friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzakh_5.4.0.1/rzakhscenmc.htm

283 lines
16 KiB
HTML
Raw Normal View History

Add readme and dist folders
2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="reference" />
<meta name="DC.Title" content="Scenario: Propagate network authentication service configuration across multiple systems" />
<meta name="abstract" content="Use the following scenario to become familiar with the prerequisites and objectives for propagating your network authentication service configuration across multiple systems." />
<meta name="description" content="Use the following scenario to become familiar with the prerequisites and objectives for propagating your network authentication service configuration across multiple systems." />
<meta name="DC.Relation" scheme="URI" content="rzakhscen.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhpropagatescenario_completeplanningworksheets.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhpropagatescenario_createasystemgroup.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhpropagatescenario_propagateiserisatobandc.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhpropagatescenario_configurenasoniseriesd.htm" />
<meta name="DC.Relation" scheme="URI" content="rzakhpropagatescenario_addprincipalswin2000domain.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzakhscenmc" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Scenario: Propagate network authentication service configuration across
multiple systems</title>
</head>
<body id="rzakhscenmc"><a name="rzakhscenmc"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Scenario: Propagate network authentication service configuration across
multiple systems</h1>
<div><p>Use the following scenario to become familiar with the prerequisites
and objectives for propagating your network authentication service configuration
across multiple systems.</p>
<div class="section" id="rzakhscenmc__situation"><a name="rzakhscenmc__situation"><!-- --></a><h4 class="sectionscenariobar">Situation</h4><p>You
are a systems administrator for a large auto parts manufacturer. You currently
manage five iSeries™ systems
with iSeries Navigator.
One system operates as the central system, which stores data and manages these
other systems. The security administrator for your company has just configured
network authentication service on a new system to participate in a Windows<sup>®</sup> 2000
domain, which authenticates users to the enterprise. The security administrator
has tested the network authentication service configuration on this system
and has successfully obtained a service ticket for this iSeries server.
You want to simplify the configuration of network authentication service among
these systems that you manage.</p>
<p>Using the Synchronize Functions wizard,
you want to take the network authentication service configuration on the model
system and apply it to your other systems. The Synchronize Functions wizard
will make network authentication service configuration throughout your network
quicker and easier since you will not need to configure each system separately.</p>
<p>Because
one of the systems runs i5/OS™ Version 5 Release 2 (V5R2) and this release does
not support the Synchronize Functions wizard, you will need to configure your
V5R2 system using the network authentication service wizard. You will need
to configure this system to match the current network authentication service
configuration on your model system.</p>
</div>
<div class="section" id="rzakhscenmc__objective"><a name="rzakhscenmc__objective"><!-- --></a><h4 class="sectionscenariobar">Objectives</h4><div class="p">In
this scenario, MyCo, Inc has three distinct goals:<ol><li>To simplify configuration of network authentication service in the network.</li>
<li>To have all iSeries systems
point to the same Kerberos server.</li>
<li>To configure a V5R2 system to also participate in the Kerberos realm.</li>
</ol>
</div>
</div>
<div class="section" id="rzakhscenmc__details"><a name="rzakhscenmc__details"><!-- --></a><h4 class="sectionscenariobar">Details</h4><p>The
following graphic shows the details for this scenario. </p>
<br /><img src="rzakh511.gif" longdesc="rzakh511_desc.htm" alt="Management Central Synchronize Network Authentication Service settings" /><br /><div class="p"><strong>iSeriesMC1
- Central system</strong><ul><li><span><img src="./delta.gif" alt="Start of change" />Runs i5/OS Version 5 Release 3 (V5R3) or later with the
following options and licensed products installed:<img src="./deltaend.gif" alt="End of change" /></span><ul><li>i5/OS Host
Servers (5722-SS1 Option 12)</li>
<li>iSeries Access
for Windows (5722-XE1)</li>
<li><img src="./delta.gif" alt="Start of change" />Network Authentication Enablement (5722-NAE) if you are using
V5R4 or later<img src="./deltaend.gif" alt="End of change" /></li>
<li><img src="./delta.gif" alt="Start of change" />Cryptographic Access Provider (5722-AC3) if you are running
V5R3<img src="./deltaend.gif" alt="End of change" /></li>
</ul>
</li>
<li>Stores, schedules and runs synchronize setting tasks for each of the endpoint
systems.</li>
</ul>
</div>
<div class="p"><strong>iSeries A
- Model system</strong><ul><li><span><img src="./delta.gif" alt="Start of change" />Runs i5/OS Version 5 Release 3 (V5R3) or later with the
following options and licensed products installed:<img src="./deltaend.gif" alt="End of change" /></span><ul><li>i5/OS Host
Servers (5722-SS1 Option 12)</li>
<li>iSeries Access
for Windows (5722-XE1)</li>
<li><img src="./delta.gif" alt="Start of change" />Network Authentication Enablement (5722-NAE) if you are using
V5R4 or later<img src="./deltaend.gif" alt="End of change" /></li>
<li><img src="./delta.gif" alt="Start of change" />Cryptographic Access Provider (5722-AC3) if you are running
V5R3<img src="./deltaend.gif" alt="End of change" /></li>
</ul>
</li>
<li>Is the model system for propagating network authentication service configuration
to endpoint systems.</li>
</ul>
</div>
<div class="p"><strong>iSeries B
- Endpoint system</strong><ul><li><span><img src="./delta.gif" alt="Start of change" />Runs i5/OS Version 5 Release 3 (V5R3) or later with the
following options and licensed products installed:<img src="./deltaend.gif" alt="End of change" /></span><ul><li>i5/OS Host
Servers (5722-SS1 Option 12)</li>
<li>iSeries Access
for Windows (5722-XE1)</li>
<li><img src="./delta.gif" alt="Start of change" />Network Authentication Enablement (5722-NAE) if you are using
V5R4 or later<img src="./deltaend.gif" alt="End of change" /></li>
<li><img src="./delta.gif" alt="Start of change" />Cryptographic Access Provider (5722-AC3) if you are running
V5R3<img src="./deltaend.gif" alt="End of change" /></li>
</ul>
</li>
<li>Is one of the endpoint systems for the propagation of network authentication
service configuration.</li>
</ul>
</div>
<div class="p"><strong>iSeries C
- Endpoint system</strong><ul><li>Runs i5/OS Version
5 Release 3 (V5R3) with the following options and licensed products installed:<ul><li>i5/OS Host
Servers (5722-SS1 Option 12)</li>
<li>iSeries Access
for Windows (5722-XE1)</li>
<li><img src="./delta.gif" alt="Start of change" />Cryptographic Access Provider (5722-AC3)<img src="./deltaend.gif" alt="End of change" /></li>
</ul>
</li>
<li>Is one of the endpoint systems for the propagation of network authentication
service configuration.</li>
</ul>
</div>
<div class="p"><strong>iSeries D
- Endpoint system</strong><ul><li> Runs i5/OS Version
5 Release 2 (V5R2) with the following options and licensed products installed:<ul><li>i5/OS Host
Servers (5722-SS1 Option 12)</li>
<li>iSeries Access
for Windows (5722-XE1)</li>
<li>Cryptographic Access Provider (5722-AC3)</li>
</ul>
</li>
<li>Has the following V5R2 PTFs (program temporary fixes) applied:<ul><li>SI08977</li>
<li>SI08979</li>
</ul>
</li>
<li>Requires separate configuration of network authentication service using
the Network Authentication Service wizard in iSeries Navigator.</li>
</ul>
</div>
<div class="p"><strong>Client PC</strong><ul><li>Runs iSeries Access
for Windows (5722-XE1).</li>
<li>Runs iSeries Navigator
with the following subcomponents:<div class="note"><span class="notetitle">Note:</span> Only required for PC used to administer
network authentication service.</div>
<ul><li>Network</li>
<li>Security</li>
</ul>
</li>
</ul>
</div>
<p><strong>Windows 2000 server (not shown in graphic)</strong></p>
<ul><li>Operates as the Kerberos server for the network (kdc1.myco.com).</li>
<li>All users have been added to Microsoft<sup>®</sup> Windows Active Directory.</li>
</ul>
<div class="note"><span class="notetitle">Note:</span> <img src="./delta.gif" alt="Start of change" />The KDC server name, <strong>kdc1.myco.com</strong>, is a fictitious
name used in this scenario.<img src="./deltaend.gif" alt="End of change" /></div>
</div>
<div class="section" id="rzakhscenmc__prereq"><a name="rzakhscenmc__prereq"><!-- --></a><h4 class="sectionscenariobar">Prerequisites
and assumptions</h4><div class="p"><strong>iSeriesMC1 - Central system prerequisites</strong><ol><li>All system requirements, including software and operating system installation,
have been verified.<div class="p">To verify that these licensed programs have been installed,
complete the following:<ol type="a"><li>In iSeries Navigator,
expand <span class="menucascade"><span class="uicontrol">your iSeries server</span> &gt; <span class="uicontrol">Configuration
and Service</span> &gt; <span class="uicontrol">Software</span> &gt; <span class="uicontrol">Installed
Products</span></span>.</li>
<li>Ensure that all the necessary licensed programs are installed.</li>
</ol>
</div>
</li>
<li>All necessary hardware planning and setup have been completed.</li>
<li>TCP/IP and basic system security have been configured and tested on iSeries A.</li>
<li>No one has changed the default settings in iSeries Navigator to disable the Task
Status window from opening when a task starts. To verify that the default
setting has not been changed, follow these steps:<ol type="a"><li>In iSeries Navigator,
right-click <span class="menucascade"><span class="uicontrol">your central system</span></span> and
select <span class="uicontrol">User Preferences</span>.</li>
<li>On the <span class="uicontrol">General</span> page, verify that <span class="uicontrol">Automatically
open a task status window when one of my tasks starts</span> is selected.</li>
</ol>
</li>
<li>Secure Sockets Layer (SSL) has been configured to protect the transmission
of data between these servers. <div class="note"><span class="notetitle">Note:</span> When you propagate network configuration
service configuration among servers, sensitive information like passwords
are sent across the network. You should use SSL to protect this information,
especially if it is being sent outside your Local Area Network (LAN). See <a href="../rzain/rzainmc.htm">Scenario: Secure all
connections to your Management Central server with SSL</a> for details.</div>
</li>
</ol>
</div>
<div class="p"><strong>iSeries A
- Model system prerequisites</strong><ol><li>This scenario assumes that <a href="rzakhscen1.htm#rzakhscen1">Network
authentication service</a> is properly configured on the model system (iSeries A).</li>
<li>All system requirements, including software and operating system installation,
have been verified.<div class="p">To verify that these licensed programs have been installed,
complete the following:<ol type="a"><li>In iSeries Navigator,
expand <span class="menucascade"><span class="uicontrol">your iSeries server</span> &gt; <span class="uicontrol">Configuration
and Service</span> &gt; <span class="uicontrol">Software</span> &gt; <span class="uicontrol">Installed
Products</span></span>.</li>
<li>Ensure that all the necessary licensed programs are installed.</li>
</ol>
</div>
</li>
<li>All necessary hardware planning and setup have been completed.</li>
<li>TCP/IP and basic system security have been configured and tested on your iSeries server.</li>
<li>Secure Sockets Layer (SSL) has been configured to protect the transmission
of data between these servers. <div class="note"><span class="notetitle">Note:</span> When you propagate network configuration
service configuration among servers, sensitive information like passwords
are sent across the network. You should use SSL to protect this information,
especially if it is being sent outside your Local Area Network (LAN). See <a href="../rzain/rzainmc.htm">Scenario: Secure all
connections to your Management Central server with SSL</a> for details.</div>
</li>
</ol>
</div>
<div class="p"><strong>iSeries B, iSeries C,
and iSeries D
- Endpoint system prerequisites</strong><ol><li>All system requirements, including software and operating system installation,
have been verified.<div class="p">To verify that these licensed programs have been installed,
complete the following:<ol type="a"><li>In iSeries Navigator,
expand <span class="menucascade"><span class="uicontrol">your iSeries server</span> &gt; <span class="uicontrol">Configuration
and Service</span> &gt; <span class="uicontrol">Software</span> &gt; <span class="uicontrol">Installed
Products</span></span>.</li>
<li>Ensure that all the necessary licensed programs are installed.</li>
</ol>
</div>
</li>
<li>All necessary hardware planning and setup have been completed.</li>
<li>TCP/IP and basic system security have been configured and tested on your iSeries server.</li>
<li>Secure Sockets Layer (SSL) has been configured to protect the transmission
of data between these servers. <div class="note"><span class="notetitle">Note:</span> When you propagate network configuration
service configuration among servers, sensitive information like passwords
are sent across the network. You should use SSL to protect this information,
especially if it is being sent outside your Local Area Network (LAN). See <a href="../rzain/rzainmc.htm">Scenario: Secure all
connections to your Management Central server with SSL</a> for details.</div>
</li>
</ol>
</div>
<div class="p"><strong>Windows 2000 server (not shown in graphic)</strong><ol><li>All necessary hardware planning and setup have been completed.</li>
<li>TCP/IP has been configured and tested on the server.</li>
<li>Windows domain
has been configured and tested.</li>
<li>All users within your network have been added to a Windows domain
through Active Directory.</li>
</ol>
</div>
</div>
<div class="section" id="rzakhscenmc__steps"><a name="rzakhscenmc__steps"><!-- --></a><h4 class="sectionscenariobar">Configuration
steps</h4><p>To use the Synchronize Functions wizard to propagate network
authentication service configuration to endpoint systems, you must complete
the following steps.</p>
</div>
</div>
<div>
<ol>
<li class="olchildlink"><a href="rzakhpropagatescenario_completeplanningworksheets.htm">Complete the planning work sheets</a><br />
</li>
<li class="olchildlink"><a href="rzakhpropagatescenario_createasystemgroup.htm">Create a system group</a><br />
</li>
<li class="olchildlink"><a href="rzakhpropagatescenario_propagateiserisatobandc.htm">Propagate system settings from the model system (iSeries A) to iSeries B and iSeries C</a><br />
</li>
<li class="olchildlink"><a href="rzakhpropagatescenario_configurenasoniseriesd.htm">Configure network authentication service on iSeries D</a><br />
</li>
<li class="olchildlink"><a href="rzakhpropagatescenario_addprincipalswin2000domain.htm">Add the principals for endpoint systems to the Windows 2000 domain</a><br />
</li>
</ol>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzakhscen.htm" title="Use these scenarios to learn about network authentication service.">Scenarios</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink