizard) Guide
Copyright
2023
First publish date
1999
Last updated
2025-01-05
Published on
2025-01-05T12:58:55.063000

High availability integration overview

If you plan to use Assure Security on a system that is protected by a high availability solution such as Assure MIMIX or Assure QuickEDD HA, additional action is required. The extent of the required actions and when you need to perform them depend on where you plan to have the Assure Security environment operational during regular operations and whether you intend to have the security environment capable of protecting operations from the backup system in the event of a switch.

If the Assure Security environment will be operational on only one system of the high availability instance and not protected in the event of a switch, make sure that the high availability product is ended before you install Assure Security on the production system. This will prevent accidental replication of Assure Security objects while the software is being installed. Also, it is strongly recommended that you change the configuration of the high availability product to explicitly exclude the following Assure Security objects from replication:
  • The product library and all of its contents.
  • The secondary library and all of its contents.
  • The product-library_0 and all of its contents.
  • The product IFS directory and symbolic links to the IFS directory.

Details about naming conventions for these libraries and the IFS directory are identified in Installed software components and locations.

If the Assure Security environment will be protected by Assure MIMIX or Assure QuickEDD HA in the event of a switch, the high availability product must be ended when installing Assure Security software or fixes and you must address updating the Assure Security installations on both the production and backup systems before restarting replication. You also need to make configuration changes to the high availability product.

The number of instances of Assure Security that must be installed depend on how you plan to protect the systems and the number of nodes in your environment. For each pair of systems, two instances of Assure Security are required. For example, if you have a two-node environment and have security rules operational only on the production system, you need to install an instance of Assure Security on the other system, as shown in the following illustration. The instance on SYSTEM_B remains dormant until the high availability solution is switched. The security protection cannot be part of a cascading configuration or an active-active configuration in the replication environment.
Note: Although the following illustrations show Assure MIMIX as the high availability product, either MIMIX or Assure QuickEDD HA is supported.

The instance of Assure Security on the backup system must not be used for normal operations. If you need to have security rules operational on both systems, you need a total of four instances, two on each system. During normal operations, the Production instance of Assure Security on SYSTEM_A is active and the Backup instance is dormant, and on SYSTEM_B, the Production instance is dormant and the Backup instance is active.

It is required that you use the same product library names for the Assure Security product on both systems of a pair. This eliminates the need to specify name mapping when configuring the Assure Security objects that must be replicated by the high availability solution.

Customizable scripts for switching the security environment as part of a high availability product switch operation will soon be available. Custom scripts for MIMIX are available beginning with Assure MIMIX service pack 9.0.12.00. Custom scripts for Assure QuickEDD HA are available beginning with service pack 19.10.15.

When using Assure Security in a high availability environment protected by switching, be aware that when performing any software upgrade, including fixes, always proceed in this order:
  1. End replication for at least the Assure Security objects.

  2. Complete the upgrade the Assure Security product to the same software level on both systems. If your configuration requires two instances of Assure Security on each system, complete the upgrade of all four instances.

    Note: The Assure Security installation wizard supports installing or upgrading instances on multiple nodes. If you can use the wizard, you can complete all four instance upgrades with two runs of the wizard. The first run would update the production instance on both nodes, and the second run of the wizard would update the backup instance.
  3. Start replication of the Assure Security objects.

Action required: To integrate Assure Security with Assure MIMIX or Assure QuickEDD HA requires the following:
  1. The production and backup systems must be running on the same level of the IBM i operating system.
    Note: If the two systems have different levels of the IBM i operating system, contact Support for more information.
  2. Assure Security must be installed on both systems in a rule pair. For example, if Assure MIMIX or Assure QuickEDD HA protects a two-node environment, install the Assure Security product on the production and backup systems that are within the high availability product’s installation.

  3. License keys are system-specific. You must have license keys for your licensed features of Assure Security on each system. The keys for the backup system are considered dormant until the event of a switch.

  4. You must configure the high availability product to replicate critical objects from the production system’s instance of Assure Security, as identified below.
    • For Assure MIMIX, this means creating selection rules (data group entries).
    • For Assure QuickEDD HA, this means adding the critical files to environment settings.
  5. When custom scripts for switching become available, configure them according to the Assure MIMIX or Assure QuickEDD HA product documentation.

  6. When any of the systems in the replication environment is running IBM i 7.2 or higher, the user profile used for replication must be able to create, delete, and update secured SQL functions on target system. This user profile must be an allowed (*ALLOWED) user of the QIBM_DB_SECADM function on systems running IBM i 7.2 or higher. For Assure MIMIX, the MIMIXOWN user profile is used for replication. For Assure QuickEDD HA, the user profile used for replication defaults to PMSOFTICF, but users have the option to use a different profile for replication.

  7. If your high availability solution is Assure MIMIX, configure Assure Security to recognize the MIMIXOWN user profile, which owns the scripting objects. Do the following:
    1. Use the command:
      WRKQJAUT
    2. On the resulting Work with Users and Authority display, press F6 (Create).
    3. In the Create User pop-up, specify the following:
      User prompt - specify the user that owns the scripts
      Profile - specify Y
      Class - specify ADM
    4. Press Enter twice. Then press F3 (Exit).
  8. If you use the Assure Encryption licensed feature in an Assure MIMIX replication environment, the data group that replicates Assure Security objects cannot be configured for multithreading.