AS /400

Tr ain ing P r og r am

1
Index :-

1. Module 1 : AS/400 Overviews

2. Module 2 : System Concepts

3. Module 3 : System Administration

4. Module 4 : System Security

5. Module 5 : Backup and Restoration

2
 Module :- 1

AS/400 Overviews

3
Introducing the AS/400 System :-

The AS/400 system is a family of midrange computers based on a single software

architecture.AS/400 is using OS/400 as an operating system. It provides many
integrated features that from the foundation of computer systems.

It is designed and built as a total system. It means that facilities such as a relational
database and networking capability (and much more) are fully integrated into the
Operating System and the machine. The user communicates with all these functions
through a single control language, or by using system menus and prompts.As/400 is
designed as a general purpose business computer; it is optimized for that environment.
Its design reflects the dominant requirements of that environment.

Advantages of As/400 :-

 Layered Machine Architecture :- This insulates users from hardware of the

system. It enables the users to move towards new hardware technology at any time,
without disrupting their application programs.

 Object Orientation :- Everything that can be saved or restored on the system is

known as an “Object”. User can find the required object without knowing it`s
location on the system. Objects exist to make users independent of the internal
structure of the machine.

 Single-Level Storage :- Main storage and Disk storage appears contiguous. An

object is saved or restored on the system via a device-independent addressing
mechanism. This means extra main storage or disk storage can be added to the
system and used without affecting the application programs and database. A user or
a programmer is not concerned as to where a program or a file is; if they want to
use it, they simply name it.

 Hierarchy Of Microprocessors :- As well as the main system processor, AS/400

has a large number of microprocessors. Every Input / Output (I/O) device type on
AS/400 has its own microprocessor. This means that requests for data to or read
from any I/O device can be delegated to the processor in charge of that device.
Meanwhile, the main system processor executes another application.

 Easy To Use :- From operators and the end users point of view the menu driven
structure of AS/400 makes it very easy to operate.

 Ability to grow and improve the system without disruption.

4
AS/400 Hardware :-

I/O Main
Processor Memory

I/O
Processor
Service
System
I/O Processor
Processor
Processor

I/O DASD
Processor Storage

Basic Block Diagram OF AS/400 System

The system hardware includes the processor and the main storage, the I/O devices
and controllers, and the racks, cables and controllers that make up the AS/400
system.the hardware design allows system components to be located throughout the
enterprise to meet the need of the workplace. System components, such as additional
racks, I/O controllers and storage and workstation devices can be added incrementally
without reconfiguring the entire system.

Layered Machine Architecture :-

AS/400 insulates users from hardware characteristics through the layered machine
architecture. This layered architecture raises the level of the machine interface,
creating a high-level machine instruction set is independent of the underlying
hardware implementation.

Figure 1 shows the hardware with the licensed internal code that comprises the high-
level machine. AS/400 is unusual in that the machine is defined by software, not by
hardware. The instructions presented to the machine interface undergo a further
process of translation before they are “Understood” by the hardware. This process of
translation is carried out by the licensed internal code. Hardware characteristics change
as the technology changes; the user, however, still “sees” the same interface.

5
 Furthermore, some frequently-executed routines (that would reside in the operating
system of a conventional machine) have been moved into licensed internal code. This
runs faster than a higher level languages, so any application using these routines will
realize a performance gain.

Applications Applications

OS/400 OS/400

Technology Independent Machine Interface

Licensed Internal Code SLIC- Object Based Kernel

48-Bit CICS Processor 64-Bit RISC Processor

Figure 1 : AS/400 Layered Architecture

Examples of some basic supervisory and resource management functions that are in
licensed internal code are validity and authorization checks. The high-level machine
provides the user with the ability to address 2^64 bytes of storage on the PowerPc
based Models of the As/400.

Layered machine architecture means that as new hardware and software technologies
emerge, they can be employed without affecting applications.

The strength of this architecture was evident with the introduction of the new range of
PowerPc based AS/400 Models in June 1995. The System Processor changed from
being a 48-bit CISC to 64-bit RISC. Yet existing customer applications can run on the
new processors and take full advantage of the 64-bit capacity without any
recompilation or rewrite needed of the application.

Hierarchy Of Microprocessors :-

In As/400 system along with the main system processor, there is a range of other
processors, each dedicated to a particular I/O device. What this means is that when the
main system processor encounters a request for data to be written to or read from any
I/O device, that request is delegated to the particular microprocessor dedicated to that
I/O device.Meanwhile, the system processor continues with another application
program.

This design provides As/400 with its outstanding performance in the commercial,
transaction-based, environment. It also means that the latest microprocessor
technology can be easily utilized at any time without disrupting the rest of the system.

6
 Using the N – way multiprocessor capability of the As/400, the larger modes of As/400
can have up to 4 processors.

Main System Service

Storage Processor Processor

I/O I/O I/O I/O

Processor Processor Processor Processor

Hierarchy Of Microprocessors

7
 Module: - 2

System Concepts

8
Object Oriented Technology :-

Everything on AS/400 that can be stored or retrieved is contained in an “Object”.

Objects exists to make users independent of the implementation techniques used in the
machine. The “ Create Object “ instruction establishes the object`s name and its type.
All objects are structured with a common object header, and a type-dependent
functional portion. An object thus combines the data and the valid methods of using
that data into one entity. Therefore only valid methods of using that data are allowed.

This improves overall integrity of the system and its data. Thus also permits the
system to perform standard object-level functions very efficiently; the object type then
determines the way in which a specific object can be used when retrieved. The
architecture supports multiple extends to an object.

In other word, a user is not concerned with the space his object occupies. The system
allocates space automatically.

Object orientation gives a strong foundation for new technologies such as artificial
intelligence. The object-oriented AS/400 architecture lends itself very well to the
utilization of object-oriented techniques for the representation of knowledge in an
expert system.

With the PowerPc based Models of the AS/400, the Licensed Internal Code that sits
above the hardware has been written as System Licensed Internal Code with an Object
Based Kernel. The Kernel has been written in C++ and is fully Object Oriented giving
all the advantages of flexibility, code reuse, programming efficiency, and error
reduction that come from Object Oriented Programming.

Single Level Storage :-

The AS/400 system is a shared system in which all portions of main and auxiliary
storage are addressed as though they are within a single area (or level). The system
uses the object name to determine where the object exists in the system. This means
that the user can find objects by name rather than by storage locations. Because
operations cannot be performed on an objects by name rather than by storage
locations. Because operations cannot be performed on an object that is not in main
storage, the system moves a part or all of the object into main storage as it is needed
and moves it back into auxiliary storage when it is not needed. This transfer is
controlled by the system and does not require control by the user or programmer
All system storage (Whether main storage or disk storage) is addressed in the same
way. This single, device-independent addressing mechanism means that to run a
program, a user calls its name. All objets are treated as if they reside in a 2^ 64 byte
address space.

9
 The AS/400 system`s virtual addressing is independent of an object`s physical
location, and the type, capacity and number of disk units on the system.

What this means is that application programs do not require modification in order to
take advantage of new storage technologies. Users can leave all storage management
entirely to the machine.

Operating System

The OS/400 licensed program supports the IBM AS/400 system. It controls the
operation of programs and provides services such as controlling resources, scheduled
jobs, controlling input and outputs, and managing data. The OS/400 program is
designed to designed to complement and extend the advanced capabilities of the
AS/400 system to provide fully integrated support for interactive applications. To
supplement the full range of the interactive environment, the AS/400 system also
processes multiple batch applications at the same time.

