Versions Compared

Version Old Version 7 New Version Current
Changes made by

Brian Nordland

Brian Nordland

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel6
outlinefalse
stylenone
typelist
printabletrue

...

Expand
titleCreating the *SYSTEM certificate store

  1. In a web browser, enter http://mysystem:2001/dcm, where mysystem is the host name or IP address of the system. This opens IBM Digital Certificate Manager for i.

  2. Log in with an IBM i profile with sufficient authority.

  3. Click on Create Certificate Store on the left-hand navigation menu

  4. On the right-hand side of the page select *SYSTEM.

Info

Note: If the *SYSTEM option is not available in the list, it indicates that there is a *SYSTEM store already created on this system, and these steps have already been performed.

  1. Create a password for the *SYSTEM store and click Create.

Info

Note: The password is case-sensitive. It is recommended not to use special characters. This password is not attached to a user profile and it will not lock you out of the system after too many attempts.

Panel
panelIconIdatlassian-light_bulb_on
panelIcon:light_bulb_on:
panelIconText:light_bulb_on:
bgColor#E3FCEF

Tip: The system certificate store must be created on all nodes in the cluster. Ensure the *SYSTEM certificate store is created on all nodes in the cluster before continuing.

...

There are two options for trusting the IBM Cloud Certificate Authority:

  • Recommended: Populate digital certificate manager with well known CAs.

...

Expand
titleBypassing strict-certificate checking in PowerHA using a PowerHA Policy
Note

Warning: While this step only needs to be performed on one node, it is not as secure as the option for trusting well-known certificates. While this option still uses encrypted communication between PowerHA and IBM Cloud services, it does not protect against a man-in-the-middle attack.

Add a PowerHA policy to bypass strict certificate checking in PowerHA. For example, the following policy would bypass strict certificate checking for any configuration description:

ADDHAPCY PCY(QHA_COMM_STRICT_CERT_CHECK) PCYDMN(*NONE) QUAL('CFGD(*ALL)') VALUE(*NO)

This step only needs to be performed on one node as the policy applies to the entire PowerHA cluster.

...

Expand
titleManually Configuring GRS
Info

If the CFGPVSMIR command was used, these steps should be skipped.

While the CFGPVSMIR command will handle many of the steps in an automated fashion, GRS can also be manually configured. This includes performing the following actions:

Actions on the primary site:

  • Ensuring the IASP volumes are all in the same storage pool.

  • Enabling replication for the IASP volumes by setting the volumes to be replication-enabled

  • Creating a new volume group

  • Placing the replication enabled volumes into the volume group

Actions on the target workspace:

  • Onboard the auxiliary volumes by using the IBM Cloud CLI or API.

  • Attach the a auxiliary volumes to the target virtual server

See the IBM Cloud documentation on getting started with GRS for additional information.

Adding Volumes to the Backup (Target) Copy Description

Volumes are added to the target copy description in the same way that they are added to the source copy description, using the CHGPVSCPYD command. In this instance, the volume IDs must be obtained from the target Power Virtual Server workspace in the IBM Cloud.

For example, the copy description for the backup copy can be added using the following command:

CHGPVSCPYD ASPCPY(WDC07CPY) ACTION(*ADDVOL)

...