Re: Linux shutdown and DoD restrictions

[Alan Altmark]

On Wednesday, 05/14/2008 at 04:02 EDT, Charles LeDuff 
[EMAIL PROTECTED] wrote:
 I am wondering if there is anyone who has automated the shutdown of 
linux
 instances in z/VM, that has to follow the Department of Defense (DoD)
 requirements?  The requirements, I am referring to, are the Security
 Technical Implementation Guide (STIG).
 
 The SIGNAL command would be the perfect solution, but it requires 
enabling
 the CTL-ALT-DEL function under linux.  According to the STIG, the
 CTL-ATL-DEL function cannot be enable.
 
 I have tried using the CP SEND command, in a REXX EXEC, to send the 
userid
 and password to linux, but z/VM changes the case of the letter from 
lower to
 upper.  Another problem according to the STIG.  All passwords must be 
mixed
 case.  Is there a way for z/VM to not change the case of the letter?
 
 Is there another way to automate the shutdown of the linux instances?

I'm confused.  Presumably the ban on CTL-ALT-DEL was to eliminate 
anonymous reboots.  You have to login to issue shutdown -r, or physically 
turn off the server.

But on System z, SIGNAL SHUTDOWN is not anonymous.  Your ESM will happily 
audit anyone issuing the command.  CP SEND and SIGNAL SHUTDOWN are 
equivalent in this respect: both are outside agencies acting on the 
server.  I content that SIGNAL is more secure because it does not require 
root (or whoever) to be logged on at the virtual console.  Further, I 
think SIGNAL is more reliable because you don't have to add logic to logon 
to root if it is not already logged on.

Maybe a practical demonstration to the owners of STIG would be sufficient 
that you are not *ACTUALLY* enabling CAD on Linux?

Alan Altmark
z/VM Development
IBM Endicott

BEST /1 from BMC

[Bill Munson]

Is there anyone using   UIE/VM   the BEST/1 product from BMC ?

you can contact me off line if you want to

thanx

Bill Munson
VM System Programmer
201-418-7588

President MVMUA
http://www2.marist.edu/~mvmua/


*** IMPORTANT
NOTE* The opinions expressed in this
message and/or any attachments are those of the author and not
necessarily those of Brown Brothers Harriman  Co., its
subsidiaries and affiliates (BBH). There is no guarantee that
this message is either private or confidential, and it may have
been altered by unauthorized sources without your or our knowledge.
Nothing in the message is capable or intended to create any legally
binding obligations on either party and it is not intended to
provide legal advice. BBH accepts no responsibility for loss or
damage from its use, including damage from virus.

Q ISLINK and locked out users...

[RPN01]

I did a Q ISLINK in my z/VM account, which never came back with a
response... And now I can¹t log in using any account.

Any idea what I¹ve messed up or how to unlock things and allow logins again?
Right now, logging in freezes at the logon time, as so:

LOGON MAINT
HCPLNM102E DASD 0123 forced R/O; R/W by DIRMAINT
z/VM Version 5 Release 3.0, Service Level 0702 (64-bit),
built on IBM Virtualization Technology
There is no logmsg data
FILES: 0016 RDR,   NO PRT,   NO PUN
LOGON AT 10:20:40 CDT THURSDAY 05/15/08

It¹s been hung this way for roughly 20 minutes. Will a trip to the console
to force off the original offending user help me, or just make things worse?
Should this be opened as an ETR with IBM?

-- 
Robert P. Nix  Mayo Foundation.~.
RO-OE-5-55 200 First Street SW/V\
507-284-0844   Rochester, MN 55905   /( )\
-^^-^^
In theory, theory and practice are the same, but
 in practice, theory and practice are different.

Re: Q ISLINK and locked out users...

[Quay, Jonathan (IHG)]

 Sounds like a deadlock condition.  SNAPDUMP on the operator console and
open an ETR.

Re: Q ISLINK and locked out users...

[Kris Buelens]

If you cannnot enter SNAPDUMP: do not perform a normal IPL with LOAD
on the HMC, but use RESTART instead: CP will then take an SVC002 dump
which you can send to IBM.

2008/5/15 Quay, Jonathan (IHG) [EMAIL PROTECTED]:




  Sounds like a deadlock condition.  SNAPDUMP on the operator console and
 open an ETR.



