Re: Linux shutdown and DoD restrictions
On Wednesday, 05/14/2008 at 04:02 EDT, Charles LeDuff [EMAIL PROTECTED] wrote: I am wondering if there is anyone who has automated the shutdown of linux instances in z/VM, that has to follow the Department of Defense (DoD) requirements? The requirements, I am referring to, are the Security Technical Implementation Guide (STIG). The SIGNAL command would be the perfect solution, but it requires enabling the CTL-ALT-DEL function under linux. According to the STIG, the CTL-ATL-DEL function cannot be enable. I have tried using the CP SEND command, in a REXX EXEC, to send the userid and password to linux, but z/VM changes the case of the letter from lower to upper. Another problem according to the STIG. All passwords must be mixed case. Is there a way for z/VM to not change the case of the letter? Is there another way to automate the shutdown of the linux instances? I'm confused. Presumably the ban on CTL-ALT-DEL was to eliminate anonymous reboots. You have to login to issue shutdown -r, or physically turn off the server. But on System z, SIGNAL SHUTDOWN is not anonymous. Your ESM will happily audit anyone issuing the command. CP SEND and SIGNAL SHUTDOWN are equivalent in this respect: both are outside agencies acting on the server. I content that SIGNAL is more secure because it does not require root (or whoever) to be logged on at the virtual console. Further, I think SIGNAL is more reliable because you don't have to add logic to logon to root if it is not already logged on. Maybe a practical demonstration to the owners of STIG would be sufficient that you are not *ACTUALLY* enabling CAD on Linux? Alan Altmark z/VM Development IBM Endicott
BEST /1 from BMC
Is there anyone using UIE/VM the BEST/1 product from BMC ? you can contact me off line if you want to thanx Bill Munson VM System Programmer 201-418-7588 President MVMUA http://www2.marist.edu/~mvmua/ *** IMPORTANT NOTE* The opinions expressed in this message and/or any attachments are those of the author and not necessarily those of Brown Brothers Harriman Co., its subsidiaries and affiliates (BBH). There is no guarantee that this message is either private or confidential, and it may have been altered by unauthorized sources without your or our knowledge. Nothing in the message is capable or intended to create any legally binding obligations on either party and it is not intended to provide legal advice. BBH accepts no responsibility for loss or damage from its use, including damage from virus.
Q ISLINK and locked out users...
I did a Q ISLINK in my z/VM account, which never came back with a response... And now I can¹t log in using any account. Any idea what I¹ve messed up or how to unlock things and allow logins again? Right now, logging in freezes at the logon time, as so: LOGON MAINT HCPLNM102E DASD 0123 forced R/O; R/W by DIRMAINT z/VM Version 5 Release 3.0, Service Level 0702 (64-bit), built on IBM Virtualization Technology There is no logmsg data FILES: 0016 RDR, NO PRT, NO PUN LOGON AT 10:20:40 CDT THURSDAY 05/15/08 It¹s been hung this way for roughly 20 minutes. Will a trip to the console to force off the original offending user help me, or just make things worse? Should this be opened as an ETR with IBM? -- Robert P. Nix Mayo Foundation.~. RO-OE-5-55 200 First Street SW/V\ 507-284-0844 Rochester, MN 55905 /( )\ -^^-^^ In theory, theory and practice are the same, but in practice, theory and practice are different.
Re: Q ISLINK and locked out users...
Sounds like a deadlock condition. SNAPDUMP on the operator console and open an ETR.
Re: Q ISLINK and locked out users...
If you cannnot enter SNAPDUMP: do not perform a normal IPL with LOAD on the HMC, but use RESTART instead: CP will then take an SVC002 dump which you can send to IBM. 2008/5/15 Quay, Jonathan (IHG) [EMAIL PROTECTED]: Sounds like a deadlock condition. SNAPDUMP on the operator console and open an ETR. -- Kris Buelens, IBM Belgium, VM customer support
May 28th -LVC- High Availability for Linux on IBM System z Servers
For those on IBMVM, LINUX390, IBMMAIN who are interested in an hour of no-charge education via webcast. Two LVC's coming up on Wed May 28 and Thurs. May 29. Here's the May 28 info The next Live Virtual Class (LVC)/Webcast is scheduled for Wednesday, May 28th at 11:00 AM EDT. There is no charge to participate in this technical education session. Wednesday, May 28, 2008 at 11:00 AM EDT US Canada WEBCAST: High Availability for Linux on IBM System z Servers Speaker:Scott Loveland, IBM Customer Test Chief Architect Systems/Product Assurance Engineering Professional Abstract: Linux virtual servers are increasingly being used to support critical applications in IBM System z and zSeries server environments. As the mission becomes more important; so does the need to ensure its supporting infrastructure is highly available. But how? z/OS system programmers know the best practices for eliminating single points of failure for their systems; but may be unsure how to translate those techniques to the Linux world. Admins coming from a distributed Linux background may wonder how a virtualized environment on zSeries changes the game. And both groups may ponder how to best marry the Linux and z/OS worlds to maximize availability. Wonder no more. This session will cover a set of high availability architectures for Linux virtual servers (LVS); in the context of serving data to WebSphere applications (though WebSphere itself won't be the main focus). We'll discuss: 1. Single points of failure in an LVS environment; probabilities of each; and the relative cost to eliminate them -- with examples of how to do so 2. The power of virtualization to minimize degradation of service in the wake of failures; and to reduce the need for large clusters of redundant servers 3. How software running on Linux virtual servers can work cooperatively with a Parallel Sysplex and z/OS data sharing groups 4. Sample architecture specifics; including architectural decisions and tradeoffs; configuration options; and product technologies used Date: Wed - May 28, 2008 Time: 11:00 AM Eastern Daylight Time (New York), 10:00 AM Central Daylight Time London 4:00 PM, Frankfurt 5:00 PM, Moscow 7:00PM Duration: 75 minutes How to attend: Connect to the Live Virtual Class (LVC) session using the following URL: URL: https://asp22.centra.com:443/GA/main/0148c02f0119890365ca8e2f OR Connect from the z/VM Website at: http://www.vm.ibm.com/education/lvc You can connect to the LVC session up to 10 minutes prior to the start of the session. You do not have to pre-register to attend the webcast, but you will need to enter your email to join the call. The REPLAY will be available on the web using the same connect URL approximately 4 hours after the event. If you are unable to connect to the Live Virtual Class session, you can download the presentation from the z/VM LVC website the day before the webcast and listen to the audio portion of the session via telephone using the following: Teleconference Information Call info:1 - 888-240-4148 Toll: 1 - 719-234-0214 Passcode: 893049 Note: use of the telephone connection does not provide capability for you to ask questions during the session. Replays: As a reminder, the 2007/2008 sessions are available for replay from the z/VM website at: http://www.vm.ibm.com/education/lvc Please direct any questions to Julie Liesenfelt at [EMAIL PROTECTED] Regards, Pam C (on behalf of Julie)
Re: Overcommit ratio
Stephen, you are doing great. Your workload must be Oracle, and not WAS, DB2 or Domino. If it is WAS, it must be old prior to performance enhancements. so don't upgrade it. And the metric IS useful, you know if you add 4 more servers how much more mainframe storage you need. And your number gives a reference point to others to show what they could be doing if everything worked correctly. Stephen Frazier wrote: My overcommit ratio is about 5:1 not counting CMS users. If you count them it is more like 15:1. It seems to work fine. I don't think overcommit ratio is very useful for anything. It is two dependent on the kind of users you have to be meaningful. Marcy Cortes wrote: I keep hearing things like shouldn't be overcommitted in prod more than 2:1 or 3 or 4:1 in test. How is that calculated? Can I just take the (Pageable storage number + Pages on DASD ) / pageable storage number? Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation.
Re: Overcommit ratio
Correct I do not have WAS, DB2, or Domino. My point exactly. What kind of users you have makes all the difference in overcommit ratio. If I added 4 WAS machines I would need a lot more storage than 4 more MYSQL or Oracle machines. Barton Robinson wrote: Stephen, you are doing great. Your workload must be Oracle, and not WAS, DB2 or Domino. If it is WAS, it must be old prior to performance enhancements. so don't upgrade it. And the metric IS useful, you know if you add 4 more servers how much more mainframe storage you need. And your number gives a reference point to others to show what they could be doing if everything worked correctly. Stephen Frazier wrote: My overcommit ratio is about 5:1 not counting CMS users. If you count them it is more like 15:1. It seems to work fine. I don't think overcommit ratio is very useful for anything. It is two dependent on the kind of users you have to be meaningful. Marcy Cortes wrote: I keep hearing things like shouldn't be overcommitted in prod more than 2:1 or 3 or 4:1 in test. How is that calculated? Can I just take the (Pageable storage number + Pages on DASD ) / pageable storage number? Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -- Stephen Frazier Information Technology Unit Oklahoma Department of Corrections 3400 Martin Luther King Oklahoma City, Ok, 73111-4298 Tel.: (405) 425-2549 Fax: (405) 425-2554 Pager: (405) 690-1828 email: stevef%doc.state.ok.us
May 29 z/VSE Live Virtual Class (LVC) z/VSE Tools: An Overview
Posted to the IBMVM, LINUX-390, IBMMAIN listservs for those who are interested in no-charge educational webcasts on topics relating to z/VM, z/VSE, Linux on System z. The next z/VSE Live Virtual Class (LVC)/Webcast is planned for Thursday, May 29th at 11:00 AM EDT. (There's also a Linux on System z webcast on Wed May 28) http://www.vm.ibm.com/education/lvc/ There is no charge to participate in this technical education session. WEBCAST: z/VSE Tools - An Overview Speaker: Ingo Franzki - z/VSE Development, IBM Boeblingen Lab Abstract: The z/VSE web site offers more than 20 tools ('as is'; at no additional charge) for download. The tools are designed make certain z/VSE tasks easier and more interesting. Because of the sheer number of tools; you may have lost track about what tools are provided and what they are for. There may be a tool available that you are not aware of; for a task you need to perform. This session will provide an overview of each the tools that are currently available on the VSE homepage. For every tool; a short description and usage scenarios will be discussed. Date: Thursday May 29, 2008 Time: 11:00 A.M. Eastern Daylight Time ( New York) 10:00 AM Central Daylight Time London 3:00 PM, Frankfurt 4:00 PM, Moscow 6:00 PM Duration: 75 minutes How to attend: Connect to the Live Virtual Class (LVC) session using the following URL: URL: https://asp22.centra.com:443/GA/main/019d9c0d0119cce10cd58e45 OR Connect from the z/VSE Home Page at: http://ibm.com/vse You can connect to the LVC session up to 10 minutes prior to the start of the session. You do not have to pre-register to attend the webcast, but you will need to enter your email to join the call. The REPLAY will be available on the web using the same connect URL approximately 4 hours after the event. If you are unable to connect to the Live Virtual Class session, you can download the presentation from the z/VSE LVC website the day before the webcast and listen to the audio portion of the session via telephone using the following: Call info:1 - 888-240-4148 Toll: 1 - 719-234-0214 Passcode: 893049 Playbacks: The z/VSE calls from the 2007/2008 education series are available on the z/VSE website for playback at: http://ibm.com/vse Other LVC playbacks are listed here: http://www.vm.ibm.com/education/lvc/ And, let's me say it again, even if you'll ignore it... please direct LVC questions to Julie Liesenfelt at [EMAIL PROTECTED] :-) Thanks.. Regards, Pam C