BRMS Deployment Guide

Initial Setup

Use the Set User Usage for BRM (SETUSRBRM) command as a starting point for controlling access to BRMS functions and then tailor your security setup to better meet your requirements using functional authority.

The BRMS functional usage model allows you to customize user access to BRMS functions (backup, recovery, and media management) and to the different components of each function. For example, you can give one user authority to change a control group, and another the authority only to use and view it. You can also use the functional usage model to grant all users access to a particular function or functional component.

BRMS provides effective control over user access to BRMS functionality. See IBM i security options to prevent users from causing accidental or intentional damage to your files or system. However, because BRMS ships its databases with *PUBLIC *EXCLUDE authority, irreparable damage is unlikely to occur.

Recommendations for BRMS network

BRMS networking uses DDM and DRDA over native TCP/IP for IBM i communications.  BRMS encourages using encrypted server authentication security for TCP/IP IBM i communications.  Use the Change DDM TCP/IP Attributes (CHGDDMTCPA) command to specify that an encrypted password must accompany the user ID.  BRMS supports the following encryption standards:

• Advanced Encryption Standard (AES)

• Data Encryption Standard (DES)

AES is considered the more secure method and is recommended.

Additional Considerations

• Encrypted Backups

Learn about methods to encrypt your data during the backup.

• Securing the console monitor

You can run saves that require a restricted state, such as *SAVSYS, from the system console in a secure, unattended mode.