Re: Hardware Alerts
On Wed, 21 May 2008 09:01:04 -0500, Hal Merritt <[EMAIL PROTECTED]> wrote: If possible, I would be using the phone system PBX for this. Find out the numbers that the IBM equipment is dialing, and then have the PBX handle the rest. Send emails or call someone telling them that the evil piece of IBM equipment is phoning that number. Put the burden of this audit point on the phone system guys. Or put in your own open source PBX (I use Asterisk a lot) in the machine room and run all of the IBM equipment through it. Handling this request after that is trivial. It logs phone use for you and send emails or call folks when something happens as I described above. >Does anyone know if there some way IBM could generate an email upon a >phone home event? > -- Gary Eheman http://www.funsoft.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: A little good news for MF
On Thu, 29 Mar 2007 16:20:28 -0400, Thompson, Steve <[EMAIL PROTECTED]> wrote: >-Original Message- >From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On >Behalf Of Rick Fochtman >Sent: Thursday, March 29, 2007 3:18 PM >To: IBM-MAIN@BAMA.UA.EDU >Subject: Re: A little good news for MF > >ISTM that all the security breaches that seem to make the printed rags >are on LINUX, UNIX or Windoze boxen. Could it be that they're still >years behind us mainframers in this area? Nah...they're too >advanced... HORSEFEATHERS!!! > > >Pray that no one has a z/ARCH or Herc laptop stolen where they are >running their company's data on that system. Or you could be reading >about the same thing for a "mainframe". > >Later, >Steve Thompson > > I'll say an "amen" to that prayer while adding that it is somewhat trivial to encrypt the entire logical volume in which an emulated mainframe DASD volume resides using Linux Unified Key Setup (LUKS) and a current distro. (This is independent of any MF encryption.) If the laptop is physically stolen, then absent the keys the data is just encrypted junk to the thief whether he is mainframe-aware or not. Same support works for Linux file systems. You can make a laptop much more secure than the average user does, but there is naturally an administrative cost to do it. I've mentioned LUKS in a post exchange on the FLEX-ES list with John McKown in the past. John's post here in this thread was pretty much on the money, too. A thief would probably be disgusted at the lack of windoze on the stolen laptop before looking anyway. But if that were not the case and hacking on the stolen unit was done, then the LUKS protectd objects (i.e. the logical volumes containing emulated mainframe DASD) could certainly give them a bad headache and thwart access to the data on the disk they stole. -- Gary Eheman Fundamental Software, Inc. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Tape access problem
On Mon, 23 Oct 2006 12:01:55 -0500, Jerry Ragland <[EMAIL PROTECTED]> wrote: >One more short update is that, My thinkpad has 2 mainframe instances one >z/OS 1.6 and z/Os 1.4 both are connected to the same tape drive. In z/OS 1.6 >everthing is perfect when I execute the same JCL and I can able to access >the tape with out any problems. > >I get the problem only when I use with the other instance i.e. z/OS 1.4 > Tape drive control units are not shareable between instances in FLEX-ES, unlike DASD control units which can be shared. Each of your two instances has its own unique tape drive control unit defined to it. So even though each instance may have tape drives defined at (for example) address 580-58f, those are different tape drives unique to each of the two instances. Your scsi tape drive can be mounted (associated) with a single emulated tape drive at a time. So if it is currently mounted on one instance's drive, if you wish to use on a second instance's drive, you must first issue a CLI "mount xxx OFFLINE" command for the first instance (where xxx is the address on that instance where the scsi tape drive is mounted). After that, you use the CLI on the second instance to "mount yyy /dev/st0" (where yyy is the emulated tape drive address on the second instance, and /dev/st0 is the correct Linux tape device identifier for the scsi tape drive). You also should be familiar with the CLI command "display devstate xxx" or "d devstate xxx" where xxx is the device address you are interested in. The display will show what device or file is currently associated with a device as will as its other status characteristics. "OFFLINE" (as in the mount command in the previous paragraph) is a special case meaning "nothing" and should not be confused with the concept of "offline" from z/OS's perspective. As John McKown suggested, join us over on the FLEX-ES discussion list if you care to. I only get IBM-MAIN in digest mode every midnight. -- Gary Eheman Fundamental Software, Inc. http://www.funsoft.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: IBM announces Encrypting tape drives
On Fri, 1 Sep 2006 22:39:50 -0400, Arthur T. <[EMAIL PROTECTED]> wrote: > The one thing I wanted to learn wasn't there (or at >the "learn more" site pointe from the site. Did the >designers do the right thing and compress *before* >encryption? That increases tape capacity; just as >important important, it makes cryptanalysis more difficult > Can't speak for IBM's, but I can for our encrypted emulated tape drive support in FLEX-ES V7 and V8 and FLEXCUB. Compression occurs before encryption if both are active. -- Gary Eheman Fundamental Software, Inc. http://www.funsoft.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: DASD Response Time
David Day: Very interesting thread. Since I read IBM-MAIN in DIGEST mode, I missed it yesterday during real-time. I don't think I have ever heard of anyone considering slowing down response time to make it as slow as a mainframe for benchmarking purposes. Neat idea. I have only used it many times to prove problems in mainframe program code that are unable to handle devices (both DASD and TAPE) that are so fast due to incorrect logic in the mainframe program. The mainframe Linux inability a few years ago to boot on FLEX-ES with that problem is a famous example. Just a reminder that you can benchmark and see how many cache hits you are getting from the FLEX-ES controller cache by using the "display ckdcachestats nnn" command and "clear ckdcachestats nnn" command in the FLEX-ES CLI. You may want to bring more specific discussions on topics like that over to the FLEX-ES listserv. (Thanks Alan Altmark for pointing out that FSI has had ESCON attachment capability for quite a while now. Oh, and a FLEXCUB can be more than just a DASD control unit for a conventional mainframe. It can be tape, 3172s, and unit-record gear, too. Concurrently.) -- Gary Eheman Fundamental Software, Inc. http://www.funsoft.com -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: CTC's & VTAM
On Thu, 6 Jul 2006 14:01:31 +0100, Mark Wilson <[EMAIL PROTECTED]> wrote: >Hi, > > > >I am in the process of migrating from a PC Server 500 to a flex laptop. > > > >The system runs VM; VSE & OS/390 (all versions very much unsupported). > > > >We currently have a CTC connection between VSE & OS/390 that uses the >token ring card as the transport. > > > >When I move the system the token ring will disappear and I will be using >two Flex defined CTC's. > > > >What I am after is the VTAM definitions for each end of the CTC's (VSE & >OS390) and what the CDRM definitions should look like. > > > >Has anyone got any ideas? > I recommend you check out the VTAM books and samples for channel-to-channel definitions. Here are three urls of sections you should read. (Watch the wrap on the long urls): http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/ISTH3201/2.2.8.1?DT=19950104102256 http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/ISTH1201/2.4?SHELF=IST0BK13&DT=19941214223128 http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/isth8002/3.2?SHELF=IST0BK13&DT=19950314094853 You may wish to consider posting your question to the FLEX-ES listserv discussion list where FLEX-ES users hang out and certainly more VSE jockeys hang out. A writeup on subscribing to that list can be found at http://support.funsoft.com and then following the link to "Email Forum". -- Gary Eheman Fundamental Software, Inc. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: TCP/IP over Cisco router CIP (also DHCP, Flex-ES, Hercules)
On Tue, 21 Feb 2006 21:46:05 -0700, Paul Gilmartin <[EMAIL PROTECTED]> wrote: >But this provokes a question: if someone walks into an internet >cafe with his laptop running z/OS under Flex-ES or MVS 3.8 >under Hercules, can he exploit DHCP to assign a local IP >address for the OS system? And can an OSA be emulated using >an 802.11g card? > Timothy Sipples separate post covers the DHCP issue for the mainframe O.S.. The remaining answer is "yes", FLEX-ES will emulate an OSA on a wireless adapter in the same way that it would using other NICs in the laptop. The emulation has no awareness that the NIC is wireless. The NIC must already be open for use by the hosting Linux system with an IP address (DHCP obtained or hardcoded) before it can be used by the emulated OSA and the mainframe O.S.'s hardcoded TCP/IP address. I have seen developers who use a wireless NIC for both TCP/IP and SNA traffic to their mainframe O.S. using FLEX-ES. -- Gary Eheman Fundamental Software, Inc. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
