Upgrading OS/400 or i5/OS to a Different Version, Without Changing Hardware)

(Bsafe/Enterprise Security v.5.5.2 or later)

Document updated 27 July 2008

 

 

These instructions apply when you are upgrading the operating system on your existing computer. If you are moving the product to a different computer please refer to Moving Bsafe from one iSeries to Another.htm. If you are upgrading the operating system on your existing computer but you are using a version of Bsafe/Enterprise Security prior to v.5.5.2, see OS400 upgrades before 5.5.2

 

Before Commencing with the Operating System Upgrade

 

1.        Sign on to the iSeries with user BSAFE.

2.        When the Bsafe/Enterprise Security main menu is displayed, select the System menu, then select the Complete Deactivation (Uninstall Bsafe) option and press Enter or double click with the mouse on this menu option. See below.

 

 

 

3.        When the deactivation has completed, press F3 in order to exit from the Bsafe/Enterprise Security menu. You can now continue with the operating system upgrade.

4.        If you do not perform a system IPL at this stage you must restart the QSERVER and/or QUSRWRK sub-systems as follows:

 

Use the following commands for versions of OS/400 before V5R2.   

 

ENDSBS SBS(QSERVER) OPTION(*IMMED)

STRSBS SBSD(QSERVER)

STRHOSTSVR SERVER(*DATABASE  *FILE)

STRTCPSVR SERVER(*NETSVR) (if required)

 

For OS/400 version V5R2 and higher, use the following commands:

 

ENDSBS SBS(QSERVER) OPTION(*IMMED)

STRSBS SBSD(QSERVER)

ENDSBS SBS(QUSRWRK) OPTION(*IMMED)

STRSBS SBSD(QUSRWRK)

STRHOSTSVR SERVER(*DATABASE  *FILE)

STRTCPSVR SERVER(*NETSVR) (if required)

 

 

 

After you have Completed the Operating System Upgrade

  1. Sign on in native mode with a user having SECOFR authority.
  2. Rename the program rmtsmp/db2www to a different name.
  3. You will now do a partial reinstall of the product by continuing below:
  4. Run the installation program. Note that during the run, the installation program automatically inserts 3 working libraries into the library list and removes them at the end. Before running, execute the edit library list command to see whether there is room to add at least 3 additional libraries:

 

EDTLIBL

 

If there is not enough room in the library list for another 3 libraries, either remove existing libraries from the list as necessary or sign on with a different user who has QSECOFR authority and more space in the library list. Continue by entering the following command on the iSeries command line:

 

CALL PGM(RMTOBJ/SATKNAC)

 

  1. Protection for Telnet, FTP Server, FTP Client and OS/400 signon will be activated automatically, provided there are no non-Bsafe exit programs already registered. If this is the case, you may replace them following installation by activating the Bsafe/Enterprise Security exit programs as explained in the section on activation in the Implementation guide. Additionally, the user profile create, delete, change and restore exit points will be activated automatically in any event (see paragraph Existing Exit Programs on Your System, above). A screen similar to the following will be displayed once this has been done.

 

 

Activation for all other applications should be done, one by one, after installation has completed. This is explained in detail in Implementation found in the user guide and in the technical support section on the website. Activation of the File Server application necessitates restarting the QSERVER and QUSRWRK subsystems, explained fully in Implementation. Press Enter to continue.

 

  1. The “Language Setting” screen is displayed next as shown below.

 

 

There is no need to make any changes to the screen. Press F3 to exit and continue with the re-install.

 

  1. The following screen will be displayed, indicating successful completion of the installation.

 

 

 

  1. Check the user profile QTMHHTP1. If the profile is not enabled, enable it now.

 

 

  1. If you are running OS/400 V5R2 or later, execute the following command from the iSeries command line. 

 

SETASPGRP ASPGRP(*NONE)

 

  1. Start the Bsafe HTTP instance by entering one of the following commands from the iSeries command line:

 

STRTCPSVR SERVER(*HTTP)  HTTPSVR(BSFAPCH)

(Apache HTTP server for OS/400 V5R3 or higher)

 

STRTCPSVR SERVER(*HTTP)  HTTPSVR(BSAFEINST)

(Original HTTP server for OS/400 V5R2 or lower)

 

 

  1. Activate Bsafe protection for the applications and commands which were activated before you did the complete deactivation, above. To do this, signon in native mode with user BSAFE. The Bsafe/Enterprise Security main menu is displayed. Select the System menu then BSAFE Activation. Type ‘Y’ for all applications you wish to activate and press F16.  A more detailed explanation is given in Implementation.

 

  1. Restart the QSERVER and/or QUSRWRK sub-systems – this is necessary before you activate Bsafe protection for the File and Database host servers. Until this is done the Bsafe/Enterprise Security will prevent access to the Database server and File server,

 

Use the following commands for versions of OS/400 before V5R2.   

 

ENDSBS SBS(QSERVER) OPTION(*IMMED)

STRSBS SBSD(QSERVER)

STRHOSTSVR SERVER(*DATABASE  *FILE)

STRTCPSVR SERVER(*NETSVR) (if required)

 

For OS/400 version V5R2 and higher, use the following commands:

 

ENDSBS SBS(QSERVER) OPTION(*IMMED)

STRSBS SBSD(QSERVER)

ENDSBS SBS(QUSRWRK) OPTION(*IMMED)

STRSBS SBSD(QUSRWRK)

STRHOSTSVR SERVER(*DATABASE  *FILE)

STRTCPSVR SERVER(*NETSVR) (if required)

 

 

  1. If you plan to use Bsafe Alerts, activate the application IDS alert collector and system audit IDS alert collector as described in IDS Activation and Configuration.

 

* * * Bsafe/Enterprise Security should now be operating fully * * *