z14 and z/OS 2.3 Blog Post

[Cheryl Watson]

Here's my latest blog post from a techie's point of view.  You might find
some things that haven't been mentioned yet.

 

http://watsonwalker.com/ibms-z14-zos-2-3-announcements/

 

Cheryl

 

Cheryl Watson

Watson & Walker, Inc.

www.watsonwalker.com  

 

 


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Jake Anderson]

Hi

Apology for my ignorance

'Pauseless Garbage Collection' on Java

Could someone please explain on what Is meant by above sentence ?

Jake

On 27-Jul-2017 6:16 AM, "Cheryl Watson"  wrote:

> Here's my latest blog post from a techie's point of view.  You might find
> some things that haven't been mentioned yet.
>
>
>
> http://watsonwalker.com/ibms-z14-zos-2-3-announcements/
>
>
>
> Cheryl
>
>
>
> Cheryl Watson
>
> Watson & Walker, Inc.
>
> www.watsonwalker.com 
>
>
>
>
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[David Crayford]

Pause-less garbage collection is not new 
http://www.artima.com/lejava/articles/azul_pauseless_gc.html. From 
reading a previous post by Timothy Sipples it appears that IBM have 
added some new hardware instructions  to the z14 to assist with the 
read/write barriers required to implement the algorithm.



On 27/07/2017 3:04 PM, Jake Anderson wrote:

Hi

Apology for my ignorance

'Pauseless Garbage Collection' on Java

Could someone please explain on what Is meant by above sentence ?

Jake

On 27-Jul-2017 6:16 AM, "Cheryl Watson"  wrote:


Here's my latest blog post from a techie's point of view.  You might find
some things that haven't been mentioned yet.



http://watsonwalker.com/ibms-z14-zos-2-3-announcements/



Cheryl



Cheryl Watson

Watson & Walker, Inc.

www.watsonwalker.com 






--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Jake Anderson]

Hi

Thanks.

So the pause less garbage collection reduces the CPU spike ? Sounds
interesting

On 27-Jul-2017 12:51 PM, "David Crayford"  wrote:

> Pause-less garbage collection is not new http://www.artima.com/lejava/a
> rticles/azul_pauseless_gc.html. From reading a previous post by Timothy
> Sipples it appears that IBM have added some new hardware instructions  to
> the z14 to assist with the read/write barriers required to implement the
> algorithm.
>
>
> On 27/07/2017 3:04 PM, Jake Anderson wrote:
>
>> Hi
>>
>> Apology for my ignorance
>>
>> 'Pauseless Garbage Collection' on Java
>>
>> Could someone please explain on what Is meant by above sentence ?
>>
>> Jake
>>
>> On 27-Jul-2017 6:16 AM, "Cheryl Watson"  wrote:
>>
>> Here's my latest blog post from a techie's point of view.  You might find
>>> some things that haven't been mentioned yet.
>>>
>>>
>>>
>>> http://watsonwalker.com/ibms-z14-zos-2-3-announcements/
>>>
>>>
>>>
>>> Cheryl
>>>
>>>
>>>
>>> Cheryl Watson
>>>
>>> Watson & Walker, Inc.
>>>
>>> www.watsonwalker.com 
>>>
>>>
>>>
>>>
>>>
>>>
>>> --
>>> For IBM-MAIN subscribe / signoff / archive access instructions,
>>> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>>>
>>> --
>> For IBM-MAIN subscribe / signoff / archive access instructions,
>> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Parwez Hamid]

High Level Summary for Garbage Collection:

Guarded Storage Facility (GSF)

Also known as less-pausing garbage collection, Guarded Storage Facility is a new
architecture introduced with z14 to enable enterprise scale Java applications 
to run without
periodic pause for garbage collection on larger heaps.

z/OS

GSF support allows an area of storage to be identified such that an Exit 
routine gets control if
a reference is made to that storage. GSF is managed by new instructions that 
define Guarded
Storage Controls and system code to maintain that control information across 
un-dispatch
and re-dispatch. Enabling a less-pausing approach improves Java garbage 
collection.
Function is provided on z14 running z/OS 2.2 and later with APAR OA51643 
installed.
MACHMIG statement in LOADxx of SYS1.PARMLIB provides ability to disable the 
function.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[David Crayford]

That's awesome! I would love to see some bench-tests to see how much it 
improves performance. I've been coding quite a bit of Java recently and 
have grown to like it.



On 27/07/2017 5:08 PM, Parwez Hamid wrote:

High Level Summary for Garbage Collection:

Guarded Storage Facility (GSF)

Also known as less-pausing garbage collection, Guarded Storage Facility is a new
architecture introduced with z14 to enable enterprise scale Java applications 
to run without
periodic pause for garbage collection on larger heaps.

z/OS

GSF support allows an area of storage to be identified such that an Exit 
routine gets control if
a reference is made to that storage. GSF is managed by new instructions that 
define Guarded
Storage Controls and system code to maintain that control information across 
un-dispatch
and re-dispatch. Enabling a less-pausing approach improves Java garbage 
collection.
Function is provided on z14 running z/OS 2.2 and later with APAR OA51643 
installed.
MACHMIG statement in LOADxx of SYS1.PARMLIB provides ability to disable the 
function.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Paul Gilmartin]

On Thu, 27 Jul 2017 13:59:12 +0530, Jake Anderson wrote:
>
>So the pause less garbage collection reduces the CPU spike ? Sounds
>interesting
> 
Well, it distributes it,  barring some major hardware assist.


>>> On 27-Jul-2017 6:16 AM, "Cheryl Watson" wrote:
>>>
>>> Here's my latest blog post from a techie's point of view.  You might find
 some things that haven't been mentioned yet.

 http://watsonwalker.com/ibms-z14-zos-2-3-announcements/

... Some other statements of direction (SOD) include: stabilization of 
DFS/SMB
because NFS is the strategic file sharing protocol; ...

Does Windows support NFS client?

Does NFS seamlessly connect z/OS to z/OS Classic data sets (e.g. PDSE to ISPF 
LM services)?

How do 8-character user IDs play with the TSO OUTPUT command?

 Cheryl Watson
 Watson & Walker, Inc.
 www.watsonwalker.com 

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Dave Jones]

Speaking of new hardware instructions, do we know when the new edition of the 
z/Architecture Principles of Operation will be available?
Thanks.
DJ

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Parwez Hamid]

Availability of POPs. This tends to be at the same time when the system GAs.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Dave Jones]

So around the end of September, then. as "the general availability of the 
3096-z14 on September 13, 2017".