-- 
Kris Buelens,
IBM Belgium, VM customer support

May 28th -LVC- High Availability for Linux on IBM System z Servers

[Pamela Christina-on a cloudy day in Endicott]

For those on IBMVM, LINUX390, IBMMAIN who are interested in an hour
of no-charge education via webcast.

Two LVC's coming up on Wed May 28 and Thurs. May 29.
Here's the May 28 info

The next Live Virtual Class (LVC)/Webcast is scheduled for
Wednesday, May 28th at 11:00 AM EDT.

There is no charge to participate in this technical education session.

Wednesday, May 28, 2008 at 11:00 AM EDT US  Canada

WEBCAST:  High Availability for Linux on IBM System z Servers

Speaker:Scott Loveland, IBM Customer Test Chief Architect
Systems/Product Assurance Engineering Professional

Abstract:
Linux virtual servers are increasingly being used to support
critical applications in IBM System z and zSeries server environments. As
the mission becomes more important; so does the need to ensure its
supporting infrastructure is highly available. But how? z/OS system
programmers know the best practices for eliminating single points of
failure for their systems; but may be unsure how to translate those
techniques to the Linux world. Admins coming from a distributed Linux
background may wonder how a virtualized environment on zSeries changes the
game. And both groups may ponder how to best marry the Linux and z/OS
worlds to maximize availability.

Wonder no more. This session will cover a set of high availability
architectures for Linux virtual servers (LVS); in the context of serving
data to WebSphere applications (though WebSphere itself won't be the main
focus). We'll discuss:

1. Single points of failure in an LVS environment; probabilities of each;
and the relative cost to eliminate them -- with examples of how to do so
2. The power of virtualization to minimize degradation of service in the
wake of failures; and to reduce the need for large clusters of redundant
servers
3. How software running on Linux virtual servers can work cooperatively
with a Parallel Sysplex and z/OS data sharing groups
4. Sample architecture specifics; including architectural decisions and
tradeoffs; configuration options; and product technologies used

Date: Wed - May 28, 2008
Time:  11:00 AM Eastern Daylight Time (New York),
   10:00 AM Central Daylight Time
   London 4:00 PM, Frankfurt  5:00 PM,
   Moscow  7:00PM
Duration: 75 minutes

How to attend:
Connect to the Live Virtual Class (LVC) session using the following URL:
URL:  https://asp22.centra.com:443/GA/main/0148c02f0119890365ca8e2f
 OR
Connect from the z/VM Website at:
http://www.vm.ibm.com/education/lvc

You can connect to the LVC session up to 10 minutes prior to the start of
the session.

You do not have to pre-register to attend the webcast, but you will need to
enter your email to join the call.

The REPLAY will be available on the web using the same connect URL
approximately 4 hours after the event.

If you are unable to connect to the Live Virtual Class session, you can
download the presentation from the z/VM LVC website the day
before the webcast and listen to the audio portion of the session via
telephone using the following:

Teleconference Information
Call info:1 - 888-240-4148
Toll: 1 - 719-234-0214
 Passcode:   893049

 Note: use of the telephone connection does not provide capability for you
to ask questions during the session.

Replays: As a reminder, the 2007/2008 sessions are available for replay
from the z/VM website at:
http://www.vm.ibm.com/education/lvc


Please direct any questions to Julie Liesenfelt at [EMAIL PROTECTED]


Regards,
Pam C (on behalf of Julie)

Re: Overcommit ratio

[Barton Robinson]

Stephen, you are doing great. Your workload must be Oracle, and not WAS, DB2 or Domino. If 
it is WAS, it must be old prior to performance enhancements. so don't upgrade it.


And the metric IS useful, you know if you add 4 more servers how much more mainframe 
storage you need. And your number gives a reference point to others to show what they 
could be doing if everything worked correctly.




Stephen Frazier wrote:

My overcommit ratio is about 5:1 not counting CMS users. If you count 
them it is more like 15:1. It seems to work fine. I don't think 
overcommit ratio is very useful for anything. It is two dependent on the 
kind of users you have to be meaningful.


Marcy Cortes wrote:


I keep hearing things like shouldn't be overcommitted in prod more than
2:1 or 3 or 4:1 in test.

How is that calculated?

Can I just take the (Pageable storage number  + Pages on DASD ) /
pageable storage number?



Marcy

This message may contain confidential and/or privileged information. If
you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose, or take any action based on
this message or any information herein. If you have received this
message in error, please advise the sender immediately by reply e-mail
and delete this message. Thank you for your cooperation.

Re: Overcommit ratio

[Stephen Frazier]

Correct I do not have WAS, DB2, or Domino. My point exactly. What kind of users you have makes all 
the difference in overcommit ratio. If I added 4 WAS machines I would need a lot more storage than 4 
more MYSQL or Oracle machines.


Barton Robinson wrote:
Stephen, you are doing great. Your workload must be Oracle, and not WAS, 
DB2 or Domino. If it is WAS, it must be old prior to performance 
enhancements. so don't upgrade it.


And the metric IS useful, you know if you add 4 more servers how much 
more mainframe storage you need. And your number gives a reference point 
to others to show what they could be doing if everything worked correctly.




Stephen Frazier wrote:

My overcommit ratio is about 5:1 not counting CMS users. If you count 
them it is more like 15:1. It seems to work fine. I don't think 
overcommit ratio is very useful for anything. It is two dependent on 
the kind of users you have to be meaningful.


Marcy Cortes wrote:


I keep hearing things like shouldn't be overcommitted in prod more than
2:1 or 3 or 4:1 in test.

How is that calculated?

Can I just take the (Pageable storage number  + Pages on DASD ) /
pageable storage number?



Marcy

This message may contain confidential and/or privileged information. If
you are not the addressee or authorized to receive this for the
addressee, you must not use, copy, disclose, or take any action based on
this message or any information herein. If you have received this
message in error, please advise the sender immediately by reply e-mail
and delete this message. Thank you for your cooperation.





--
Stephen Frazier
Information Technology Unit
Oklahoma Department of Corrections
3400 Martin Luther King
Oklahoma City, Ok, 73111-4298
Tel.: (405) 425-2549
Fax: (405) 425-2554
Pager: (405) 690-1828
email:  stevef%doc.state.ok.us

May 29 z/VSE Live Virtual Class (LVC) z/VSE Tools: An Overview

[Pamela Christina and now it's sunny Endicott]

Posted to the IBMVM, LINUX-390, IBMMAIN listservs for those
who are interested in no-charge educational webcasts on
topics relating to z/VM, z/VSE, Linux on System z.

The next z/VSE Live Virtual Class (LVC)/Webcast is planned for
Thursday, May 29th at 11:00 AM EDT.
(There's also a Linux on System z webcast on Wed May 28)
 http://www.vm.ibm.com/education/lvc/

There is no charge to participate in this technical education session.

WEBCAST:  z/VSE Tools - An Overview
Speaker: Ingo Franzki - z/VSE Development, IBM Boeblingen Lab
Abstract:

 The z/VSE web site offers more than 20 tools ('as is'; at no additional
 charge) for download. The tools are designed make certain z/VSE
 tasks easier and more interesting. Because of the sheer number of
 tools; you may have lost track about what tools are provided and what
 they are for. There may be a tool available that you are not aware of;
 for a task you need to perform. This session will provide an overview
 of each the tools that are currently available on the VSE homepage. For
 every tool; a short description and usage scenarios will be discussed.

Date:  Thursday May 29, 2008
Time:  11:00 A.M. Eastern Daylight Time ( New York)
   10:00 AM Central Daylight Time
   London 3:00 PM, Frankfurt 4:00 PM, Moscow 6:00 PM
Duration: 75 minutes

How to attend:
Connect to the Live Virtual Class (LVC) session using the following URL:
 URL:
https://asp22.centra.com:443/GA/main/019d9c0d0119cce10cd58e45
   OR
Connect from the z/VSE Home Page at:
  http://ibm.com/vse

You can connect to the LVC session up to 10 minutes prior to the start of
the session.

You do not have to pre-register to attend the webcast, but you will
need to enter your email to join the call.
The REPLAY will be available on the web using the same connect URL
approximately 4 hours after the event.

If you are unable to connect to the Live Virtual Class session, you can
download the presentation from the z/VSE LVC website the day
before the webcast and listen to the audio portion of the session via
telephone using the following:

Call info:1 - 888-240-4148
Toll:   1 - 719-234-0214
Passcode:   893049

Playbacks:
The z/VSE calls from the 2007/2008 education series are available on the
z/VSE website for playback at:

http://ibm.com/vse

Other LVC playbacks are listed here:
http://www.vm.ibm.com/education/lvc/

And, let's me say it again, even if you'll ignore it...
please direct LVC questions to Julie Liesenfelt at [EMAIL PROTECTED]
:-)

Thanks..

Regards, Pam C