Steven McIver

Deploying Access Client Solutions Centrally with Java Included

Deploying Access Client Solutions Centrally with Java Included

The IBM i Access Client Solutions tool is the de facto standard for managing your IBM i systems. It allows you to start 5250 telnet sessions, 5250 console sessions, transfer files to and from the system, run SQL scripts, analyze SQL performance, create indexes, and much, much more. Most organizations have a significant number of users that are using this product or its predecessor – IBM i Access for Windows. Updates come to the product once or twice a year and performing those updates can be a bit cumbersome with a large number of users. Often times the updates just never get done.

There has been one large drawback when it comes to changing from Access for Windows to Client Solutions – it requires Java to be installed on each workstation. This then also requires the administrator to ensure Java is getting updated on all those workstations. In some cases, the only application requiring Java on these workstations is Client Solutions.

An option that’s been gaining traction recently is centrally deploying IBM i Access Client Solutions – putting it on a file share and placing a shortcut on each user’s desktop to execute it remotely. Using this option allows you to update the product once and all users then have the newest version the next time they launch the product. And it gets even better:  You can also include your Java JRE in this central location, and then you don’t have to have it installed on every end user’s workstation!

Follow these simple steps to put the JRE in the proper spot:

  1. Download a Java JRE (such as IBM Semeru Java 11 OpenJ9 JRE)
    https://developer.ibm.com/languages/java/semeru-runtimes/downloads/
  2.  Locate the folder with the Windows executable on the file server (C:\Users\Public\IBM\ClientSolutions\Start_Programs\Windows_x86-64)
  3.  Unzip the folder into the Windows_x86-64 directory and rename it – adding jre on to the end of it. Client Solutions will find the Java JRE as long as the folder ends in jre.

Now with a simple shortcut to the executable on the file share, users can access both IBM i Access Client Solutions and the necessary Java file to run it. One last note – when you go to update Client Solutions in the future, make sure you make a copy of your AcsConfig.properties outside the install directory, update the product, and then overwrite the new AcsConfig.properties with the copied one. This will prevent you from losing changes you’ve made to …

Perform VIOS Backups to your HMC

Keeping your HMC (Hardware Management Console) up to date is not only good for security and for squashing pesky bugs, but it is also good for getting the latest features that have been added. Starting at 9.2.950 of the HMC code, IBM added the ability to backup your VIOS (Virtual I/O Servers) to the HMC. This feature makes it incredibly easy for anyone to capture a backup of each one of their VIOS and in the process get some peace of mind.

There are two options for backing up your VIOS:

  1. Virtual I/O Server Configuration Backup
  2. Virtual I/O Server Backup.

The Virtual I/O Server Configuration Backup is the easiest, quickest one to do, and it’s all that you really need. It creates a small file that includes all of the virtual mappings for your network and storage. You can also use the HMC to restore the mappings using this file.

The other option, Virtual I/O Server Backup, does an entire backup of the VIOS and is a much larger save. Oftentimes, an HMC will either not have enough or barely have enough space to keep full backups of VIOS. I only recommend doing these full backups if you are using a Virtual HMC with a lot of storage provided to it. Whichever method you choose, make sure you perform the backups for all of your VIOS partitions.

To perform one of these backups, you need to log into your HMC and go to Console Management > Templates and OS Images > VIOS Images > Manage Virtual I/O Server Backups.

There is a tab for both different types of backups. For the Configuration Backup, you’ll click on the Backup IO Configuration button to get started.

Select the Managed System where the VIOS partition resides. Then, choose the Virtual I/O Server you want to back up. Last, specify a name for the file and click Apply.

This will kick off a background process that will run for a few seconds. Click the Refresh button after a minute and you should see the backup file, along with details of when and what, and where it was saved.

I recommend performing these backups any time you make configuration changes in VIOS and before doing VIOS updates. Having a backup handy can potentially save you a lot of grief!

 

More from this month:

BRMS – Omitting Constantly Locked Files

BRMS (Backup, Recovery, and Media Solutions) is an application for IBM i used to make backups and restores easier. You can configure backups to happen just as you want them, and when you want to restore, find exactly what you want and where to restore it from. Very often users will configure BRMS to do Save-While-Active saves, so that applications don’t have to be ended during backups – keeping their system up and running and making them look like a superhero.

However, any objects that have exclusive locks on them cannot be saved during a Save-While-Active. Also, by default, objects that use commit control cannot be saved while in the middle of a commit cycle. When a single object in a save cannot be saved, it will result in the message:  Control group XYZ type *BKU completed with errors. Some administrators will often begin to accept this as a good completion message and never check to see what didn’t get saved. This could lead to a potentially disastrous situation if you need to restore and it turns out that not as much of the system was getting backed up as you thought.

There are two things you want to do to rectify this situation:

1) End the application causing the lock before the save and then start it after the save finishes.

2) Omit the objects that cannot be saved. Ending the application may not be possible, so then you have to look at what’s not being saved. If the objects that cannot be saved are trivial things like log files or easily re-created data areas, you can simply choose to omit them from the backup, since they are not critical to restoring the system.

The easiest way to add omits to your BRMS control groups is by using the graphical interface for BRMS inside of Navigator for i. There is a section for Backup, Recovery, and Media Services in the panel on the left side of the page.

 

Inside the section for Backup Control Groups, you will find all your configured control groups. Right-click the one you want to work with and click Properties. Click on the What tab to see what you are backing up. Click on the arrows next to the Item and then click Change Omits… This will let you add either single objects or many objects by specifying a string and then ending …

How to Make Your E-mail Server Like You!

As a system administrator, getting email notifications when critical thresholds are hit can help you save your system and be the hero for the day. Setting up your IBM i server to be capable of sending emails isn’t too difficult, but there is a snag that you can run into when your company’s email server is a little picky.

Many email servers are configured to only receive emails from senders (think FROM: address) that belong to trusted domains. The server may happily receive and send emails that are from admin@abccompany.com, but if it was to receive an email from admin@xyzcompany.com, it would reject it if xyzcompany.com was not on the list of domains that it allows. The problem with the IBM i server often is that will send the email with a sender name that the email server does not like, so it tosses the email out – never to be seen.

In order to correct this, you first have to determine what your E-mail directory type is set to. The easiest way to look at this setting is to do a CHGSMTPA and prompt with F4.

If your value is set to *SMTP, do the following:

Still on the CHGSMTPA screen, add an acceptable domain to the SMTP domain alias parameter. Then use WRKSMTPUSR to add an entry for the user that will be sending the email.

If your value was set to *SDD, do the following:

Do a WRKDIRE and verify that an entry exists for the user that will be sending the email. If not, use option 1 to add the user to the directory.

After the entry exists, take option 2 to change the entry, and then do an F19 to ‘Change name for SMTP’. You may get a message that an entry doesn’t exist for it – just hit Enter to proceed. Fill out the screen that follows.

You’ve done it!

Make sure you can communicate with the mail server, that your IP address or host name is whitelisted, and that you’ve followed the steps above to make sure you have a domain name that’s acceptable to the server. Then all you have to do is make more room in your inbox!

More from this month:

POWER9 Install LAN Console Bug

Here is a quick heads up if you are planning to install a POWER9 system using LAN console.

A major bug was found in Client Access Solutions 1.1.8.7 recently that prevents you from establishing LAN console sessions on systems where the SSL certificate has not been accepted yet. This is especially troublesome when the system has just been pulled out of the box and you cannot proceed with configuring it. Details of this problem and the solution can be found here.

To make matters even worse, there is now another bug that is preventing LAN console from connecting on new systems.

On recently shipped POWER9 systems there is a defective A side PTF that is preventing LAN console sessions from being established. The message ID that shows up is MSGSSL001. This is very similar to the error above, but that message ID is MSGSSL002. The simple solution to this problem is to shut the system down, change the control panel to boot from the B side, and then start the system again. You will then likely run into message ID MSGSSL002 if you’re using ACS 1.1.8.7, and then you’ll need to use the above workaround.

Be sure to pass this information along to any friends or co-workers who may be setting up a system soon. This will make their day much brighter!

More from this month:

What Do I Need To Do Full System FlashCopy Backups?

Full System FlashCopy (FSFC) Toolkit is a tool developed by IBM to allow you to capture full backups of your entire system with little to no downtime. It is becoming very popular for shops that are running 24/7, where any downtime to the system becomes very costly. You may be considering using this option for backups on your system, but you have no idea what you need to get to implement it.

Listed here are the key items you need to have:

  • Be on at least IBM i 7.2.
  • Have available CPU, memory, and disk resources for two LPARs:
    • A “Controlling” LPAR where the toolkit begins running.
      • Can be a Dev/UAT partition. Any partition you don’t plan to use Full System FlashCopy with.
      • If you need to create one, you will need the following resources:
        • 05 CPU
        • 6 GB RAM
        • 400 GB of storage
        • Physical adapters for Ethernet, Disk, and Tape or virtualized through Virtual I/O Server.
      • A target LPAR for the FlashCopy disks to attach to.
        • Hardware requirements:
          • 05 CPU
          • 8 GB RAM
          • Target disks can be thin provisioned. Storage used increases the longer the FlashCopy lasts as bits get copied over from the Source. Expect to need around 10% of the size of the source disks.
          • Physical adapters for Ethernet, Disk, and Tape or virtualized through Virtual I/O Server.
        • You may have to do some shuffling to get the necessary CPU and memory resources. If you need to buy an additional IBM i license, it can greatly affect the price of implementation.
        • Licenses for the following licensed programs (only on the Controlling LPAR):
          • License for PowerHA Standard or Enterprise.
          • License for HA Switchable Resources
        • A Hardware Management Console (HMC). Can be physical or virtual.
        • A Storwize, FlashSystem, or DS8000 SAN that is licensed for FlashCopy.
        • SAN switches for zoning disks and tape.

If you are coming from a single partition system, the requirements for FSFC are very steep. In many situations, it can be costly to implement, but you have to consider the cost of bringing down the system for backups. Run the numbers to see if the cost of downtime is greater than the cost to implement.

Also, consider your current backup strategy and what you’re able to capture while the system is up. I will wrap this up with a question:  If your production system becomes compromised, do you want your last save to contain EVERYTHING

Java Precedence in IBM i

When considering which release of IBM i to upgrade to next, one of the important factors to consider is whether or not the available versions of Java at the target IBM i release are supported by the software that you are running on your system. If you were to upgrade to a new release where your installed software could not operate with the Java that is available, you could find yourself having to rollback to the previous IBM i release – completely erasing all the hard-spent time planning and executing the upgrade!

Most software vendors can quickly tell you whether or not their software will operate on the release of IBM i you are planning to go to. In the cases where the vendor cannot tell you, or the Java applications that you have are homegrown, there is a way to force your current release of IBM i to change what is known as its “Java Precedence”. This is done by adding an environment variable to your system environment that controls which version of Java it prefers to use. Your system will then use this version of Java unless your programs are coded to use a specific version of Java.

 …

RNMTCPHTE (Changing host table entry IP without having to remove and add back)

Host table entries on IBM i are something that every system administrator touches. At the very least, you should always have an entry in there that resolves the hostname of your system to the correct IP address. There are many services (like SSH and Navigator for i) that will run much faster if his host table entry is in place and correct.

In this world, the only thing constant is change, and when changes start happening, IP addresses tend to start changing. When IP addresses change, you have to change those host table entries that have remained the same on your system for a long time. If you take the usual command-line route to changing them, you will hop to the Configure TCP/IP menu (CFGTCP) and then take option 10 – Work with TCP/IP host table entries.…