Administer > System Security > System quiesce: Login restrictions

System quiesce: Login restrictions

Quiesce mode sets login restrictions to prevent users from logging on to Service Manager processes. This gives System Administrators a way to stop users from logging on to Service Manager processes, and wait for existing users to gracefully log off before starting system maintenance or testing tailoring activities.

There are three levels of login restrictions. Quiesce level 1 restricts all users, except System Administrators, from logging on to Service Manager processes. Quiesce level 2 restricts all users from logging on to Service Manager processes. Quiesce level 0 (zero) sets Service Manager processes to allow user logins. In the vertical scaled or horizontal scaled environment, Service Manager load balancer does not forward any client connection requests to Service Manager processes that are in quiesce level 1 or 2. If System Administrators want to connect to a Service Manager process in quiesce level 1, they must connect directly to the Service Manager process without connecting through Service Manager load balancer.

Quiesce mode information is stored in the shared memory. When a Service Manager process sets a quiesce level in the shared memory, all other Service Manager processes that read from the same shared memory have the same quiesce level. So if one Service Manager process sets a quiesce level on a host, all Service Manager processes have the same level of quiesce on that host. In a horizontal scaled environment, the "-host:<host name or IP>" or "-group" option can be used with the "sm -quiesce:<quiesce level>" command. The "sm -quiesce:<1 or 2 or 0> -group" command sets the quiesce level to all Service Manager processes on all hosts within the horizontal scaled group.

In a vertical scaled environment when Service Manager processes are running and you issue the "sm -quiesce:1" or "sm -quiesce:2" command, all Service Manager processes on the local host are set to quiesce level 1 or quiesce level 2, respectively. The Service Manager load balancer stops forwarding any new client connection requests to the Service Manager processes, since they are quiesced. If any user tries to connect to Service Manager load balancer at this point, the user receives a message that states "max session exceed" from the load balancer, as there are no available Service Manager processes. Existing users on the system are not affected. However, once existing users log off, they cannot log back on until after the System Administrator changes the quiesce level back to 0 (zero). Once all users have logged off the system, the System Administrator can perform system maintenance. When system maintenance is complete, the System Administrator can issue the "sm -quiesce:0" command to set the quiesce level back to 0, so there are no login restrictions to all Service Manager processes. All Service Manager processes now accept user logins and Service Manager load balancer forwards client connection requests to these Service Manager processes.

In a horizontal scaled environment, assume there are two hosts in the horizontal scaled group, Host A and Host B. While the system is running, System Administrators can quiesce Host A for maintenance and keep Host B running by issuing the command "sm -quiesce:<1 or 2> -host:<Host A name or IP address>" on either Host A or Host B. Service Manager load balancer then forwards all client requests to Host B, as all Service Manager processes on Host A are quiesced. Existing users on Host A are not affected until they log off. If users try to log back on, Service Manager load balancer redirects their connection requests to Host B. After maintenance is complete on Host A, the System Administrator issues the command "sm -quiesce:0 -host:<Host A name or IP address>" to bring Host A back to service. This way the System Administrator can maintain one of the hosts in a horizontal scaled group and avoid down time. The System Administrator can also quiesce all Service Manager processes in the group by issuing the "sm -quiesce:<1 or 2> -group" command. When the maintenance is complete, the System Administrator can then set all Service Manager processes in the group back to non-quiesce mode by issuing the "sm -quiesce:0 -group" command.

A System Administrator can restrict logins to Service Manager using the system.quiesce application. System maintenance tasks include the following:

  • Upgrading from one version of Service Manager to another
  • Tailoring forms, tables, or format controls

The system.quiesce application provides three levels of login restrictions:

Restriction level Description
Level 0 Service Manager has no login restrictions and accepts all logins normally.
Level 1

Service Manager restricts login to operators who have the SysAdmin capability word. Service Manager denies login to all other operators and displays the message:

System quiesced, you cannot login at this time.

When you issue sm -quiesce:1 -group on a primary or secondary host, all Service Manager processes (except Service Manager load balancer) are set to quiesce mode 1. Service Manager load balancer updates its available node list to 0. If users try to connect to Service Manager load balancer at this time, they receive the following message, since there are no available Service Manager processes.

Max session exceeded.

Level 2

Service Manager denies login to all operators and displays the message:

System quiesced, login restricted at this time.

Note: A quiesced system restricts new login attempts only. Currently logged on users can continue working until they log off.