DJ

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Tony Harminc]

On 27 July 2017 at 04:29, Jake Anderson  wrote:

> So the pause less garbage collection reduces the CPU spike ? Sounds
> interesting

It's not so much about the CPU spike; it's mostly about all the real
Java work not having to wait while the GC is performed. It could even
take more CPU time under some circumstances for all I know.

Tony H.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[David Crayford]

On 27/07/2017 10:05 PM, Paul Gilmartin wrote:

On Thu, 27 Jul 2017 13:59:12 +0530, Jake Anderson wrote:

So the pause less garbage collection reduces the CPU spike ? Sounds
interesting


Well, it distributes it,  barring some major hardware assist.



On 27-Jul-2017 6:16 AM, "Cheryl Watson" wrote:

Here's my latest blog post from a techie's point of view.  You might find

some things that haven't been mentioned yet.

http://watsonwalker.com/ibms-z14-zos-2-3-announcements/


 ... Some other statements of direction (SOD) include: stabilization of 
DFS/SMB
 because NFS is the strategic file sharing protocol; ...

Does Windows support NFS client?


Yes, NFS client is built in to Windows 10 but you have to jump through 
some hoops https://graspingtech.com/mount-nfs-share-windows-10/.



Does NFS seamlessly connect z/OS to z/OS Classic data sets (e.g. PDSE to ISPF 
LM services)?

How do 8-character user IDs play with the TSO OUTPUT command?


Cheryl Watson
Watson & Walker, Inc.
www.watsonwalker.com 

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Timothy Sipples]

Paul Gilmartin asked:
>Does Windows support NFS client?

David Crayford replied:
>Yes, NFS client is built in to Windows 10 but you have to jump through
>some hoops https://graspingtech.com/mount-nfs-share-windows-10/.

All supported desktop and server releases of Microsoft Windows include NFS
support. See here for the Windows 7 and Windows Server 2008 R2
instructions, for example:

https://technet.microsoft.com/en-us/library/cc732891(v=ws.11).aspx

macOS, IBM i, Linux, and all UNIX variants that I can think of also include
NFS support. It's quite a popular protocol, more popular than SMB/CIFS.
There's even a free NFS client for PC-DOS/MS-DOS/FreeDOS/DR-DOS operating
systems (would you believe):

http://freedos.sourceforge.net/wiki/index.php/NFS

It's probably past time to phase out the SMB protocol given recent
vulnerabilities and attacks such as WannaCry and ExPetr that affected
Windows systems. And if you decide to use file sharing of any sort, please
adopt and maintain security best practices if you haven't already.

Going forward, if you absolutely must have SMB protocol connectivity, then
"leapfrogging" is technically possible, I believe. The best leapfrogging
approach would be to configure Linux on Z such that z/OS connects via NFS
to Linux, thence Linux (using Samba) connects via SMB. In other words,
Linux on Z acts as a file/directory resharing gateway. I don't recommend
leapfrogging, but technically it should work. Variations are possible with
zdsfs instead of NFS for certain use cases.

>Does NFS seamlessly connect z/OS to z/OS Classic data sets
>(e.g. PDSE to ISPF LM services)?

Yes, if I understand your "e.g." correctly. Here's the z/OS 2.2 NFS Guide
and Reference (direct link, subject to change) if you'd like the full
details:

http://publibz.boulder.ibm.com/epubs/pdf/cpn2co11.pdf

To future readers: if this link is broken or not applicable (because you're
running a newer z/OS release for example), try searching for IBM
Publication SC23-6883 (latest revision), or check the z/OS part of the IBM
Knowledge Center.


Timothy Sipples
IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA
E-Mail: sipp...@sg.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[David Crayford]

On 28/07/2017 4:03 PM, Timothy Sipples wrote:

David Crayford replied:

Yes, NFS client is built in to Windows 10 but you have to jump through
some hoopshttps://graspingtech.com/mount-nfs-share-windows-10/.

All supported desktop and server releases of Microsoft Windows include NFS
support. See here for the Windows 7 and Windows Server 2008 R2
instructions, for example:

https://technet.microsoft.com/en-us/library/cc732891(v=ws.11).aspx


I'm not sure about that for Windows desktop OSs. AFAIK it's only 
recently been a feature of Windows 10 since Windows 10 Pro (Version 
10.0.14393 and above) as mentioned in the blog.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Frank Swarbrick]

What is the likelihood of Microsoft phasing out a protocol they invented (SMB) 
in favor of one they id not (NFS)?


From: IBM Mainframe Discussion List  on behalf of 
Timothy Sipples 
Sent: Friday, July 28, 2017 2:03 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: z14 and z/OS 2.3 Blog Post

Paul Gilmartin asked:
>Does Windows support NFS client?

David Crayford replied:
>Yes, NFS client is built in to Windows 10 but you have to jump through
>some hoops https://graspingtech.com/mount-nfs-share-windows-10/.
[https://graspingtech.com/wp-content/uploads/windows-10-logo.jpg]<https://graspingtech.com/mount-nfs-share-windows-10/>

How to Mount an NFS Share Using a Windows 10 
Machine<https://graspingtech.com/mount-nfs-share-windows-10/>
graspingtech.com
Mounting an NFS (Network File System) share using a Unix-like operating system 
is pretty straight forward. But how do you do this in Windows 10?



All supported desktop and server releases of Microsoft Windows include NFS
support. See here for the Windows 7 and Windows Server 2008 R2
instructions, for example:

https://technet.microsoft.com/en-us/library/cc732891(v=ws.11).aspx
Starting Client for NFS - 
technet.microsoft.com<https://technet.microsoft.com/en-us/library/cc732891(v=ws.11).aspx>
technet.microsoft.com
To start Client for NFS from the Windows interface Open Services for Network 
File System: click Start, point to Programs or All Programs, point to 
Administrative ...



macOS, IBM i, Linux, and all UNIX variants that I can think of also include
NFS support. It's quite a popular protocol, more popular than SMB/CIFS.
There's even a free NFS client for PC-DOS/MS-DOS/FreeDOS/DR-DOS operating
systems (would you believe):

http://freedos.sourceforge.net/wiki/index.php/NFS

It's probably past time to phase out the SMB protocol given recent
vulnerabilities and attacks such as WannaCry and ExPetr that affected
Windows systems. And if you decide to use file sharing of any sort, please
adopt and maintain security best practices if you haven't already.

Going forward, if you absolutely must have SMB protocol connectivity, then
"leapfrogging" is technically possible, I believe. The best leapfrogging
approach would be to configure Linux on Z such that z/OS connects via NFS
to Linux, thence Linux (using Samba) connects via SMB. In other words,
Linux on Z acts as a file/directory resharing gateway. I don't recommend
leapfrogging, but technically it should work. Variations are possible with
zdsfs instead of NFS for certain use cases.

