System quiesce: Login restrictions
Quiesce mode sets login restrictions to prevent users from logging on to Service Management processes. This gives System Administrators a way to stop users from logging on to Service Management processes, and wait for existing users to gracefully log off before starting system maintenance or testing tailoring activities.
There are three levels of login restrictions. Quiesce level 1 restricts all users, except System Administrators, from logging on to Service Management processes. Quiesce level 2 restricts all users from logging on to Service Management processes. Quiesce level 0 (zero) sets Service Management processes to allow user logins. In the vertical scaled or horizontal scaled environment, Service Management load balancer does not forward any client connection requests to Service Management processes that are in quiesce level 1 or 2. If System Administrators want to connect to a Service Management process in quiesce level 1, they must connect directly to the Service Management process without connecting through Service Management load balancer.
Quiesce mode information is stored in the shared memory. When a Service Management process sets a quiesce level in the shared memory, all other Service Management processes that read from the same shared memory have the same quiesce level. So if one Service Management process sets a quiesce level on a host, all Service Management processes have the same level of quiesce on that host. In a horizontal scaled environment, the "-host:<host name or IP>" or "-group" option can be used with the "sm -quiesce:<quiesce level>" command. The "sm -quiesce:<1 or 2 or 0> -group" command sets the quiesce level to all Service Management processes on all hosts within the horizontal scaled group.
In a vertical scaled environment when Service Management processes are running and you issue the "sm -quiesce:1" or "sm -quiesce:2" command, all Service Management processes on the local host are set to quiesce level 1 or quiesce level 2, respectively. The Service Management load balancer stops forwarding any new client connection requests to the Service Management processes, since they are quiesced. If any user tries to connect to Service Management load balancer at this point, the user receives a message that states "max session exceed" from the load balancer, as there are no available Service Management processes. Existing users on the system are not affected. However, once existing users log off, they cannot log back on until after the System Administrator changes the quiesce level back to 0 (zero). Once all users have logged off the system, the System Administrator can perform system maintenance. When system maintenance is complete, the System Administrator can issue the "sm -quiesce:0" command to set the quiesce level back to 0, so there are no login restrictions to all Service Management processes. All Service Management processes now accept user logins and Service Management load balancer forwards client connection requests to these Service Management processes.
In a horizontal scaled environment, assume there are two hosts in the horizontal scaled group, Host A and Host B. While the system is running, System Administrators can quiesce Host A for maintenance and keep Host B running by issuing the command "sm -quiesce:<1 or 2> -host:<Host A name or IP address>" on either Host A or Host B. Service Management load balancer then forwards all client requests to Host B, as all Service Management processes on Host A are quiesced. Existing users on Host A are not affected until they log off. If users try to log back on, Service Management load balancer redirects their connection requests to Host B. After maintenance is complete on Host A, the System Administrator issues the command "sm -quiesce:0 -host:<Host A name or IP address>" to bring Host A back to service. This way the System Administrator can maintain one of the hosts in a horizontal scaled group and avoid down time. The System Administrator can also quiesce all Service Management processes in the group by issuing the "sm -quiesce:<1 or 2> -group" command. When the maintenance is complete, the System Administrator can then set all Service Management processes in the group back to non-quiesce mode by issuing the "sm -quiesce:0 -group" command.
A System Administrator can restrict logins to Service Management using the system.quiesce application. System maintenance tasks include the following:
- Upgrading from one version of Service Management to another
- Tailoring forms, tables, or format controls
The system.quiesce application provides three levels of login restrictions:
| Restriction level | Description |
|---|---|
| Level 0 | Service Management has no login restrictions and accepts all logins normally. |
| Level 1 |
Service Management restricts login to operators who have the SysAdmin capability word. Service Management denies login to all other operators and displays the message:
When you issue
|
| Level 2 |
Service Management denies login to all operators and displays the message:
|
Note: A quiesced system restricts new login attempts only. Currently logged on users can continue working until they log off.
Click here to show or hide links to related topics.
Related concepts
Application profiles
Environment record
User roles
Capability word model
Adding users
Checklist: Adding a new user
Controlling user access and security
Creating operator records
Operator passwords
Operator records
Operator templates
Lockout feature
Related tasks
Enable logging of user access
Enable login restrictions
Disable login restrictions
Enable tracking of operator times