Commands for the Assure SAM integration with Illumio - 7.0

Assure Security Illumio Implementation Guide
Product type
Software
Portfolio
Integrate
Product family
Assure
Product
Assure Security > Assure Elevated Authority Manager (EAM)
Assure Security > Assure Encryption
Assure Security > Assure Secure File Transfer
Assure Security > Assure Monitoring and Reporting (AMR)
Assure Security > Assure Security Multi-Factor Authentication (MFA)
Assure Security > Assure DB2 Data Monitor (DB2MON)
Assure Security > Assure Security Risk Assessment (SRA)
Assure Security > Assure System Access Manager (SAM)
Assure Security > Assure Secure File Transfer with PGP
Version
7.0
ft:locale
en-US
Product name
Assure Security
ft:title
Assure Security Illumio Implementation Guide
Copyright
2025
First publish date
2025
ft:lastEdition
2025-06-03
ft:lastPublication
2025-06-03T12:57:58.093000

This section presents the commands used when working in Assure System Access Manager with Illumio.  

CFGILOSRV

The command CFGILOSRV is used to configure the Assure System Access Manager Illumio integration services. It can be used to set an initial configuration or change an existing configuration. When setting an initial configuration, all parameters must be specified. The configuration includes the REST API server details for importing the ACL file and Flowlink SYSLOG server details for sending the log details.

Enter values for the following parameters:
  • Workload name - Specifies the Illumio workload name. This field is mandatory. Enter the workload name or one of the following special values:

    *SYSNAME - Specifies the system name for the workload name. This is the default value.

    *SAME - Specifies the existing value for the workload name.

    Note: The Illumio workload name must be in uppercase.
  • API server name or IP address - Specifies the REST API server name or IP address. This field is mandatory. Enter a name or IP address or enter *SAME to specify the existing value. The default value is *SAME.
  • API server port -Specifies the REST API server port. This field is mandatory. Enter a value between 1 and 65530.
  • API key auth. username - Specifies the REST API key authentication username. This field is mandatory. Enter the REST API authentication username or enter *SAME to specify the existing value. The default value is *SAME.
  • API key secret - Specifies the REST API key secret value. The REST API key secret value is encrypted internally. This field is mandatory. Enter the API server key secret value or enter *SAME to specify the existing value. The default value is *SAME.
    Note: The API key secret can be specified but it cannot be displayed. When the CFGILOSRV command is prompted with the F4 function key, the displayed value is always *SAME.
  • Illumio organization ID - Specifies the Illumio organization ID. This field is mandatory. Enter *SAME to specify the existing value. The default value is *SAME.
  • Illumio switch ID - Specifies the Illumio switch ID. This field is mandatory. Enter *SAME to specify the existing value. The default value is *SAME.
  • Syslog server name or IP - Specifies the Flowlink SYSLOG server name or IP address. This field is mandatory. Enter *SAME to specify the existing value. The default value is *SAME.
  • Syslog server port - Specifies the Flowlink SYSLOG port. This field is mandatory. Enter a value between 1 and 65530.
  • Syslog server protocol - Specifies the Flowlink SYSLOG server protocol (*TCP/*UDP). This field is mandatory. Enter one of these values:

    *TCP - Specifies the Transmission Control Protocol which is used in connection with IP (TCP/IP). This is the default value.

    *UDP - Specifies the User Datagram Protocol.

    *SAME - Specifies the existing value for the protocol.

  • Syslog tag - Specifies the flowlink SYSLOG tag. This field is mandatory. The default value is PRECISELY. Enter *SAME to specify the existing value.
Additional parameters
  • ACL file retrieval interval - Specifies the ACL file retrieval interval in minutes. Enter a value between 1 and 999 minutes. The default value is 10 minutes. This field is mandatory.
  • Get device timeout - Specifies the device timeout in minutes. Enter a value between 1 and 99 minutes. The default value is 5 minutes. This field is mandatory.
  • Log transfer time interval - Specifies the log transfer time interval in minutes. The Assure System Access Manager log is automatically sent to the Illumio Syslog server once per interval. Enter a value between 1 and 99 minutes. The default value is 5 minutes. This field is mandatory.
  • Alert suppression interval - Specifies the interval for sending alerts. If an error occurs in an Illumio job, an alert is sent by email to all administrators defined in WRKQJAUT once per the defined interval. Enter a value between 1 and 999 minutes or enter *SAME to specify the existing value. The default value is 60 minutes. This field is mandatory.
Note: The value *SAME is not valid in any field for new configurations.
The following is an example of the CFGILOSRV command: 
CFGILOSRV WRKLDNAM(*SYSNAME) APISVIP('POC1.ILLUM.IO') APIPORT(443) AUTHUSER('api_435s6r54j9aswe5m7')
SECRET('9364sd6351shfte9f308364c63826354fd874dhf8c8e836e9687f07241d8df45g3')
ORGID('87356') SWCHID('db17a4e5-7fed-442c-864e-f87b973d0a62')
FLSYSIP('ec2-24-67-123-412.us-west-2.compute.amazonaws.com') FLSYSPORT(5015) FLSYSPRTCL(*TCP) FLSYSTAG('PRECISELY')
ACLTIMINT(10) DVCTIMOUT(5) LOGTIMINT(5) ALTSUPPINT(60)

STRILOSRV

After configuring the Illumio service, run the command STRILOSRV to start the Illumio services. The command starts services as a batch job.

The STRILOSRV command has the Service parameter. Enter one of the following values:

  • *ACL - Starts the Import ACL file service.
  • *LOG - Starts the Log Transfer service.
  • *ALL - Starts both the Import ACL file and Log Transfer services.

The default value is *ALL.

The following is an example of the STRILOSRV command: 
STRILOSRV SERVICE(*ACL)

ENDILOSRV

To end the Illumio services, run the ENDILOSRV command.

The ENDILOSRV command has the Service parameter. Enter one of the following values:

  • *ACL - Ends the Import ACL file service only.
  • *LOG - Ends the Log Transfer service only.
  • *ALL - Ends both the Import ACL file and Log Transfer services.

The default value is *ALL.

Additional parameter

Remove autostart job entry - Enter *YES or *NO. When set to *YES, the Import ACL autostart job entry is removed from the subsystem, if it is present. The default value is *NO.

The following is an example of the ENDILOSRV command: 
ENDILOSRV SERVICE(*ALL)

IMPILOACL

The IMPILOACL command is used to import Illumio ACL files. The command has the ACL file name parameter which specifies the Illumio ACL file name. Enter the command followed by the ACL file name.

The ACL files to be imported must be placed in the following IFS path:

/visionsolutions/secops/product-library/ILLUMIO/ACL

The following is a sample file name format:

illumio_acl_IBM_AS400_AS400_dd_mm_yyyy_hh_mm_ss_policy.txt

where dd_mm_yyyy_hh_mm_ss represents a timestamp.

The following is an example of the IMPILOACL command: 
IMPILOACL ACLFILE('illumio-acl-test.txt')
Note: The IMPILOACL command is generally only run within a job as part of an automated process.
Note: It is recommended to clean up the /visionsolutions/secops/product-library/ILLUMIO/ACL directory periodically by deleting unused files.