>Does NFS seamlessly connect z/OS to z/OS Classic data sets
>(e.g. PDSE to ISPF LM services)?

Yes, if I understand your "e.g." correctly. Here's the z/OS 2.2 NFS Guide
and Reference (direct link, subject to change) if you'd like the full
details:

http://publibz.boulder.ibm.com/epubs/pdf/cpn2co11.pdf

To future readers: if this link is broken or not applicable (because you're
running a newer z/OS release for example), try searching for IBM
Publication SC23-6883 (latest revision), or check the z/OS part of the IBM
Knowledge Center.


Timothy Sipples
IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA
E-Mail: sipp...@sg.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Farley, Peter x23353]

Then again who would have expected M$ to support native Ubuntu Linux command 
line code running under Windows, but they did, and it works really well.

Sometimes they surprise you.

Peter

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Frank Swarbrick
Sent: Friday, July 28, 2017 2:14 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: z14 and z/OS 2.3 Blog Post

What is the likelihood of Microsoft phasing out a protocol they invented (SMB) 
in favor of one they id not (NFS)?


From: IBM Mainframe Discussion List  on behalf of 
Timothy Sipples 
Sent: Friday, July 28, 2017 2:03 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: z14 and z/OS 2.3 Blog Post

Paul Gilmartin asked:
>Does Windows support NFS client?

David Crayford replied:
>Yes, NFS client is built in to Windows 10 but you have to jump through
>some hoops https://graspingtech.com/mount-nfs-share-windows-10/.
[https://graspingtech.com/wp-content/uploads/windows-10-logo.jpg]<https://graspingtech.com/mount-nfs-share-windows-10/>

How to Mount an NFS Share Using a Windows 10 
Machine<https://graspingtech.com/mount-nfs-share-windows-10/>
graspingtech.com
Mounting an NFS (Network File System) share using a Unix-like operating system 
is pretty straight forward. But how do you do this in Windows 10?



All supported desktop and server releases of Microsoft Windows include NFS
support. See here for the Windows 7 and Windows Server 2008 R2
instructions, for example:

https://technet.microsoft.com/en-us/library/cc732891(v=ws.11).aspx
Starting Client for NFS - 
technet.microsoft.com<https://technet.microsoft.com/en-us/library/cc732891(v=ws.11).aspx>
technet.microsoft.com
To start Client for NFS from the Windows interface Open Services for Network 
File System: click Start, point to Programs or All Programs, point to 
Administrative ...



macOS, IBM i, Linux, and all UNIX variants that I can think of also include
NFS support. It's quite a popular protocol, more popular than SMB/CIFS.
There's even a free NFS client for PC-DOS/MS-DOS/FreeDOS/DR-DOS operating
systems (would you believe):

http://freedos.sourceforge.net/wiki/index.php/NFS

It's probably past time to phase out the SMB protocol given recent
vulnerabilities and attacks such as WannaCry and ExPetr that affected
Windows systems. And if you decide to use file sharing of any sort, please
adopt and maintain security best practices if you haven't already.

Going forward, if you absolutely must have SMB protocol connectivity, then
"leapfrogging" is technically possible, I believe. The best leapfrogging
approach would be to configure Linux on Z such that z/OS connects via NFS
to Linux, thence Linux (using Samba) connects via SMB. In other words,
Linux on Z acts as a file/directory resharing gateway. I don't recommend
leapfrogging, but technically it should work. Variations are possible with
zdsfs instead of NFS for certain use cases.

>Does NFS seamlessly connect z/OS to z/OS Classic data sets
>(e.g. PDSE to ISPF LM services)?

Yes, if I understand your "e.g." correctly. Here's the z/OS 2.2 NFS Guide
and Reference (direct link, subject to change) if you'd like the full
details:

http://publibz.boulder.ibm.com/epubs/pdf/cpn2co11.pdf

To future readers: if this link is broken or not applicable (because you're
running a newer z/OS release for example), try searching for IBM
Publication SC23-6883 (latest revision), or check the z/OS part of the IBM
Knowledge Center.

--

This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Frank Swarbrick]

True enough.  Quite a cool feature that is, as well!


From: IBM Mainframe Discussion List  on behalf of 
Farley, Peter x23353 
Sent: Friday, July 28, 2017 12:16 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: z14 and z/OS 2.3 Blog Post

Then again who would have expected M$ to support native Ubuntu Linux command 
line code running under Windows, but they did, and it works really well.

Sometimes they surprise you.

Peter

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Frank Swarbrick
Sent: Friday, July 28, 2017 2:14 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: z14 and z/OS 2.3 Blog Post

What is the likelihood of Microsoft phasing out a protocol they invented (SMB) 
in favor of one they id not (NFS)?


From: IBM Mainframe Discussion List  on behalf of 
Timothy Sipples 
Sent: Friday, July 28, 2017 2:03 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: z14 and z/OS 2.3 Blog Post

Paul Gilmartin asked:
>Does Windows support NFS client?

David Crayford replied:
>Yes, NFS client is built in to Windows 10 but you have to jump through
>some hoops https://graspingtech.com/mount-nfs-share-windows-10/.
[https://graspingtech.com/wp-content/uploads/windows-10-logo.jpg]<https://graspingtech.com/mount-nfs-share-windows-10/>

How to Mount an NFS Share Using a Windows 10 
Machine<https://graspingtech.com/mount-nfs-share-windows-10/>
graspingtech.com
Mounting an NFS (Network File System) share using a Unix-like operating system 
is pretty straight forward. But how do you do this in Windows 10?



All supported desktop and server releases of Microsoft Windows include NFS
support. See here for the Windows 7 and Windows Server 2008 R2
instructions, for example:

https://technet.microsoft.com/en-us/library/cc732891(v=ws.11).aspx
Starting Client for NFS - 
technet.microsoft.com<https://technet.microsoft.com/en-us/library/cc732891(v=ws.11).aspx>
technet.microsoft.com
To start Client for NFS from the Windows interface Open Services for Network 
File System: click Start, point to Programs or All Programs, point to 
Administrative ...



macOS, IBM i, Linux, and all UNIX variants that I can think of also include
NFS support. It's quite a popular protocol, more popular than SMB/CIFS.
There's even a free NFS client for PC-DOS/MS-DOS/FreeDOS/DR-DOS operating
systems (would you believe):

http://freedos.sourceforge.net/wiki/index.php/NFS

It's probably past time to phase out the SMB protocol given recent
vulnerabilities and attacks such as WannaCry and ExPetr that affected
Windows systems. And if you decide to use file sharing of any sort, please
adopt and maintain security best practices if you haven't already.

