Symantec™ ESM Agent For IBM AS/400
Version 6.5
Installation Guide
Introduction
The scope of this Installation Guide is to document the procedure for installing the Symantec ESM AS/400 Agent and Registering the AS/400 agent with the manager.
This document includes the following topics:
- Before you install
- System requirements
- Installing the Symantec ESM Agent
- Registering the Symantec ESM Agent with an ESM manager
(Please note – references to AS/400 may be inclusive to OS/400, i5/OS, iSeries, System i)
Before you install
When you plan to install an ESM agent on your AS/400 system, complete the following:
- Select the systems where you want to install the Symantec ESM agent.
- Obtain access to the QSECOFR account on each selected system.
- Select the Symantec ESM managers where you want to register each Symantec ESM agent.
- For each ESM manager, have the following information available:
- The name of the host computer where the ESM agent will be installed
- The name and password of an account on the ESM manager with privileges to register Symantec ESM agents
- The communication protocol
- The port number
- Add the managers to the AS/400 TCP/IP host table by typing 'CFGTCP' and selecting option 10.
- Edit the host file by adding the AS/400 system IP address and name, and save the file on the Symantec ESM manager.
- The host file is located at the following path on your Windows Symantec ESM Manager: C:\WINNT (or Windows)\system32\drivers\etc\hosts
- You should edit the host file by adding the AS/400 systems IP address and name, as shown in the following example: 10.10.100.100
my_AS/400 - Ensure that the ESM manager to where you plan to register the AS/400 agent uses a password that is no longer than eight characters in length.
- Delete or rename any library that is named ESMOLD or ESM_OLD. When you attempt to upgrade your installation, one of these libraries is created, allowing you to restore your previous installation. If the upgrade succeeds, Symantec ESM automatically deletes the library. If the upgrade fails for any reason, the library remains intact. If these libraries exist on your computer prior to beginning a new installation, you cannot install the Symantec ESM agent until they are removed or renamed.
- Do not install the Symantec ESM manager on a computer that has the IBM Operations Console software currently installed.
- Note: Symantec ESM 6.x managers only run on computers with Windows or UNIX OS.
System requirements
Computers that have AS/400 operating systems must meet these minimum requirements to install and run Symantec ESM software:
- 256 MB RAM memory
- 1600 MB of free disk space
- 30 MB pool size
You can install Symantec ESM agents on IBM iSeries computers that have an OS/400 V5R3, V5R4, & V6R1 operating system.
Installing Symantec ESM agents
The installation process consists of extracting the Symantec ESM libraries from the CD-ROM, running the installation program, and registering the AS/400 agent to the ESM manager.
Symantec distributes Symantec ESM software on an ISO 9660 (High Sierra Format) CD-ROM disk. To access this software, at least one OS/400 must have access to a CD-ROM drive.
The ESM agent installation process includes the following steps:
- Starting the Symantec ESM installer
- Selecting the type of installation
- Performing the installation
- Registering the agent to a manager
To start the Symantec ESM installer
- Insert the Symantec ESM CD-ROM in the system's CD-ROM drive.
- Log in to the AS/400 system as QSECOFR.
- Type LODRUN DEVICE <OPT01>
OPT01 is the default name of the CD-ROM drive. If your OS/400 uses a different name for the CD-ROM drive, substitute the correct name in the command.
To select the type of installation
- Type Y to select the New Install option.
- Select Enter=Accept if you agree to the terms of the Software License agreement.
To install a Symantec ESM agent
- Type N in the Transfer data field.
- Type N in the Submit to batch field.
These steps let you install the software interactively and lock the workstation until you finish the installation.
Press Enter to execute the command. As soon as the installation is complete, a registration screen appears.
Registering Symantec ESM OS/400 Agent with a Manager
Registering a Symantec ESM agent with a manager establishes secured communications between the agent and manager. Each agent must register to at least one manager. Do not use more than one agent name to register a Symantec ESM agent to a manager, or ESM reports an error when you try to run a policy on the agent.
Do not register the Symantec ESM agent to a manager version earlier than Symantec ESM 6.0. This causes database errors on the manager. Instead, you must upgrade the managers to the latest Symantec ESM version before registering the agent.
The manager must be running to register the agent. If the manager is not running, you can restart the manager and use the Register agent option in the Symantec ESM menu to register the agent.
Symantec ESM agents registered to an ESM manager prior to an upgrade of the manager continue to function with the upgraded manager. However, you must upgrade these agents to use new functions and features.
To register the Symantec ESM agent to a manager
- Log in to the OS/400 using ESM as the profile.
You must change the password after the first login.
- If you are reregistering the agent, select option 40 to start the ESM subsystem.
- On the ESM main menu, select option 6, Register with Manager.
- Specify the following information:
- TCP/IP port number (the default value is 5600)
- Symantec ESM manager user name
- Symantec ESM manager password
- Symantec ESM manager name
If you have not modified the hosts file on the Manager computer, you must use the IP address.
- Press Enter to end the terminal session.
- If you are reregistering the agent, restart the Symantec ESM console.
Legal Notice
Copyright © 2009 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, LiveUpdate, Symantec Enterprise Security Architecture, Enterprise Security Manager, and NetRecon are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.
