Versions Compared

Old Version 4

changes.mady.by.user Peter Lafler

Saved on

compared with

New Version 5

changes.mady.by.user Aaron Fistler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

NOTE: "QDDMSERVER" and "QDDMDRDASERVER" must be uppercase.

Go to step 3.

BRMS strongly encourages the use of Secured DDM connections and implementing passwords for the Relational Database Directory Entries used for DB2 for i call level interface (CLI) communications.

For Secured DDM connection

...

CHGSYSVAL QRETSVRSEC VALUE('1')

...

Preferred Server Authentication support

A new special value QDDMDRDASERVER is allowed for DDM and DRDA connections with PTF SI44316 (IBM i 7.1), SI44317 (V6R1M0), SI44315 (V5R4M0) applied. You may specify QDDMDRDASERVER in the SERVER parameter of Add Server Authentication Entry (ADDSVRAUTE) command. This new special value allows a user to make DDM or DRDA connections to any system in the TCP/IP network via a common userid and password. This prevents having to add individual server authentication entries for every DRDA application server in every user profile on the system. For DRDA or RDB DDM files, this resolves the problem of having to add new server authentication entries for every user profile each time a new system has been added to the TCP/IP network.BRMS strongly encourages the use of Secured DDM connections and implementing passwords for the Relational Database Directory Entries used for DB2 for i call level interface (CLI) communications.

NOTE: When using the new special value QDDMDRDASERVER, Step 7: Setup a secure DDM profile for BRMS to use is no longer necessary.

Use the following command to add server authentication entries for each user who will be authorized to perform secured TCP/IP operations to the remote systems:

...

INZBRM OPTION(*SECUREDDM) ACTION(*REMOVE)
 

Original Server Authentication support

Use the following command to add server authentication entries for each user who will be authorized to perform secured TCP/IP operations to the remote systems:

ADDSVRAUTE USRPRF(user-profile) SERVER(QDDMSERVER) USRID(remote-system-userid) PASSWORD(remote-system-password)

NOTE: "QDDMSERVER" must be uppercase.

Use the following command to add a server authentication entry for the QBRMS user profile. (This user profile is used for network synchronization. )

ADDSVRAUTE USRPRF(QBRMS) SERVER(QDDMSERVER) USRID(remote-system-userid) PASSWORD(remote-system-password)
NOTE: "QDDMSERVER" must be uppercase.

If the remote-system-userid does not have *ALLOBJ special authority then the user should have QBRMS as a group profile and special authority must be *NONE. Use the following command on the remote system to change the user's profile.

...

  1. There can only be one server authorization entry for a user no matter what remote system is specified. This means that for a user to access multiple systems in the network, that user's id and password must be the same on all BRMS networked systems.
  2. Do not use user profile QBRMS for the remote system userid. Create a new user profile and specify user profile QBRMS for the Group profile (GRPPRF) parameter of the remote system user profile. Use this new remote system userid for the User ID (USRID) parameter of the Add Server Authentication Entry (ADDSVRAUTE) command.Starting with PTF SI37276 (V6R1M0), for secure DDM connections server authentication entries for QDDMSERVER are still required but, you no longer have to add server authentication entries for all the systems in the BRMS network you can defer this setup until Step 7. Otherwise, if PTF SI37276 (V6R1M0) is not applied, you also will need to add a server authentication entry for all other systems in the BRMS network, for example:
  • SYSA, SYSB and SYSC in a BRMS network. On SYSA:

...

...

Run similar commands on systems SYSB and SYSC

Step 3: Configure the TCP/IP DDM Server Automatic Restart

...

Step 7: Set up a secure DDM profile for BRMS to use.

Info

Starting with PTFs SI80271 (7.3), SI80272 (7.4) and SI80273 (7.5) Step 7 is no longer available. The INZBRM OPTION(*SECUREDDM) option has been disabled. The Preferred Server Authentication support with QDDMDRDASERVER in Step 2 must be used for secure DDM connection.

NOTE: Skip Step 7 if using the New Preferred Server Authentication support with QDDMDRDASERVER.

Starting with PTF SI37276 (V6R1M0), you You can use the following BRMS command on one of the systems in the BRMS network to set the user profile and password to use for remote server secure DDM connections to all the systems in the BRMS network. To set the user profile:

...