Going forward, if you absolutely must have SMB protocol connectivity, then
"leapfrogging" is technically possible, I believe. The best leapfrogging
approach would be to configure Linux on Z such that z/OS connects via NFS
to Linux, thence Linux (using Samba) connects via SMB. In other words,
Linux on Z acts as a file/directory resharing gateway. I don't recommend
leapfrogging, but technically it should work. Variations are possible with
zdsfs instead of NFS for certain use cases.

>Does NFS seamlessly connect z/OS to z/OS Classic data sets
>(e.g. PDSE to ISPF LM services)?

Yes, if I understand your "e.g." correctly. Here's the z/OS 2.2 NFS Guide
and Reference (direct link, subject to change) if you'd like the full
details:

http://publibz.boulder.ibm.com/epubs/pdf/cpn2co11.pdf

To future readers: if this link is broken or not applicable (because you're
running a newer z/OS release for example), try searching for IBM
Publication SC23-6883 (latest revision), or check the z/OS part of the IBM
Knowledge Center.

--

This message and any attachments are intended only for the use of the addressee 
and may contain information that is privileged and confidential. If the reader 
of the message is not the intended recipient or an authorized representative of 
the intended recipient, you are hereby notified that any dissemination of this 
communication is strictly prohibited. If you have received this communication 
in error, please notify us immediately by e-mail and delete the message and any 
attachments from your system.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Nims,Alva John (Al)]

It has been long time since I looked at this, but doesn't Samba have a z/OS 
server?  I could be very wrong and could be a terrible implementation.

Al Nims
Systems Admin/Programmer 3
UFIT
University of Florida
(352) 273-1298

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Timothy Sipples
Sent: Friday, July 28, 2017 4:04 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: z14 and z/OS 2.3 Blog Post

Paul Gilmartin asked:
>Does Windows support NFS client?

David Crayford replied:
>Yes, NFS client is built in to Windows 10 but you have to jump through 
>some hoops https://graspingtech.com/mount-nfs-share-windows-10/.

All supported desktop and server releases of Microsoft Windows include NFS 
support. See here for the Windows 7 and Windows Server 2008 R2 instructions, 
for example:

https://technet.microsoft.com/en-us/library/cc732891(v=ws.11).aspx

macOS, IBM i, Linux, and all UNIX variants that I can think of also include NFS 
support. It's quite a popular protocol, more popular than SMB/CIFS.
There's even a free NFS client for PC-DOS/MS-DOS/FreeDOS/DR-DOS operating 
systems (would you believe):

http://freedos.sourceforge.net/wiki/index.php/NFS

It's probably past time to phase out the SMB protocol given recent 
vulnerabilities and attacks such as WannaCry and ExPetr that affected Windows 
systems. And if you decide to use file sharing of any sort, please adopt and 
maintain security best practices if you haven't already.

Going forward, if you absolutely must have SMB protocol connectivity, then 
"leapfrogging" is technically possible, I believe. The best leapfrogging 
approach would be to configure Linux on Z such that z/OS connects via NFS to 
Linux, thence Linux (using Samba) connects via SMB. In other words, Linux on Z 
acts as a file/directory resharing gateway. I don't recommend leapfrogging, but 
technically it should work. Variations are possible with zdsfs instead of NFS 
for certain use cases.

>Does NFS seamlessly connect z/OS to z/OS Classic data sets (e.g. PDSE 
>to ISPF LM services)?

Yes, if I understand your "e.g." correctly. Here's the z/OS 2.2 NFS Guide and 
Reference (direct link, subject to change) if you'd like the full
details:

http://publibz.boulder.ibm.com/epubs/pdf/cpn2co11.pdf

To future readers: if this link is broken or not applicable (because you're 
running a newer z/OS release for example), try searching for IBM Publication 
SC23-6883 (latest revision), or check the z/OS part of the IBM Knowledge Center.


Timothy Sipples
IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA
E-Mail: sipp...@sg.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Timothy Sipples]

David Crayford wrote:
>I'm not sure about that for Windows desktop OSs. AFAIK it's only
>recently been a feature of Windows 10 since Windows 10 Pro (Version
>10.0.14393 and above) as mentioned in the blog.

Everyone is correct. :-)

Microsoft includes NFS ("Services for NFS") in Windows 7 Enterprise and
Ultimate. (I don't think Windows 8.x had an Ultimate flavor, so in the
Windows 8.x stream Microsoft's NFS is only in Windows 8 Enterprise.) All
that really changed in Windows 10 is that Microsoft included NFS in their
lower Windows 10 license tiers.

But no problem. Microsoft's NFS is based on the University of Michigan's
work. If you have Windows 7 but don't have Enterprise or Ultimate, you can
go right back to the original authors to get their NFS code (source code
and pre-built binary):

http://www.citi.umich.edu/projects/nfsv4/windows/

UofM NFS also works on the now unsupported Windows Vista editions.


Timothy Sipples
IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA


E-Mail: sipp...@sg.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Timothy Sipples]

Frank Swarbrick wrote:
>What is the likelihood of Microsoft phasing out a protocol they
>invented (SMB) in favor of one they id not (NFS)?

Barry Feigenbaum at IBM invented the original SMB protocol in 1983.

Al Nims wrote:
>It has been long time since I looked at this, but doesn't Samba
>have a z/OS server?

There's a very old version (20 years old) available here:

https://download.samba.org/pub/samba/Binary_Packages/mvs/

Maybe somebody would like to try compiling the latest release on z/OS.


Timothy Sipples
IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA


E-Mail: sipp...@sg.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[David Crayford]

On 29/07/2017 10:03 AM, Timothy Sipples wrote:

David Crayford wrote:

I'm not sure about that for Windows desktop OSs. AFAIK it's only
recently been a feature of Windows 10 since Windows 10 Pro (Version
10.0.14393 and above) as mentioned in the blog.

Everyone is correct. :-)


Regardless of the version of Windows it's a hell of a lot more difficult 
to mount a NFS network drive compared to SMB.




Microsoft includes NFS ("Services for NFS") in Windows 7 Enterprise and
Ultimate. (I don't think Windows 8.x had an Ultimate flavor, so in the
Windows 8.x stream Microsoft's NFS is only in Windows 8 Enterprise.) All
that really changed in Windows 10 is that Microsoft included NFS in their
lower Windows 10 license tiers.

But no problem. Microsoft's NFS is based on the University of Michigan's
work. If you have Windows 7 but don't have Enterprise or Ultimate, you can
go right back to the original authors to get their NFS code (source code
and pre-built binary):

http://www.citi.umich.edu/projects/nfsv4/windows/

UofM NFS also works on the now unsupported Windows Vista editions.


