Maximum virtual storage
A customer asked me today how she could find out what the maximum allowable virtual storage size was for a given guest (without looking at the CP directory entry). The only thing I could think of was CP DEFINE STORAGE reallybignumber and seeing if it fails. Of course, that carries a risk: if you happen to hit a value that *is* allowed, you get to reIPL. Is there another way? QUERY VIRTUAL STORAGE MAX or something would seem like a reasonable extension... ...phsiii
Re: Maximum virtual storage
Is there another way? QUERY VIRTUAL STORAGE MAX or something would seem like a reasonable extension... Phil, Could you do a DEF STOR 1024M or some other really large value and check the value specified in the CP response saying you asked for too much? def stor 1024m HCPDST094E Storage exceeds allowed maximum of 64M Ed Zell (309) 674-8255 x-107 [EMAIL PROTECTED] . CONFIDENTIAL NOTICE: This communication, including any attachments, is intended only for the use of the individual or entity to which it is addressed and contains information which may be confidential. If you are not the intended recipient, any distribution or copying of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately, delete the communication and destroy all copies. Thank you for your compliance.
Re: Maximum virtual storage
yes but if it works you're toast! Reipl time David -Original Message- From: The IBM z/VM Operating System on behalf of Ed Zell Sent: Thu 2/1/2007 9:28 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] Maximum virtual storage Is there another way? QUERY VIRTUAL STORAGE MAX or something would seem like a reasonable extension... Phil, Could you do a DEF STOR 1024M or some other really large value and check the value specified in the CP response saying you asked for too much? def stor 1024m HCPDST094E Storage exceeds allowed maximum of 64M Ed Zell (309) 674-8255 x-107 [EMAIL PROTECTED] . CONFIDENTIAL NOTICE: This communication, including any attachments, is intended only for the use of the individual or entity to which it is addressed and contains information which may be confidential. If you are not the intended recipient, any distribution or copying of this communication is strictly prohibited. If you have received this communication in error, notify the sender immediately, delete the communication and destroy all copies. Thank you for your compliance.
Re: Maximum virtual storage
I don't (famous last words...) to see CP DEF STOR 16E *real soon now* HCPDST093E Storage size requested (16E) exceeds maximum allowed on this processor (1T). Size set to maximum allowed. HCPDST094E Storage exceeds allowed maximum of 512M Gregg office:404-322-2316 mobile:404455-1291 text page:[EMAIL PROTECTED] No plan survives execution revised: 01Jun06 file:\\Usfs01\Common\CPPS\VM\VMCapPlan.htm
Re: ICKDSF Release 16
But Rob, that leaves the data still on disk. What you need to do is DDR the disks to tape, then data security erase the tapes, and then obviously -- restore the erased tapes to the disk. Voila - no more data on disk! Of course you'd need to restore from the data security erased tapes to disk several times to ensure that multiple layers were re-written. For those who read this literally, the above suggestions were written with tongue firmly implanted in cheek - follow this advice, and most of my advice, after careful consideration and then with wild abandon. Failure to do so may cause Your job may vary results. Where's April 1st when you need it!? Mike Walter Hewitt Associates Any opinions expressed herein are certainly mine alone and do not even begin to represent the opinions or policies of Hewitt Associates. Rob van der Heij [EMAIL PROTECTED] Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 01/31/2007 05:25 PM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To IBMVM@LISTSERV.UARK.EDU cc Subject Re: ICKDSF Release 16 On 1/31/07, Alan Altmark [EMAIL PROTECTED] wrote: I find lots of information about data security erase for tapes, but not for disks. So, that leaves him the option to DDR from disk to tape, and then security erase those tapes. ;-) Rob The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited.
Re: Maximum virtual storage
Rob van der Heij [EMAIL PROTECTED] wrote (in part): But I am tempted to reply that I need to see the first case where there is a valid reason to know what the maximum value is if you're not going to use it... In our case we have an EXEC that set up a GUEST region (OS) with a requested store. If we just believe the requestor, and the amount they request is too large, we loose control. So, we try to validate the request before we action it. On 32bit VM we used to define 2047M (more than that gave a different message) but now, on 64 bit Z/VM, we define M as we are unlikely to have a user larger than that. However, I do agree with Greg that 16E is probably the best option. Colin Allinson Amadeus Data Processing
Re: Maximum virtual storage
Do you use VM:Secure on those systems? If so, I've previously posted a home-grown VM:Secure macro (thus, user command) INQUIRE, which will return most directory information (obviously, not passwords or other security-related info) from the source directory entry. I can post it again if anyone wants. Mike Walter Hewitt Associates Any opinions expressed herein are mine alone and do not necessarily represent the opinions or policies of Hewitt Associates. The syntax for INQUIRE is: Function: Provides users with information about their or other's directory entry without the need to enter VMSECURE menus. Syntax: --VMSECURE-INQUIRE--+-+--+--+--- +-Account-+ +-ACIgroup-+ --+--+--+-+- +-APPCpass-+ +-AUTOlog-+ --+---+--+-+--++ +-CLass-+ +-Console-+ +-CRYPto-+ --++--+--+--+--+ +-DATEFformat+ +-DISTcode-+ +-D8ONECMD-+ --+-+--+--+--+-+--+-+--- +-Ipl-+ +-IUCV-+ +-LOGONBY-+ +-MACHine-+ --+--+--+-+--++- +-NAMEsave-+ +-NOPDATA-+ +-Option-+ --+--+--+--+--++ +-PRIOrity-+ +-PRIVclas-+ +-SCReen-+ --+---+--+---+--+---+--- +-SHARE-+ +-Spool-+ +-SPOOLFile-+ --+--+--+-+--+--+--- +-STDEvopt-+ +-STORage-+ +-User-+ --+--+--+-+--++- +-XAUTOlog-+ +-XCONFig-+ +-XSTORE-+ --+--+--+-+--++- +-*LL=-+ +-*LA=+ +-*UI=---+ --+--+-- +-LOGON+ ---+-+- +-(-| Options |-+---+-+ +-)-+ Options: |--+-+-+--+-+--+| +-USER userid-+ +-COMPRESS-+ +-LIFO-+ +-FIFO-+ Where: userid Is another userid other than your own. *LL= returns the *LL= (Last Logon) record *LA= returns the *LA= (Last Autolog) record Plus the following Hewitt Associates-only operands, although *UI= could be useful anywhere *UI= returns the *UI= (User Info) record COMPRESS requests that the Account code be returned in compressed 8-byte format. Colin Allinson [EMAIL PROTECTED] Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 02/01/2007 09:19 AM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To IBMVM@LISTSERV.UARK.EDU cc Subject Re: Maximum virtual storage Rob van der Heij [EMAIL PROTECTED] wrote (in part): But I am tempted to reply that I need to see the first case where there is a valid reason to know what the maximum value is if you're not going to use it... In our case we have an EXEC that set up a GUEST region (OS) with a requested store. If we just believe the requestor, and the amount they request is too large, we loose control. So, we try to validate the request before we action it. On 32bit VM we used to define 2047M (more than that gave a different message) but now, on 64 bit Z/VM, we define M as we are unlikely to have a user larger than that. However, I do agree with Greg that 16E is probably the best option. Colin Allinson Amadeus Data Processing The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited.
Re: How to determine Alternate ID
I wanted to replace my LCLQRY package on the VM download page, but forgot one step in the submission process, and was wondering why the updated code didn't showup. After rereading the instructions, I noticed my failure and resubmitted, but this time using the correct format. The LCLQRY code (z/VM 5.2 ready) is now available on the download page. My apologies for the delay... Ronald van der Laan
Re: ICKDSF Release 16
Reminds me of years ago in a data center in South Dakota that was short on space. When one of our keypunch operators found out that our old 2540 punch/reader would punch cards, she suggested loading all our blank cards to tape and when we needed some, just punch them off the tape... ;-) Lee Mike Walter wrote: But Rob, that leaves the data still on disk. What you need to do is DDR the disks to tape, then data security erase the tapes, and then obviously -- restore the erased tapes to the disk. Voila - no more data on disk! Of course you'd need to restore from the data security erased tapes to disk several times to ensure that multiple layers were re-written. For those who read this literally, the above suggestions were written with tongue firmly implanted in cheek - follow this advice, and most of my advice, after careful consideration and then with wild abandon. Failure to do so may cause Your job may vary results. Where's April 1st when you need it!? Mike Walter Hewitt Associates Any opinions expressed herein are certainly mine alone and do not even begin to represent the opinions or policies of Hewitt Associates. *Rob van der Heij [EMAIL PROTECTED]* Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 01/31/2007 05:25 PM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To IBMVM@LISTSERV.UARK.EDU cc Subject Re: ICKDSF Release 16 On 1/31/07, Alan Altmark [EMAIL PROTECTED] wrote: I find lots of information about data security erase for tapes, but not for disks. So, that leaves him the option to DDR from disk to tape, and then security erase those tapes. ;-) Rob The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. -- Lee Stewart, Senior SE Sirius Computer Solutions Phone: (303) 798-2954 Fax: (720) 228-2321 Email: [EMAIL PROTECTED] Web: www.siriuscom.com
Re: ICKDSF Release 16
Who needs April 1? It is February Fools' Day. Regards, Richard Schuh From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Mike Walter Sent: Thursday, February 01, 2007 7:12 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: ICKDSF Release 16 But Rob, that leaves the data still on disk. What you need to do is DDR the disks to tape, then data security erase the tapes, and then obviously -- restore the erased tapes to the disk. Voila - no more data on disk! Of course you'd need to restore from the data security erased tapes to disk several times to ensure that multiple layers were re-written. For those who read this literally, the above suggestions were written with tongue firmly implanted in cheek - follow this advice, and most of my advice, after careful consideration and then with wild abandon. Failure to do so may cause Your job may vary results. Where's April 1st when you need it!? Mike Walter Hewitt Associates Any opinions expressed herein are certainly mine alone and do not even begin to represent the opinions or policies of Hewitt Associates. Rob van der Heij [EMAIL PROTECTED] Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 01/31/2007 05:25 PM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To IBMVM@LISTSERV.UARK.EDU cc Subject Re: ICKDSF Release 16 On 1/31/07, Alan Altmark [EMAIL PROTECTED] wrote: I find lots of information about data security erase for tapes, but not for disks. So, that leaves him the option to DDR from disk to tape, and then security erase those tapes. ;-) Rob The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited.
Re: Maximum virtual storage
So make it really, really big - E, for example. :-) Or you could use TRACK or DISPLAY HOST to look at the VMDBK. Regards, Richard Schuh -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Phil Smith III Sent: Thursday, February 01, 2007 5:45 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Maximum virtual storage A customer asked me today how she could find out what the maximum allowable virtual storage size was for a given guest (without looking at the CP directory entry). The only thing I could think of was CP DEFINE STORAGE reallybignumber and seeing if it fails. Of course, that carries a risk: if you happen to hit a value that *is* allowed, you get to reIPL. Is there another way? QUERY VIRTUAL STORAGE MAX or something would seem like a reasonable extension... ...phsiii
SERVICE and PUT2PROD for Performace tool kit.
I suppose I should complain to IBM, but I was wondering if anyone else had seen this. The short description is that when I used the SERVICE and PUT2PROD execs to apply the service for PTF UM31957 on user 5VMPTK20 the FCONX $PROFILE on 1CC got replaced. It took me awhile to figure out why VMCF and WEBSERV were not working since I had slept since configuring it. I did not notice in any of the shipped doc that this would happen. So did I miss something or is this BAD behavior? Dave (who is eating my CPU) Lewis
Re: SERVICE and PUT2PROD for Performance tool kit.
I suppose I should complain to IBM Suppose? Absolutely you should open an IBM Problem Management Report (PMR) to report it! I think... we don't run the Performance Tool Kit. Is there a chance that the FCONX $PROFILE is a sample file which is supposed to copied to another (production) disk, and perhaps even renamed when following the installation procedures for the first time? If so, then next step is obvious (copy/update|rename the file). If it's actually a production file located on a production disk, they you **may** have an APAR-able problem. Mike Walter Hewitt Associates Any opinions expressed herein are mine alone and do not necessarily represent the opinions or policies of Hewitt Associates. Lewis, David (SCI TW) [EMAIL PROTECTED] Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 02/01/2007 10:24 AM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To IBMVM@LISTSERV.UARK.EDU cc Subject SERVICE and PUT2PROD for Performace tool kit. I suppose I should complain to IBM, but I was wondering if anyone else had seen this. The short description is that when I used the SERVICE and PUT2PROD execs to apply the service for PTF UM31957 on user 5VMPTK20 the FCONX $PROFILE on 1CC got replaced. It took me awhile to figure out why VMCF and WEBSERV were not working since I had slept since configuring it. I did not notice in any of the shipped doc that this would happen. So did I miss something or is this BAD behavior? Dave (who is eating my CPU) Lewis The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited.
Re: Maximum virtual storage
On Thursday, 02/01/2007 at 08:20 PST, Schuh, Richard [EMAIL PROTECTED] wrote: Or you could use TRACK or DISPLAY HOST to look at the VMDBK. CP doesn't keep the maximum size in the VMDBK. Have you ever noticed that you don't have to logoff/logon after you raise the maximum in the directory? You actually have to read the directory. Alan Altmark z/VM Development IBM Endicott
Re: Maximum virtual storage
It really wouldn't be too hard to have something like QUERY VIRTUAL STORAGE DEFAULT : MAXIMUM and get the default or maximum storage from the directory definitions. Phil Smith III [EMAIL PROTECTED] Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 02/01/2007 08:45 AM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To IBMVM@LISTSERV.UARK.EDU cc Subject Maximum virtual storage A customer asked me today how she could find out what the maximum allowable virtual storage size was for a given guest (without looking at the CP directory entry). The only thing I could think of was CP DEFINE STORAGE reallybignumber and seeing if it fails. Of course, that carries a risk: if you happen to hit a value that *is* allowed, you get to reIPL. Is there another way? QUERY VIRTUAL STORAGE MAX or something would seem like a reasonable extension... ...phsiii
Re: ICKDSF Release 16
Either that or have a MODE(WRITEONLY) option in ICKDSF. Mike Walter [EMAIL PROTECTED] Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 02/01/2007 10:12 AM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To IBMVM@LISTSERV.UARK.EDU cc Subject Re: ICKDSF Release 16 But Rob, that leaves the data still on disk. What you need to do is DDR the disks to tape, then data security erase the tapes, and then obviously -- restore the erased tapes to the disk. Voila - no more data on disk! Of course you'd need to restore from the data security erased tapes to disk several times to ensure that multiple layers were re-written. For those who read this literally, the above suggestions were written with tongue firmly implanted in cheek - follow this advice, and most of my advice, after careful consideration and then with wild abandon. Failure to do so may cause Your job may vary results. Where's April 1st when you need it!? Mike Walter Hewitt Associates Any opinions expressed herein are certainly mine alone and do not even begin to represent the opinions or policies of Hewitt Associates. Rob van der Heij [EMAIL PROTECTED] Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 01/31/2007 05:25 PM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To IBMVM@LISTSERV.UARK.EDU cc Subject Re: ICKDSF Release 16 On 1/31/07, Alan Altmark [EMAIL PROTECTED] wrote: I find lots of information about data security erase for tapes, but not for disks. So, that leaves him the option to DDR from disk to tape, and then security erase those tapes. ;-) Rob The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited.
Re: SERVICE and PUT2PROD for Performance tool kit.
From the FL 4.4 version... /* access minidisks 'ACC 201 B ' /* Production Disk 'ACC CCC D ' /* Customized controls disk 'ACC 1CC E ' /* Sample controls disk 'ACC 29D F ' /* Help files I seem to recall, that may have changed with fl52. but I don't recall how... Gregg No plan survives execution
SSL Server for z/VM
Folks, Anybody have any suggestions as to the distro to use for the SSL server for TCPIP? We are going to be setting up SSL servers, and are thinkig about what bas e Linux to use, obviously it should be a small one, but does anybody on the list have a suggestion? Thanks, Brian Ferguson EDS VM Capability
Open SSH on VM
Folks, Anybody out there done the port of OPEN-SSH to VM's OE envirornment? Brian Ferguson EDS VM Capability
Re: SERVICE and PUT2PROD for Performance tool kit.
At 5.2 the active disks are: cms q disk LABEL VDEV M STAT CYL TYPE BLKSZ FILES BLKS USED-(%) BLKS LEFT BLK TOT FCN191 191 A R/W60 3390 4096 12 1997-18 8801 108 FCX201 201 B R/O10 3390 40969 1212-67588 18 FCX1CC 1CC D R/O 1 3390 40969 35-19145 1 FCX29D 29D F R/O 8 3390 4096 774 1029-71411 14 MNT190 190 S R/O 100 3390 4096 687 14539-81 3461 180 MNT19E 19E Y/S R/O 250 3390 4096 1082 30800-68 14200 450 And the sample profile states: 'ACCESS 201 B '/* Production Disk 'ACCESS 1CC D '/* Customized controls disk 'ACCESS 29D F '/* Help files So it seems that the files on 1CC should be left alone once initially loaded by the install. David Lewis -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Gregg Reed Sent: Thursday, February 01, 2007 11:18 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: SERVICE and PUT2PROD for Performance tool kit. From the FL 4.4 version... /* access minidisks 'ACC 201 B ' /* Production Disk 'ACC CCC D ' /* Customized controls disk 'ACC 1CC E ' /* Sample controls disk 'ACC 29D F ' /* Help files I seem to recall, that may have changed with fl52. but I don't recall how... Gregg No plan survives execution
Re: Maximum virtual storage
On Thursday, 02/01/2007 at 04:19 CET, Colin Allinson [EMAIL PROTECTED] wrote: In our case we have an EXEC that set up a GUEST region (OS) with a requested store. If we just believe the requestor, and the amount they request is too large, we loose control. So, we try to validate the request before we action it. On 32bit VM we used to define 2047M (more than that gave a different message) but now, on 64 bit Z/VM, we define M as we are unlikely to have a user larger than that. However, I do agree with Greg that 16E is probably the best option. Could you change to use: XAUTOLOG user STORAGE requested amount ? If it exceeds the maximum, the command will fail and the user doesn't start. Alan Altmark z/VM Development IBM Endicott
Re: Open SSH on VM
Yeah ... we need an SSH client too. (We have a sort-of server, but that's another story.) I tried to build OpenSSL and then OpenSSH on z/OS (USS), but could not get the ./configure step to behave. In particular, both scripts get wedged on a shell file descriptor. (Other packages which follow the standard recipe build pretty well on USS.) Given this wonderful cradle (I think it's an LE thing), you can take binaries from USS and run them on OpenVM without additional work. Very nice! ... if they'll just build in the first place. The single biggest challenge on OpenVM (compared to USS) is how it handles fork(). Long story. Not for now. We have the z/OS OpenSSH package (in its SMP/E wrapper). SSH to/from z/OS works just fine. I find that the 'ssh' executable from that runs directly on OpenVM, but fails when it tries to generate (or collect?) entropy or some other step in the encryption game. To be specific, if you enter ssh it gives you the help, but if you enter ssh remotehost it ABENDs. I tried replacing the support program that I thought SSH was after with something that did not ABEND. Didn't help. That was some time back. -- R; Brian Ferguson [EMAIL PROTECTED] Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 02/01/2007 12:24 PM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU From Brian Ferguson [EMAIL PROTECTED] To IBMVM@LISTSERV.UARK.EDU cc Subject Open SSH on VM Folks, Anybody out there done the port of OPEN-SSH to VM's OE envirornment? Brian Ferguson EDS VM Capability
Re: SSL Server for z/VM
Hi Brian. I'm just testing SSL for a client and I used SSLSERV Debian from Sine Nomine Associates. Very small foot print. All tailored. DDR restore and go. Also recovers well after someone forced it off. Hans Rempel -- Original Message -- From: Brian Ferguson [EMAIL PROTECTED] Reply-To: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU Date: Thu, 1 Feb 2007 11:22:08 -0600 Folks, Anybody have any suggestions as to the distro to use for the SSL server for TCPIP? We are going to be setting up SSL servers, and are thinkig about what base Linux to use, obviously it should be a small one, but does anybody on the list have a suggestion? Thanks, Brian Ferguson EDS VM Capability Sent via the WebMail system at hmrconsultants.com
Re: SSL Server for z/VM
Only SuSE and RH are officially supported by IBM. Both are not particularly small. We provide a small appliance configuration that seems to meet some people's needs.
Re: SSL Server for z/VM
I second this recommendation. Sine Nomine's SSLSERV has worked wonderfull y since I put it in. As indicated, this is a DDR restore and run distributi on. No package selection, no maintenance needed for the linux operating syste m. Then you have to add the IBM VMSSL stuff on top and then add a certificat e and then customize your TCPIP stack to use it. /Tom Kern On Thu, 1 Feb 2007 12:56:30 -0500, Hans Rempel [EMAIL PROTECTED] wrote: Hi Brian. I'm just testing SSL for a client and I used SSLSERV Debian fr om Sine Nomine Associates. Very small foot print. All tailored. DDR restore and go. Also recovers well after someone forced it off. Hans Rempel
Re: SSL Server for z/VM
I can recommend the SSL appliance thingy that Sine Nomine Associates offers...it works well, installs easily via DDR, and comes with a nice box of assorted chocolates. DJ Brian Ferguson wrote: Folks, Anybody have any suggestions as to the distro to use for the SSL server for TCPIP? We are going to be setting up SSL servers, and are thinkig about what base Linux to use, obviously it should be a small one, but does anybody on the list have a suggestion? Thanks, Brian Ferguson EDS VM Capability
Re: Open SSH on VM
Have you tried the scp command from the OpenSSH package? I need secure fi le copy from CMS more than I need a secure terminal session. But 'ssh target command to execute at target' would be nice to execute from CMS. I can deal with generating the public/private keys on one of my Linux svms or o n a linux/86 platform. Were you able to use some of the commands from the OpenSSL package, such as to encrypt a data file with some public/private key? /Tom Kern /301-903-2211 On Thu, 1 Feb 2007 12:43:08 -0500, Richard Troth [EMAIL PROTECTED] wrote: Yeah ... we need an SSH client too. (We have a sort-of server, but that's another story.) I tried to build OpenSSL and then OpenSSH on z/OS (USS), but could not get the ./configure step to behave. In particular, both scripts get wedged on a shell file descriptor. (Other packages which follow the standard recipe build pretty well on USS.) Given this wonderful cradl e (I think it's an LE thing), you can take binaries from USS and run the m on OpenVM without additional work. Very nice! ... if they'll just build in the first place. The single biggest challenge on OpenVM (compared to USS) is how it handles fork(). Long story. Not for now. We have the z/OS OpenSSH package (in its SMP/E wrapper). SSH to/from z/OS works just fine. I find that the 'ssh' executable from that runs directly on OpenVM, but fails when it tries to generate (or collect?) entropy or some other step in the encryption game. To be specific, if you enter ssh it gives you the help, but if you enter ssh remotehost it ABENDs. I tried replacing the support program that I thought SSH was after with something that did not ABEND. Didn't help. That was some time back. -- R;
Re: Open SSH on VM
On Thursday, 02/01/2007 at 12:43 EST, Richard Troth [EMAIL PROTECTED] wrote: I tried to build OpenSSL and then OpenSSH on z/OS (USS), but could not get the ./configure step to behave. In particular, both scripts get wedged on a shell file descriptor. (Other packages which follow the standard recipe build pretty well on USS.) Given this wonderful cradle (I think it's an LE thing), you can take binaries from USS and run them on OpenVM without additional work. Very nice! ... if they'll just build in the first place. That isn't true, Sir Rick. The cradle is customized to the specific calls the application makes. It could make unsupported (in CMS) LE library calls, exploit MVS Callable Services, issue Program Call or other DAT ON instructions, etc. The single biggest challenge on OpenVM (compared to USS) is how it handles fork(). Long story. Not for now. We have the z/OS OpenSSH package (in its SMP/E wrapper). SSH to/from z/OS works just fine. I find that the 'ssh' executable from that runs directly on OpenVM, but fails when it tries to generate (or collect?) entropy or some other step in the encryption game. Yep. z/OS has it; z/VM doesn't. The name of the routine escapes me Alan Altmark z/VM Development IBM Endicott
Re: SSL Server for z/VM
Tom, Did you get chocolates too? Thomas Kern wrote: I second this recommendation. Sine Nomine's SSLSERV has worked wonderfull y since I put it in. As indicated, this is a DDR restore and run distributi on. No package selection, no maintenance needed for the linux operating syste m. Then you have to add the IBM VMSSL stuff on top and then add a certificat e and then customize your TCPIP stack to use it. /Tom Kern -- Rich Smrcina VM Assist, Inc. Phone: 414-491-6001 Ans Service: 360-715-2467 rich.smrcina at vmassist.com Catch the WAVV! http://www.wavv.org WAVV 2007 - Green Bay, WI - May 18-22, 2007
Re: SSL Server for z/VM
Did you get chocolates too? You can also choose the coupon for cinnamon rolls. Personally, I recommend the rolls. Chocolate is so yesterday. 8-) -- db
Re: SSL Server for z/VM
I didn't know I was supposed to get chocolates with SSLSERV. They might h ave made my certificate problems more bareable. /Tom On Thu, 1 Feb 2007 12:57:27 -0600, Rich Smrcina [EMAIL PROTECTED] wrot e: Tom, Did you get chocolates too? Thomas Kern wrote: I second this recommendation. Sine Nomine's SSLSERV has worked wonderful ly since I put it in. As indicated, this is a DDR restore and run distribut ion. No package selection, no maintenance needed for the linux operating syst em. Then you have to add the IBM VMSSL stuff on top and then add a certifica te and then customize your TCPIP stack to use it. /Tom Kern
OSA card problems
We just lost access to one of our networks. I destroyed the vswitch in both LPARs and vary off devices and paths to that card. I then disabled the osa card and re - enabled it. I then brought up the device and it showed free. I than define the vswitch and receivced error msg HCPSWU2830I device not ready. Message says Initialization has completed, but the virtual switch controller received a response from the device indicating that the device is not ready. The connection to the real hardware LAN is not operational. Is there anything else I can do to reset or ready the osaII card? hans Rempel Sent via the WebMail system at hmrconsultants.com
Re: Open SSH on VM
SCP uses SSH under the covers. Your local SCP uses SSH to connect with a partner SCP. From what I have seen, it does spawn a second process on the local side, so it's the same SSH command people would execute for non-SCP work. Multiple processes is cumbersome, and on CMS (OpenVM) is particularly heavy and can be messy. Though I can see why the authors would find the implementation easier that way. I have never tried switching out what SCP uses for the session layer. It's not clear that you can change SCP's use of SSH. The command at target implies that SSH (and SCP) was installed outside of the default command search, in which case the partner SCP must be fully named. Experience with the z/OS SSH package confirms that you can generate your keys on a Unix system (or Linux or CYGWIN). They're stored as plain text. -- R; Thomas Kern [EMAIL PROTECTED] Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 02/01/2007 01:54 PM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU From Thomas Kern [EMAIL PROTECTED] To IBMVM@LISTSERV.UARK.EDU cc Subject Re: Open SSH on VM Have you tried the scp command from the OpenSSH package? I need secure file copy from CMS more than I need a secure terminal session. But 'ssh target command to execute at target' would be nice to execute from CMS. I can deal with generating the public/private keys on one of my Linux svms or on a linux/86 platform. Were you able to use some of the commands from the OpenSSL package, such as to encrypt a data file with some public/private key? /Tom Kern /301-903-2211 On Thu, 1 Feb 2007 12:43:08 -0500, Richard Troth [EMAIL PROTECTED] wrote: Yeah ... we need an SSH client too. (We have a sort-of server, but that's another story.) I tried to build OpenSSL and then OpenSSH on z/OS (USS), but could not get the ./configure step to behave. In particular, both scripts get wedged on a shell file descriptor. (Other packages which follow the standard recipe build pretty well on USS.) Given this wonderful cradle (I think it's an LE thing), you can take binaries from USS and run them on OpenVM without additional work. Very nice! ... if they'll just build in the first place. The single biggest challenge on OpenVM (compared to USS) is how it handles fork(). Long story. Not for now. We have the z/OS OpenSSH package (in its SMP/E wrapper). SSH to/from z/OS works just fine. I find that the 'ssh' executable from that runs directly on OpenVM, but fails when it tries to generate (or collect?) entropy or some other step in the encryption game. To be specific, if you enter ssh it gives you the help, but if you enter ssh remotehost it ABENDs. I tried replacing the support program that I thought SSH was after with something that did not ABEND. Didn't help. That was some time back. -- R;
Re: Open SSH on VM
I was not clear: I meant to say that you can take some binaries from USS and run them on OpenVM. And this appears to be a design point of the cradle, based on a SHARE session I attended some time back. (Gotta love SHARE! I have friends who actually get to attend ... occasionally.) -- R; Alan Altmark [EMAIL PROTECTED] Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 02/01/2007 01:56 PM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU From Alan Altmark [EMAIL PROTECTED] To IBMVM@LISTSERV.UARK.EDU cc Subject Re: Open SSH on VM On Thursday, 02/01/2007 at 12:43 EST, Richard Troth [EMAIL PROTECTED] wrote: I tried to build OpenSSL and then OpenSSH on z/OS (USS), but could not get the ./configure step to behave. In particular, both scripts get wedged on a shell file descriptor. (Other packages which follow the standard recipe build pretty well on USS.) Given this wonderful cradle (I think it's an LE thing), you can take binaries from USS and run them on OpenVM without additional work. Very nice! ... if they'll just build in the first place. That isn't true, Sir Rick. The cradle is customized to the specific calls the application makes. It could make unsupported (in CMS) LE library calls, exploit MVS Callable Services, issue Program Call or other DAT ON instructions, etc. The single biggest challenge on OpenVM (compared to USS) is how it handles fork(). Long story. Not for now. We have the z/OS OpenSSH package (in its SMP/E wrapper). SSH to/from z/OS works just fine. I find that the 'ssh' executable from that runs directly on OpenVM, but fails when it tries to generate (or collect?) entropy or some other step in the encryption game. Yep. z/OS has it; z/VM doesn't. The name of the routine escapes me Alan Altmark z/VM Development IBM Endicott
Re: Open SSH on VM
On Feb 1, 2007, at 2:44 PM, Richard Troth wrote: SCP uses SSH under the covers. In fact, isn't it basically a screen-scraper? Adam
Re: Open SSH on VM
We regularly use the scp command in batch job on the z/OS side and I have generated the keys in my linux under z/VM system. It is much easier for m e to do it than to teach the cobol developers. I know that scp uses the ssh protocol but I was hoping that since it does not need more than a linemode session on the local host that it would for k less or invoke less terminal related processes and therefore be easier to port to CMS. It would be nice if there was a straight forward implementat ion of filecopy and command submission wrapped in the ssh protocol, like the pscp and plink commands from PuTTY. /Tom Kern On Thu, 1 Feb 2007 15:44:34 -0500, Richard Troth [EMAIL PROTECTED] wrote: SCP uses SSH under the covers. Your local SCP uses SSH to connect with a partner SCP. From what I have seen, it does spawn a second process on the local side, so it's the same SSH command people would execute for non-SCP work. Multiple processes is cumbersome, and on CMS (OpenVM) is particularly heavy and can be messy. Though I can see why the authors would find the implementation easier that way. I have never tried switching out what SCP uses for the session layer. It 's not clear that you can change SCP's use of SSH. The command at target implies that SSH (and SCP) was installed outside of the default command search, in which case the partner SCP must be fully named. Experience with the z/OS SSH package confirms that you can generate your keys on a Unix system (or Linux or CYGWIN). They're stored as plain text. -- R;
Re: Open SSH on VM
-Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Adam Thornton Sent: Thursday, February 01, 2007 2:58 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Open SSH on VM On Feb 1, 2007, at 2:44 PM, Richard Troth wrote: SCP uses SSH under the covers. In fact, isn't it basically a screen-scraper? Adam Screen scraper? I don't know if I would call it that. But you can do the same thing via: cat file | ssh [EMAIL PROTECTED] 'cat ~/file' instead of scp file [EMAIL PROTECTED]: So I guess that you could consider it a screen scraper in that it redirects stdin and stdout appropriately. -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology The information contained in this e-mail message may be privileged and/or confidential. It is for intended addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited and could, in certain circumstances, be a criminal offense. If you have received this e-mail in error, please notify the sender by reply and delete this message without copying or disclosing it.
Re: Can c89 create a loadlib member?
On Tue, 30 Jan 2007 13:04:08 -0600, Julie Erickson [EMAIL PROTECTED] wrote : I'm porting a multi-tasking application written in c from MVS to CMS. I 'm using the following statements to link: /* link OBNPTCP */ c89 -o //obnptcp -l //VMMTLIB -W b,b,rent -W b,b,amode=31 -W b,b,map , //SCSMTCP.text , //MCSMLOG.text , //OAXOENQ.text , //OAXOFLSY.text , //OAXOWAIT.text , //OAXOTMRW.text , //OAXOMEM.text , //OAXOWTO.text , //OAXMDATE.text , //OAXMTRTB.text , //OASMIQUE.text This creates OBNPTCP MODULE. I'd like to create a member of a loadlib instead. Does anyone have any ideas? I doubt that I can use LKED by itself becau se I need the c prelinker. Thanks for your help, Julie. = === I was using fetch( ) to load the c code from CMS module files and the OS LOAD macro to load an assembler table from a loadlib. Since we're a software vendor I'd like to ship all the parts of the application in the same format. Perry Ruiter came up with an excellent solution to my problem. By using the COMPSWT macro, I can use the OS LOAD macro to load CMS module files. It works like a champ. Now all my code can be CMS module files. Perry also offered me an exec, MOD2TEXT, to convert module files to text decks. The link for the exec is http://vm.marist.edu/~vmshare/browse? fn=CMSPACKft=NOTE I didn't use the exec since the COMPSWT solut ion was so simple.
Re: OSA card problems
My past experience with OSA-2 cards was they may take a couple more cycle s to become READY with their Config/OAT table loaded and available. The wa y to Reset/load an OSA-2 card is to vary the chpid offline and then back on (which requires the OSA-2 devices to be taken offline first). Then give it a 'little bit' of time and see of the devices are online. You may nee d to manually vary the devices back online if you manually varied them offline. Thats what I have seen with some of the (older) OSA-2 devices. Best Regards, Roger Lunsford (IBM CP and Perfkit Level2/Level3)
Re: LPR printing problem
No, I am NOT using the RSCS command - I am using the TCP LPR command. Is there such an option for TCP? Also, since this is supposed to be controlled by the LPD, why would VM's TCPIP cause it to work differently? Well I don't know the TCP/IP LPR command as I do RSCS. I assume the problem is caused by the lack of a form-feed at the start of the print data. What filter are you using? Did you try P? Best Regards, Les Geer IBM z/VM and Linux Development
Re: OSA card problems
Thanks all for your suggestions. Alan, we did vary of the cphids from both LPARS but maybe we varied them on line to soon. I later found out that when we try to disable/enable the card port (OSA express) it displayed a hardware state of LinkMonitor. I searched the web and IBM site and found it but no explanation of what it means. Can you direct me to the manual,URL or an explanation? Thanks Hans -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Alan Altmark Sent: February 1, 2007 5:59 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: OSA card problems On Thursday, 02/01/2007 at 02:56 EST, Hans Rempel [EMAIL PROTECTED] wrote: We just lost access to one of our networks. I destroyed the vswitch in both LPARs and vary off devices and paths to that card. I then disabled the osa card and re - enabled it. I then brought up the device and it showed free. I than define the vswitch and receivced error msg HCPSWU2830I device not ready. Message says Initialization has completed, but the virtual switch controller received a response from the device indicating that the device is not ready. The connection to the real hardware LAN is not operational. Is there anything else I can do to reset or ready the osaII card? To reset an OSA, you must vary the *chpid* offline in all LPARs that have it online. Then vary it back online. You can use HMC or operating system commands to do that. Alan Altmark z/VM Development IBM Endicott
Re: SSL Server for z/VM
Chocolates!! What Chocolates? I too had a lot of problems with the certificates but once HummingBird provided me with the SSL code for 2006 and Patch 14 it worked well. Hans Rempel -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Thomas Kern Sent: February 1, 2007 2:56 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: SSL Server for z/VM I didn't know I was supposed to get chocolates with SSLSERV. They might h= ave made my certificate problems more bareable. /Tom On Thu, 1 Feb 2007 12:57:27 -0600, Rich Smrcina [EMAIL PROTECTED] wrot= e: Tom, Did you get chocolates too? Thomas Kern wrote: I second this recommendation. Sine Nomine's SSLSERV has worked wonderful= ly since I put it in. As indicated, this is a DDR restore and run distribut= ion. No package selection, no maintenance needed for the linux operating syst= em. Then you have to add the IBM VMSSL stuff on top and then add a certifica= te and then customize your TCPIP stack to use it. /Tom Kern