[no subject]
CONLOG and HISTLOG files are cleaned up automatically, additionally you can code an FCXRENAM EXEC that the PTK will execute, and where you can cleanup other things, or create extra archives. Apart from that, no automatic cleanup is done and when the A-disk gets full, it remains full. But, PERFSVM remains active, you will still be able to look at real-time performance data. I've got an EXEC that runs in one of my other servers that will collect more CONLOG files in SFS, useful for debugging. It also keeps an eye on the 191 disk of PERFSVM and removes the FCXTREND file when the disk becomes more than x% full. I'll send it to you, it should run in a server that is authorized in the PTK, or you can change it to become FCXRENAM. As server you could use VMUTIL, for example based on my RxServer package. 2007/8/14, Alyce Austin [EMAIL PROTECTED]: Hello, I notice that PERFSVM A DISK fills up rather quickly. Does it automatically role-over when it gets to a certain percentage? If not, what is the best way to clean it up? Which files are OK to delete and still keep it running? Thanks for your help, Alyce -- Kris Buelens, IBM Belgium, VM customer support
Re: PERFSVM cleanup
Here my exec. As one can see, it is meant to be extended at some later day. At this time, it checks the userid, to be either KRIS, VMPRF, or TSLARUN (the last two are RxServer based servers that we use for VMUTIL-like work). -- Forwarded message -- From: Kris Buelens [EMAIL PROTECTED] Date: 14 aug. 2007 09:25 Subject: Re: To: The IBM z/VM Operating System IBMVM@listserv.uark.edu CONLOG and HISTLOG files are cleaned up automatically, additionally you can code an FCXRENAM EXEC that the PTK will execute, and where you can cleanup other things, or create extra archives. Apart from that, no automatic cleanup is done and when the A-disk gets full, it remains full. But, PERFSVM remains active, you will still be able to look at real-time performance data. I've got an EXEC that runs in one of my other servers that will collect more CONLOG files in SFS, useful for debugging. It also keeps an eye on the 191 disk of PERFSVM and removes the FCXTREND file when the disk becomes more than x% full. I'll send it to you, it should run in a server that is authorized in the PTK, or you can change it to become FCXRENAM. As server you could use VMUTIL, for example based on my RxServer package. 2007/8/14, Alyce Austin [EMAIL PROTECTED]: Hello, I notice that PERFSVM A DISK fills up rather quickly. Does it automatically role-over when it gets to a certain percentage? If not, what is the best way to clean it up? Which files are OK to delete and still keep it running? Thanks for your help, Alyce -- Kris Buelens, IBM Belgium, VM customer support
Re: PROP
product plug on If you're interested in additional functions that PROP doesn't provide, I BM Operations Manager for z/VM may fit the bill. For Tom's specific questio n, Operations Manager allows you to define a group of users and then apply a rule to that group. The group definition supports wildcarding (*, %, #, , @) in the userid field. See DEFGROUP in the Install and Admin Guide at http://www.ibm.com/software/sysmgmt/zvm/operations/library.html product plug off Tracy Dean, IBM
Re: TCP/IP problem with hypersockets
David, As you suggested, I set the QDIO Home to 192.168.3.1 and the Linux guest (CentOS) to 192.168.3.2. After the windows command route 192.168.3.0 mask 255.255.255.0 192.168.0.4, pinging 192.168.3.2 still does not work. The tracert 192.168.3.2 command doesn't even reach 192.168.0.4. And I am sure that the 192.168.3 network is not in use. I also turned all firewalls off. Should I turn to subnetting? Best regards, Antoon Vekeman Software Product Research Software Solutions for DB2 http://www.sprdb2.com B-2288 Bouwel Belgium On Mon, 13 Aug 2007 11:07:18 -0400, David Boyes wrote: After the Windows command route add 192.168.1.0 mask 255.255.255.0 192.168.0.4, it is impossible to ping 192.168.1.2. Pinging 192.168.1.1 works (there is a virtual lan 192.168.1 on the harware router). That's your problem. IP addresses must be unique. If 192.168.1.x is in use elsewhere, then you need to use a different range for your Linux guests and modify the route command appropriately. Try renumbering the Linux guests to 192.168.2.x or some unused number.
Re: SSL Confusion
I just did the same with stunnel provided with SLES10. It seems to work fine. Now what are the disadvantages compared to SSLSERV? Ray Mrohs U.S. Department of Justice 202-307-6896 -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Jeffrey Barnard Sent: Friday, August 10, 2007 4:07 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: SSL Confusion Tom, Using Linux to proxy an SSL connection is easy. The Linux can be a PC behind your firewall, a Linux on z system, whatever ... Symbion SSL Proxy (open source for Linux/Unix/Unixware) to start the proxy ./ssl_proxy -m max connections -s listen address -c mainframe address (client address ) -C certificate file -K key file for example ./ssl_proxy -m 50 -s 192.168.1.226:2023 -c 172.16.0.10:23 -C sslproxy.pem -K sslproxy.key This will listen on port 2023 for an SSL connection and proxy it in the clear to port 23. This example creates an easy to use SSL TN3270(E) connection. You can do the same thing for an MQ Series and other types of connections. Just change the IP addresses and port numbers. Regards, Jeff -- Jeffrey C Barnard Barnard Software, Inc. http://www.bsiopti.com BSI 407-323-4773 Support 407-688-7123
VM directory
Two questions , has anyone added CRYPTO statements to their VM directory, even tho we do not have VM here any longer when we go to DR site we run under VM hence 2nd question, can anyone point me towards the correct manual that may have this info thanks, Augie
Re: Experience with IBM Operations Manager for z/VM ?
