$TXT Created by FORT,WALLY at NXT.KERNEL.FO-OAKLAND.MED.VA.GOV (KIDS) on WEDNESDAY, 03/26/03 at 16:28 ============================================================================= Run Date: APR 04, 2003 Designation: XU*8*258 Package : XU - KERNEL Priority: Mandatory Version : 8 SEQ #239 Status: Released Compliance Date: MAY 05, 2003 ============================================================================= Associated patches: (v)XU*8*157 <<= must be installed BEFORE `XU*8*258' (v)XU*8*183 <<= must be installed BEFORE `XU*8*258' (v)XU*8*208 <<= must be installed BEFORE `XU*8*258' (v)XU*8*263 <<= must be installed BEFORE `XU*8*258' Subject: Multiple Sign on Update Category: - Routine - Data Dictionary Description: ============ Patch Tracking #: 35314551 Test Sites: CENTRAL ALABAMA HCS, OIFO OAKLAND Blood Bank Clearance: 12/12/2002 1. New Service request: #20020605 Multiple sign-on from only one IP. Preface: In today's VA Workplace it has become impossible for Clinicians to accomplish their work from a single VISTA Session. Many users need to have a Telnet session, CPRS, and VISTA Imaging open at the same time. Two issues: a. Security - We don't allow multiple sign-ons for security reasons. This is primarily caused by users not obeying rules. In the past users logged on in one location then left the area and signed on elsewhere. In doing so they violate Patient Confidentiality and VA Security Policy. b. Licenses - Every sign-on requires a license. If a user signs on in multiple locations we eventually run out of licenses. NOTE: CACHE counts multiple sign-ons from a single IP as 1 license. Fix: Add a new value to the DEFAULT MULTIPLE SIGN-ON field (#204) in the KSP file (#8989.3), "Only one IP" and the same change to the MULTIPLE SIGN- ON field (#200.04) of the NEW PERSON FILE (#200). Make changes to the Sign- on log file (3.081) to track the IP of the user. Change the code to check the flag and file to limit a user to multiple sign-ons from only one IP address. DD changes: New Person File (200): MULTIPLE SIGN-ON (200.04) add to the set of codes: ;0:NOT ALLOWED;1:ALLOWED;2:Only one IP; MULTIPLE SIGN-ON LIMIT (200.19) New field, number; Kernel System Parameters file (8989.3): DEFAULT MULTIPLE SIGN-ON (204) add to the set of codes: 0:NO;1:YES;2:Only one IP DEFAULT MULTIPLE SIGN-ON LIMIT (219) New field, number; SIGN-ON LOG (3.081): Complete DD sent. One way for sites to use this would be to set the field DEFAULT MULTIPLE SIGN-ON (204) in the Kernel System Parameters file (8989.3) to "Only one IP". Also setting the field DEFAULT MULTIPLE SIGN-ON LIMIT (219) to a value of 5. Then if some users need other settings they can be set by the fields in the New Person File (200). Because a Terminal server only has one IP address a user could go to another Terminal Server Client and still sign-on up to the sign-on limit. 2. The print template XUSEC LIST has been modified to provide more useful information. One change is in the ELAPSED TIME column a "*" after the value indicates that the record was forced closed. 3. NOIS: BRX-0102-11431. The problem mentioned in this (closed) NOIS has been fixed. XUP will store DATE/TIME for last sign-on. 4. Also added are two Parameter Definitions for the XUP routine. XUS- XUP SET ERROR TRAP to control if XUP should set an error trap for programmer errors and XUS-XUP VPE to control if XUP will drop into the VPE programmer environment if an option is not selected. The default is to work as it has in the past. Routine Summary The following routines are included in this patch. The second line of each of these routines now looks like: ;;8.0;KERNEL;**[Patch List]**;Jul 10, 1995 Checksum Routine Old New Patch List XQ82 4064095 4050743 **59,67,157,258** XUP 5102490 4983304 **208,258** XUS1A 5708683 6070439 **153,149,183,258** XUS6 517623 944781 **258** XUS9 3294340 3556288 **258** XUSMGR 2643662 4560547 **263,258** List of preceding patches: 157, 183, 208, 263 Sites should use CHECK^XTSUMBLD to verify checksums. ========================================================================= Installation: >>>Do not allow users to log in to the system during installation. >>>TaskMan does *not* need to be stopped. 1. DSM sites - Some of these routines are usually mapped, so you will need to disable mapping for the affected routines. 2. Use the 'INSTALL/CHECK MESSAGE' option on the PackMan menu. This option will load the KIDS package onto your system. 3. The patch has now been loaded into a Transport global on your system. You now need to use KIDS to install the Transport global. On the KIDS menu, under the 'Installation' menu, use the following options: Verify Checksums in Transport Global Print Transport Global Compare Transport Global to Current System Backup a Transport Global 4. Inhibit users from login into the system. (If you install when few users are on the system and the possibility of some CLOBER/NOSOURCE errors is acceptable, then users can stay on the system.) TaskMan can remain running. 5. Installation will take less than 2 minutes. On the KIDS menu, under the 'Installation' menu, use the following option: Install Package(s) 'XU*8.0*258' ========== Want KIDS to INHIBIT LOGONs during the install? YES// YES Want to DISABLE Scheduled Options, Menu Options, and Protocols? YES// NO 6. DSM Sites, after patch has installed, rebuild your map set. ========================================================================= Routine Information: ==================== Routine Name: - XQ82 Routine Checksum: Routine Name: - XUP Routine Checksum: Routine Name: - XUS1A Routine Checksum: Routine Name: - XUS6 Routine Checksum: Routine Name: - XUS9 Routine Checksum: Routine Name: - XUSMGR Routine Checksum: ============================================================================= User Information: Entered By : FORT,WALLY Date Entered : OCT 03, 2002 Completed By: SINGH,GURBIR Date Completed: MAR 27, 2003 Released By : TILLIS,LEWIS Date Released : APR 04, 2003 ============================================================================= Packman Mail Message: ===================== $END TXT