Timothy Sipples
IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA


E-Mail: sipp...@sg.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[John McKown]

On Sun, Jul 30, 2017 at 7:10 AM, David Crayford  wrote:

> On 29/07/2017 10:03 AM, Timothy Sipples wrote:
>
>> David Crayford wrote:
>>
>>> I'm not sure about that for Windows desktop OSs. AFAIK it's only
>>> recently been a feature of Windows 10 since Windows 10 Pro (Version
>>> 10.0.14393 and above) as mentioned in the blog.
>>>
>> Everyone is correct. :-)
>>
>
> Regardless of the version of Windows it's a hell of a lot more difficult
> to mount a NFS network drive compared to SMB.


​I'd bet that is because MS simply hasn't bothered to integrate NFS into
the basic portion of Windows, as opposed to SMB which is it's "native" way
to do disk sharing. And it's not just Windows, I've had my own ​fights
using NFS between z/OS 1.12 and Linux (Fedora). I can't talk to other
versions of z/OS because I don't really have access to a current version
upon which I can try NFS.

-- 
Veni, Vidi, VISA: I came, I saw, I did a little shopping.

Maranatha! <><
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Clark Morris]

[Default] On 31 Jul 2017 08:15:21 -0700, in bit.listserv.ibm-main
john.archie.mck...@gmail.com (John McKown) wrote:

>On Sun, Jul 30, 2017 at 7:10 AM, David Crayford  wrote:
>
>> On 29/07/2017 10:03 AM, Timothy Sipples wrote:
>>
>>> David Crayford wrote:
>>>
 I'm not sure about that for Windows desktop OSs. AFAIK it's only
 recently been a feature of Windows 10 since Windows 10 Pro (Version
 10.0.14393 and above) as mentioned in the blog.

>>> Everyone is correct. :-)
>>>
>>
>> Regardless of the version of Windows it's a hell of a lot more difficult
>> to mount a NFS network drive compared to SMB.
>
>
>?I'd bet that is because MS simply hasn't bothered to integrate NFS into
>the basic portion of Windows, as opposed to SMB which is it's "native" way
>to do disk sharing. And it's not just Windows, I've had my own ?fights
>using NFS between z/OS 1.12 and Linux (Fedora). I can't talk to other
>versions of z/OS because I don't really have access to a current version
>upon which I can try NFS.


If your organization's operating system is unsupported and there is
any outside connection to it, I would be concerned about legal
liability if anything happens.

Clark Morris

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[John McKown]

On Mon, Jul 31, 2017 at 1:20 PM, Clark Morris 
wrote:

> ​​
>
>
> If your organization's operating system is unsupported and there is
> any outside connection to it, I would be concerned about legal
> liability if anything happens.
>

​There are _NO_ connections to z/OS even from internal boxes. When files
need to be transferred, they are written from z/OS to the appropriate,
internal, FTP server. This basically runs FTP ​software called "Beyond
FTP". When a file shows up in a particular directory, it is encrypted and
forwarded by that box to the appropriate external user, or just transferred
to the correct internal Windows "share". This is mainly to update internal
MS SQL databases. The reverse is done for external boxes - they ftp
encrypted files to this server, which decrypts it and forwards it to the
proper Windows share.


>
> Clark Morris
>
>

-- 
Veni, Vidi, VISA: I came, I saw, I did a little shopping.

Maranatha! <><
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[Timothy Sipples]

John McKown wrote:
>​There are _NO_ connections to z/OS even from internal boxes. When files
>need to be transferred, they are written from z/OS to the appropriate,
>internal, FTP server.

So there are no connections, but there are connections. With bulk transfers
of personal healthcare data with no granular security context preserved, I
assume. As Mr. Spock used to say, "Fascinating."

The modern (and not so modern) reality is that "internal" networks are
being penetrated all the time, and "internal" servers (and other devices)
are getting pwned all the time. "Maginot Line" approaches no longer work,
if they ever did.

https://en.wikipedia.org/wiki/Maginot_Line

Defense in depth is really, really important. This isn't the time for
complacency, I'm afraid.

Yes, I'm aware that there are some individuals in management who, on
occasion, act like Frank Drebin:

https://www.youtube.com/watch?v=pdFl__NlOpA

It's still important to explain the risks and document them.


Timothy Sipples
IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA
E-Mail: sipp...@sg.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: z14 and z/OS 2.3 Blog Post

[John McKown]

On Mon, Jul 31, 2017 at 11:32 PM, Timothy Sipples 
wrote:

> John McKown wrote:
> >​There are _NO_ connections to z/OS even from internal boxes. When files
> >need to be transferred, they are written from z/OS to the appropriate,
> >internal, FTP server.
>
> So there are no connections, but there are connections. With bulk transfers
> of personal healthcare data with no granular security context preserved, I
> assume. As Mr. Spock used to say, "Fascinating."
>
> The modern (and not so modern) reality is that "internal" networks are
> being penetrated all the time, and "internal" servers (and other devices)
> are getting pwned all the time. "Maginot Line" approaches no longer work,
> if they ever did.
>
> https://en.wikipedia.org/wiki/Maginot_Line
>
> Defense in depth is really, really important. This isn't the time for
> complacency, I'm afraid.
>
> Yes, I'm aware that there are some individuals in management who, on
> occasion, act like Frank Drebin:
>
> https://www.youtube.com/watch?v=pdFl__NlOpA
>
> It's still important to explain the risks and document them.
>

​Yes. And hopefully the ones whose job this is are doing that. I'm a z/OS
sysprog who has been "impressed" (in the British nautical sense) with doing
some RACF work. But I don't make policy. I just try to enforce it.​ I'm not
in any kind of position to even speak to those "in the know".


-- 
Veni, Vidi, VISA: I came, I saw, I did a little shopping.

Maranatha! <><
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Windows NFS (was: z14 and z/OS 2.3 Blog Post)

[Paul Gilmartin]

On Sat, 29 Jul 2017 10:03:43 +0800, Timothy Sipples wrote:
>
>Microsoft includes NFS ("Services for NFS") in Windows 7 Enterprise and
>Ultimate. (I don't think Windows 8.x had an Ultimate flavor, so in the
>Windows 8.x stream Microsoft's NFS is only in Windows 8 Enterprise.) All
>that really changed in Windows 10 is that Microsoft included NFS in their
>lower Windows 10 license tiers.
> 
What security mechanism(s) do(es) it provide:
o UID/GID?
  (What do UID and GID mean to Windows?)
o MVSLOGIN?
o Kerberos?
o Other (specify)?

Does it support:
o Classic data sets?
  (ISPF-style member serialization (this seems to be a z/OS server function)?
o HFS/zFS files?

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Security, Other Risks When Unsupported (Was: z14 and z/OS 2.3 Blog Post)

[Timothy Sipples]

John McKown wrote:
>Yes. And hopefully the ones whose job this is are doing that.
>I'm a z/OS sysprog

It is your job, too. You just write (yes write) something like:

- - - -

August 2, 2017

Dear (My Manager):

I would like to make you aware that we are no longer receiving
security-related and other patches for the following software products and
release levels that are in productive use, as of the dates indicated:

z/OS Version 1.12  2014-09-30
CICS Transaction Server  Version 3.2   2015-12-31
DB2 for z/OS Version 9.1   2014-06-27

Without security patches, and without an ongoing preventive maintenance
program to apply them, there is a growing risk of breaches. We are also
running software products that will receive security updates only for the
next 12 months or less. I can provide those details upon request.

If you have any questions, please let me know. Thanks.

(My Signature)

- - - -

That's it. You've provided the factual information, in writing (which could
be electronic), and your manager decides what to do or not to do. If you've
already done that, great. If there's a material update to provide, to keep
management reasonably well informed, please do.

Just apply a "reasonable care" standard and tell your manager, that's all.
If you're a secretary at an electric company, walking along the park one
sunny afternoon, and you see a couple people trying to steal a utility
pole, "not my job" doesn't wash. You call the police, and you tell your
boss. Likewise, if somebody has left the door open to the utility pole
depot, you ring up your company's security desk and tell them. Whether they
do anything or not is indeed *their* job, but you can observe and notify,
too.


Timothy Sipples
IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA
E-Mail: sipp...@sg.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security, Other Risks When Unsupported (Was: z14 and z/OS 2.3 Blog Post)

[R.S.]

W dniu 2017-08-02 o 09:52, Timothy Sipples pisze:

John McKown wrote:

Yes. And hopefully the ones whose job this is are doing that.
I'm a z/OS sysprog

It is your job, too. You just write (yes write) something like:

- - - -

August 2, 2017

Dear (My Manager):

I would like to make you aware that we are no longer receiving
security-related and other patches for the following software products and
release levels that are in productive use, as of the dates indicated:

z/OS Version 1.12  2014-09-30
CICS Transaction Server  Version 3.2   2015-12-31
DB2 for z/OS Version 9.1   2014-06-27

Without security patches, and without an ongoing preventive maintenance
program to apply them, there is a growing risk of breaches. We are also
running software products that will receive security updates only for the
next 12 months or less. I can provide those details upon request.

If you have any questions, please let me know. Thanks.

(My Signature)

- - - -

That's it. You've provided the factual information, in writing (which could
be electronic), and your manager decides what to do or not to do. If you've
already done that, great. If there's a material update to provide, to keep
management reasonably well informed, please do.

Just apply a "reasonable care" standard and tell your manager, that's all.
If you're a secretary at an electric company, walking along the park one
sunny afternoon, and you see a couple people trying to steal a utility
pole, "not my job" doesn't wash. You call the police, and you tell your
boss. Likewise, if somebody has left the door open to the utility pole
depot, you ring up your company's security desk and tell them. Whether they
do anything or not is indeed *their* job, but you can observe and notify,
too.


Possible reaction:
(no paper, just shout): GET OUT, YOU'RE FIRED.

BTW: I would take care to inform my manager less officially (and keep 
the notification in my archive). From personal experience I'm aware how 
pointless is this ;-)



--
Radoslaw Skorupka
Lodz, Poland




==


   --
Treść tej wiadomości może zawierać informacje prawnie chronione Banku 
przeznaczone wyłącznie do użytku służbowego adresata. Odbiorcą może być jedynie 
jej adresat z wyłączeniem dostępu osób trzecich. Jeżeli nie jesteś adresatem 
niniejszej wiadomości lub pracownikiem upoważnionym do jej przekazania 
adresatowi, informujemy, że jej rozpowszechnianie, kopiowanie, rozprowadzanie 
lub inne działanie o podobnym charakterze jest prawnie zabronione i może być 
karalne. Jeżeli otrzymałeś tę wiadomość omyłkowo, prosimy niezwłocznie 
zawiadomić nadawcę wysyłając odpowiedź oraz trwale usunąć tę wiadomość 
włączając w to wszelkie jej kopie wydrukowane lub zapisane na dysku.

This e-mail may contain legally privileged information of the Bank and is 
intended solely for business use of the addressee. This e-mail may only be 
received by the addressee and may not be disclosed to any third parties. If you 
are not the intended addressee of this e-mail or the employee authorized to 
forward it to the addressee, be advised that any dissemination, copying, 
distribution or any other similar activity is legally prohibited and may be 
punishable. If you received this e-mail by mistake please advise the sender 
immediately by using the reply facility in your e-mail software and delete 
permanently this e-mail including any copies of it either printed or saved to 
hard drive.

mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 Warszawa, 
www.mBank.pl, e-mail: kont...@mbank.plsąd Rejonowy dla m. st. Warszawy XII 
Wydział Gospodarczy Krajowego Rejestru Sądowego, nr rejestru przedsiębiorców 
KRS 025237, NIP: 526-021-50-88. Według stanu na dzień 01.01.2016 r. kapitał 
zakładowy mBanku S.A. (w całości wpłacony) wynosi 168.955.696 złotych.
   


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security, Other Risks When Unsupported (Was: z14 and z/OS 2.3 Blog Post)

[Elardus Engelbrecht]

Radoslaw Skorupka wrote:

>BTW: I would take care to inform my manager less officially (and keep the 
>notification in my archive). From personal experience I'm aware how pointless 
>is this ;-)

Or wait for next audit or weird abend / hacking attempt, then tell manglers, 
supervisors and auditors.

Wait first for fireworks/drama, then wait for your retirement or dismissal 
letter... ;-)

Groete / Greetings
Elardus Engelbrecht

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security, Other Risks When Unsupported (Was: z14 and z/OS 2.3 Blog Post)

[Vernooij, Kees (ITOPT1) - KLM]

> -Original Message-
> From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
> Behalf Of Elardus Engelbrecht
> Sent: 02 August, 2017 10:40
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Security, Other Risks When Unsupported (Was: z14 and z/OS
> 2.3 Blog Post)
> 
> Radoslaw Skorupka wrote:
> 
> >BTW: I would take care to inform my manager less officially (and keep
> the notification in my archive). From personal experience I'm aware how
> pointless is this ;-)
> 
> Or wait for next audit or weird abend / hacking attempt, then tell
> manglers, supervisors and auditors.
> 
> Wait first for fireworks/drama, then wait for your retirement or
> dismissal letter... ;-)

Saying: if you knew this, why didn't you tell us?

Kees.

For information, services and offers, please visit our web site: 
http://www.klm.com. This e-mail and any attachment may contain confidential and 
privileged material intended for the addressee only. If you are not the 
addressee, you are notified that no part of the e-mail or any attachment may be 
disclosed, copied or distributed, and that any other action related to this 
e-mail or attachment is strictly prohibited, and may be unlawful. If you have 
received this e-mail by error, please notify the sender immediately by return 
e-mail, and delete this message. 

Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its 
employees shall not be liable for the incorrect or incomplete transmission of 
this e-mail or any attachments, nor responsible for any delay in receipt. 
Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch 
Airlines) is registered in Amstelveen, The Netherlands, with registered number 
33014286



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security, Other Risks When Unsupported (Was: z14 and z/OS 2.3 Blog Post)

[Elardus Engelbrecht]

Vernooij, Kees (ITOPT1) - KLM wrote:

>> >BTW: I would take care to inform my manager less officially (and keep  the 
>> >notification in my archive). From personal experience I'm aware how 
>> >pointless is this ;-) 

>> Or wait for next audit or weird abend / hacking attempt, then tell manglers, 
>> supervisors and auditors. 

>> Wait first for fireworks/drama, then wait for your retirement or dismissal 
>> letter... ;-) 
 
>Saying: if you knew this, why didn't you tell us? 

Yup. Good question. If someone ask me your question, I'll be in serious 
trouble...

In fact I have seen all variants of this:

- Tell top brass directly by mouth, e-mail, formal letter.
- Tell via supervisor/auditor using above methods.
- Delegate the trouble to someone else. (really!)
- Don't tell anyone.
- Resign. Retire. Move to other dept.
...etc...

It really helps that we (from top brass to lowest ranks) have a regurlar review 
of all software used and their levels and PTFS/APARS/patches/license fees/etc.

IBM 'n+2' version support helps us a lot.

But what about software which are already marked as 'sunset' software, but you 
are still hanging on them...?

Groete / Greetings
Elardus Engelbrecht

'sunset' - dead vendor or vendor not bothering to update/support it.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security, Other Risks When Unsupported (Was: z14 and z/OS 2.3 Blog Post)

[John McKown]

On Wed, Aug 2, 2017 at 2:52 AM, Timothy Sipples  wrote:

> John McKown wrote:
> >Yes. And hopefully the ones whose job this is are doing that.
> >I'm a z/OS sysprog
>
> It is your job, too. You just write (yes write) something like:
>

​Hum, around here when I "poke my nose in where it doesn't belong", it
tends to get whacked. My immediate manager is well aware of what is going
on. I am sure that he has let his manager know. It has most likely been
"risk assessed and accepted"​.

​-​
-
Veni, Vidi, VISA: I came, I saw, I did a little shopping.

Maranatha! <><
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security, Other Risks When Unsupported (Was: z14 and z/OS 2.3 Blog Post)

[Mark Jacobs - Listserv]

Been there too. Got the t-shirt and everything myself several times over 
a 38 year career.


Mark Jacobs


John McKown 
August 2, 2017 at 8:42 AM

​Hum, around here when I "poke my nose in where it doesn't belong", it
tends to get whacked. My immediate manager is well aware of what is going
on. I am sure that he has let his manager know. It has most likely been
"risk assessed and accepted"​.

​-​
-
Veni, Vidi, VISA: I came, I saw, I did a little shopping.

Maranatha! <><
John McKown

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Please be alert for any emails that may ask you for login information 
or directs you to login via a link. If you believe this message is a 
phish or aren't sure whether this message is trustworthy, please send 
the original message as an attachment to 'phish...@timeinc.com'.


Timothy Sipples 
August 2, 2017 at 3:52 AM

It is your job, too. You just write (yes write) something like:

- - - -

August 2, 2017

Dear (My Manager):

I would like to make you aware that we are no longer receiving
security-related and other patches for the following software products and
release levels that are in productive use, as of the dates indicated:

z/OS Version 1.12 2014-09-30
CICS Transaction Server Version 3.2 2015-12-31
DB2 for z/OS Version 9.1 2014-06-27

Without security patches, and without an ongoing preventive maintenance
program to apply them, there is a growing risk of breaches. We are also
running software products that will receive security updates only for the
next 12 months or less. I can provide those details upon request.

If you have any questions, please let me know. Thanks.

(My Signature)

- - - -

That's it. You've provided the factual information, in writing (which 
could
be electronic), and your manager decides what to do or not to do. If 
you've

already done that, great. If there's a material update to provide, to keep
management reasonably well informed, please do.

Just apply a "reasonable care" standard and tell your manager, that's all.
If you're a secretary at an electric company, walking along the park one
sunny afternoon, and you see a couple people trying to steal a utility
pole, "not my job" doesn't wash. You call the police, and you tell your
boss. Likewise, if somebody has left the door open to the utility pole
depot, you ring up your company's security desk and tell them. Whether 
they

do anything or not is indeed *their* job, but you can observe and notify,
too.


Timothy Sipples
IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA
E-Mail: sipp...@sg.ibm.com

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Please be alert for any emails that may ask you for login information 
or directs you to login via a link. If you believe this message is a 
phish or aren't sure whether this message is trustworthy, please send 
the original message as an attachment to 'phish...@timeinc.com'.




--

Mark Jacobs
Time Customer Service
Global Technology Services

The standard you walk past is the standard you accept.
Lt. Gen. David Morrison


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security, Other Risks When Unsupported (Was: z14 and z/OS 2.3 Blog Post)

[Edward Gould]

> On Aug 2, 2017, at 3:40 AM, Elardus Engelbrecht 
>  wrote:
> 
> Radoslaw Skorupka wrote:
> 
>> BTW: I would take care to inform my manager less officially (and keep the 
>> notification in my archive). From personal experience I'm aware how 
>> pointless is this ;-)
> 
> Or wait for next audit or weird abend / hacking attempt, then tell manglers, 
> supervisors and auditors.
> 
> Wait first for fireworks/drama, then wait for your retirement or dismissal 
> letter... ;-)


I did something similar but with of all thing the COBOL compiler. 
I used to go out drinking on Friday afternoons with application programmers, 
during our long lunch's we would talk a lot about issues that concerned us. I 
looked at it as tell the application people WHY they could not access this or 
do that. We were way out of date on just about everything. 
I would routinely tell my boss during meetings the issue that we were running 
into. One of the concerns I told him that at the time the programmers were 
restricted as to size of array’s in COBOL (sorry I am blanking out as to the 
proper name). COBOL programmers were essentially using VSAM files to contain 
the data, and the number of accesses to these files was causing us to be late, 
just close to late) so the opening of the market could have been delayed, and 
that was a major no-no. I regularly ran reports to show this. He said he 
followed it up and informed his management. Of course, nothing happened.
The following Christmas party I got brave and went over to the CEO and got into 
a conversation about the issue. He said he was interested and to call his 
secretary to set up a working session. I knew the secretary (long story 
deleted), and I called up the following week to ask about setting up a working 
session. She told me that he blocked off the entire afternoon on Weds. That was 
1.5 days away. So I had to whip up a few reports to show him the problems and a 
possibility on how to eliminate the bottlenecks and this was to simply upgrade 
our version of COBOL to the level that it would allow larger tables, he felt he 
understood the issue. Now, understand that the CEO was 3 or 4 levels above my 
VP. Next thing I know the VP sticks his head in my cubicle and asks me to show 
him the reports I had shown the CEO. I was in the middle of a small crisis and 
said yes, in a few minutes. After the mini crisis was dealt with I gathered the 
reports and went into his office. Next thing I knew my boss was there and his 
boss was there. I explained what was happening and why it was causing this 
delay in production. There weren’t any questions asked other than how much was 
the improved compiler. I said I guess around $250 a month, but IBM would have 
to confirm the number. 
The VP said that is all we don’t have to upgrade our machine? I said well you 
would have to sometime in the next year but this should stave off an upgrade by 
six months as we were getting close to needing one anyway due to other issues, 
much too complex to tell here. The VP looked at me well let's confirm the 
numbers and if it's around your estimate lets go ahead and buy it. I said one 
caveat, and I saw everyone look at me, and I said this issue would need to be 
implemented by program redesign. I said the programming area would have to be 
involved. I thought I heard someone get out a gun but it was something like a 
sigh. I got the COBOL upgrade, and we pushed the end of the day back about an 
hour. A few months later we were told we were going to get a major hardware 
upgrade and software as well.
Ed
  
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security, Other Risks When Unsupported (Was: z14 and z/OS 2.3 Blog Post)

[Elardus Engelbrecht]

Edward Gould wrote:

>The following Christmas party I got brave and went over to the CEO and got 
>into a conversation about the issue. 

Wow! You're that brave!


>... The VP said that is all we don’t have to upgrade our machine? ... I said 
>one caveat, and I saw everyone look at me, and I said this issue would need to 
>be implemented by program redesign. I said the programming area would have to 
>be involved. I thought I heard someone get out a gun but it was something like 
>a sigh. I got the COBOL upgrade, and we pushed the end of the day back about 
>an hour. A few months later we were told we were going to get a major hardware 
>upgrade and software as well.

Great! You deserve a medal!

I have seen that scenario a few times in my career. Something breaks or is 
causing high CPU, excessive memory usage and swapping or slow transaction 
response time. Result - everyone screamed for a major upgrade (hardware or 
software)

Sometimes a simple redesign of a program resolved most of the problems. One 
example - I have handled a bad program problem scenario. It repeately opened a 
VSAM dsn, do its thing and close. Repeat - wash, rinse, repeat all of this.

Result - slow program, slow transaction times and lots of RACF SMF records 
(access attempt) and SYSLOG messages.

I told the programmers after looking at their programs, just please move the 
OPEN outside the loop and the CLOSE after the loop. Voila, all were happy.

... no, I did NOT get a T-shirt ...  ;-)

Groete / Greetings
Elardus Engelbrecht

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security, Other Risks When Unsupported (Was: z14 and z/OS 2.3 Blog Post)

[Charles Mills]

>>The following Christmas party I got brave and went over to the CEO and got 
>>into a conversation about the issue. 

> Wow! You're that brave!

Liquid courage

CM

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security, Other Risks When Unsupported (Was: z14 and z/OS 2.3 Blog Post)

[Edward Gould]

> On Aug 3, 2017, at 8:58 AM, Charles Mills  wrote:
> 
>>> The following Christmas party I got brave and went over to the CEO and got 
>>> into a conversation about the issue. 
> 
>> Wow! You're that brave!
> 
> Liquid courage
> 
> CM


Actually, no. I haven’t had a drink in over 30 years.
Ed
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security, Other Risks When Unsupported (Was: z14 and z/OS 2.3 Blog Post)

[Edward Gould]

> On Aug 3, 2017, at 1:24 AM, Elardus Engelbrecht 
>  wrote:
> SNIP
> I have seen that scenario a few times in my career. Something breaks or is 
> causing high CPU, excessive memory usage and swapping or slow transaction 
> response time. Result - everyone screamed for a major upgrade (hardware or 
> software)
> 
> Sometimes a simple redesign of a program resolved most of the problems. One 
> example - I have handled a bad program problem scenario. It repeately opened 
> a VSAM dsn, do its thing and close. Repeat - wash, rinse, repeat all of this.
> 
> Result - slow program, slow transaction times and lots of RACF SMF records 
> (access attempt) and SYSLOG messages.
> 
> I told the programmers after looking at their programs, just please move the 
> OPEN outside the loop and the CLOSE after the loop. Voila, all were happy.
I had a similar but slightly different issue with a programmer.
They were accessing a VSAM file and each time they closed it and reopened it. I 
didn’t catch it till I saw a message on the console that the SMF buffer was 
full. I got a dump of the SMF address space and looked at it and sure enough 
there were thousands of VSAM open/close records. I talked to the programmers 
supervisor and it got changed but it took a couple of weeks. I guess I should 
have caught it before, but my plate was pretty full and I just didn’t have the 
time to look for stuff like that. I did add on a step to the dual SMF 
processing to  catch stuff like that. Once in a while I spotted a possibility 
but a call to the programmer fixed the issue before it got into production.

Ed

> 
> ... no, I did NOT get a T-shirt ...  ;-)
> 
> Groete / Greetings
> Elardus Engelbrecht
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Security, Other Risks When Unsupported (Was: z14 and z/OS 2.3 Blog Post)

[Charles Mills]

No offense was intended.

Charles


-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf 
Of Edward Gould
Sent: Thursday, August 3, 2017 6:53 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Security, Other Risks When Unsupported (Was: z14 and z/OS 2.3 Blog 
Post)

> On Aug 3, 2017, at 8:58 AM, Charles Mills  wrote:
> 
>>> The following Christmas party I got brave and went over to the CEO and got 
>>> into a conversation about the issue. 
> 
>> Wow! You're that brave!
> 
> Liquid courage
> 
> CM


Actually, no. I haven’t had a drink in over 30 years.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN