friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakh_5.4.0.1/rzakhpropagatescenario_completeplanningworksheets.htm

246 lines
13 KiB
HTML
Raw Normal View History

Add readme and dist folders
2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Complete the planning work sheets" />
<meta name="DC.Relation" scheme="URI" content="rzakhscenmc.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhpropagatescenario_createasystemgroup.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakhpropagatescenario_completeplanningworksheets" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Complete the planning work sheets</title>
</head>
<body id="rzakhpropagatescenario_completeplanningworksheets"><a name="rzakhpropagatescenario_completeplanningworksheets"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Complete the planning work sheets</h1>
<div><p>The following planning work sheets illustrates the type of information
you need before you begin using iSeries™ Navigator to propagate the configuration
on a model system to target systems.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 1. Propagate network authentication
service - prerequisite work sheet</caption><thead align="left"><tr><th valign="top" width="60%" id="d0e23">Prerequisite work sheet</th>
<th valign="top" width="40%" id="d0e25">Answers </th>
</tr>
</thead>
<tbody><tr><td align="left" valign="top" width="60%" headers="d0e23 ">Is your i5/OS™ V5R3 (5722-SS1) or later for the
following systems:<ul><li>Central system</li>
<li>iSeries A</li>
<li>iSeries B</li>
<li>iSeries C</li>
</ul>
</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="60%" headers="d0e23 ">Have you applied the latest program temporary fixes
(PTFs)?</td>
<td valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="60%" headers="d0e23 ">For iSeries D, is your i5/OS V5R2 (5722-SS1) or later?</td>
<td valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="60%" headers="d0e23 ">For iSeries D, have you applied the latest program temporary
fixes (PTFs), including the following:<ul><li>SI08977</li>
<li>SI08979</li>
</ul>
</td>
<td valign="top" width="40%" headers="d0e25 ">&nbsp;</td>
</tr>
<tr><td align="left" valign="top" width="60%" headers="d0e23 ">Are the following options and licensed products
installed on all your iSeries systems?<ul><li>i5/OS Host
Servers (5722-SS1 Option 12)</li>
<li>iSeries Access
for Windows<sup>®</sup> (5722-XE1) </li>
<li><img src="./delta.gif" alt="Start of change" />Network Authentication Enablement (5722-NAE) if you are using
V5R4 or later<img src="./deltaend.gif" alt="End of change" /></li>
<li><img src="./delta.gif" alt="Start of change" />Cryptographic Access Provider (5722-AC3) if you are running
V5R3<img src="./deltaend.gif" alt="End of change" /></li>
</ul>
</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="60%" headers="d0e23 ">Is iSeries Access for Windows (5722-XE1)
installed on the administrator's PC?</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="60%" headers="d0e23 ">Is iSeries Navigator installed on the administrator's
PC?<ul><li>Is the Network subcomponent of iSeries Navigator installed on the administrator's
PC?</li>
<li>Is the Security subcomponent of iSeries Navigator installed on the administrator's
PC?</li>
</ul>
</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td valign="top" width="60%" headers="d0e23 ">Have you installed the latest IBM<img src="eserver.gif" alt="e(logo) server" /> iSeries Access for Windows service
pack? See <a href="http://www-1.ibm.com/servers/eserver/iseries/access/casp.htm" target="_blank">iSeries Access</a><img src="www.gif" alt="link outside the Information Center" /> for the latest service pack.</td>
<td valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="60%" headers="d0e23 ">Do you have *SECADM, *ALLOBJ, and *IOSYSCFG
special authorities?</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="60%" headers="d0e23 ">Do you have one of the following systems
acting as the Kerberos server? If yes, specify which system.<ol><li>Microsoft<sup>®</sup> Windows 2000
Server<div class="note"><span class="notetitle">Note:</span> Microsoft Windows 2000 Server uses Kerberos authentication
as its default security mechanism. </div>
</li>
<li>Windows Server
2003</li>
<li>i5/OS PASE
(V5R3 or later)</li>
<li>AIX<sup>®</sup> server</li>
<li>zSeries<sup>®</sup></li>
</ol>
</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes, Windows 2000 Server</td>
</tr>
<tr><td align="left" valign="top" width="60%" headers="d0e23 ">For Windows 2000 Server and Windows Server
2003, do you have Windows Support Tools (which provides the ktpass
tool) installed?</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="60%" headers="d0e23 ">Is the iSeries system time within 5 minutes
of the system time on the Kerberos server? If not see <a href="../rzakh/rzakhsync.htm">Synchronize system times</a>.</td>
<td align="left" valign="top" width="40%" headers="d0e25 ">Yes</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 2. Synchronize functions planning work
sheet</caption><thead align="left"><tr class="tablemainheaderbar"><th valign="top" width="54.08163265306123%" id="d0e229">Questions</th>
<th align="left" valign="top" width="45.91836734693878%" id="d0e231">Answers </th>
</tr>
</thead>
<tbody><tr><td valign="top" width="54.08163265306123%" headers="d0e229 ">What is the name of the system group?</td>
<td align="left" valign="top" width="45.91836734693878%" headers="d0e231 ">MyCo system group</td>
</tr>
<tr><td valign="top" width="54.08163265306123%" headers="d0e229 ">What systems will be included in this system group?</td>
<td align="left" valign="top" width="45.91836734693878%" headers="d0e231 ">iSeries B, iSeries C, iSeries D</td>
</tr>
<tr><td valign="top" width="54.08163265306123%" headers="d0e229 ">What functions do you plan to propagate to this system
group?</td>
<td align="left" valign="top" width="45.91836734693878%" headers="d0e231 ">Network authentication service</td>
</tr>
<tr><td valign="top" width="54.08163265306123%" headers="d0e229 ">For which services do you want to create keytab entries?<ul><li>i5/OS Kerberos
Authentication</li>
<li>LDAP</li>
<li>iSeries IBM<sup>®</sup> HTTP
Server</li>
<li>iSeries NetServer™</li>
</ul>
</td>
<td align="left" valign="top" width="45.91836734693878%" headers="d0e231 ">i5/OS Kerberos Authentication</td>
</tr>
<tr><td valign="top" width="54.08163265306123%" headers="d0e229 ">What are the service principal names for the iSeries systems
to which you want to propagate configuration?</td>
<td align="left" valign="top" width="45.91836734693878%" headers="d0e231 "><p>krbsvr400/iseriesa.myco.com@MYCO.COM<br />
krbsvr400/iseriesb.myco.com@MYCO.COM<br />
krbsvr400/iseriesc.myco.com@MYCO.COM<br />
krbsvr400/iseriesd.myco.com@MYCO.COM</p>
</td>
</tr>
<tr><td valign="top" width="54.08163265306123%" headers="d0e229 ">What are the passwords that are associated with each
of these principals?<div class="note"><span class="notetitle">Note:</span> All passwords are for example purposes only and
should not be used in any actual configuration.</div>
</td>
<td align="left" valign="top" width="45.91836734693878%" headers="d0e231 "><p>The password for the principals for iSeries A,
B, and C will be <tt>iseriesa123</tt>. The password for the principal for iSeries D
will be <tt>iseriesd123</tt>.</p>
</td>
</tr>
<tr><td valign="top" width="54.08163265306123%" headers="d0e229 ">What is the fully qualified host name for each iSeries server?<div class="note"><span class="notetitle">Note:</span> All
host names are for example purposes only and should not be used in any actual
configuration.</div>
</td>
<td align="left" valign="top" width="45.91836734693878%" headers="d0e231 "><p>iseriesa.myco.com <br />
iseriesb.myco.com <br />
iseriesc.myco.com<br />
iseriesd.myco.com </p>
</td>
</tr>
