AS/400 Server Migration – Auditing

25 pts.
Tags:
AS/400
AS/400 migration
AS/400 Server
Hello, I am an Internal IT Auditor for a bank. My company is moving its iSeries server in Singapore to Chicago. I am supposed to audit this migration and provide my comments. Does anyone help me to identify the key risk areas that needs to be looked at during this migration?

Answer Wiki

Thanks. We'll let you know when a new response is added.

Some suggestions:
- track user account add/delete/modifications
- track authority changes
- track file/folder/object changes
- track network configuration changes
- data comparison (source = destination)
- test transactions: do they result in intended result?
- scan destination system with something like nmap to ensure no additional services are loaded/listening that might open the system to compromise

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    What exactly is being "migrated"? Is the physical system being boxed up and shipped? Is a full-system save being done in Singapore and a full-system restore being done in Chicago? Is the Chicago system going to be new hardware purchased for this purpose or is it an existing system that is being repurposed for this? Are there only going to be saves/restores of application libraries and directories? Are user profiles going to be migrated along with ownerships and authorities? Will the Chicago system have the same hardware configuration as the Singapore system? The same logical configuration? System name? Host name? Addresses? (Time zones?) In short, what specifically is to be done? Tom
    125,585 pointsBadges:
    report
  • Puttu
    Hello Tom, Please see my comments below. Is the physical system being boxed up and shipped? ---> No. Only the application and data is migrated. The physical hardware will be trashed after the data transfer. Is a full-system save being done in Singapore and a full-system restore being done in Chicago? ---> Yes, Data will be transfered using FTP. It shoud take not more than 11hrs. Is the Chicago system going to be new hardware purchased for this purpose or is it an existing system that is being repurposed for this? ---> A new Hardware will be purchased. It will have AS400 V6R1 OS installed. Are there only going to be saves/restores of application libraries and directories? Are user profiles going to be migrated along with ownerships and authorities? ---> Everything including profiles, ownerships, authorities will be migrated. Will the Chicago system have the same hardware configuration as the Singapore system? The same logical configuration? System name? Host name? Addresses? (Time zones?) ---> No, the hardware configuration, system name host nme would change.
    25 pointsBadges:
    report
  • Puttu
    So, the deal is, there is an application being run on AS400 server in Singapore. This application along with its database is migrated to Chicago, to a new AS400 server. The Singapore server is running on V5R3 and the Chicago server will have V6R1 OS. So, does anyone know about the regulatory requirements for such a transfer of data from Singapore to USA? The application contains sensitive information and also has a regulatory module. The production as well as development environments will be migrated. Can some one help in understanding what are the high risk areas in such a migration and what are the items that one should have(like a check list)?
    25 pointsBadges:
    report
  • Splat
    Would it be safe to assume someone has run ANZOBJCVN on the system being migrated?
    7,235 pointsBadges:
    report
  • TomLiotta
    does anyone know about the regulatory requirements for such a transfer of data from Singapore to USA? If there is anything that can't be legally transferred through FTP or a similar transfer method, it probably shouldn't be migrated. But it's hard to imagine that bytes could be sent by one method but not another. For program objects and some other objects, there is an automatic internal conversion that happens when older objects are restored to V6.1. Splat's mention of ANZOBJCVN is to emphasize that you want to be prepared for older programs that have no observability and no source code for recompiles. It's well worth the effort to do the analysis ahead of time. You should do a full-system save for completeness. I'd probably then do a SAVSECDTA plus a save of the application libraries and directories. The full-system save would be for emergency recovery. You can probably get by with just the saved security data plus the save(s) of the application(s). Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following