INFO: Common security related DataGate/400 questions
The information in this article applies to:
- DataGate/400, Version 4.7 and higher
- FAQ
- Acceler8DB
- AS/400
- TCP/IP
SUMMARY:
This Question and Answer list provides details about
commonly asked questions regarding the installation and configuration of
DataGate,
particularly when used as a TCP/IP service.
MORE INFORMATION:
Q. How is the AS/400 security maintained when Web Serving with Microsoft's
Internet Information Server (IIS), Active Server Pages (ASP) and Component
Services (COM+), and ASNA' s Acceler8DB Client and DataGate/400?
Visit our White Papers for more information: http://www.asna.com/PDF/ASNA%20and%20AS400%20Security.pdf
Q. What components are installed on the AS/400? (e.g. Libraries, objects in other
libraries, profiles etc)?
Two libraries are created for DataGate/400:
DG8_40: Contains programs and configuration objects.
DG8_VCAT46: DG8_VCATxx library contains cached
filed definitions
One user profile:
DG8SVCPRF: Used to run the Service and the License Manager.
Q. What configuration needs to be performed on the AS/400?
For TCP/IP one entry is added by the installation program to the TCP Service
Table (ADDSVCTBLE):
Acceler8DBServer -> port 5042
Two JOBQ entries have to be added manually to the subsystem where DataGate jobs are to
be run. Please see:
Configuring
DataGate400 for TCP/IP Access
Q. What components are installed on the PC or NT Network Server?
Microsoft Files Group:
First, the system files needed to support the whole environment must be installed -
basically the C++ runtime from Microsoft. This group gets installed under the Windows
System directory. The file names are:
Imagehlp.DLL
MFC42.DLL
MSVIRT.DLL
MSVCP60.DLL
MSVCRT.DLL
OLEAUT32.DLL
OLEPRO32.DLL
REGSVR32.DLL
AVR Run Modules Group:
In this group, these are the files that make up the runtime environment for ASNA Visual
RPG. This group of files will be installed under the ‘Program
Files\Common Files\ASNA Shared’ folder. The file names are:
avrrt31.dll
runmsg.amf
gxww20.dll
avrrt35.dll
runmsg.amf
avrww35.dll
gxww20.dll
ADB Client Modules Group:
This group contains the minimum set of files to support client programs accessing data
from any Acceler8DB database and any AS/400 using DataGate/400. This group of
files will be installed under the ‘Program Files\Common Files\ASNA Shared’
folder. The file names are:
adbapi.dll
adbapx.ocx
adbapxcc.dll
gxww.dll
splview. ocx
splviewer.dll
Q. How do clients extract data from the AS/400? (e.g. ODBC, FTP etc.)
Applications use the Acceler8DB / DataGate/400 Client / Server protocol.
Q. What security rights are required on the AS/400? (i.e. do transfers run under the
users account or a DataGate/400 profile.)
Data access is done under the user account profile
Q. What are the security rights of the objects within
the AS/400 DataGate/400 software?
*PUBLIC should have *CHANGE authority to DG8_40, the installation library.
The DG8SVCPRF user should have *USER authority, and be able to have access to SBMJOB,
GRTOBJAUT commands and *ALL authority to DG8_40/LMDB file (the license manager file).
The end user should have authority to commands GRTOBJAUT, RNMOBJ and *CHANGE
authority to DG8_40/LMDB
Q. What are the security rights of the
OS/400 Objects to allow DataGate/400 Software to Run?
To restrict user access
to a command line or run specific commands, change the
LMTCPB
(limit capabilities) to *YES; however, changing the
LMTCPB
only affects the Acceler8DB manager. The
AS/400 controls this access. DataGate/400 is controlled by the AS/400;
therefore, the end user
LMTCPB
setup is base on the company needs.
DG8SVCPRF user should have RWX
privileges to the Object. See
Figure 1 below.
Figure 1
Q. Are any DataGate/400 objects required to run under QSECOFR or privileged authority?
Yes, the DataGate service program has to run under high authority to be able to start
the user proxy jobs under the user's account profile.
Q. Can access to data be restricted to specific users or departments only?
Yes
Q. If applicable - How is security configured?
Since data access is done under the user's authority, the normal OS/400 security
commands are used by administrators to configure the security privileges to data files and
programs.
Q. Will there be any performance implications of the product on the AS/400?
The product takes no more resources than a job running on a dumb terminal.
Q. What are the shutdown and startup routines for DataGate/400 jobs or processes on the
AS/400 ?
The TCP/IP service is controlled with the STRDG8SVR/ENDDG8SVR commands. The user
proxy job starts when the PC application opens the first AS/400 file and stops when the
last file is closed.
Q. What recovery the recovery procedures?
If the subsystem where the DataGate/400 Service is running is stopped without stopping the
service first, then the TCP port (typically 5042) will remain connected and has to be
ended manually.
Please see: PROBLEM: DataGate/400 service will
not start
Q. Are there any monitoring procedures?
Use the Acceler8DB Monitor, a Windows application, to monitor the state of the proxy
jobs.
Q. Are there any OS/400 release of PTF pre-requisites?
No
Q. How do I know what version of DataGate/400 I am running?
To find out what version of DataGate/400 you are running go to an AS/400 command line and
enter the following command:
DSPDTAARA DG8_40/RELDATE
Note: Where DG8_40 is the library where you’ve installed
DataGate/400.
Keywords: security, "frequently asked questions", client,
configuration, settings
| 