Many of the functions of the OS/400 program are directly applicable to interactive
data processing. Among these functions are :

• Database support to make up-to-date business data available for rapid retrieval
from any workstation.

• Work management support to schedule the processing of requests from all

workstation users.

• Application development support that allows online development and testing of

new application programs to run at the same time as normal production activities.

• System operation support that allows the user responsible for system operations to
perform work from the display station using a single control language, complete
with prompting and help for all commands.

• Message handling support that allows communication between the system, the user
responsible for system operations, workstation users and program running in the
system.

• Security support to protect data and other system resources from unauthorized
access.

• Service support that allows service representative to diagnose problems and install
new functions with minimal affect on the normal flow of work.

10
 The system can be set up and installed using system defaults for basic functions. As
the need of the business grow the use of controls and functions can be increased
without disrupting applications that are already on the system.

The OS/400 functions are accessed either through the use of a comprehensive set of
menus or through the control language CL. Other AS/400 licensed programs such as
high-level languages and the applications development tools also use OS/400 menus
and CL.

The AS/400 system is controlled through a single consistent control language that is
supported by the Operating System. The Control Language provides the operations
normally associated with controlling the operation of a system such as :

• Controlling the operation of input and output devices attached to the system.

• Submit batch jobs.

• Ending a session with the system

In addition, many advanced functions used in data processing are provided. For e.g.
Data files and programs are created, the running of programs is controlled and
workstation user can communicate with each other by using functions requested
through the control language.

Although the control language is the interface through which the functions of the
operating system are controlled. It is not the only interface available to the user. The
data is accessed and updated by high level language programs using OS/400 functions.

Object Management

The term object refers generally to named items (such as programs and files) that are
stored in the system. The object management functions allow objects to be grouped
and arranged in the system. The object management system functions allow users to
create, update, and delete objects by name, without needed to specify the exact storage
location of the objects.

Work Management

The Work Management functions provides the framework through which the system
and all the work performed on the system and controlled. These functions support an
environment running more than one computer at a time and manage competition
between jobs for main storage and other system resources. The work management
function allows work to be submitted by the user presented to the machine to the
processed, and controlled by the user responsible for system operations.

11
Data Management

The data management functions support documents, database, files and device files.
Data management for documents and database provides the functions required for
creating and updating database files and performing input and output operations on
them. Data Management for the devices provides input and output operations for both
local and remote devices attached to the system, including many unique functions to
support the display and printer devices.

System Management

The AS/400 system integrates most major functions by making them a part of the
operating system. For e.g. a user can control the operations of jobs and subsystems,
respond to system messages, perform save and restore operation and so on. These
operations can be performed from any workstations by authorized users and are not
restricted to a single person.

Control Language

While the menu system is the primary interface to the OS/400 program functions, the
Control Language is also available to directly access system functions and can be used
at the same time by users from different workstations. A single Control Language
statement is called a command. Commands can be entered :

• Individually from a workstation.

• A part of batch jobs.
• As source statements to create Control Language programs.

To simplify the use of Control Language, all the commands use a consistent naming
convention. In general, the first three letters refers to the action to be taken, the next
three refers to the object of that action and the last character if any, provide an
additional descriptor of the task to be performed. For e.g. WRKJOBQ command tells
the system that the user wants to work with a job description. In addition, the
Operating System provides prompting support for all commands, default values for
most commands parameter, and syntax checking to ensure that a value is typed
correctly before the function is performed. Thus, the Control Language provides a
single, flexible interface to many different system functions.

12
Communications

The communication structure supports multiple architecture in a flexible and

extendable fashion, by supporting multiple communications architecture
implementations and the sharing of physical resources. Documents, Data and files can
be exchanged with remote system as well as allowing remote users to access files and
applications program on the AS/400 system.

Query / 400
Query/400 is an IBM Licensed Program and a decision support utility that can be used
to obtain information from the As/400 database. It can obtain information from any
database file that have been defined on the system using O.S./400 Data Description
Specification (DDS), O.S./400 Interactive Data Definition Utility (IDDU) or the IBM
Structural Query Language/400 (DB2/400) program. You use query to select, arrange
or analyze information (data) stored in one or more database files to produce reports
and other data files. You can create your own query definitions and then run them or
you can run existing queries. You determine what data the query to retrieve, the format
of the report and whether it should be printed, displayed or sent to another database
file.

You can use query to obtain information from a single file or a combined set of 32
files. You can select all the fields or a few of the fields and organize them as you want
them to appear in the type of output chosen. You can have all reports in the files
included in the output , or you can select only a few to be included using selected tests.

13
AS/400 Objects:

The object-based architecture of the machine is fundamental to the overall design of

the functions provided by the AS/400 system. Each type of object on the system has a
unique purpose within the system. Each has an associated set of commands with which
to process that type of object.

Different object types have different operational characteristics. These differences

make each object type unique. Each object has a name. The object name and the object
type are used to identify an object. The object name is explicitly assigned by the
system for system supplied objects or by the user when creating an object. The object
type is determined by the command used to create it.

Libraries:

A library is an object that is used to group related objects and to find objects by
name. Thus a library is a directory to a group of object. The no of object
contained in a library and the no of libraries on the system are limited only by
the amount of storage available. Two different objects with the same can exist
in the same library, only if
their objects types differ. However, two objects with the same name and type
can exist in different libraries.

There are three types of libraries :

1. Systems
2. User
3. Product

Folders:

A folder is a named object that is used as a directory for documents and other
folders. Folders can be filed within another folder. Folder within folders is
similar to a filing cabinet. A folder path is a list of the folders within folders
needed to find a document or object within folder.

Files:

File is an object that contains either a set of related records handled as a group
or a stream of data. One of the most common types of files that contains
records is the database file. A document is the type of file that contains only a
stream of data. There are different type of files on the system as follows:
1. Physical file
2. Logical file
3. Display file
4. Printer file

14
 5. Tape file
6. Diskette file
7. Message file
8. Save file

Programs:

A program is an object containing a set of instructions that tell the system

where to get information, how to process it and where to put the results. When
the system compiles the program description, the object type identifies it as a
program. Because it is program object, the system begins to read the lines of
code and to process the commands.

Job Queue:

The system handles multiples operations at the same time and supervises the
sharing of the system resources. The jobq manages the batch request submitted
by the users. A user can then continue to work at the workstation on other tasks
while the system processes the request.

Out Queue:

As the job processes a request to print data it gets data from a database file and
uses the print device file to format the data. The formatted print files are placed
on an output queue until the writer is ready to send the information to the
printer. Out queue can be arranged by priority depending on users needs.

Message Queue:

Communication between programs between jobs, between users, between users

and programs and between users and the system occurs through messages.
When a message is sent to program or to a system user, it is placed on a queue
associated with that program or user. The OS/400 program, automatically
provides message queues for :
1. workstation on the system
2. user enrolled on the system
3. users responsible for the system operation
4. system history log
The users to meet any special application program requirement can create
additional message queues.

15
Data Queue:

When running an application consisting of several programs, it is often

necessary to pass data and variables to other programs. Programs can set up
data queues to be used by the entire application so that all programs can refer
to a single set of data and variables passed to the programs through the queue.

User Profiles:

A user profile is an object that identifies a particular user or a group of user to

the AS/400 system. The user is known in the system by user profile name.
When a workstation signs on, the user id is used to find the user profile setting.
The password is defined in the user profile. All AS/400 system security
functions rely on the user profile to describe each user. The user profile
identifies the authorities to that user.
A group profile is used to provide the same profile for a group of users. This
eliminates the need to assign the authority to each user individually.

Menu:

The menu allows users to select the task they would like to perform without
having to use the system commands. This task menus provides users with a
more defined group of choices regarding tasks or objects available.

Subsystem:

A subsystem is a single, predefined operating environment through which the

system coordinates the work flow and resource use. The system can contain
several subsystems, all operating independently of each other. Subsystems
manage resources. The run-time characteristics of a subsystem are defined in
an object called a subsystem description. Each subsystem can run unique
operations. For instance, you can set up one subsystem to handle only
interactive jobs, while another subsystem handles only batch jobs. Subsystems
can also be designed to handle many types of work. The system allows you to
decide the number of subsystems and what types of work each subsystem will
handle. The system relies on subsystem descriptions when starting subsystems.
Therefore, if you want to change the amount of work (number of jobs) coming
from a job queue, for example, you only need to change the job queue entry in
the subsystem description.

16
 Module :- 3

System Administration

17
Subsystem:

A subsystem description is a system object that contains information defining the

characteristics of an operating environment controlled by the system. The system-
recognized identifier for the object type is *SBSD. A subsystem description defines
how, where, and how much work enters a subsystem, and which resources the
subsystem uses to perform the work. An active subsystem takes on the simple name of
the subsystem description. Like a set of detailed blueprints, each subsystem
description is unique, containing the specific characteristics describing the subsystem.
The description includes where work can enter the subsystem, how much work the
subsystem can handle, how much main storage (memory) will be used, and how
quickly jobs in the subsystem can run. You can use a subsystem description supplied
with your system (with or without making changes to it), or you can create your own.
A subsystem description consists of three parts:

1. Subsystem attributes (overall subsystem characteristics)

2. Work entries (sources of work)
3. Routing entries

Creating a Subsystem Description

You can create a subsystem description in two ways. You can copy an existing
subsystem description and change it, or you can create an entirely new description.
The following are two approaches you can use:

1. Copying an existing subsystem description

1. Create a duplicate object, CRTDUPOBJ, of an existing subsystem
description. (You can also use the WRKOBJ or WRKOBJPDM
commands.)
2. Change the copy of the subsystem description.

2. Creating an entirely new subsystem description

1. Create a subsystem description (CRTSBSD).

2. Create a job description (CRTJOBD).
3. Add work entries to the subsystem description.

a. ADDWSE (Add workstation entry)

b. ADDJOBQE (Add job queue entry)
c. ADDCMNE (Add communications entry)
d. ADDAJE (Add autostart job entry)
e. ADDPJE (Add prestart job entry)

4. Create a class (CRTCLS).

5. Add routing entries to the subsystem description (ADDRTGE).

18
Starting a Subsystem

To start a subsystem, use the Start Subsystem (STRSBS) command or the Work with
Subsystem Description (WRKSBSD) command. To use the STRSBS command,
specify the following:

STRSBS SBSD (SBSD = library/subsystem description name)

For example
STRSBS MYLIB/MYSTORE

Ending a Subsystem

To end a subsystem:
1. Use the End Subsystem (ENDSBS) command ENDSBS SBS OPTION (SBS=the
active subsystem name)

For example
ENDSBS MYSTORE *IMMED

2. Specify, using an option, when you want the subsystem to end.

*IMMED
End the subsystem immediately. Use this option if there are no users on
the system and no batch jobs running.
*CNTRLD
Allow active jobs to end themselves (if they are checking to see if the
job is being ended). Use this option when users or batch jobs are
running in the subsystems to ensure the jobs finish before the
subsystem ends.

Deleting a Subsystem Description

To delete a subsystem description, use the Delete Subsystem Description (DLTSBSD)

command. To use the DLTSBSD command, the subsystem cannot be active.

Active and Inactive Subsystems

An active subsystem is one that has been started, for example, with the Start
Subsystem (STRSBS) command. An inactive subsystem is one that has been ended,
for example, with the End Subsystem (ENDSBS) command or has not been started.
You cannot remove pools from an active subsystem.

19
Job Management:

Job is a unit of work. On AS/400 Job is a Unit of Work Done. There are 2 types of jobs
on the system,

1. Interactive
2. Batch
3. Prestart
4. Autostart
5. Communication

User can do the following activities with the job.

1. END
2. HOLD
3. RELEASE
4. CHANGE

Every job is having priority to run on the system.1 is highest priority and 99 is lowest
priority. Administrator can even change the jobq of the job.

1. Use following command to track a particular user’s jobs,

WRKUSRJOB

2. Use following command to find out jobs in JOBQ,

WRKJOBQ

3. Use following command to find scheduled jobs

WRKJOBSCDE

4. To submit a job in batch use following command.

SBMJOB

5. To find total number of active jobs on the system use the command as,
WRKACTJOB

6. To find jobs running in particular subsystem use,

WRKSBSJOB

20
User Profile Management:

Create User Profile

The create User Profile (CRTUSRPRF) command identifies a user to the system and
allows you to customize the way the system appears. When the profile is created, the
profile is given *CHANGE and *OBJMGT authorities for the profile itself. The
system relies on the profile having these authorities to itself and they should not be
removed.

Restriction : The user of this command must have

(1) *SECADM special authority,
(2) *USE authority to the initial program, initial menu, job description, message
queue, output queue, and attention-key-handling program if specified, and
(3) *CHANGE and Object Management Authorities to the group profile and
supplemental group profiles if specified.

Delete User Profile :

The Delete User Profile (DLTUSRPRF) command allows a user to delete a user profile
from the system. If a User Profile is damaged by system failure, it can be deleted by
using the Delete User Profile (DLTUSRPRF) command and re-created by using the
Create User Profile (CRTUSRPRF) command. After a user profile is re-created, the
owned objects and primary group objects can be transferred back to it.
Restriction:
(1) The user must have use (*USE) and object existence(*OBJEXIST) authority to the
User Profile.
(2) The User must have existence, use, and delete authorities to delete a message
Queue associated with and owned by the user profile.

The User Profile cannot be deleted if a user is currently running under the profile, or if
it owns any objects and OWNOBJOPT(*NODLT) is specified. All object in the user
profile must first either be transferred to new owners by using the Change Object
Owner (CHGOBJOWN) command or be delete the objects or
OWNOBJOPT(*CHGOWN) user profile name) to change the ownership. Authority
granted to the user does not have to be specifically revoked by the Revoke Object
Authority (RVKOBJAUT) command; it is automatically revoked when the user profile
is deleted.

21
Basic Operational commands

1. ASSISTANT MENU

The Operational Assistant is a series of user – friendly menus. By selecting menu

options, the user can perform basic tasks.

• Work with printer output

• Work with jobs
• Send Messages
• Power On/Off tasks
• System Backup

The options displayed on your Operational Assistant Menu will vary, depending on the
privileges granted to your profile.

Accessing the Operational Assistant Menu

There are two ways to access the Operational Assistant Display.

• The first method is to type go assist on the command line and press the ENTER
key. After a short wait the menu should be AS/400 Operational Assistant Menu. To
leave the Operational Assistant menu and return to the previous menu, tap
the <F12> key.

• The second method of is to tap the ATTENTION key. If you have mapped your
keyboard using Client Access or Mocha 5250 and are using the standard IBM
mapping the ATTENTION key will be the ESC key on your PC keyboard. If
you tap the ATTENTION key and the Operational Assistant Menu does not display
go back to the section in Getting Started (Client Access) or Getting Started
(Mocha) that taught you how to change the keyboard mapping. To leave the
Operational Assistant Menu and return to your previous screen, tap the
<F12> key.

• Check the system value for the “Attention key program”

a) Type go define on any Selection or Command line to reach the “Define

or Change the System” menu.

b) From the “Define or Change the System” menu, select 8, Work with
System Values.

c) Tap PAGE DOWN until you find the system value QATNPGM. The
system values are arranged alphabetically, and they all start with Q.

22
 d) Position your cursor on the option line in front of QATNPGM and enter
5 on the option line. Tap the ENTER key.

e) The value of QATNPGM should be *ASSIST. This may not be the

case on other systems but GCIBM2 is configured so the system value
for QATNPGM is *ASSIST.

• Next we’ll confirm that your profile is set up to use the system value. Press F12
(cancel) to return to any display with a Selection or Command line.

a) On any Selection or Command Line, type CHGPRF and press F4 to

prompt for values.

b) Press the F10 function key to display Additional Parameters.

c) Notice the word More … at the bottom right corner. Display another
screen of parameters by tapping the PAGE DOWN key on your
keyboard.

d) Look down the left column until you Locate the description,
“Attention Program”.

e) The parameter for “Attention Program” should be *SYSVAL. If the

parameter is not *SYSVAL, please position the cursor on the first
character of the value and type *SYSVAL removing any extra
characters in the field. Then press the ENTER key.

f) Changes to the User Profile do not take affect until you sign off and
sign back on. If you made changes in step e, please signoff and start
new session. So you can utilize the ESC key to access the AS/400
Operational Assistant Menu.

Work with Printer output. Position cursor on the line labeled “Type a menu option below”.
Type the option number for Work with Printer Output and then press ENTER. The next
screen will display a list of spooled files (if you have any), These are files that are ready to
print.

23
System Operations :

An administrator continuously requires to Monitor following on the system.

1. % ASP USAGE OF THE SYSTEM:

To find out the Percentage ASP utilized use following command:
WRKSYSSTS

2. CHECKING ACTIVE JOBS:

Use following command to check active jobs as well as CPU utilization,
WRKACTJOB

3. CHECKING SUBSYSTEM STATUS:

Use the following command to check all the active subsystems,
WRKSBS

4. TO CHECK THE LOG:

Use following command to find out the log on the system.
DSPLOG
You can use same command to find log of a fixed time span.

5. TO CHECK STATUS OF *LIN,*DEV,*CTL :

Use following commands to find status of Lines, Devices and Controllers
respectively,
WRKCFGSTS *LIN
WRKCFGSTS *DEV
WRKCFGSTS *CTL

6. CHECKING DISK STATUS :

Use following command to check the disk status,
WRKDSKSTS

Message Handling :
Message is a means of communication between system and user. These are system messages & User
Message. In User Messages users can send their own messages.
System Messages and Users Messages are put in the user’s message queue. Messages may be

a) Informational (No reply Needed)

b) Inquiry (Reply Needed)

Even users can send messages to each other using following commands,

1. SNDBRKMSG
2. SNDMSG

24
 Messages may or may not break your screen depending upon its setting in the system,
You can change message queue by command CHGMSGQ QSYSOPR del (*break).
Message may have severity codes.

0 Informational, No reply needed

9 Warning, A potential error condition
20 Error, Error found, Automatic recovery procedures applied, processing continued
30 SEVERE ERROR : - Error for severe for automatic recovery, error is source
data or program.
40 Severe Error; abnormal end of program or function, operation ends.
50 Abnormal end of job or program – The job failed to start
60 System Status – Issued only to System Operator Message queue, device,
subsystem or system warning.
70. Device Integrity – Issued to System Operator Message queue, device failed.
80. System Integrity – Issued to System Operator Message queue, a condition when
subsystem or system cannot function.
99 Manual Action Required

By default every message given to the administrator goes into QSYSOPR message queue.
Administrator can change this default message queue.

To see the messages of any message queue use following command,

DSPMSG

To check system operators message queue use,

DSPMSG QSYSOPR

Reply List :

The system reply list contains the replies that are automatically sent in response to
inquiry messages. The reply list is only used when an inquiry message is sent by a job
that has the inquiry message reply attribute of the system reply list specified. Use
following command for this

WRKRPYLE

25
Managing OUTQ`s and SPOOL Files :

All the spool file created by the user as well as system goes into a OUTQ.QPRINT is
the default outq of the system. Administrator can set default qouq for each user so that
the spool files created by those users goes to that outq only.

To work with all the outq use following command,

WRKOUTQ

To clear the outq use the following command ,

CLROUTQ < outq name >

To work with spool files created by particular user use following command,
WRKSPLF < user id >

You can do following activities with the spool file,

1. DELETE
2. HOLD
3. RELEASE
4. CHANGE
5. SAVE
User can change the outq of the spool file. Spool file is assign to a printer to print.
User can print the spool file page wise as per the requirement.

26
LIST OF COMMON COMMANDS

1. INZTAP (Resource Name) TAP01

Volume Identifier Given any name
Clear *Yes
Load Option *Unload

2. WRKCFGSTS *dev
*ctl
*lin
*dev *prt
*dev *dsp
*dev *prt* (Displays printer who name starts with prt)

3. WRKWTR Work with Printers

4. WRKSPLF Work with Spooled Files

5. WRKACTJOB Shows jobs currently active in the system.

6. WRKSYSACT Shows which act job occupies how much space

7. WRKSYSSTS Shows % CPU used, memory capacity, hdd % used

8. WRKSBS Shows no. of active jobs in each sub system

9. SNDBRKMSG Send a message to user terminal. His screen gets interrupted

temporarily but his job continues

10. WHO Gives Work-Station Name

11. DSPMSG Display messages sent and received by users.

12. DSPLOG Display log generate by system

13. SNDMSG Send a message to user terminal without any interruption.

14. WRKJOBQ Display how many jobs are in queue.

27
Basic OS & System Management (OS/400)
1. Go Assist Option (Operational Assist Menu)
2. Assistance Level wrkmsg Press F2 a) Basic Assist Level
b) Intermediate
Adv. Assist level available only for some displays.
3. Assistance level can be set for the following CL Commands :
Display Message DSPMSG Handling Message
Display System Status DSPSYSSTS System Status
Work with configuration Status WRKCFGSTS Handling Device Status
Work with Messages WRKMSG Handling Messages
Work with spooled files WRKSPLF Printer Output
Work with System Status WRKSYSSTS System Status
Work with User Jobs WRKUSRJOB User Job
Work with User Profiles WRKUSRPRF User enrollment
Work with writers WRKWTR Check Printers

4. The “GO: Commands

(GO *all)

Go Assist Goes to Operational Assist Menu

Go Backup Goes to backup menu (INZ & SAVE)
Go cleanup Goes to cleanup menu (Cleanup for deletes old job logs, history logs,
messages)
Go DeviceSts Goes to Config Status Screen
Go Hardware Goes to hardware resources menu
Go file Allows you to work on files in a system
Go Library Library menu allows you to work with libraries
Go ManageSys Manage System, Users, Devices (Displays what activity is going on in
system)
Go Power You can display and change power on-off schedule
Go Restore Allows you to restore info from tape or SAVF(Save file) on the
system.
Go runbckup Specify type of backup you want to run
Go Setup Customize System, Users, Devices
Go Status Display Status of jobs, devices & system activities
Go Tape Use and Control tape devices.

28
 Module :- 4

System Security

29
System security is an integrated function of the AS/400 system. It is Implemented at the
instruction level and controls all AS/400 software functions. Users are identified and
authenticated by a single security mechanism, at the system level, for all functions and
environments available on an AS/400, including program development and execution, data
base applications, office applications, and so forth. All objects on an AS/400 system are under
security control, including libraries and files, display stations, operator console functions,
programs, menus, and so on.

System Values
The first topic describes the system values that control security on your system.
The security system values are broken into four main groups:
· General system values
· Other system values related to security
· System values that control passwords
· System values that control auditing

General Security System Values

The system values listed below can be changed through the Change System
Value (CHGSYSVAL) command or using the Work with System Values
(WRKSYSVAL *SEC) command. Changes to the system values become effective
immediately, except for the security level (QSECURITY) value, which becomes
effective only after the next IPL.

QALWOBJRST Allow objects that are security-sensitive to be restored to the

system. Specifies whether system state objects or objects that adopt
their owner¢s authority may be restored to the system.

QALWUSRDMN Allow user domain objects in the libraries. Specifies which libraries are
allowed to contain user domain objects of type *USRSPC, *USRIDX,
and *USRQ. These objects are a potential security exposure on a
system with high security requirements. The system cannot audit the
movement of data to and from user domain objects. QALWUSRDMN
can be left at its default value at security levels below 40. It must be
considered when going to level 40 or higher.

QCRTAUT Authority for New Objects. This value is used to determine the public
authority of a newly created object, if the following conditions are met:

# The create authority (CRTAUT) parameter for the library of the new
object is set to *SYSVAL.
# The new object is created with public authority (AUT) of
*LIBCRTAUT (the default).
The default value is *CHANGE. It is recommended that you do

30
 not change this value. It is better to change the CRTAUT value
at the library level. It may impact your day-to-day operations.

QDSPSGNINF Display Signon Information. Specifies that the signon information

display is to be shown.This displays information such as the date of last
signon, invalid signon attempts, and the number of days until the
password expires (if applicable).This information can alert users that
there has been unauthorized attempt to access the system using their
user profile.For users requiring a value different from the system value,
the DSPSGNINF keyword for an individual user profile can be set to
*YES (to display the information) or *NO (for no information
displayed).

QINACTITV Inactive Job Time-Out Interval. Specifies in minutes how long the
system allows a job to be inactive before taking action. A workstation is
considered to be inactive if is waiting at a menu or display, or if it is
waiting for some message input with no user interaction. When you
specify a time-out interval, if a job reaches that interval the system will
take the action specified in the QINACTMSGQ system value. Local
jobs that are currently signed on to a remote system are excluded. PC
Support/400 jobs are also included. An inactive workstation might
allow unauthorized persons access to the system. This system value
helps you to prevent users from leaving workstations inactive. Be sure
to discuss the impact of a change of QINACTITV with the users on the
system and inform them at the time you make
the change.

QINACTMSGQ Inactive Job Time-Out Message Queue.The QINACTMSGQ value

specifies either the name of the message queue to which a notification
message is sent, or the action the system takes when an interactive job
has been inactive for a specified interval of time. The time interval is
specified by the system value QINACTITV. There are considerations
for PC Support/400 jobs.

QLMTDEVSSN Limit Device Sessions. Specifies whether users are limited to sign on to
more than one device at one time.

QLMTSECOFR Limit Security Officer. Restricts privileged users (with *ALLOBJ or

*SERVICE authority) to specified workstations. A privileged user who
leaves the terminal unattended represents a considerable security
exposure. QMAXSIGN Maximum Number of Signon Attempts.
Defines the maximum number of invalid signon attempts by local or
remote users. This also works for PC Router signon. Invalid attempts
are any combination of invalid password, invalid user profile, or
inadequate authority to the display station. Once a user has reached the
maximum attempts value, the system will take the action specified in

31
 QMAXSGNACN. The value should be high enough to allow correction
for typing errors but low enough to prevent opportunities to guess a
valid user profile and password. You can use security auditing to log
signon violations. You must create aquery, or you can use Security/400.

QMAXSGNACN Action When Signon Attempts Reached.This system value determines

what the system does when the maximum number of signon attempts
(specified in QMAXSIGN) is reached.
Possible values for QMAXSGNACN are:
· 3: Disable both the user profile and device.
· 1: Disable the device only.
· 2: Disable the user profile only.
With, PC Support/400, invalid attempts will only disable the user
profile, but not the device. If you create the message queue QSYSMSG
in QSYS, messages about critical system events are sent to that
message queue as well to QSYSOPR. You can use the QSYSMSG
message queue to monitor any invalid attempt to signon to the system,
just by seeing it or controlling it by a program. Refer to Appendix A,
“QSYSMSG Message Queue” on page A-1 for more details. The events
sent to QSYSMSG can also be logged in the audit journal. If
QSECOFR is disabled, and no other user profile has the authority to
enable it, QSECOFR can still sign on from the system console. If the
console is varied off the system must be IPLed.

QRMTSIGN Remote Signon Control. Specifies how the system handles remote
signon requests.

QSECURITY System Security Level. QSECURITY controls the security level of the
system. AS/400 security offers five levels of security:

· Level 10: There is no user authentication, or resource

protection. No password is required to sign on. The
system is shipped with this value. It should be
changed immediately, preferably to 30. If you wish
to move to a security level above 30, you should first
test your installation on level 30.

· Level 20: Password - User authentication through user profile

and password checking; no resource protection.

· Level 30: Password and Resource - User authentication and

resource protection. Users require authority to access
objects.

· Level 40: Password, Resource and Operating System

Integrity

32
 - User authentication, resource protection, and
machine interface protection.

· Level 50: Password, Resource and enhanced Operating

System
Integrity - User authentication, resource protection,
and machine interface protection. Security level 50 is
intended for AS/400 systems with high security
requirements and to meet C2 security requirements.

System Value IBM Shipped Value Production System Domino System

QALWOBJRST *ALL *ALL *ALL
QDSPSGNINF 0 0 0
QINACTITV *NONE 30 *NONE
QINACTMSGQ *ENDJOB *DSCJOB *ENDJOB
QDSCJOBITV 240 240 240
QLMTDEVSSN 0 0 0
QLMTSECOFR 1 0 0******
QMAXSIGN 3 5 10
QMAXSGNACN 3 2 1
QRMTSIGN *FRCSIGNON *FRCSIGNON *FRCSIGNON
QCRTAUT *CHANGE *CHANGE *CHANGE

Other Related System Values

The following system values, while not specifically security-related, affect system
functions when certain security system values are set.

QAUTOVRT Automatic Configuration of Virtual Devices Specifies whether

display station passthrough virtual devices and TELNET full
screen virtual devices are automatically configured.

QDSCJOBITV Disconnected Job Time-Out Interval. This system value

determines if and when the system ends a disconnected job. The
interval is specified in minutes.

System Values for Passwords

The following values apply to passwords. These values require users to change their
passwords regularly as well as enforce rules for the creation of new passwords which
prevents the use of passwords that are trivial or easy to guess. Whenever you want to
change any of these system values, be sure to discuss the impact with the users on the
system. Do remember to inform them when any change is made. The password
composition system values are enforced only when the password is changed using the
Change Password (CHGPWD) command, the ASSIST menu option to change a
password, the QSYCHGPW application program interface (API), or on signon when a

33
 password expires. In addition to the values below, passwords can be further verified by
a password validation program.

QPWDEXPITV Password Expiration Interval Value. This value forces users to

change password every 1 to 366 days, or not at all. The value
must be set according to the company¢s security policy. This
interval can also be modified for each user through the user
profile password expiration interval parameter, PWDEXPITV.

QPWDLMTAJC Restrictions of Consecutive Digits in Passwords.

QPWDLMTCHR Restricted Characters for Passwords.

QPWDLMTREP Restriction of Repeated Character in Passwords.

QPWDMAXLEN Maximum Length of Passwords.

QPWDMINLEN Minimum Length of Passwords.

QPWDPOSDIF Position Difference of Characters in Successive Passwords.

QPWDRQDDGT Requirement for Numeric Characters in Passwords.

QPWDRQDDIF Required Difference in Passwords.

QPWDVLDPGM Password Validation Program.

Specifies the name of a validation program.

Auditing System Values

This topic discusses the system values for controlling auditing on your system and a
description of each.

QAUDCTL Auditing Control.

The QAUDCTL system value determines whether auditing is
performed.

QAUDENDACN Auditing End Action.

The QAUDENDACN system value determines what action the
system takes if auditing is active and the system is unable to
write entries to the audit journal.

QAUDFRCLVL Auditing Force Level.

The QAUDFRCLVL system value determines how often new
audit journal entries are forced from memory to auxiliary
storage (disk). This system value controls the amount of
auditing data that may be lost if the system ends abnormally.

34
 QAUDLVL Auditing Level.
The QAUDLVL system value determines which security-related
events are logged to the security audit journal (QAUDJRN).

QCRTOBJAUD Auditing for New Objects.

The QCRTOBJAUD system value is used to determine the
auditing for a new object, if the auditing default for the library
of the new object is set to *SYSVAL.

Authorities : -
In AS/400 terminology, an authority is the permission to access an object. The object owner
and the security officer (or other *ALLOBJ users) can grant or revoke authority to an object.
It is important to understand the difference between authority to an object and authority to the
data in the object. Operations such as moving, renaming, saving, or deleting apply to the
object as such. It is possible to have authority for these operations without having access to
the data stored in the object. Likewise, one can have full access (read, write, update, delete,
execute) to the data in an object without having full authority to manipulate the whole object.

Structure of authorities.

Authorities

Private Public
Authorities Authorities

Special Specific
Authorities Authorities
( 8 Nos.)

Object Data
Authorities Authorities
( 6 Nos.) ( 5 Nos.)

35
Special Authorities

All security systems have special user privileges for certain security and system
administration functions. Special authorities allow certain users to administer AS/400
security and system tasks. There are eight special authorities. These special authorities
are not hierarchical.

*ALLOBJ All object authority is granted for accessing any system resource

*AUDIT Allows the user to perform auditing functions

*JOBCTL Allows manipulation of job and output

*SAVSYS Used for saving and restoring the system and data without having
explicit authority to objects queues and subsystems

*SECADM Allows administration of User Profiles and Office

*SERVICE Allows access to special service functions for problem diagnosis

*SPLCTL Allows control of spool functions

*IOSYSCFG Allows change of system configuration

Specific authorities
Specific authorities are further divided into 2 types.
1. Object Authorities
2. Data Authorities

1. Object Authorities :
There are 6 object authorities used in AS/400.Those are as follows.
a. *OBJOPR ( Object Operational )
b. *OBJEXIST ( Object Existence )
c. *OBJMGT ( Object Management )
d. *OBJALTER ( Object Alteration )
e. *AUTLMGT ( Authorization List Authority )
f. *OBJREF ( Object Reference )

2. Data Authorities :
There are 5 data authorities used in AS/400.Those are as follows.
a. *READ ( Read Data )
b. *ADD ( Add Data )

36
 c. *DLT ( Delete Data )
d. *UPD ( Change Data )
e. *EXECUTE ( Run a Program )

The following authorities are independent (not hierarchical). For some operations a
combination of authorities is required:

*OBJOPR: The object operational authority controls the use of an object and the
capability to look at the description of the object. It is needed to open a
file andtherefore usually assigned in combination with the desired data
rights.

*OBJMGT: The object management authority controls the move, rename, and
change attribute functions for object, and the grant and revoke authority
functions for other users or groups.

*OBJEXIST: The object existence authority controls the delete, save, restore, or
transfer ownership operations of an object.

*AUTLMGT: This authority is needed to manage the contents of an authorization

list associated with the object. This is a specialized security
authorization that is not usually grouped with the other seven object
authorities.

*OBJALTER: This authority is needed to alter the attributes of data base files
and change the attributes of SQL packages.

*OBJREF: This authority is needed to specify a data base file as the first level in
a referential constraint.

*READ: Controls the ability to read data from the object.

*ADD: Controls the ability to insert a new entry (such as a new record in a file)
into the object.

*UPDATE: Controls the ability to modify existing entries in the object.

*DELETE: Controls the ability to remove existing entries (for example, records)
in the object. To delete the whole object requires *OBJEXIST authority.

*EXECUTE: Controls the ability to run a program, service program, or SQL package,
and to locate an object in a library or a directory. Some common
combinations of authorities have been given special names as an

37
 abbreviated form. For example, *USE is the combination of *OBJOPR,
*READ, and *EXECUTE.

*ALL Allows unlimited access to the object and its data

*CHANGE Allows unlimited access to the data in the object

*USE Allows data in the object to be read

*EXCLUDE Allows no access to the object or its data

*PUBLIC Authority

Public authority is the default authority for an object. It is used if users do not
have any specific (private) authority to an object, are not on the authorization list
(if one is specified) for the object, or their group(s) has no specific authority to the
object.

Authorization Lists

An authorization list is an important and commonly used security structure. It is

used to authorize a user or a group of users to different types of objects (such as
files or programs) secured by the authorization list. An object may have only one
authorization list associated with it. An authorization list may secure more than one
object. A user can appear on many different authorization lists. Authorization lists are
not affected when objects secured by the authorization list are deleted. If an object is
deleted and then restored to the same system, it is automatically linked to an existing
authorization list for the object. This is an important advantage of authorization
lists.

Adopted Authority

Certain programs or commands called by a user may require a higher level of

authority (for the duration of the command) than is normally available to that user.
Adopted authority provides a means for handling this situation. Adopted authority
allows a user to temporarily gain the authority of the owner of a program (in addition
to the user¢s own authorities) while that program is running. This provides a method
to give a user additional access to objects, without requiring direct authority to objects.

Audit Journal
The Security Audit Journal is a facility that allows security-related events to be logged
in a controlled way that cannot be bypassed. The following are some of the events that
may be logged:

· Authorization failures

38
 · Object creations
· Object deletions
· Changes to jobs
· Move or rename of objects
· Changes to system distribution directory or office mail actions
· Obtaining authority from programs which adopt
· System security violations
· Printing actions, both spooled and direct print
· Actions on spooled file data
· Restore operations
· Changes to user profiles, system values or network attributes
· Use of service tools
· System management functions
· Users¢ access to audited objects
· CL command strings

Information from the audit journal can be extracted into a database file, then examined
by an auditor using a tool such as Query/400 to locate security violations or exposures.

Authority Holder

An authority holder is an object that specifies and reserves an authority to a program-

described database file before the file is created. When the file is created, the authority
specified in the holder is linked to the file. The authority holder is for use mainly in the
System/36 Environment.

Physical Security

Physical and procedural security controls provide the basis on which other controls
such as software security are built. In addition to physical access control and output
distribution procedures, which are necessary controls in any computing environment
and therefore not mentioned here, the AS/400 has two unique hardware features, which
are important for physical security:

· System Keylock - to enable or disable certain system service functions

· Display Station functions - keylock, and play/record keys

The History Log (QHST)

The history log (QHST) contains a subset of messages that are sent about system
operational events to the system operator message queue. Some messages relating to
system security are written in the system history log. However, this function is now
superseded by support offered by the security audit journal. QHST should not be used
as a source for tracking security-related events as it may have been in the past.
User Profiles

39
 User Profiles contain information describing a system user, that user¢s privileges and
limitations when using the system, and lists of objects the user owns or is authorized to
use. For objects owned by a user, the profile also contains lists ofother users¢
authorizations to those objects.

Group Profiles

A User Profile may be linked to a group profile. This allows all the members of the
group to share common attributes, common access to selected objects, and common
ownership of objects. A user is not required to be a member of a group. In V3R1 a user
may be a member of up to 16 different groups. In earlier releases the user can only be
a member of one group. In addition, only one level of grouping is permissible. For
example, if user profile FRED belongs to group profile DEPTA, DEPTA cannot
belong to another Group Profile. Group profiles are used to organize users along job
functions and to simplify the assignment and administration of object authorities by
authorizing users through a smaller number of group entries. When designing groups,
it is important that the group ownership concepts are well understood and that good
naming conventions are used.
A group profile is implemented as a user profile; that is, it is created just like a user
profile, and when granting authority, the AS/400 does not treat groups any differently
than user profiles. The two uses may be intermixed. For easy management it is better
that user and group profiles be used as separate entities. One way to enforce this is to
set the group profile password to *NONE. This prevents any sign on to the profile.

Limited Capability

A user may be assigned limited capability. This is done when creating or changing a
user profile. Limited capability, when used with an appropriate initial program or
initial menu, can restrict a user to a desired subset of the systems functions. Some
local programming (or the use of a packaged application) is necessary to accomplish
this. Limited capability (LMTCPB keyword of CRTUSRPRF or CHGUSRPRF
commands) may be set to no, partial, or full. The selected value will affect initial
program, initial menu, current library, the current attention program (associated with
the attention key on the terminal), and access to general system commands.

User Classes
There are five user classes which are hierarchical in authority. The classes represent
different roles in the DP environment. These are convenient ways to assign the special
authorities listed above to different types of users. A higher class can perform all the

functions of a lower class; for example, *SECOFR includes the privileges of

*SECADM by default. The following are the five user classes.

*SECOFR Security Officer

40
 *SECADM Security Administrator
*PGMR Programmer
*SYSOPR System Operator
*USER End User

The user class also affects what options are shown on the system menus. A user with
higher authorities will see more of the system menu options. A user with less
authorities will only see the menu choices allowed by the user class. A user may be
given any of the special authorities regardless of his user class. Letting the special
authorities be assigned automatically to match the user class is a convenient way to get
started. Special authorities can be assigned specifically, by the security officer or
security administrator, when one of the standard user classes does not have the desired
combination of authorities.

41
 Module :- 5

Backup And Restoration

42
IBM iSeries and AS/400e servers offer a wide range of recovery and availability options. Your
hardware or software includes some of the options. Others are ordered separately. They are
intended to help you do the following:

1.Make your save operations faster and more efficient.

2.Keep your system available for your users.
3.Plan and manage your backup and recovery.

Your Operating System/400 (OS/400) licensed program includes menus and commands for
save and restore. You can use the save operations and restore operations on the system to do
the following:

1. Recover from a program or system failure.

2. Exchange information between servers.
3. Store infrequently used objects offline.

You can use commands and menu options to save individual objects and groups of objects.
You can use some save and restore operations while your system is active. Other save and
restore operations require that no other activity is occurring on the system. You can save and
restore objects by using diskette, magnetic tape, optical media, or a save file. You can also use
communications capabilities or an optical connection to save and restore objects with another
system. If your system is busy most of the time, you can use the save-while-active function
to reduce the time period that the system is unavailable while you are performing save
operations.

Backup Recovery and Media Services for iSeries–Overview

The Backup Recovery and Media Services for iSeries (BRMS/400) licensed program
offers a set of functions for defining and performing these tasks:
1. Backup
2. Recovery
3. Archiving
4. Retrieval
5. Media management

Starting with V5R1, Backup Recovery and Media Services provides a graphical user interface
for backup and recovery that is integrated into iSeries Navigator. You can use Backup
Recovery and Media Services to simplify and automate your backups and to manage your
media. Backup Recovery and Media Services keeps track of what you have saved, when
you saved it, and where it is saved. When you need to do a recovery, Backup Recovery and
Media Services helps ensure that the correct information is restored from the correct tapes in
the correct sequence.

43
Tivoli Storage Manager–Overview

You can use Tivoli Storage Manager to protect data on your workstations and LAN file
servers. The Tivoli Storage Manager can automatically back up critical LAN and workstation
data and archive files that are used infrequently. It provides a disaster recovery solution for
LANs and workstations. Administer the Tivoli Storage Manager from a client workstation that
is attached to an iSeries server. It can back up data from a variety of workstation platforms.
You can use the Backup Recovery and Media Services (BRMS/400) program to back up user
data to any Tivoli Storage Manager when the server in a client/server environment. You can
use Backup Recovery and Media Services for iSeries to manage the data that you save on the
Tivoli Storage Manager and to manage the backup of the system data to local media.

44
Save your server with the GO SAVE command

Use Go SAVE menu to take the backup on your As/400.

45
Overview of the GO SAVE command menu options :
Access the GO SAVE command menu by typing GO SAVE from any command line. From the
Save menu, you see option 21, option 22, and option 23 along with many more save options.
A single plus sign (+) indicates that the option places your server into a restricted state, which
means that nothing else can be running on your system when the menu option is selected. A
double plus sign (++) indicates that your server must be in a restricted state before you can run
this option.

Save Menu–First Display

Page down on the Save menu to see additional options:

46
Save Menu– Second Display

Page down on the Save menu to see additional options:

47
Save Menu– Third Display

Save menu defaults with GO SAVE: Option 20

You can use save menu option 20 to change the default values for the GO SAVE command,
menu options 21, 22, and 23. This option simplifies the task of setting your save parameters
and helps to ensure that operators use the options that are best for your system. In order to
change the defaults, you must have *CHANGE authority for both theQUSRSYS library and
the QSRDFLTS data area in the QUSRSYS library. When you enter the GO SAVE command,
then select menu option 20, the server displays the default parameter values for menu options
21, 22, and 23. If this is the first time you have used option 20 from the Save menu, the server
displays the IBM-supplied default parameter values. You can change any or all of the
parameter values to suit your needs. For example, you can specify additional tape devices or
change the message queue delivery default. The server saves the new default values in data
area QSRDFLTS in library QUSRSYS. The server creates the QSRDFLTS data area only after
you change the IBM-supplied default values. Once you define new values, you no longer need
to worry about which, if any, options to change on subsequent save operations. You can
simply review your new default options and then press Enter to start the save with the new
default parameters.

48
If you have multiple, distributed servers with the same save parameters on each server, this
option provides an additional benefit. You can simply define the parameters from the Save
menu, using option 20 on one server. Then, save the QSRDFLTS data area, distribute the
saved data area to the other servers, and restore it.

Save your whole server with GO SAVE: Option 21

Option 21 saves everything on your server and allows you to perform the
save while you are not there. Option 21 does not save spooled files. Option
21 saves all of your data for additional licensed programs, such as Domino
or Integration for Windows Server when you select to vary off your network
servers. Also, if you have Linux installed on a secondary logical partition,
you can back up that partition when you select to vary off your network
servers. Option 21 puts your server into a restricted state. This means that
when the save
begins, no users can access your server and the backup is the only thing
that is running on your server. It is best to run this option overnight for a
small server or during the weekend for larger servers. If you schedule an
unattended save, make sure your server is in a secure location; after you
schedule the save, you will not be able to use the workstation where the
backup is initiated until the save is complete.

1The command omits QSYS.LIB file system because the SAVSYS command and the
SAVLIB LIB(*NONSYS) command both save it. The command omits the QDLS file system
because the SAVDLO command saves

Save system data with GO SAVE: Option 22

49
Option 22 saves only your system data. It does not save any user data. Option 22 puts your
server into a restricted state. This means that no users can access your server, and the backup
is the only thing that is running on your server.

Save user data with GO SAVE: Option 23

Option 23 saves all user data. This information includes files, records, and other data that your
users supply into your server. Option 23 puts your server into a restricted state. This means
that no users can access your server, and the backup is the only thing that is running on your
server.

1Menu option 23 omits the QSYS.LIB file system because the SAVSYS command, the
SAVSECDTA command, the SAVCFG command, and the SAVLIB LIB(*ALLUSR)
command
save it. The command omits the QDLS file system because the SAVDLO command saves it.
Menu option 23 also omits the /QIBM and /QOpenSys/QIBM directories because these

50
directories contain IBM supplied objects.

Save parts of your server with other GO SAVE command menu options

You may perform the following GO SAVE command menu options.

Save Security Data (SAVSECDTA)

The Save Security Data (SAVSECDTA) command saves all security information without
requiring a system in a restricted state. The SAVSECDTA command saves the same security
information that is saved when a SAVSYS command is run including the following:

User Profiles
Authorization Lists
Authority Holders

Information saved with the SAVSYS or SAVSECDTA command can be restored using the
RSTUSRPRF and RSTAUT commands, but a dedicated System is required.

Save Configuration Data ( SAVCFG)

The Save Configuration (SAVCFG) command saves all configuration and system resource
management (SRM) objects without requiring a system in a restricted state. The information
saved includes the following

Line descriptions Configuration lists

Controller descriptions Hardware resource data
Device descriptions Connection lists
Class-of-Service description Mode description
Network interface description NetBIOS descriptions
Network server description

51
Save Changed Objects:

The Save Changed Object (SAVCHGOBJ) command saves a copy of each changed object or
group of objects located in the same library. When *ALL is specified on the Objects prompt
(OBJ parameter), objects can be saved from all user libraries or from up to 300. Specified
libraries. When saving to a save file, only one library can be specified.

Overview of the GO RESTORE command menu options :

Figure below shows the menu options and commands that are available for restoring
information. It also shows the normal sequence for restoring information, working from top to
bottom.

52
Save procedures and restore procedures for file systems

53
54
Relationship Between Save and Restore Commands

Restoring User Profiles :

1. Sign on as QSECOFR.
2. Ensure the system is in a restricted state.
3. Find the most recent save media that has your user profiles. It may be a SAVSYS
media volume or a SAVSECDTA media volume. The file on the save media
volume is called QFILEUPR.
4. If you are using a SAVSYS media volume, type:

RSTUSRPRF DEV(media-device-name) USRPRF(*ALL) ENDOPT(*LEAVE)

If you are using a SAVSECDTA media volume, type:

RSTUSRPRF DEV(media-device-name) USRPRF(*ALL) ENDOPT(*UNLOAD)

Restoring the Configuration

1. Find the most recent save media that has your configuration. It may be a SAVSYS
media volume or a SAVCFG media volume. The file on the save media volume is
called QFILEIOC.

55
 2. If you are using a SAVSYS media volume, type:
RSTCFG OBJ(*ALL) DEV(media-device-name)OBJTYPE(*ALL)
ENDOPT(*LEAVE)

If you are using a SAVCFG media volume, type:

RSTCFG OBJ(*ALL) DEV(media-device-name) OBJTYPE(*ALL)
ENDOPT(*UNLOAD)

Restoring Document Library Objects

1. Find your most recent save media volume that you used to save all of the
documents in the system ASP. You may have specified ASP(1) or ASP(*ANY) for
the save operation. The media volume should have the library QDOC on it.

2. Use the following command to restore the DLOs:

RSTDLO DLO(*ALL) FLR(*ANY) ASP(1)

Restoring Libraries

Restoring entire libraries is a common way to recover user information. Use the
Restore Library (RSTLIB) command to restore a single saved library or a group of
libraries. The RSTLIB command restores the entire library, including the library
description, object descriptions (only descriptions are restored for logical files, job
queues, message queues, output queues, user queues, and data queues), and the
contents of other objects. This command also restores status information for
programming temporary fixes (PTFs) that were in the library at the time the library
was saved. When you use the RSTLIB command, you can use the OPTION parameter
to specify which objects in a library are restored:

Possible Values for the OPTION Parameter of the RSTLIB Command:

*ALL Old objects are replaced and new objects are added to a library.
*ALL is the default.
*OLD Only old objects that already exist on the system are replaced in a
library.
*NEW Only objects not found on the system are added to a library. The
old objects are not replaced.
*FREE Only those objects that have their storage freed on the system are
restored.

56
Restoring a Library From a Previous Release

When you are restoring a library that was saved on a system at an earlier release, you
can use the Force object conversion (FRCOBJCVN) parameter to specify whether
programs are translated when they are restored. This can significantly impact the time
it takes to restore the library.

Restoring Multiple Libraries

You can use the RSTLIB command to restore libraries in these groups:

*NONSYS All libraries that were saved with SAVLIB LIB(*NONSYS) command,
including the IBM-supplied libraries QGPL, QUSRSYS, and licensed
program libraries.

*ALLUSR All user libraries that were saved with SAVLIB LIB(*ALLUSR) or
SAVLIB LIB(*NONSYS).

*IBM All IBM-supplied libraries that were saved with SAVLIB LIB(*IBM)
or SAVLIB(*NONSYS). Only IBM-supplied libraries that contain IBM
objects are restored.

Methods for Restoring All Libraries–Multiple Save Operations

57