High availability integration overview
If you plan to use Assure Security on a system that is protected by a high availability solution such as Assure MIMIX or Assure QuickEDD HA, additional action is required. The extent of the required actions and when you need to perform them depend on where you plan to have the Assure Security environment operational during regular operations and whether you intend to have the security environment capable of protecting operations from the backup system in the event of a switch.
- The product library and all of its contents.
- The secondary library and all of its contents.
- The product-library_0 and all of its contents.
- The product IFS directory and symbolic links to the IFS directory.
Details about naming conventions for these libraries and the IFS directory are identified in Installed software components and locations.
If the Assure Security environment will be protected by Assure MIMIX or Assure QuickEDD HA in the event of a switch, the high availability product must be ended when installing Assure Security software or fixes and you must address updating the Assure Security installations on both the production and backup systems before restarting replication. You also need to make configuration changes to the high availability product.
The instance of Assure Security on the backup system must not be used for normal operations. If you need to have security rules operational on both systems, you need a total of four instances, two on each system. During normal operations, the Production instance of Assure Security on SYSTEM_A is active and the Backup instance is dormant, and on SYSTEM_B, the Production instance is dormant and the Backup instance is active.
It is required that you use the same product library names for the Assure Security product on both systems of a pair. This eliminates the need to specify name mapping when configuring the Assure Security objects that must be replicated by the high availability solution.
Customizable scripts for switching the security environment as part of a high availability product switch operation will soon be available. Custom scripts for MIMIX are available beginning with Assure MIMIX service pack 9.0.12.00. Custom scripts for Assure QuickEDD HA are available beginning with service pack 19.10.15.
End replication for at least the Assure Security objects.
Complete the upgrade the Assure Security product to the same software level on both systems. If your configuration requires two instances of Assure Security on each system, complete the upgrade of all four instances.
Note: The Assure Security installation wizard supports installing or upgrading instances on multiple nodes. If you can use the wizard, you can complete all four instance upgrades with two runs of the wizard. The first run would update the production instance on both nodes, and the second run of the wizard would update the backup instance.Start replication of the Assure Security objects.
- The production and backup systems must be running on the same level of the IBM i operating system.Note: If the two systems have different levels of the IBM i operating system, contact Support for more information.
Assure Security must be installed on both systems in a rule pair. For example, if Assure MIMIX or Assure QuickEDD HA protects a two-node environment, install the Assure Security product on the production and backup systems that are within the high availability product’s installation.
License keys are system-specific. You must have license keys for your licensed features of Assure Security on each system. The keys for the backup system are considered dormant until the event of a switch.
- You must configure the high availability product to replicate critical objects from the production system’s instance of Assure Security, as identified below.
- For Assure MIMIX, this means creating selection rules (data group entries).
- For Assure QuickEDD HA, this means adding the critical files to environment settings.
When custom scripts for switching become available, configure them according to the Assure MIMIX or Assure QuickEDD HA product documentation.
When any of the systems in the replication environment is running IBM i 7.2 or higher, the user profile used for replication must be able to create, delete, and update secured SQL functions on target system. This user profile must be an allowed (*ALLOWED) user of the QIBM_DB_SECADM function on systems running IBM i 7.2 or higher. For Assure MIMIX, the MIMIXOWN user profile is used for replication. For Assure QuickEDD HA, the user profile used for replication defaults to PMSOFTICF, but users have the option to use a different profile for replication.
- If your high availability solution is Assure MIMIX, configure Assure Security to recognize the MIMIXOWN user profile, which owns the scripting objects. Do the following:
- Use the command:
WRKQJAUT
- On the resulting Work with Users and Authority display, press F6 (Create).
- In the Create User pop-up, specify the following:User prompt - specify the user that owns the scriptsProfile - specify YClass - specify ADM
- Press Enter twice. Then press F3 (Exit).
- Use the command:
If you use the Assure Encryption licensed feature in an Assure MIMIX replication environment, the data group that replicates Assure Security objects cannot be configured for multithreading.