How to import AS\400 assets into Control Compliance Suite version 11.
Last Updated May 16, 2013
You have Control Compliance Suite (CCS) version 11 but cannot import the AS\400 agents into CCS 11 as assets and therefore cannot collect data or run standards.
When trying to import the AS\400 Enterprise Security Manager (ESM) agents into CCS 11 using the Pre-Version 11 Agent import job, you receive an error about the Asset Information policy or the Agent Information module.
The import agents prior to version 11 job in the CCS 11 console is unable to import the AS\400 agents because the required information to create an asset inside of CCS 11 is not being returned by the Asset Information module on the CCS\ESM manager when that policy is run against the AS\400 agent. This is because, unlike other ESM agents, the AS\400 agent modules can only be upgraded by manually upgrading the entire agent.....liveupdate does not update modules on AS\400 agents. Therefore the Agent Information module on the AS\400 agent is incapable of returning all of the required fields necessary to create an asset inside of CCS 11. As of the writing of this document, the Agent Information module had not been updated to do so on the latest releases of the ESM agent for AS\400. So upgrading the agent to a newer version is not currently a solution. Check with Symantec support to confirm if this has changed.
NOTE: The AS\400 agent is a specialty agent that has been maintained at the version 6.5 level but is fully supported for message based data collection with CCS 11.x at this time.
To import AS\400 assets they must currently be brought into CCS 11 as ESM.Agent asset types and NOT agent assets (as are all other ESM agents in CCS 11). However the ESM.Agent asset type was deprecated in CCS 11 and will not allow the import of new assets of this type (Note: Assets of this type already in existence in an upgrade are maintained but new assets of this type cannot be added).
Therefore to allow the import of new ESM.Agent asset types, this asset type deprecation must be reversed using powershell commands. See the attached document for instructions on how to turn off the ESM.Agent deprecation. Once this has been accomplished, the AS\400 agent can be brought into CCS 11 as an ESM.Agent asset type (ESM agent type) and ESM AS\400 policies can be converted (see doc for additional information on conversion considerations) and imported into CCS 11 as usable standards.
WARNING!: When doing an asset import of the AS\400 agents, be sure to use a filter that specifies to only bring into CCS the AS\400 agents. If you only specify a site, the import will bring all agents that are registered to the ESM manager in as ESM.Agent asset types. This might result in duplicate machine entries in the asset database if the machines had previously been brought in as CCS Agents. For example if you have previously brought in CCS version 11 windows agents by registering them directly, they will appear as regular Windows asset types in the asset system. However if reimported as ESM.Agent assets the same machine will appear again. If this should occur, you can manually delete the unwanted ESM.Agent assets from your database if needed.
CCS 11 with CCS Manager v 11 or ESM manager v 9.01 or 10. CCS Manager or ESM manager has AS\400 agents (v6.5) registered to it that need to be imported into CCS 11.