Skip to main content

Preparation

Before Bravura Security Fabric can perform operations on an OS/400 server, you must:

  1. Install the client software.

  2. Configure a target system administrator.

  3. Install the as-svrmap service.

  4. Enable SSL.

  5. Create at least one template account.

Installing client software

Bravura Security Fabric communicates with the OS/400 server via APIs provided by the IBM iSeries Access for Windows client. Before you can target an OS/400 server, you must install the IBM iSeries Access for Windows client software on the Bravura Security Fabric server.

To install IBM iAccess Windows Application framework:

  1. Obtain the IBMiAccess_v1r1_WindowsAP_English.zip package from the IBM website.

  2. Extract the files from the zip package.

  3. Run setup.exe in the Image64a folder.

Note the default installation directory which is: C:\Program Files (x86)\IBM\Client Access\

By default, the setup program installs:

  • Required programs

  • ODBC

  • OLE DB Provider

  • .NET Data Provider

  • Secure Socket Layer (SSL)

  • Languages

  • Header, Libraries, and Documentation

After the install, cwbco.dll is installed in C:\Windows\SysWOW64 .

The client requires ports to be open between all the Bravura Security Fabric servers (nodes or proxies, wherever the agent runs), and all targets to be managed, as described in: https://www.ibm.com/support/pages/unable-start-or-connect-tcpip-server .

Connectors for OS/400 Server and OS/400 Server hosted applications use the API contained in this DLL and its sub-DLLs.

This software also contains a 5250 emulator. The emulator is used to configure the server for transparent password synchronization. If you plan to implement transparent synchronization, verify that you can establish a connection to the OS/400 server with it. If you cannot, install a 5250 emulator that can communicate with your OS/400 server.

Consult the documentation included with your iSeries client software for more information.

Configuring a target system administrator

Bravura Security Fabric uses a designated account (for example, psadmin) on the OS/400 server to perform operations.

The target system administrator must have the *ALLOBJ and *SECADM special authority. Ensure that you set and note the account’s password. You will be required to enter the login ID and password when you add the OS/400 target system to Bravura Security Fabric .

Listing users

In order for the IBM client API to retrieve a list of users from the OS/400 server, the as-svrmap service must be installed and running on the OS/400 server.

Enabling SSL

SSL security is recommended. To enable SSL for OS/400 systems using iSeries Navigator:

  1. Open iSeries Navigator (Start > IBM iSeries Access for Windows > iSeries Navigator).

  2. Right-click the server you are trying to connect to and select Properties.

  3. From the Secure Sockets tab, press Download.

Creating a template account

Bravura Security Fabric uses template accounts as models or "blueprints" for creating new OS/400 accounts. The following example illustrates how you can create a template account on your OS/400 server:

  1. Using Telnet, connect to the OS/400 server.

    The Sign On screen displays.

  2. Type your user ID in the User field.

  3. Type your password in the Password field.

  4. Press the Enter key.

    The Command Entry screen displays.

  5. Type the following command:

    crtusrprf usrrrf (username) password (password) [Enter]

  6. You can enter more information about the user or submit the account for creation.

See your systems administrator or OS/400 documentation for more information if required.

In this section: