SafeNet/400 Release 8 Migration

In addition, the core kernel of SafeNet/400 has been completely rewritten from scratch to improve the way it works for performance and for accuracy. Because of the accuracy issues that have been implemented, it is entirely possible that transactions getting processed on your system today as valid will get rejected by SafeNet/400 once the new release is implemented. Because of this, part of the migration process will include running and checking analysis reports to see if any new rejection transactions show up when your current transaction history is processed through the Release 8 code.

The SafeNet/400 Release 8 Migration process requires two phases. The first phase will load the new software from the distribtion CD and take you through the migration processes. The second phase can only be run after the first phase is completed and the software does some internal checks to keep you honest about this. The second phase will actually install the Release 8 software and move the files into production. SafeNet/400 Release 8 will not be active on your system until the second phase is completed.

Be sure to review these instructions in detail before you start. We recommend that you print a copy of them on paper and use them as a check list to make sure that every step gets processed in the right sequence. Do not attempt any shortcuts

Before you start your upgrade

1. Make sure that you have your SafeNet/400 permanent installation codes available for use. They may be needed towards the end of the installation process. If you do not have these codes available, contact Kisco Information Systems and obtain the codes prior to starting this procedure. The codes for Release 8 will not change from those you already have.

2. Check the size of the file named TRAPOD in library PCSECDTA. If it is very large, you should consider doing a purge of it in advance of the upgrade, especially if your system is low on free disk space. During the upgrade, all files in PCSECDTA are copied over into the newly installed version. Some customers do not purge this file regularly and are then surprised when the upgrade install takes a very long time or fills up their free disk space. If you do a purge, but specify in the purge to save the information to the archive files, then make sure you backup the archive and clear the archive file members before the upgrade. The archive file is named TRAPARCW and is also in library PCSECDTA. If you do not purge the TRAPOD file and it is very large, be prepared for a long upgrade process. Note: If you do a purge, make sure that you do it before you end all subsystems at the start of the upgrade process.

3. Check the following system values. They should be set as indicated here. If they are not, note the current settings then change them to these settings:

   QALWOBJRST - *ALL
   QVFYOBJRST - value 3 or lower
   QFRCCVNRST - value 1

   After all upgrade processing has been completed, you can change these values back to what they werebefore you started.

4. Check the user profile SAFENET on your system and make sure that the special authorities include *JOBCTL. In fact, we recommend that the SAFENET user profile be set up to include ALL special authorities.

Migration Phase One - Load Software and Process Data Migration

Unlike earlier release upgrade processing for SafeNet/400, the following steps can be run at any time. You do not need to bring your system into a restricted state.

1. Sign on to any terminal session on your system using the special user profile QSECOFR or SAFENET. The profile must have *ALLOBJ, *IOSYSCFG, *JOBCTL, *SAVSYS, *AUDIT and *SECADM special authority.

2. Run the following two instructions to create a new Authorization List Entry required by SafeNet/400 Release 8:

   CRTAUTL AUTL(SAFENET) TEXT('SafeNet/400 V8 Authorization List')

   ADDAUTLE AUTL(SAFENET) USER(SAFENET QSECOFR) AUT(*ALL)

3. Load the SafeNet/400 Release 8 software by running the following command:

   LODRUN DEV(OPT01)

   When the software load finishes, the Migration menu SNMGR1 in library PCSECMGR will be displayed.

4. Enter the following command:

   ADDLIBLE PCSECMGR

   Important note: - Whenever you run Migration reports, the library PCSECMGR must be added at the top of your library list. Library PCSECDTA must also appear in the library list, but must show below the PCSECMGR library. Finally, library PCSECLIB must NOT appear anywhere in the library list. You can use the DSPLIBL command to view the current library list configuration at any time.

5. Note that there is more detailed documentation about using the SafeNet/400 Migration process in the User Manuals folder, review the document named "V7 to V8 Migration Guide" before you continue"

6. Run the following command from the command line:

   DSPDTAARA DTAARA(PCSECDTA/SUSERS)

   If the data area displays normally, then continue with the next processing step.

   If the data area fails to display and you see the message Data area SUSER in PCSECDTA not found. displayed at the bottom of the screen, then run the following command:

   CRTDTAARA DTAARA(PCSECDTA/SUSERS) TYPE(*CHAR) LEN(500)

   Then, run the following command from the command line:

   DSPDTAARA DTAARA(PCSECDTA/SUSER)

   If the displayed data area has no content, proceed to the next processing step. If the data area contains a list of user profiles, then these profiles must be added to the data area named SUSERS that was just created. Each 10 characters in the data area is used for a separate user profile. Use the CHGDTAARA command to insert these into the new SUSERS data area.

7. Run option #1 on the SNMGR1 menu. This will spin a job to the job queue that will migrate your SafeNet/400 data files into the new Release 8 formats. Wait for the job to finish before moving ahead.

8. Run option #2 on the SNMGR1 menu and check the displayed results.

9. Run option #3 on the SNMGR1 menu and check the displayed results. Make any changes that you want to implement and press ENTER to store the results.

10. Run option #4 on the SNMGR1 menu to display the user profiles that are currently defined to SafeNet/400 Release 8 as those with adminstrator rights. This is a new feature for Release 8. If you have additional user profiles that you want to define with administrator rights, add them at this point.

11. Run option #5 on the SNMGR1 menu, this will display the Migration analysis reporting menu.

12. On the SNMGR2 analysis menu, you must run options one through 7 at least once. Each one of these options will generate a report. We strongly recommend that you inspect these reports for rejections that are new to your installation before you continue with the next step.

13. Press the F12 key to return to the SNMGR1 menu.

14. Use menu options 6 through 12 to check on the migration of your SafeNet/400 rules from your current SafeNet/400 setup. If you have found new rejections on the printouts run, you can create or modify your rules at this point so that they will be ready for your full implementation of SafeNet/400 Release 8.

15. When you are certain that everything is ready to bring SafeNet/400 Release 8 on-line, run option #13 on the SNMGR1 menu. Check for a successful completion message at the base of your screen.

Migration Phase Two - Activating Release 8

The second phase of the SafeNet/400 Release 8 Migration requires bringing your system to a restricted state with access from your system console.

1. Sign on to the system console on your system using the special user profile QSECOFR, SAFENET or any other security officer profile. The profile must have *ALLOBJ, *IOSYSCFG, *JOBCTL, *SAVSYS, *AUDIT and *SECADM special authority.

2. Go to the SN2 menu in library PCSECLIB and run option #6. Press the F5 key to deactivate SafeNet/400 Release 7 on your system.

3. Bring your system to a restricted state by running the following command:

   ENDSBS SBS(*ALL) OPTION(*IMMED)

4. At this point, you must make a decision. Do you want to have the SafeNet/400 Migration Tool bring the converted transaction history up to date before installing the new release? When you started the migration process, the transaction history on your system at that point in time was converted. If you have had new transaction history records posted to the file since then, they will be lost if you choose not to convert the file again now. This is especially important for customer who may have taken several days to work through the migration process.
5. If you DO NOT want the transaction history updated again at this point, issue the following instruction from the command line:

   CALL PGM(PCSECMGR/QINSTAPP) PARM(*MIGR)

   If you DO WANT the transaction history updated again at this point, issue the following instruction from the command line:

   CALL PGM(PCSECMGR/QINSTAPP) PARM(*MIGX)

   Note: Choosing this option will add time to the upgrade process depending on the size of the transaction history file on your system.

6. When this process finished, SafeNet/400 Release 8 will be installed but will not be active yet.

7. Take some time to go to the SN1 menu and review your rules using options two through nine to make sure that your settings have all been transferred.

8. Using option #80 on the Sn1 menu to access the INSTALL menu. Run option #2 there to make sure that your software is still showing as being permanently installed.

9. When you are happy with the results, go to the SN2 menu and run option #6. Follow the steps to activate SafeNet/400 Release 8.

At this point, SafeNet/400 Release 8 will be active on your system and you can resume normal operations by restarting your controlling subsystem.