Upgrading OS/400 or i5/OS to a Different Version, Without Changing Hardware

(for versions of Bsafe/Enterprise Security prior to v.5.5.2)

Updated 10/05/2007

 

 

These instructions apply when you are upgrading the operating system on your existing computer. If you are moving the product to a different computer please refer to Moving Bsafe from one iSeries to Another.htm. If you are upgrading the operating system on your existing computer but you are using Bsafe/Enterprise Security v.5.5.2 or later, see OS400 upgrades

 

Before Commencing with the Operating System Upgrade

  

1.      If you have used the Field Masking module, click on the Field Masking icon. Any files defined under the Select Files for Masking heading which have a status of Active must be made inactive. Click on active file followed by clicking on End Masking for each.

 

2.      End all Bsafe non-interactive jobs. Do this as follows:

a.      Execute the following command from the command line:

WRKUSRJOB USER(BSAFE)   STATUS(*ACTIVE) 

b.      Type ‘4’ beside all the jobs displayed, except those of type INTERACTIVE.

c.      Press F4 and Enter to receive the End Job prompt for the first job. Change the parameter ‘How to end’ to *IMMED and press Enter.

d.      Repeat the previous step for any other jobs selected.

 

3.      Sign on to the iSeries with user BSAFE. On the Bsafe/Enterprise Security screen select the SYSTEM menu, then select the Bsafe/Enterprise Security Activation option. Insert N in every field and press F16 to apply. This will inactivate the Bsafe/Enterprise Security system and it will no longer protect your iSeries.

 

 

4.      Go to the System IDS Collector. Select and run option, Uninstall Alert Collector.

 

 

5.      Go to the IDS Collector. Select and run option, Uninstall Alert Collector.

 

 

6.      Press F3 in order to exit from Bsafe/Enterprise Security.

  

7.      At the iSeries command line type: 

WRKREGINF

8.      Find the following exit points by paging through the list. If there are more than one occurrence of these then check each one.

QIBM_QSY_CHG_PROFILE

QIBM_ QSY_CRT_ PROFILE

QIBM_QSY_DLT_PROFILE

QIBM_QSY_RST_PROFILE

 

Enter an ‘8’ by each exit item to display its exit point programs, then remove each exit point program using option ‘4’.

  

9.      Execute the commands:                                       

ENDTCPSVR SERVER(*HTTP) HTTPSVR(BSAFEINST)

ENDTCPSVR SERVER(*HTTP) HTTPSVR(BSFAPCH)

 

After you have Completed the Operating System Upgrade

  1. Sign on in native mode with a user having SECOFR authority.
  2. Rename the program rmtsmp/db2www to a different name.
  3. You will now do a partial reinstall of the product by continuing below:
  4. Run the installation program. Note that during the run, the installation program automatically inserts 3 working libraries into the library list and removes them at the end. Before running, execute the edit library list command to see whether there is room to add at least 3 additional libraries:

 

EDTLIBL

 

If there is not enough room in the library list for another 3 libraries, either remove existing libraries from the list as necessary or sign on with a different user who has QSECOFR authority and more space in the library list. Continue by entering the following command on the iSeries command line:

 

CALL PGM(RMTOBJ/SATKNAC)

 

  1. In earlier versions of the product,, the activation screen will now be displayed for you to reactivate the Bsafe exit points for application server protection and logging. Activate those which were active previously and press F16.

 

In later versions of the product, protection for Telnet, FTP Server, FTP Client and OS/400 signon will be activated automatically. A screen similar to the following will be displayed once this has been done.

 

 

Activation for all other applications will be done after the re-install has completed. Press Enter to continue.

 

  1. The “Language Setting” screen is displayed next as shown below.

 

 

There is no need to make any changes to the screen. Press F3 to exit and continue with the re-install.

 

  1. The following screen will be displayed, indicating successful completion of the installation.

 

 

 

  1. Check the user profile QTMHHTP1. If the profile is not enabled, enable it now.

 

  1. Start the Bsafe HTTP instance by entering one of the following commands from the iSeries command line:

 

STRTCPSVR SERVER(*HTTP)  HTTPSVR(BSFAPCH)

(Apache HTTP server for OS/400 V5R3 or higher)

 

STRTCPSVR SERVER(*HTTP)  HTTPSVR(BSAFEINST)

(Original HTTP server for OS/400 V5R2 or lower)

 

 

  1. Activate Bsafe protection for the applications and commands which were activated before you did the complete deactivation, above. To do this, signon in native mode with user BSAFE. The Bsafe/Enterprise Security main menu is displayed. Select the System menu then BSAFE Activation. Type ‘Y’ for all applications you wish to activate and press F16.  A more detailed explanation is given in Implementation.

 

  1. Start the QSERVER and/or QUSRWRK sub-systems – this is necessary before you activate Bsafe protection for the File and Database host servers. Until this is done the Bsafe/Enterprise Security will prevent access to the Database server and File server,

 

Use the following commands for versions of OS/400 before V5R2.   

 

STRSBS SBSD(QSERVER)

STRHOSTSVR SERVER(*DATABASE  *FILE)

STRTCPSVR SERVER(*NETSVR) (if required)

 

For OS/400 version V5R2 and higher, use the following commands:

 

STRSBS SBSD(QSERVER)

STRSBS SBSD(QUSRWRK)

STRHOSTSVR SERVER(*DATABASE  *FILE)

STRTCPSVR SERVER(*NETSVR) (if required)

 

 

  1. If you plan to use Bsafe Alerts, activate the alert collector and system alert collector as described in Implementation.

 

* * * Bsafe/Enterprise Security should now be operating fully * * *