Hi Lionel. I believe you basically have three options for zVM console sharing/automation: 1. PROP 2. CA's VM:Operator 3. IBM's Operations Manager. Being a brand new zVM shop we decided to go with a vendor product instead of PROP in an attempt to simplify the zVM learning/implementation curve. At the time, we only knew about CA's suite of zVM management products. A month or so into our trial with CA, we heard about IBM's Operations Manager at a VM user's group meeting. We decided to trial OM as well and ended up liking it better. I liked the fact that it was a standard VMSES/E installation vs. CA's proprietary method. The configuration was also much simpler and the console sharing/automation typically worked as expected. Our basic needs were to: 1. allow multiple members of our operations team to monitor Operator ID as well as the zLinux guests consoles. 2. highlight and hold error/warning messages in the consoles. 3. automatically respond to messages with REXX execs. 4. schedule operations to execute hourly, daily, etc. Operations Manager met these needs simply and effectively. We have been a happy, satisfied customer for just over a year now. My only complaint is that the documentation is a bit sparse; however, they continue to improve in this area. The product support folks are great and easy to work with. Hope this helps, Kevin Morris LexisNexis Systems Engineer From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Lionel B. Dyck Sent: Friday, August 10, 2007 10:37 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Experience with IBM Operations Manager for z/VM ? Has anyone installed IBM's Operations Manager for z/VM and if so what is your experience (good, bad, ugly, excellent) ? Thx Lionel B. Dyck, Consultant/Specialist Enterprise Platform Services, Mainframe Engineering KP-IT Enterprise Engineering, Client and Platform Engineering Services (CAPES) 925-926-5332 (8-473-5332) | E-Mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] AIM: lbdyck | Yahoo IM: lbdyck Kaiser Service Credo: Our cause is health. Our passion is service. We're here to make lives better. Never attribute to malice what can be caused by miscommunication. NOTICE TO RECIPIENT: If you are not the intended recipient of this e-mail, you are prohibited from sharing, copying, or otherwise using or disclosing its contents. If you have received this e-mail in error, please notify the sender immediately by reply e-mail and permanently delete this e-mail and any attachments without reading, forwarding or saving them. Thank you.
Re: VM directory
August, We use CRYPTO statements in the VM directory. Here's an example from a z9. z890/z990's use the same syntax. z800/z900's are different. CRYPTO DOMAIN 00 APDED 1 The Creating and Updating a User Directory chapter in CP Planning and Administration has the syntax. That's Chapter 17 in the z/VM 5.3.0 version of the book. Dennis O'Brien I don't have a girlfriend. I just know a girl who would get really mad if she heard me say that. -- Mitch Hedberg -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of August Carideo Sent: Tuesday, August 14, 2007 09:22 To: IBMVM@LISTSERV.UARK.EDU Subject: [IBMVM] VM directory Importance: High Two questions , has anyone added CRYPTO statements to their VM directory, even tho we do not have VM here any longer when we go to DR site we run under VM hence 2nd question, can anyone point me towards the correct manual that may have this info thanks, Augie
Re: SSL Confusion
On Tuesday, 08/14/2007 at 11:26 EDT, Mrohs, Ray [EMAIL PROTECTED] wrote: I just did the same with stunnel provided with SLES10. It seems to work fine. Now what are the disadvantages compared to SSLSERV? It's the same as the pre-z/VM 5.3 support, requiring the client to establish the SSL session before it starts sending protocol data. - you'll need clients that support that model (not defined by RFC) - it works for inbound connections only Not so much disadvantages as they are restrictions. Alan Altmark z/VM Development IBM Endicott
Re: VM directory
thank you O'Brien, Dennis L Dennis.L.O'Brien To @bankofamerica.co IBMVM@LISTSERV.UARK.EDU m cc Sent by: The IBM z/VM OperatingSubject SystemRe: VM directory [EMAIL PROTECTED] ARK.EDU 08/14/2007 01:00 PM Please respond to The IBM z/VM Operating System [EMAIL PROTECTED] ARK.EDU August, We use CRYPTO statements in the VM directory. Here's an example from a z9. z890/z990's use the same syntax. z800/z900's are different. CRYPTO DOMAIN 00 APDED 1 The Creating and Updating a User Directory chapter in CP Planning and Administration has the syntax. That's Chapter 17 in the z/VM 5.3.0 version of the book. Dennis O'Brien I don't have a girlfriend. I just know a girl who would get really mad if she heard me say that. -- Mitch Hedberg -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of August Carideo Sent: Tuesday, August 14, 2007 09:22 To: IBMVM@LISTSERV.UARK.EDU Subject: [IBMVM] VM directory Importance: High Two questions , has anyone added CRYPTO statements to their VM directory, even tho we do not have VM here any longer when we go to DR site we run under VM hence 2nd question, can anyone point me towards the correct manual that may have this info thanks, Augie
Re: SSL Confusion
On Aug 14, 2007, at 12:26 PM, Alan Altmark wrote: On Tuesday, 08/14/2007 at 11:26 EDT, Mrohs, Ray [EMAIL PROTECTED] wrote: I just did the same with stunnel provided with SLES10. It seems to work fine. Now what are the disadvantages compared to SSLSERV? It's the same as the pre-z/VM 5.3 support, requiring the client to establish the SSL session before it starts sending protocol data. - you'll need clients that support that model (not defined by RFC) - it works for inbound connections only Not so much disadvantages as they are restrictions. There's another one. You may well have exceptionally boneheaded security auditors, who insist that unencrypted communications are always BAD and WRONG and EVIL, and no amount of explaining to them that the cleartext network path is actually *entirely inside* the z/VM image will get them to see the light. Adam
Re: TCPIP config changes in z/VM 5.2
Hello Miguel, Indeed, this ptf will fix the NETSTAT GATE display. The default is now shown as UGS. The NETSTAT GATE now shows the same output on both the old and new VM. Well, besides the fact that the display itself does show the records a bit differently. But it didn't solve my orginal problem, I still can't ping some machines. So I guess there is something missing or in error in the new configs. Regards, Berry.
Re: TCP/IP problem with hypersockets
As you suggested, I set the QDIO Home to 192.168.3.1 and the Linux guest (CentOS) to 192.168.3.2. After the windows command route 192.168.3.0 mask 255.255.255.0 192.168.0.4, pinging 192.168.3.2 still does not work. The tracert 192.168.3.2 command doesn't even reach 192.168.0.4. And I am sure that the 192.168.3 network is not in use. I also turned all firewalls off. Hmm, the firewall would have been my next guess. Windows usually blocks ICMP by default, which breaks ping and traceroute. Can the Linux guest ping the Windows box to which you've added the route? Should I turn to subnetting? No, let's not complicate this. Something else is wrong. I'll send you a picture offlist (since this list strips attachments, I'll send it direct). That might help diagnose this. -- db
Re: SSL Confusion
I just did the same with stunnel provided with SLES10. It seems to work fine. Now what are the disadvantages compared to SSLSERV? Not an exhaustive list: Stunnel positives: Uses OpenSSL, so the crypto engines work Reference implementation of SSL, so more likely to be familiar to non-mainframe people Available on multiple platforms (common operations and knowledge). Stunnel negative: Not transparent (requires setup for each port) Not dynamic (can't handle FTP) Unwraps traffic short of the application (may violate some regulatory requirements) Requires ports for non-encrypted service to be open (no firewall capability on VM TCP stack) Not supported by IBM IBM SSLSERV positives: Supported by IBM Dynamic (can handle FTP) Transparent to apps Does not require open ports for non-encrypted services IBM SSLSERV negatives: Doesn't use crypto engines (based on non-crypto aware implementation) Delivers encryption all the way to destination application Difficult to configure and maintain. Available only on VM We have appliance versions of both approaches.
Re: Experience with IBM Operations Manager for z/VM ?
I believe you basically have three options for zVM console sharing/automation: 1. PROP 2. CA's VM:Operator 3. IBM's Operations Manager. Don't forget PerfKit also has console automation functions too. Our basic needs were to: 1. allow multiple members of our operations team to monitor Operator ID as well as the zLinux guests consoles. 2. highlight and hold error/warning messages in the consoles. 3. automatically respond to messages with REXX execs. 4. schedule operations to execute hourly, daily, etc.
applying VM RSU maint - CPLEVEL
List, i have RSU tapes to update my VM 4.4 system. following the service guide, i am doing the steps to prepare for service refresh. when i issue the VMFPSU ZVM CPSFS i get this output: vmfpsu zvm cpsfs VMFPSU2760I VMFPSU processing started VMFPSU1077I Comparing tables 4VMVMB40 VVT$PSU$ A and 4VMVMB40 VVTVM H VMFPSU1071I There are 0 PTFs on the Recommended Service Upgrade for PRODID 4VMVMB40%CP that are not currently applied. VMFPSU1074I There are no PTFs on the Recommended Service Upgrade to be applied for PRODID 4VMVMB40%CP. Continue with the next product. VMFPSU1070I Creating 4VMVMB40 PSUPLAN file at service level RSU-0401 for component CPSFS in PPF ZVM. VMFPSU2760I VMFPSU processing completed successfully this is puzzling since the RSU document says that z/VM CP 4.4.0 has level 0601 on it but a q cplevel says that i am at 0403: z/VM Version 4 Release 4.0, service level 0403 (64-bit) Generated at 01/12/06 14:50:57 CST how do i get to 0601 ? prg Phillip Gramly Systems Programmer Communications Data Group Champaign, IL