Skip to main content

Preparation

Before Bravura Security Fabric can perform operations on an OS/400 server, you must:

  1. Install the client software.

  2. Configure a target system administrator.

  3. Installing as-svrmap.

  4. Enable SSL.

  5. Create at least one template account.

  6. Write a script to configure connector behavior.

Installing client software

Bravura Security Fabric communicates with the OS/400 server via APIs provided by the IBM iSeries Access for Windows client. Before you can target an OS/400 server, you must install the IBM iSeries Access for Windows client software on the Bravura Security Fabric server.

To install IBM iAccess Windows Application framework:

  1. Obtain the IBMiAccess_v1r1_WindowsAP_English.zip package from the IBM website.

  2. Extract the files from the zip package.

  3. Run setup.exe in the Image64a folder.

Note the default installation directory which is: C:\Program Files (x86)\IBM\Client Access\

By default, the setup program installs:

  • Required programs

  • ODBC

  • OLE DB Provider

  • .NET Data Provider

  • Secure Socket Layer (SSL)

  • Languages

  • Header, Libraries, and Documentation

After the install, cwbco.dll is installed in C:\Windows\SysWOW64 .

The client requires ports to be open between all the Bravura Security Fabric servers (nodes or proxies, wherever the agent runs), and all targets to be managed, as described in: https://www.ibm.com/support/pages/unable-start-or-connect-tcpip-server .

Connectors for OS/400 Server and OS/400 Server hosted applications use the API contained in this DLL and its sub-DLLs.

This software also contains a 5250 emulator. The emulator is used to configure the server for transparent password synchronization. If you plan to implement transparent synchronization, verify that you can establish a connection to the OS/400 server with it. If you cannot, install a 5250 emulator that can communicate with your OS/400 server.

Consult the documentation included with your iSeries client software for more information.

Configuring a target system administrator

Bravura Security Fabric uses a designated account (for example, psadmin) on the OS/400 server to perform operations. The authority required by the target system administrator may vary depending on your application.

In general, the target system administrator must have the *ALLOBJ and *SECADM special authority. Ensure that you set and note the account’s password. You will be required to enter the login ID and password when you add the OS/400 application to Bravura Security Fabric .

Listing users

In order for the IBM client API to retrieve a list of users from the OS/400 server, the as-svrmap service must be installed and running on the OS/400 server.

To retrieve the user list, you may need to use the ODBC administration tool to create a specific System DSN for the OS/400 server using the iSeries Access ODBC Driver.

Enabling SSL

SSL security is recommended. To enable SSL for OS/400 systems using iSeries Navigator:

  1. Open iSeries Navigator (Start > IBM iSeries Access for Windows > iSeries Navigator).

  2. Right-click the server you are trying to connect to and select Properties.

  3. From the Secure Sockets tab, press Download.

Creating a template account

Bravura Security Fabric uses template accounts as models or "blueprints" for creating new OS/400 accounts.

The steps required to create a template account depend on your application. Consult your OS/400 application documentation for more information.

To learn how to create a template for an OS/400 system account, see Creating a template account .

Writing a script to configure connector behavior

Write a script file to define SQL commands used in the interaction between the agtos400script connector and the OS/400 database. Common requirements for all database scripted connectors are described in Scripts for SQL Application Connectors.

In this section: