Re: remote support questions - curiousity

[Clark Morris]

On 12 Nov 2006 18:14:20 -0800, in bit.listserv.ibm-main you wrote:
>> much snipped
>
>These were just some thoughts as I sit here waiting for an IPL to
>install new maintenance. I must "do my magic" after the production
>system (we only have one) is down. I'm using our "sandbox" to "do the
>magic" because I couldn't afford the DASD to duplicate the RES volumes.
>Luckily, it is only renaming 4 "minor" datasets (LINKLIB, NUCLEUS,
>LPALIB, and MACLIB). I did the maintenance the "bad way". I created
>duplicates on the same volumes, with new names and put the maintenance
>into them. Yes, this is stupid. No, I didn't really have a choice. We
>did have a plus of DASD a few months ago. Then somebody decided that we
>needed a new type of "model office" environment and ate almost all the
>unused volumes. These same somebodys also want a new set of test volumes
>for a alternate test environment. Then they want yet another environment
>called "regression". That is 6 environments: Prod, MDOF1, MDOF2, Test1,
>Test2, and REGRESSION. And our shop is not that large! Like 50 MSUs
>total (prox 300 MIPS - the evil word) on a z890.

As someone who has done both applications and systems programming, it
can be a nightmare getting coordinated test data.  If you have a
number of things going on, DASD can get eaten quickly.  Data base is
worse than VSAM because you can't mix and match such as use a test
invoice table but the production customer and product tables in a read
only manner.  Then if you are doing a noticeable change, you may want
to have some pathological test data to exercise the error paths.
Sometimes the simplest thing to do is full volume testing because you
can use point in time backups to start the process.  Now with privacy
laws and other legislative constraints, testing may get even more
interesting and designing masking systems to sanitize the data while
still having it usable may be very challenging in some cases.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Ed Finnell]

 
In a message dated 11/16/2006 6:32:59 A.M. Central Standard Time,  
[EMAIL PROTECTED] writes:

Yes, it  sounds like Hollywood S-F movie. Very unlikely to happen. How 
likely is  that hackers will want to break your well-protected home 
access solution  ?



>>
IIRC that was how they were able to download the Windows source from a home  
PC connected to the corporate WAN.
 
There's armys of .bots and are arrayed in military fashion for nefarious  
deeds from data mining to identity theft. One 'general' got busted in Southern  
California was linked to over 650,000 PCs. 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[R.S.]

Greg Smith wrote:

Ed Finnell wrote:

In a message dated 11/13/2006 10:44:35 A.M. Central Standard Time,  
[EMAIL PROTECTED] writes:


windows  PC than os/2 was. I find it at last practical to use from

home,

especially  to logon to the SE's .



 


so do the hackers


We have an interesting setup here.

At home we connect to a Windows 2003 server via a VPN and a remote 
desktop application.  We signon using regular authentication and then 
authenticate using an RSA SecureId card.  From the remote desktop I can 
start up IE and connect to the HMC, which is only visible to the 
intranet.  The HMC application is another kind of remote desktop.  In 
turn, connecting to the SE from the HMC is a further remote desktop.  
It's kind of interesting to move the mouse around going thru 3 remote 
desktops!!


...and the bandwidth consumed is hge. Unless HMC and SE are Linux 
based, however it does not reduce Windows remoted desktop overhead.


Regarding home access - it can be secure enough. It can't be protected 
against gun put by some ugly guy to your head. However THIS is not good 
argument against home access. Even if you are allowed to access HMC only 
from very secure bunker, your family is still at home.
Yes, it sounds like Hollywood S-F movie. Very unlikely to happen. How 
likely is that hackers will want to break your well-protected home 
access solution ?


--
Radoslaw Skorupka
Lodz, Poland

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Greg Smith]

Ed Finnell wrote:



In a message dated 11/13/2006 10:44:35 A.M. Central Standard Time,  
[EMAIL PROTECTED] writes:


windows  PC than os/2 was. I find it at last practical to use from home,
especially  to logon to the SE's .



 


so do the hackers


We have an interesting setup here.

At home we connect to a Windows 2003 server via a VPN and a remote 
desktop application.  We signon using regular authentication and then 
authenticate using an RSA SecureId card.  From the remote desktop I can 
start up IE and connect to the HMC, which is only visible to the 
intranet.  The HMC application is another kind of remote desktop.  In 
turn, connecting to the SE from the HMC is a further remote desktop.  
It's kind of interesting to move the mouse around going thru 3 remote 
desktops!!


Greg Smith

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Ted MacNEIL]

>But it is bad for software developers to believe even slightly that hacking 
>can't happen to us.

I can see denial of service (DOS) attacks being successful.
But, I've never heard of one aimed at z/OS, or predessors.

But, the memory protection scheme will stop most of the others.

Also, with an "N Strikes" rule, how lucky do you have to be to get in? (8-{]}


When in doubt.
PANIC!!  

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Anne & Lynn Wheeler]

The following message is a courtesy copy of an article
that has been posted to bit.listserv.ibm-main as well.


the other viewpoint was that the software was designed as dedicated,
disconnected tabletop operation ... and allowed numerous applications
(games, etc) to take over the whole machine. a little later the
software was extended to support desktop operations with some local
area business network (non-hostile and non-adversary).  it was
designed very well to do what it was intended to do (and in fact a
great deal of countermeasures to machine take-over would have been
counter productive to its original target market).

it was when those pesky users started attaching the product
(originally designed for totally stand-alone operation) to open (and
potentially extremely hostile) networks, that you started having
problems. it is somewhat like taking a Model T and asking why it
doesn't have crush zones, safety belts, airbags, rollbars, safety
glass, padded dashes, headrests, etc.

for slight drift ... in the mid to late 90s, a lot of the threats were
buffer overflow related to the use C language programming conventions
... lots of past posts discussing buffer overflow issues
http://www.garlic.com/~lynn/subintegrity.html#overflow

then automatic scripting (much of which had been originally targeted
at closed, non-hostile, cooperative environments) exploits started to
drastically increase until buffer overflow exploits and automatic
scripting exploits were about equal. the potential for automatic
scripting vulnerabilities was something that had been identified on
the internal network in the 70s.

a couple years ago, there was an estimate that 1/3rd of the exploits
were buffer overflow related, 1/3rd automatic scripting related, and
1/3rd social engineering related.

for other drift ... recent lengthy discussion on open networks and
SSL related vulnerabilities
http://www.garlic.com/~lynn/aadsm26.htm#1

the latest seems to be a big upswing in *phishing* ... which can be
considered a form of *social engineering* ... i.e. convincing victim
to do something for the attacker (frequently involves divulging
sensitive information).

lots of past posts related to fraud, exploits, vulnerabilities, and
threats
http://www.garlic.com/~lynn/subintegrity.html#fraud

and as a complement ... some number of past postings related to
assurance
http://www.garlic.com/~lynn/subintegrity.html#assurance

a major objective of *phishing* attacks is to obtain sensitive
information that is frequently used in *something you know*
authentication (that can be turned around and used by the attacker in
replay and/or impersonation exploits).

from 3-factor authentication model
http://www.garlic.com/~lynn/subintegrity.html#3factor

* something you have
* something you know
* something you are

this is particularly applicable to pins, passwords "something you know"
shared-secret authentication
http://www.garlic.com/~lynn/subintegrity.html#secrets

or account numbers ... where attackers can turn around and use the
account numbers in transactions requiring little or no additional
information ... misc. posts mentioning account number harvesting for
fraudulent transactions
http://www.garlic.com/~lynn/sbuintegrity.html#harvest

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[McKown, John]

> -Original Message-
> From: IBM Mainframe Discussion List 
> [mailto:[EMAIL PROTECTED] On Behalf Of Howard Brazee
> Sent: Monday, November 13, 2006 1:47 PM
> To: IBM-MAIN@BAMA.UA.EDU
> Subject: Re: remote support questions - curiousity
> 
> 
> On 13 Nov 2006 11:16:06 -0800, [EMAIL PROTECTED] (Tom
> Marchant) wrote:
> 
> >Just as an example, why did Microsoft think it was a good idea
> >that a document should contain executable code?  Why would I want
> >to run arbitrary code that you might include in a document that
> >you send me?
> 
> 
> Oh, it made lots of sense until we think about hackers.   All of those
> macros are powerful, and power is fun and useful - as long as we have
> that power, not the hackers.

It was a good idea, so long as the documents were kept on and originated
from only from a trusted, secure source. Pre-Internet this could be the
local LAN (ignoring sneakernet viruses). Microsoft is not the only
entity to assume a friendly ecosystem. Email originated in such an
environment. That is why SPAM and UCE abounds. That is why the original
ftp, telnet, rexec, and such don't do encryption and are being replaced.
And remember that MS was late to really understand the impact of the
Internet. Not that I like MS. I don't, in general (Linux bigot here).
But they are not the only ones who made bad decisions about such things.

If you want powerful, then consider  Emacs. A "text editor"
which can be abused so badly that it isn't funny. If it were a wide
spread as Word, then hackers would likely have learned LISP to send
infected emacs documents.

--
John McKown
Senior Systems Programmer
HealthMarkets
Keeping the Promise of Affordable Coverage
Administrative Services Group
Information Technology

This message (including any attachments) contains confidential
information intended for a specific individual and purpose, and its
content is protected by law.  If you are not the intended recipient, you
should delete this message and are hereby notified that any disclosure,
copying, or distribution of this transmission, or taking any action
based on it, is strictly prohibited. 
 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Tom Marchant]

On Mon, 13 Nov 2006 12:47:02 -0700, Howard Brazee <[EMAIL PROTECTED]> wrote:

>On 13 Nov 2006 11:16:06 -0800, [EMAIL PROTECTED] (Tom
>Marchant) wrote:
>
>>Just as an example, why did Microsoft think it was a good idea
>>that a document should contain executable code?  Why would I want
>>to run arbitrary code that you might include in a document that
>>you send me?
>
>
>Oh, it made lots of sense until we think about hackers.   All of those
>macros are powerful, and power is fun and useful - as long as we have
>that power, not the hackers.
>

That's exactly why it was never a good idea.

-- 
Tom Marchant

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Howard Brazee]

On 13 Nov 2006 11:16:06 -0800, [EMAIL PROTECTED] (Tom
Marchant) wrote:

>Just as an example, why did Microsoft think it was a good idea
>that a document should contain executable code?  Why would I want
>to run arbitrary code that you might include in a document that
>you send me?


Oh, it made lots of sense until we think about hackers.   All of those
macros are powerful, and power is fun and useful - as long as we have
that power, not the hackers.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Howard Brazee]

On 13 Nov 2006 11:16:06 -0800, [EMAIL PROTECTED] (Tom
Marchant) wrote:

>>The biggest advantage to both the home consumer and to the hackers is
>>that Windows is so popular - including most people who don't have safe
>>computing practices.
>
>That's what Microsoft would have you believe.  It sounds logical.
>I don't believe it.  Microsoft has certainly made many mistakes.
>They have failed to design their systems to be secure, thereby
>opening them up to attack.

It doesn't matter to me why I can't trust an OS.

But it is bad for software developers to believe even slightly that
hacking can't happen to us.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Tom Marchant]

On Mon, 13 Nov 2006 11:18:35 -0700, Howard Brazee <[EMAIL PROTECTED]> wrote:

>On 13 Nov 2006 09:20:43 -0800, [EMAIL PROTECTED] wrote:
>
>>windows  PC than os/2 was. I find it at last practical to use from home,
>>especially  to logon to the SE's .
>>
>>
>>

>>so do the hackers
>
>The biggest advantage to both the home consumer and to the hackers is
>that Windows is so popular - including most people who don't have safe
>computing practices.

That's what Microsoft would have you believe.  It sounds logical.
I don't believe it.  Microsoft has certainly made many mistakes.
They have failed to design their systems to be secure, thereby
opening them up to attack.

Just as an example, why did Microsoft think it was a good idea
that a document should contain executable code?  Why would I want
to run arbitrary code that you might include in a document that
you send me?
>
>Sure Microsoft made mistakes, but if any other OS had the installed
>base that Windows has - hackers would find holes in its security as
>well.

Did you know that Microsoft's IIS web server has considerably
less market share than Apache, yet Apache has had far fewer
security breaches?

-- 
Tom Marchant

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Crispin Hugo]

I believe our system is well protected with VPN and terminal services etc. I
suppose if a hacker saw os2 it would make them give up

Crispin Hugo
Systems Programmer, Macro 4

Macro 4 plc, The Orangery, Turners Hill Road, Worth, Crawley, RH10 4SS
Direct Line: +44 (0)1293 872121 Switchboard: +44 (0) 1293 872000




This email has been scanned for all known viruses by the MessageLabs Email 
Security Service and the Macro 4 plc internal virus protection system.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Howard Brazee]

On 13 Nov 2006 09:20:43 -0800, [EMAIL PROTECTED] wrote:

>windows  PC than os/2 was. I find it at last practical to use from home,
>especially  to logon to the SE's .
>
>
>
>>>
>so do the hackers

The biggest advantage to both the home consumer and to the hackers is
that Windows is so popular - including most people who don't have safe
computing practices.

Sure Microsoft made mistakes, but if any other OS had the installed
base that Windows has - hackers would find holes in its security as
well.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Ed Finnell]

 
In a message dated 11/13/2006 10:44:35 A.M. Central Standard Time,  
[EMAIL PROTECTED] writes:

windows  PC than os/2 was. I find it at last practical to use from home,
especially  to logon to the SE's .



>>
so do the hackers

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Crispin Hugo]

It may not look so nice but I consider it much better for remote access from
a windows PC than os/2 was. I find it at last practical to use from home,
especially to logon to the SE's .

Crispin Hugo 

Systems Programmer, Macro 4

http://www.macro4.com/

Macro 4 plc, The Orangery, Turners Hill Road, Worth, Crawley, RH10 4SS

Direct Line: +44 (0)1293 872121 Switchboard: +44 (0) 1293 872000





This email has been scanned for all known viruses by the MessageLabs Email 
Security Service and the Macro 4 plc internal virus protection system.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[R.S.]

Alan Altmark wrote:
On Monday, 11/13/2006 at 05:07 CET, "R.S." 
<[EMAIL PROTECTED]> wrote:

It's Linux based, but I doubt you will like it.
The operating system (formally IBM claims it's "closed system" - you
cannot have even command line) is one animal, but the HMC application

is

another. It works almost the same way as OS/2 version, but looks much
worse. 


You can choose between the "classic" interface and the new "tree view" 
interface.  The tree view is more in line with other system management 
products coming from IBM and is, I think, more intuitive for folks new

to z.


I meant classic one. The "tree view" is even worse, however I admit I'm 
accustomed to classical version.


--
Radoslaw Skorupka
Lodz, Poland

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Alan Altmark]

On Monday, 11/13/2006 at 05:07 CET, "R.S." 
<[EMAIL PROTECTED]> wrote:
> It's Linux based, but I doubt you will like it.
> The operating system (formally IBM claims it's "closed system" - you
> cannot have even command line) is one animal, but the HMC application is
> another. It works almost the same way as OS/2 version, but looks much
> worse. 

You can choose between the "classic" interface and the new "tree view" 
interface.  The tree view is more in line with other system management 
products coming from IBM and is, I think, more intuitive for folks new to 
z.

Alan Altmark
z/VM Development
IBM Endicott

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[R.S.]

McKown, John wrote:

-Original Message-
From: IBM Mainframe Discussion List 
[mailto:[EMAIL PROTECTED] On Behalf Of Alan Altmark

Sent: Sunday, November 12, 2006 11:09 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: remote support questions - curiousity


On Sunday, 11/12/2006 at 09:33 CST, "McKown, John" 
<[EMAIL PROTECTED]> wrote:

Yes, the HMC on the zSeries is still OS/2.
I hate to be a party-pooper, but the current HMC 2.9 is not 
based on OS/2!


Alan Altmark


Ah! Nice. But please don't tell me it's based on Windows. I'll take
Linux or any of the *BSDs or even a Mac. Save me from a Windows based
HMC! Maybe we'll get one if we upgrade to a z9. But, given the ch**p
b*ds around here, likely not.


It's Linux based, but I doubt you will like it.
The operating system (formally IBM claims it's "closed system" - you 
cannot have even command line) is one animal, but the HMC application is 
another. It works almost the same way as OS/2 version, but looks much 
worse. It's also slower and - at least for me - it is less convenient.

No PCOMM, poor x3270 instead and it cannot be customized.
Reading floppy takes a long time. Even my XT was quicker.
Starting web page cannot be customized.

To be honest, there are also improvements: it requires less network 
bandwith when using remote access. Previous version had limited 
functionality when accessed in "web" mode. Even access to SE is quick. 
Another advantage is multi-user support.


--
Radoslaw Skorupka
Lodz, Poland

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Choate, Bill]

No, it is Linux based.

Bill Choate
Emory University
AAIT

-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of McKown, John
Sent: Monday, November 13, 2006 8:33 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: remote support questions - curiousity

> -Original Message-
> From: IBM Mainframe Discussion List 
> [mailto:[EMAIL PROTECTED] On Behalf Of Alan Altmark
> Sent: Sunday, November 12, 2006 11:09 PM
> To: IBM-MAIN@BAMA.UA.EDU
> Subject: Re: remote support questions - curiousity
> 
> 
> On Sunday, 11/12/2006 at 09:33 CST, "McKown, John" 
> <[EMAIL PROTECTED]> wrote:
> > Yes, the HMC on the zSeries is still OS/2.
> 
> I hate to be a party-pooper, but the current HMC 2.9 is not 
> based on OS/2!
> 
> Alan Altmark

Ah! Nice. But please don't tell me it's based on Windows. I'll take
Linux or any of the *BSDs or even a Mac. Save me from a Windows based
HMC! Maybe we'll get one if we upgrade to a z9. But, given the ch**p
b*ds around here, likely not.

--
John McKown
Senior Systems Programmer
HealthMarkets
Keeping the Promise of Affordable Coverage
Administrative Services Group
Information Technology

This message (including any attachments) contains confidential
information intended for a specific individual and purpose, and its
content is protected by law.  If you are not the intended recipient, you
should delete this message and are hereby notified that any disclosure,
copying, or distribution of this transmission, or taking any action
based on it, is strictly prohibited. 
 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[McKown, John]

> -Original Message-
> From: IBM Mainframe Discussion List 
> [mailto:[EMAIL PROTECTED] On Behalf Of Alan Altmark
> Sent: Sunday, November 12, 2006 11:09 PM
> To: IBM-MAIN@BAMA.UA.EDU
> Subject: Re: remote support questions - curiousity
> 
> 
> On Sunday, 11/12/2006 at 09:33 CST, "McKown, John" 
> <[EMAIL PROTECTED]> wrote:
> > Yes, the HMC on the zSeries is still OS/2.
> 
> I hate to be a party-pooper, but the current HMC 2.9 is not 
> based on OS/2!
> 
> Alan Altmark

Ah! Nice. But please don't tell me it's based on Windows. I'll take
Linux or any of the *BSDs or even a Mac. Save me from a Windows based
HMC! Maybe we'll get one if we upgrade to a z9. But, given the ch**p
b*ds around here, likely not.

--
John McKown
Senior Systems Programmer
HealthMarkets
Keeping the Promise of Affordable Coverage
Administrative Services Group
Information Technology

This message (including any attachments) contains confidential
information intended for a specific individual and purpose, and its
content is protected by law.  If you are not the intended recipient, you
should delete this message and are hereby notified that any disclosure,
copying, or distribution of this transmission, or taking any action
based on it, is strictly prohibited. 
 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Alan Altmark]

On Sunday, 11/12/2006 at 09:33 CST, "McKown, John" 
<[EMAIL PROTECTED]> wrote:
> Yes, the HMC on the zSeries is still OS/2.

I hate to be a party-pooper, but the current HMC 2.9 is not based on OS/2!

Alan Altmark
z/VM Development
IBM Endicott

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Arthur T.]

On 12 Nov 2006 18:14:20 -0800, in bit.listserv.ibm-main 
(Message-ID:<[EMAIL PROTECTED]>) 
[EMAIL PROTECTED] (McKown, John) wrote:


This is basically for my curiousity. It isn't going to 
happen here
anytime at all. But I am wondering how the people who do 
it, do remote

sysprogging?


 Short FOAF story from many years back, before the 
days of VPN and HMCs:


 Company decides to move all personnel except 
operators a few of miles from the machine room.  A few 
months later the system crashes.  Sysprogs say they must go 
to the machine to fix it.  They go onsite and fix it.  Word 
comes down from the top:  "Sysprogs' desks may not be more 
than 500 feet from the computer room."


Notes:
 FOAF is in the Jargon file; check there if you don't 
know what it means.
 "500 feet":  It may have been a different number, but 
I think this is within a factor of 2.



--
I cannot receive mail at the address this was sent from.
To reply directly, send to ar23hur "at" intergate "dot" com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[McKown, John]

> -Original Message-
> From: IBM Mainframe Discussion List 
> [mailto:[EMAIL PROTECTED] On Behalf Of Len Rugen
> Sent: Sunday, November 12, 2006 9:28 PM
> To: IBM-MAIN@BAMA.UA.EDU
> Subject: Re: remote support questions - curiousity
> 
> 
> Is OS/2 still the HMC OS?  It is on our system, but it's 3-4 
> years old.
> That's my biggest problem with any remote support, I've 
> forgot alot about
> using "half OS".

Yes, the HMC on the zSeries is still OS/2. The equivalent on our Shark
is Linux.

> 
> I'm only a mile or so away, and I still go to the hardware 
> when I do a CPAC
> install.  Once I get a new OS level customized, I rarely go 
> to the iron, but
> I could.  My net access at home is to slow anyway if there is 
> a serious
> problem for remote support.

This is my concern also. Even DSL is a bit slow anymore.

> 
> MF sysprogs have always been in the same building as the 
> developers, not the
> hardware.  Now the PFCSKS sysadmins are mostly in the 
> building with the
> hardware, so I'm feeling pressure to move, which I won't enjoy.

We're all in one building. In the past, there were operators to man the
machinery. Today's "operators" are just not the same caliber. So the
sysprogs need to be near the machines. Once again, I blame Windows. The
MCSE are always in there and they don't want the equivalent of an
operator to reboot a server. They want to do it themselves. So the
"operators" don't want the responsibility of IPLing the z/OS system
either. Most of the times, our "operators" are really only "help desk
people" who either reset passwords for people or enter tickets for other
to fix some problem. And they aren't even very good at the latter. I'm a
z/OS sysprog. I get tickets where the screen print from the user plainly
contains a Windows error dialog box. But the user said that they were
trying to use CICS. So it must be a CICS problem, right? "What? CICS
doesn't put up Windows error dialog boxes??? You're kidding me,
right!?!"

--
John McKown
Senior Systems Programmer
HealthMarkets
Keeping the Promise of Affordable Coverage
Administrative Services Group
Information Technology

This message (including any attachments) contains confidential
information intended for a specific individual and purpose, and its
content is protected by law.  If you are not the intended recipient, you
should delete this message and are hereby notified that any disclosure,
copying, or distribution of this transmission, or taking any action
based on it, is strictly prohibited. 
 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: remote support questions - curiousity

[Len Rugen]

Is OS/2 still the HMC OS?  It is on our system, but it's 3-4 years old.
That's my biggest problem with any remote support, I've forgot alot about
using "half OS".

I'm only a mile or so away, and I still go to the hardware when I do a CPAC
install.  Once I get a new OS level customized, I rarely go to the iron, but
I could.  My net access at home is to slow anyway if there is a serious
problem for remote support.

MF sysprogs have always been in the same building as the developers, not the
hardware.  Now the PFCSKS sysadmins are mostly in the building with the
hardware, so I'm feeling pressure to move, which I won't enjoy.

---
[This E-mail scanned for viruses by Declude Virus]

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

remote support questions - curiousity

[McKown, John]

This is basically for my curiousity. It isn't going to happen here
anytime at all. But I am wondering how the people who do it, do remote
sysprogging? Not the normal day-to-day type stuff. I mean things such
as:

A problem at IPL. Either the IPL fails or some "problem" (usually ill
defined) occurs. We have a VPN and I can get to the HMC to IPL. I can
also use the "system console" on the HMC. But this is not optimal. Do
remote sites use PCs for their consoles and have some way for a sysprog
to do a remote session those PCs (VNC?) (like the PC desktop people
sometimes do for remote support)?

Hard wait occurs. Usually diagnostic information is on the master
console. Use the above where the master console can be remoted into?

If the above is used (remote access of some sort), what about the
possibility of a "worse case" scenario where the problem occurs when you
have a network outage as well? Either at your location, or at the remote
location (the infamous fiber-seeking backhoe). I understand redundancy
at a remote office. What about at a house?

Somebody "has a problem and wants to talk it over". I don't know if this
happens much in such shops. Here, there are programmers coming over at
least 3 times a week to talk to somebody about something. Such as an ftp
problem. Or a coding problem. Or a "can CICS do this?" question. I do
know that at my previous job, the programmers were remote, but they had
local help from "technical specialists" who were apparently very smart
programmers. We don't have those (not
enuf).

These were just some thoughts as I sit here waiting for an IPL to
install new maintenance. I must "do my magic" after the production
system (we only have one) is down. I'm using our "sandbox" to "do the
magic" because I couldn't afford the DASD to duplicate the RES volumes.
Luckily, it is only renaming 4 "minor" datasets (LINKLIB, NUCLEUS,
LPALIB, and MACLIB). I did the maintenance the "bad way". I created
duplicates on the same volumes, with new names and put the maintenance
into them. Yes, this is stupid. No, I didn't really have a choice. We
did have a plus of DASD a few months ago. Then somebody decided that we
needed a new type of "model office" environment and ate almost all the
unused volumes. These same somebodys also want a new set of test volumes
for a alternate test environment. Then they want yet another environment
called "regression". That is 6 environments: Prod, MDOF1, MDOF2, Test1,
Test2, and REGRESSION. And our shop is not that large! Like 50 MSUs
total (prox 300 MIPS - the evil word) on a z890.

--
John McKown
Senior Systems Programmer
HealthMarkets
Keeping the Promise of Affordable Coverage
Administrative Services Group
Information Technology

This message (including any attachments) contains confidential
information intended for a specific individual and purpose, and its
content is protected by law.  If you are not the intended recipient, you
should delete this message and are hereby notified that any disclosure,
copying, or distribution of this transmission, or taking any action
based on it, is strictly prohibited. 
 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html