<tr><td valign="top" width="54.08163265306123%" headers="d0e229 ">What is the name of the Windows 2000 domain?<div class="note"><span class="notetitle">Note:</span> A Windows 2000
domain is similar to a Kerberos realm. Microsoft Active Directory uses Kerberos
authentication as its default security mechanism.</div>
</td>
<td align="left" valign="top" width="45.91836734693878%" headers="d0e231 ">MYCO.COM</td>
</tr>
</tbody>
</table>
</div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" width="100%" frame="border" border="1" rules="all"><caption>Table 3. Network authentication service
planning work sheet for iSeries D</caption><thead align="left"><tr><th align="left" valign="top" width="61.855670103092784%" id="d0e351">Questions</th>
<th align="left" valign="top" width="38.144329896907216%" id="d0e353">Answers</th>
</tr>
</thead>
<tbody><tr><td valign="top" width="61.855670103092784%" headers="d0e351 ">What is the name of the Kerberos default realm to which
your iSeries will
belong?<div class="note"><span class="notetitle">Note:</span> A Windows 2000 domain is similar to a Kerberos realm. Microsoft Active
Directory uses Kerberos authentication as its default security mechanism.</div>
</td>
<td valign="top" width="38.144329896907216%" headers="d0e353 ">MYCO.COM</td>
</tr>
<tr><td align="left" valign="top" width="61.855670103092784%" headers="d0e351 ">Are you using Microsoft Active Directory?</td>
<td align="left" valign="top" width="38.144329896907216%" headers="d0e353 ">Yes</td>
</tr>
<tr><td align="left" valign="top" width="61.855670103092784%" headers="d0e351 ">What is the Kerberos server for this Kerberos
default realm? What is the port on which the Kerberos server listens?</td>
<td align="left" valign="top" width="38.144329896907216%" headers="d0e353 "><p><span class="uicontrol">KDC: </span>kdc1.myco.com<br />
<span class="uicontrol">Port:</span> 88 </p>
<div class="note"><span class="notetitle">Note:</span> This is the default port for
the Kerberos server.</div>
</td>
</tr>
<tr><td align="left" valign="top" width="61.855670103092784%" headers="d0e351 ">Do you want to configure a password server
for this default realm? If yes, answer the following questions: <p>What is name of the password server for this Kerberos server?<br />
What is the port on which the password server listens?</p>
</td>
<td align="left" valign="top" width="38.144329896907216%" headers="d0e353 ">Yes <p><span class="uicontrol">Password server:</span> kdc1.myco.com <br />
<span class="uicontrol">Port:</span> 464 </p>
<div class="note"><span class="notetitle">Note:</span> This is the default port for
the password server.</div>
</td>
</tr>
<tr><td valign="top" width="61.855670103092784%" headers="d0e351 ">For which services do you want to create keytab entries?<ul><li>i5/OS Kerberos
Authentication</li>
<li>LDAP</li>
<li>iSeries IBM HTTP
Server</li>
<li>iSeries NetServer</li>
</ul>
</td>
<td valign="top" width="38.144329896907216%" headers="d0e353 ">i5/OS Kerberos Authentication</td>
</tr>
<tr><td align="left" valign="top" width="61.855670103092784%" headers="d0e351 ">What is the password for your i5/OS service
principal(s)? <div class="note"><span class="notetitle">Note:</span> Any and all passwords used within this scenario are for
example purposes only. They should not be used during an actual configuration.</div>
</td>
<td align="left" valign="top" width="38.144329896907216%" headers="d0e353 ">iseriesd123 </td>
</tr>
</tbody>
</table>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhscenmc.htm" title="Use the following scenario to become familiar with the prerequisites and objectives for propagating your network authentication service configuration across multiple systems.">Scenario: Propagate network authentication service configuration across multiple systems</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzakhpropagatescenario_createasystemgroup.htm">Create a system group</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink