Re: Is anyone multipathing on SLES 11 SP1?
Thank you. In process of testing. Will update list later. Michael Simms Systems Programmer zSeries VM, VSE, (z)Linux, AIX Naples Campus, Florida 239-552-3479 Enabling America's Best Local Healthcare Please consider the environment before printing this email and SAVE A TREE. -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Mark Post Sent: Tuesday, March 29, 2011 2:16 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Is anyone multipathing on SLES 11 SP1? On 3/29/2011 at 11:53 AM, Michael Simms simmsmichael1...@yahoo.com wrote: Scanning for LVM volume groups... Reading all physical volumes. This may take a while... Found duplicate PV nKTbzlk3XKmCNSegm50mK5LqnJgfo1sv: using /dev/sdb1 not /dev/sda1 Found volume group VGClinDoc using metadata type lvm2 Activating LVM volume groups... Found duplicate PV nKTbzlk3XKmCNSegm50mK5LqnJgfo1sv: using /dev/sdb1 not /dev/sda1 So, I am unable to get a clean startup using SuSE SLES 11 SP1. We did work through and get SuSE SLES 10 SP3+ working, after months of work/testing/questions. In this startup instance, the system reversed the 'available' disk to sdb1. Odd, should have been sda1. I don't know what to try next. You need to update the filter statement in /etc/lvm/lvm.conf to only look at /dev/disk/by-id/ devices. http://www.novell.com/documentation/sles11/stor_admin/?page=/documentation/sles11/stor_admin/data/bookinfo.html Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Oracle 11g on zLinux
Oracle 11GR2 (11.2.0.2.0) is now available via Oracle Technology Network, in 1QCY2011 as previously announced. http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html cheers Damian -Original Message- From: Moeur Tim C [mailto:tim.mo...@srpnet.com] Sent: 19 November 2010 21:26 To: LINUX-390@vm.marist.edu Subject: Re: Oracle 11g on zLinux I was provided this link in some of my correspondence with IBM on this subject: http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS4016 See page 2. The Oracle document mentioned in the IBM doc confirms the intent to provide support and availability 1Q2011. Tim -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Rodger Donaldson Sent: Wednesday, November 17, 2010 10:47 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Oracle 11g on zLinux On Tue, Nov 16, 2010 at 12:01:35PM -0700, Mark Post wrote: I'm hunting for descriptive documents on Oracle's site, but none are forthcoming. I see on this forum that question was asked 2 years ago, but has it changed in 2 years? Not really. Current estimates are Q1 2011. But I've heard such estimates before, so I take that with a large chunk of salt. I'm told that this time things will be different, but I'll believe that when I see the announcement. Me too; Oracle folks I've dealt with lately have seemed way more interested in shoehorning us onto OEL than supporting Oracle on zLinux. We've had the releases for 11g turn into cancellations (for the 11.1) and subsequent delays (for 11.2). -- Rodger Donaldsonrodg...@diaspora.gen.nz -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Oracle 11g on zLinux
Sorry I don't see zlinux (or s390x or linux on z) under the 11g just the 10g on the oracle download page... Am I missing it ? Paul Confidentiality Notice: The information contained in this email is intended for the confidential use of the above-named recipient(s). If the reader of this message is not the intended recipient or person responsible for delivering it to the intended recipient, you are hereby notified that you have received this communication in error, and that any review, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately and destroy this message. Data Classification: Limited Access -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Damian Gallagher Sent: Wednesday, March 30, 2011 10:45 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Oracle 11g on zLinux Oracle 11GR2 (11.2.0.2.0) is now available via Oracle Technology Network, in 1QCY2011 as previously announced. http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html cheers Damian -Original Message- From: Moeur Tim C [mailto:tim.mo...@srpnet.com] Sent: 19 November 2010 21:26 To: LINUX-390@vm.marist.edu Subject: Re: Oracle 11g on zLinux I was provided this link in some of my correspondence with IBM on this subject: http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebIndex/PRS4016 See page 2. The Oracle document mentioned in the IBM doc confirms the intent to provide support and availability 1Q2011. Tim -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Rodger Donaldson Sent: Wednesday, November 17, 2010 10:47 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Oracle 11g on zLinux On Tue, Nov 16, 2010 at 12:01:35PM -0700, Mark Post wrote: I'm hunting for descriptive documents on Oracle's site, but none are forthcoming. I see on this forum that question was asked 2 years ago, but has it changed in 2 years? Not really. Current estimates are Q1 2011. But I've heard such estimates before, so I take that with a large chunk of salt. I'm told that this time things will be different, but I'll believe that when I see the announcement. Me too; Oracle folks I've dealt with lately have seemed way more interested in shoehorning us onto OEL than supporting Oracle on zLinux. We've had the releases for 11g turn into cancellations (for the 11.1) and subsequent delays (for 11.2). -- Rodger Donaldsonrodg...@diaspora.gen.nz -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Oracle 11g on zLinux
On 3/30/2011 at 11:05 AM, Ayer, Paul W pwa...@statestreet.com wrote: Sorry I don't see zlinux (or s390x or linux on z) under the 11g just the 10g on the oracle download page... Am I missing it ? It's the first selection on the page, in between the (11.2.0.2.0) and (11.2.0.1.0) headers. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Oracle 11g on zLinux
On Wed, Mar 30, 2011 at 5:05 PM, Ayer, Paul W pwa...@statestreet.com wrote: Sorry I don't see zlinux (or s390x or linux on z) under the 11g just the 10g on the oracle download page... Am I missing it ? Guess so, or maybe the page in your cache. It's the very first entry that says: (11.2.0.2.0) Download zLinux64 Gets me to http://www.oracle.com/technetwork/database/enterprise-edition/downloads/112020-zlinux64-352074.html -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Oracle 11g on zLinux
On 3/30/2011 at 10:44 AM, Damian Gallagher damian.gallag...@oracle.com wrote: Oracle 11GR2 (11.2.0.2.0) is now available via Oracle Technology Network, in 1QCY2011 as previously announced. http://www.oracle.com/technetwork/database/enterprise-edition/downloads/inde x.html cheers Damian, Thank you very much for this alert. I appreciate it. Now for the nit-picking (sorry). When you click on See All at the URL you gave, the page that comes up (http://www.oracle.com/technetwork/database/enterprise-edition/downloads/112020-zlinux64-352074.html) has under Directions bullet # 4. Review the certification matrix for this product here. If you click on the link, it sends you to a page that says: Certification Information Oracle customers can find all certification information on the My Oracle Support website. with a hyperlink to https://support.oracle.com/. Rather irritating. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Security question about having zLinux web servers out in DMZ.
Hello listers, Our company has recently been acquired by another company. We are at the point of having to get our two networks to talk to each other. Before we can do that, we have to comply with certain security rules. One of them being that the mainframe cannot be exposed to the internet. We have a couple of zLinux web servers that are running in a couple of z/VM guests that are connected to our DMZ. The new folks say this is a show stopper as far as hooking up the two networks. The questions I have are: Is this a common restriction? That is, you have to have your DMZ based web servers running on some other platform so that your mainframe is not exposed to the internet. Or, the new folks just don't understand the built-in security provided by the z10 and z\VM 6.1. I know that we will end up conforming to the rules that the new folks have, but I was just wondering if the new folks really know what they are talking about. Thanks, Ron -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Security question about having zLinux web servers out in DMZ.
On 3/30/2011 at 11:56 AM, Ron Foster at Baldor-IS rfos...@baldor.com wrote: Is this a common restriction? That is, you have to have your DMZ based web servers running on some other platform so that your mainframe is not exposed to the internet. I won't say it's _not_ common, but it's a leftover from the days when MVS was about the only thing running on the mainframe. Not a valid restriction for modern applications. Or, the new folks just don't understand the built-in security provided by the z10 and z\VM 6.1. That's entirely likely. Perhaps IBM needs to inform them of the EAL5 rating that LPARs have, along with the certifications that z/VM has racked up over the years. I know that we will end up conforming to the rules that the new folks have, but I was just wondering if the new folks really know what they are talking about. They might have 10+ years ago. Not today. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Linux on System z Secure Key Solution with the Common Cryptographic Architecture 4.1 publication available
Secure Key Solution with the Common Cryptographic Architecture Programmer's Guide 4.1.0 More details are available at : http://www.ibm.com/security/cryptocards/pciecc/library.shtml This document describes how to use the verbs provided in the Common Cryptographic Architecture (CCA) Release 4.0.0 and Release 4.1.0 APIs for Linux on IBM System z. The CCA functions perform cryptographic operations using the IBM 4765 Crypto Express3 feature (CEX3C) in coprocessor mode. The CCA functions also perform some cryptographic operations using the IBM 4764 Crypto Express2 (CEX2C) feature in coprocessor mode. The book is for planning and programming purposes only. Dorothea Matthaeus Linux on System z Information Development IBM Deutschland Entwicklung GmbH -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Security question about having zLinux web servers out in DMZ.
Mark is right. It's not a valid restriction. speculation The rule was likely put in place by someone with only MVS mainframe knowledge. /speculation Even so, there are shops which had mainframes on the public internet 15+ years ago and there are shops *today* with mainframes on the public internet. It's a question of managing risk, which pre-requires understanding the risks, which in turn pre-requires understanding the systems. Be prepared for a long conversation with learning needed on both sides. -- R; Rick Troth Velocity Software http://www.velocitysoftware.com/ On Wed, Mar 30, 2011 at 11:56, Ron Foster at Baldor-IS rfos...@baldor.com wrote: Hello listers, Our company has recently been acquired by another company. We are at the point of having to get our two networks to talk to each other. Before we can do that, we have to comply with certain security rules. One of them being that the mainframe cannot be exposed to the internet. We have a couple of zLinux web servers that are running in a couple of z/VM guests that are connected to our DMZ. The new folks say this is a show stopper as far as hooking up the two networks. The questions I have are: Is this a common restriction? That is, you have to have your DMZ based web servers running on some other platform so that your mainframe is not exposed to the internet. Or, the new folks just don't understand the built-in security provided by the z10 and z\VM 6.1. I know that we will end up conforming to the rules that the new folks have, but I was just wondering if the new folks really know what they are talking about. Thanks, Ron -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Oracle 11g on zLinux
Am I missing it? Great I'll download that right after my eye doctor's appointment. Thanks all, Paul Confidentiality Notice: The information contained in this email is intended for the confidential use of the above-named recipient(s). If the reader of this message is not the intended recipient or person responsible for delivering it to the intended recipient, you are hereby notified that you have received this communication in error, and that any review, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately and destroy this message. Data Classification: Limited Access -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Mark Post Sent: Wednesday, March 30, 2011 11:20 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Oracle 11g on zLinux On 3/30/2011 at 11:05 AM, Ayer, Paul W pwa...@statestreet.com wrote: Sorry I don't see zlinux (or s390x or linux on z) under the 11g just the 10g on the oracle download page... Am I missing it ? It's the first selection on the page, in between the (11.2.0.2.0) and (11.2.0.1.0) headers. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Security question about having zLinux web servers out in DMZ.
On Wednesday, 03/30/2011 at 12:03 EDT, Ron Foster at Baldor-IS rfos...@baldor.com wrote: Our company has recently been acquired by another company. We are at the point of having to get our two networks to talk to each other. Before we can do that, we have to comply with certain security rules. One of them being that the mainframe cannot be exposed to the internet. Terminology. Most non-mainframers (and not a few mainframers!) believe mainframe = z/OS. It's just ignorance, not stupidity. I don't know of anyone who would put MVS on a direct connection to the outside world, but it's not because it's a mainframe, it's because it's in a security zone that doesn't permit such a connection. We have a couple of zLinux web servers that are running in a couple of z/VM guests that are connected to our DMZ. The new folks say this is a show stopper as far as hooking up the two networks. The questions I have are: Is this a common restriction? That is, you have to have your DMZ based web servers running on some other platform so that your mainframe is not exposed to the internet. I'll say that it's not UNcommon, given the history of mainframe at some companies. And it's usually more along the lines of but we already have a DMZ infrastructure that we've certified and have made manageable. We're happy. Hey, if The Powers That Be are happy, I'm happy. Far be it from ME to create an undulation, or one of a series of undulations, on the calm, placid sea of TPTB's existence. Or, the new folks just don't understand the built-in security provided by the z10 and z\VM 6.1. You undoubtedly went through this once before when you decided to put the DMZ on z. You have some education to do, or you can discuss with your IBM rep the various ways to get the new folks educated. If you don't nip this in the bud, however, the FUD will spread and affect other multi-zone uses of a single CEC. I know that we will end up conforming to the rules that the new folks have, but I was just wondering if the new folks really know what they are talking about. Sure, they know what they're talking about. They just don't know what *you're* talking about! Moving the DMZ outboard isn't the end of the world, but it needs to be for considered reasons, not an uninformed panic reaction. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Oracle 11g on zLinux
Yep, I agree. I'll see what can be done, but I'm not going to hold my breath for it :-) If that's the only nit, I'm quite relieved :-) Cheers Damian -Original Message- From: Mark Post [mailto:mp...@novell.com] Sent: 30 March 2011 16:31 To: LINUX-390@vm.marist.edu Subject: Re: Oracle 11g on zLinux On 3/30/2011 at 10:44 AM, Damian Gallagher damian.gallag...@oracle.com wrote: Oracle 11GR2 (11.2.0.2.0) is now available via Oracle Technology Network, in 1QCY2011 as previously announced. http://www.oracle.com/technetwork/database/enterprise-edition/downloads/inde x.html cheers Damian, Thank you very much for this alert. I appreciate it. Now for the nit-picking (sorry). When you click on See All at the URL you gave, the page that comes up (http://www.oracle.com/technetwork/database/enterprise-edition/downloads/112020-zlinux64-352074.html) has under Directions bullet # 4. Review the certification matrix for this product here. If you click on the link, it sends you to a page that says: Certification Information Oracle customers can find all certification information on the My Oracle Support website. with a hyperlink to https://support.oracle.com/. Rather irritating. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Is anyone multipathing on SLES 11 SP1?
Thank you. I am in the process of testing. Will update list later. Michael Simms Systems Programmer zSeries VM, VSE, (z)Linux, AIX Naples Campus, Florida 239-552-3479 Enabling America's Best Local Healthcare Please consider the environment before printing this email and SAVE A TREE. -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Mauro Souza Sent: Tuesday, March 29, 2011 2:15 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Is anyone multipathing on SLES 11 SP1? Hi Michael, Looks a lot like your LVM is not blacklisting /dev/sda devices. You have to edit /etc/lvm/lvm.conf and instruct LVM to not bind to /dev/sd*. More info on http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp?topic=/liaai/multiBcs/liaaimpbsclvm.htm Mauro http://mauro.limeiratem.com - registered Linux User: 294521 Scripture is both history, and a love letter from God. On Tue, Mar 29, 2011 at 12:53 PM, Michael Simms simmsmichael1...@yahoo.comwrote: Help! If anyone has the type of environment described below and has it working, please share with us, if you can, how you configured things. If anyone has any advice, any advice, we welcome it! Our environment is: -SAN - EMC CLARiiON CX4-960 -Mainframe z10 -HBA - 2 zFCP -Switches - 2 Brocade, between z10 and SAN -Operating Systems - zVM 6.1 with zLinux SLES 11 SP1 -Contents of /etc/multipath.conf hma-mf-lin12:/ # cat /etc/multipath.conf *StartOfFile* devices { # Device attributed for EMC CLARiiON device { vendor DGC product * prio_callout /sbin/mpath_prio_alua /dev/%n getuid_callout /lib/udev/scsi_id -g -u -d /dev/%n features 1 queue_if_no_path path_checker directio failback immediate hardware_handler 1 alua } } multipaths{ } *EndOfFile* -Partial /etc/sysconfig/kernel ## Path:System/Kernel ## Description: ## Type:string ## Command: /sbin/mkinitrd # # This variable contains the list of modules to be added to the initial # ramdisk by calling the script mkinitrd # (like drivers for scsi-controllers, for lvm or reiserfs) # INITRD_MODULES=jbd ext3 zfcp dm-multipath -For simplicity's sake, I am including 1 lun as an example. Below are selected entries from the startup log. (Underlines are mine): Booting default (SLES11_SP1V1)... ... io scheduler noop registered io scheduler anticipatory registered io scheduler deadline registered (default) io scheduler cfq registered ... Block layer SCSI generic (bsg) driver version 0.4 loaded (major 254) ... doing fast boot SCSI subsystem initialized device-mapper: uevent: version 1.0.3 device-mapper: ioctl: 4.15.0-ioctl (2009-04-01) initialised: dm-de...@redhat.com device-mapper: multipath: version 1.1.0 loaded Creating device nodes with udev udevd version 128 started udevd-event[154]: device node '/dev/mapper/control' already exists, link to '/dev/device-mapper' will not overwrite it 7 line(s) not displayed device-mapper: multipath round-robin: version 1.0.0 loaded emc: device handler registered hp_sw: device handler registered rdac: device handler registered alua: device handler registered 3 line(s) not displayed Setup multipath devices: ok. 12 line(s) not displayed Copying static /dev content ..done 2 line(s) not displayed Starting udevd: udevd version 128 started ..done Loading drivers, configuring devices: scsi0 : zfcp qdio: 0.0.4500 ZFCP on SC 0 using AI:1 QEBSM:1 PCI:1 TDD:1 SIGA: W AO scsi 0:0:3:0: Direct-Access DGC RAID 10 0430 PQ: 0 ANSI: 4 scsi 0:0:3:0: emc: detected Clariion CX4-960, flags 0 scsi 0:0:3:0: emc: ALUA failover mode detected scsi 0:0:3:0: emc: connected to SP A Port 4 (owned, default SP A) zfcp.747e7d: 0.0.4500: LUN 0x6 on port 0x500601643b202b41 is already in use by CSS0, MIF Image ID 1 3 line(s) not displayed scsi1 : zfcp 2 line(s) not displayed qdio: 0.0.4600 ZFCP on SC 1 using AI:1 QEBSM:1 PCI:1 TDD:1 SIGA: W AO 1 line(s) not displayed scsi 1:0:3:0: Direct-Access DGC RAID 10 0430 PQ: 0 ANSI: 4 scsi 1:0:3:0: emc: detected Clariion CX4-960, flags 0 scsi 1:0:3:0: emc: ALUA failover mode detected scsi 1:0:3:0: emc: connected to SP A Port 6 (owned, default SP A) sd 0:0:3:0: [sda] 1048576000 512-byte logical blocks: (536 GB/500 GiB) sd 0:0:3:0: [sda] Write Protect is off sd 0:0:3:0: [sda] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA sda: sda1 sd 1:0:3:0: [sdb] 1048576000 512-byte logical blocks:
Re: Security question about having zLinux web servers out in DMZ.
Not a valid restriction. Open Systems and Network types only run a single stack in a box (vast majority of the time). Here, they still can't grasp that I have some 70 stacks running on a single box. (but there is only 2 ethernet cables...so you can't have 70 stacks) From their viewpoint, treat each stack as a standalone box when dealing with them. Just like standalone boxes, if you have one stack routing to another stack, it is the same as one box being routed to another box. If some stacks need to be passed thru the DMZ to the outside world, just identify the IP addresses envolved. Tom Duerbusch THD Consulting Ron Foster at Baldor-IS rfos...@baldor.com 3/30/2011 10:56 AM Hello listers, Our company has recently been acquired by another company. We are at the point of having to get our two networks to talk to each other. Before we can do that, we have to comply with certain security rules. One of them being that the mainframe cannot be exposed to the internet. We have a couple of zLinux web servers that are running in a couple of z/VM guests that are connected to our DMZ. The new folks say this is a show stopper as far as hooking up the two networks. The questions I have are: Is this a common restriction? That is, you have to have your DMZ based web servers running on some other platform so that your mainframe is not exposed to the internet. Or, the new folks just don't understand the built-in security provided by the z10 and z\VM 6.1. I know that we will end up conforming to the rules that the new folks have, but I was just wondering if the new folks really know what they are talking about. Thanks, Ron -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
HyperPAV Alias definitions on DS8700
We are attempting to enable HyperPAV aliases on a DS8700 to a z/M 6.1 system. The Dasd Subsystem people and the people that control the HCD that the definitions are all proper from their standpoint. However when I issue the Q PAV command I get There are no Parallel Access Volume devices known to this system . I have been told that there no definitions I need to make from a zVM standpoint to detect these aliases. If the DS8700 and the HCD are defined correctly I should be able to see the devices when I do the Q PAV. Is this correct? Here are displays I did on the associated SSID. q cu dasd fa00 dev DASD CU FA00 DEVICES: F800 F801 F802 F803 F804 F805 F806 F807 F808 F809 F80A F80B F80C F80D F80E F80F Ready; T=0.01/0.01 11:30:24 q cu dasd fa00 al DASD CU FA00 HAS NO ASSOCIATED ALIASES Ready; T=0.01/0.01 11:30:31 q cu dasd fa00 pavm DASD CU FA00 CURRENTLY HYPERPAV, HYPERPAV ALLOWED Ready; T=0.01/0.01 11:30:57 Michael E. Thompson UnitedHealth Group This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: HyperPAV Alias definitions on DS8700
On Wednesday, 03/30/2011 at 01:44 EDT, Thompson, Michael E michael_thomp...@uhc.com wrote: We are attempting to enable HyperPAV aliases on a DS8700 to a z/M 6.1 system. The Dasd Subsystem people and the people that control the HCD that the definitions are all proper from their standpoint. However when I issue the Q PAV command I get There are no Parallel Access Volume devices known to this system . I have been told that there no definitions I need to make from a zVM standpoint to detect these aliases. If the DS8700 and the HCD are defined correctly I should be able to see the devices when I do the Q PAV. Is this correct? Here are displays I did on the associated SSID. q cu dasd fa00 dev DASD CU FA00 DEVICES: F800 F801 F802 F803 F804 F805 F806 F807 F808 F809 F80A F80B F80C F80D F80E F80F Ready; T=0.01/0.01 11:30:24 q cu dasd fa00 al DASD CU FA00 HAS NO ASSOCIATED ALIASES Ready; T=0.01/0.01 11:30:31 q cu dasd fa00 pavm DASD CU FA00 CURRENTLY HYPERPAV, HYPERPAV ALLOWED Ready; T=0.01/0.01 11:30:57 Instead of querying the control unit, you need to QUERY PAV ALL. HyperPAVs are not associated with a base device until an I/O is performed, and that association only lasts for the duration of that I/O. Hence the failure of QUERY CU DASD ALIAS to give you anything useful. Instead, HyperPAVs are in pools that are selected by CP for association with a base device in the same pool. QUERY DASD DETAILS will tell you the pool associated with a specific base or alias address.' It's that use of the word associated that needs to be looked at when thinking about PAV vs HyperPAV. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Oracle 11g on zLinux
I'm told by my Oracle group that it is not available on the Oracle eDelivery site nor is it mentioned as supported on MOS. Is there an ETA for this that would make it official? -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Damian Gallagher Sent: Wednesday, March 30, 2011 12:56 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Oracle 11g on zLinux Yep, I agree. I'll see what can be done, but I'm not going to hold my breath for it :-) If that's the only nit, I'm quite relieved :-) Cheers Damian -Original Message- From: Mark Post [mailto:mp...@novell.com] Sent: 30 March 2011 16:31 To: LINUX-390@vm.marist.edu Subject: Re: Oracle 11g on zLinux On 3/30/2011 at 10:44 AM, Damian Gallagher damian.gallag...@oracle.com wrote: Oracle 11GR2 (11.2.0.2.0) is now available via Oracle Technology Network, in 1QCY2011 as previously announced. http://www.oracle.com/technetwork/database/enterprise-edition/downloads/inde x.html cheers Damian, Thank you very much for this alert. I appreciate it. Now for the nit-picking (sorry). When you click on See All at the URL you gave, the page that comes up (http://www.oracle.com/technetwork/database/enterprise-edition/downloads/112020-zlinux64-352074.html) has under Directions bullet # 4. Review the certification matrix for this product here. If you click on the link, it sends you to a page that says: Certification Information Oracle customers can find all certification information on the My Oracle Support website. with a hyperlink to https://support.oracle.com/. Rather irritating. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: HyperPAV Alias definitions on DS8700
Alan here is the output from Q PAV ALL q pav all There are no Parallel Access Volume devices known to this system Ready; T=0.01/0.01 13:10:02 has no mention of The Q DASD DETAILS does not contain the HYPERPAV DETAILS q dasd details f802 F802 CUTYPE = 2107-E8, DEVTYPE = 3390-0C, VOLSER = VMUW02, CYLS = 65520 CACHE DETAILS: CACHE NVS CFW DFW PINNED CONCOPY -SUBSYSTEM YY Y -N N -DEVICE Y- - YN N DEVICE DETAILS: CCA = 02, DDC = -- DUPLEX DETAILS: -- PPRC DETAILS: PRIMARY VOLUME CU DETAILS: SSID = FA00, CUNUM = F80A Ready; T=0.01/0.01 13:19:24 Looks like the device is not even detecting HyperPAV status. -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Alan Altmark Sent: Wednesday, March 30, 2011 1:00 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: HyperPAV Alias definitions on DS8700 On Wednesday, 03/30/2011 at 01:44 EDT, Thompson, Michael E michael_thomp...@uhc.com wrote: We are attempting to enable HyperPAV aliases on a DS8700 to a z/M 6.1 system. The Dasd Subsystem people and the people that control the HCD that the definitions are all proper from their standpoint. However when I issue the Q PAV command I get There are no Parallel Access Volume devices known to this system . I have been told that there no definitions I need to make from a zVM standpoint to detect these aliases. If the DS8700 and the HCD are defined correctly I should be able to see the devices when I do the Q PAV. Is this correct? Here are displays I did on the associated SSID. q cu dasd fa00 dev DASD CU FA00 DEVICES: F800 F801 F802 F803 F804 F805 F806 F807 F808 F809 F80A F80B F80C F80D F80E F80F Ready; T=0.01/0.01 11:30:24 q cu dasd fa00 al DASD CU FA00 HAS NO ASSOCIATED ALIASES Ready; T=0.01/0.01 11:30:31 q cu dasd fa00 pavm DASD CU FA00 CURRENTLY HYPERPAV, HYPERPAV ALLOWED Ready; T=0.01/0.01 11:30:57 Instead of querying the control unit, you need to QUERY PAV ALL. HyperPAVs are not associated with a base device until an I/O is performed, and that association only lasts for the duration of vthat I/O. Hence the failure of QUERY CU DASD ALIAS to give you anything useful. Instead, HyperPAVs are in pools that are selected by CP for association with a base device in the same pool. QUERY DASD DETAILS will tell you the pool associated with a specific base or alias address.' It's that use of the word associated that needs to be looked at when thinking about PAV vs HyperPAV. Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 mobile; 607.321.7556 alan_altm...@us.ibm.com IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Oracle 11g on zLinux
It's official. Certification on MOS is in catchup. Supported OS distros are detailed in the doc. Point them at Getting Started - 11gR2 Grid Infrastructure,SI(Single Instance), ASM and DB (IBM: Linux on System z) (Doc ID 1306465.1) If they open an SR I'll just tell them the same - if that makes it 'official' for them tell them to do so, and stick my name in a prominent position in the SR so it'll route to me. Cheers Damian -Original Message- From: Graves, Aaron [mailto:aaron.gra...@citi.com] Sent: 30 March 2011 19:04 To: LINUX-390@vm.marist.edu Subject: Re: Oracle 11g on zLinux I'm told by my Oracle group that it is not available on the Oracle eDelivery site nor is it mentioned as supported on MOS. Is there an ETA for this that would make it official? -Original Message- From: Linux on 390 Port [mailto:LINUX-390@VM.MARIST.EDU] On Behalf Of Damian Gallagher Sent: Wednesday, March 30, 2011 12:56 PM To: LINUX-390@VM.MARIST.EDU Subject: Re: Oracle 11g on zLinux Yep, I agree. I'll see what can be done, but I'm not going to hold my breath for it :-) If that's the only nit, I'm quite relieved :-) Cheers Damian -Original Message- From: Mark Post [mailto:mp...@novell.com] Sent: 30 March 2011 16:31 To: LINUX-390@vm.marist.edu Subject: Re: Oracle 11g on zLinux On 3/30/2011 at 10:44 AM, Damian Gallagher damian.gallag...@oracle.com wrote: Oracle 11GR2 (11.2.0.2.0) is now available via Oracle Technology Network, in 1QCY2011 as previously announced. http://www.oracle.com/technetwork/database/enterprise-edition/downloads/inde x.html cheers Damian, Thank you very much for this alert. I appreciate it. Now for the nit-picking (sorry). When you click on See All at the URL you gave, the page that comes up (http://www.oracle.com/technetwork/database/enterprise-edition/downloads/112020-zlinux64-352074.html) has under Directions bullet # 4. Review the certification matrix for this product here. If you click on the link, it sends you to a page that says: Certification Information Oracle customers can find all certification information on the My Oracle Support website. with a hyperlink to https://support.oracle.com/. Rather irritating. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: HyperPAV Alias definitions on DS8700
Instead of querying the control unit, you need to QUERY PAV ALL. snip Alan Altmark q pav all There are no Parallel Access Volume devices known to this system Ready; T=0.01/0.01 13:31:53 Mark Wheeler UnitedHealth Group -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
zVienna IBM System z Technical University (2-6 May 2011)- Vienna
Cross-posed to IBMVM, IBMMAIN, LINUX390 for those who are interested enhancing their System z skills at IBM technical conferences focused on System z. Hi Everyone, The next big z conference in Europe is open for enrollment. IBM System z Technical University 2-6 May 2011 Vienna, Austria Web site: http://www.ibm.com/training/conf/europe/systemz This is 4.5-day event runs from Monday morning through Friday 1:00 PM. If you need z technical education and want to get caught up on the latest on z, consider this conference which focuses on System z, zEnterprise, z/OS, z/VSE, z/VM, and Linux on System z and more. There will also be hands on labs throughout the week, a product expo with IBM and ISV exhibitors and a University Day on Tuesday (with visiting students). The details about enrollment, accommodations at Vienna Hilton, agenda grid and session lists and abstracts can be found on the web site. http://www.ibm.com/training/conf/europe/systemz Regards Pam C -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
German Federal Pension Fund Migrates IBM CICS Workloads to Linux on System z
There is a free webinar on April 7, discussing the move of CICS, COBOL and Batch from z/OS to z/Linux, for those who are interested DJ Original Message Subject:German Federal Pension Fund Migrates IBM CICS Workloads to Linux on System z Date: Tue, 29 Mar 2011 08:35:34 -0600 From: IBM Systems Magazine Webinar ibmsystemsmagwebin...@msptechmedia.com To: d...@vsoft-software.com To view this email as a web page, go here. http://cl.exactt.net/?ju=fe3317707161047a761270ls=fdd01570766106787011707165m=ff5c13747dl=fe61157775660d7f751ds=fe301575736d057e741475jb=ffcf14t= Clerity: German Federal Pension Fund Migrates IBM CICS Workloads to Linux on System z http://cl.exactt.net/?ju=fe3217707161047a761271ls=fdd01570766106787011707165m=ff5c13747dl=fe61157775660d7f751ds=fe301575736d057e741475jb=ffcf14t= Clerity http://cl.exactt.net/?ju=fe3117707161047a761272ls=fdd01570766106787011707165m=ff5c13747dl=fe61157775660d7f751ds=fe301575736d057e741475jb=ffcf14t= WHO SHOULD ATTEND CIOs and IT managers interested in moving IBM CICS, COBOL, and Batch/JCL workloads to Linux on IBM System z partitions. WHEN *Thursday, April 7, 2011 --- 11am EST* AGENDA Organizations are consolidating workloads onto Linux on IBM System z to lower costs, standardize operations and enhance IT flexibility. Now you can move online and batch mainframe applications to scalable Integrated Facility for Linux (IFL) processors without sacrificing functionality or performance. In this webinar you will learn: * How four divisions of the German pension-management agency, Deutsche Rentenversicherung (DRV), migrated a large, central IBM CICS application from an IBM z/OS environment to Linux on IBM System z * How UniKix Mainframe Rehosting software protects existing investments by enabling legacy workloads to run on mainframe Linux partitions How your business can benefit from the best practices and lessons learned by the DRV and other organizations to maximize benefits and reduce risk when replatforming legacy workloads * The DRV intends to use this agile platform to continue consolidation and implement SOA initiatives. Discover how a similar move can benefit your business. REGISTER TODAY http://cl.exactt.net/?ju=fe3117707161047a761272ls=fdd01570766106787011707165m=ff5c13747dl=fe61157775660d7f751ds=fe301575736d057e741475jb=ffcf14t= FEATURING *Falk-Oliver Bischoff*, /Featured Speaker/ Head of IT, DRV Baden-Württemberg Falk-Oliver Bischoff serves as Head of IT for DRV Baden-Württemberg and is responsible for planning and implementing IT strategies for this DRV division. Bischoff has led several projects at the DRV centered on reducing TCO and reusing legacy software assets in forward-facing IT initiatives. Prior to his current role, Bischoff managed the merger of two IT departments in Baden-Württemberg. Bischoff graduated from the University of Karlsruhe (now KIT), with an emphasis on Computer Science. *Uwe Nitsche*, /Featured Speaker/ Head of Mainframe Competence Center, DRV Baden-Wuerttemberg, Hessen and Saarland Uwe Nitsche serves as Head of the mainframe Competence Center for DRV Baden-Wuerttemberg, Hessen and Saarland and is responsible for managing the mainframe technical team and and trained as a specialist in z/OS. Mr.Nitsche has over thirty years of IT experience, with an extensive background in COBOL programming and IBM CICS-based dialog systems development. *Cameron Jenkins*, /Featured Speaker/ COO and Executive Vice President, Clerity Solutions Cameron Jenkins serves as COO and Executive Vice President at Clerity Solutions and is responsible for sales marketing operations and determining company strategy in conjunction with Clerity's President, Brandon Edenfield. Jenkins establishes and manages strategic alliances with platform, technology, and service partners including IBM, Oracle and HP. He is also responsible for market positioning and influencing Clerity's brand identify. Jenkins has over 20 years' experience in marketing, sales, and strategic alliances with technology companies. *Doug Rock*, /Moderator/ Publisher of /IBM Systems Magazine/ MSP TechMedia Doug Rock, as publisher of MSP Communications' TechMedia division, directs the print, digital and electronic publishing operations for some of the country's leading technology providers. He has worked in the high tech industry and reported on high tech topics since 1992. ABOUT Clerity http://cl.exactt.net/?ju=fe3017707161047a761273ls=fdd01570766106787011707165m=ff5c13747dl=fe61157775660d7f751ds=fe301575736d057e741475jb=ffcf14t= *Clerity* Clerity is a leading, full-service provider of mainframe migration, modernization and optimization solutions focused on helping organizations maximize the value of their IT assets. Headquartered in Chicago with offices worldwide, Clerity's service team and automated software solutions have facilitated
Re: HyperPAV Alias definitions on DS8700
Alan said: Instead of querying the control unit, you need to QUERY PAV ALL. HyperPAVs are not associated with a base device until an I/O is performed, and that association only lasts for the duration of that I/O. Hence the failure of QUERY CU DASD ALIAS to give you anything useful. Instead, HyperPAVs are in pools that are selected by CP for association with a base device in the same pool. While it is true that the association between base-and-alias only occurs for the duration of an I/O, the Q CU ALIAS command will show the HyperPAV aliases just fine: q dasd details 1580 1580 CUTYPE = 2107-E8, DEVTYPE = 3390-0E, VOLSER = JS1580, CYLS = 71232 CACHE DETAILS: CACHE NVS CFW DFW PINNED CONCOPY -SUBSYSTEM YY Y -N N -DEVICE Y- - YN N DEVICE DETAILS: CCA = 00, DDC = -- DUPLEX DETAILS: -- HYPERPAV DETAILS: BASE VOLUME IN POOL 26 CU DETAILS: SSID = 0227, CUNUM = 1580 q cu 0227 dev DASD CU 0227 DEVICES: 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 158A 158B 158C 158D 158E q cu 0227 al DASD CU 0227 ALIASES: 1586 1587 1588 1589 158A 158B 158C 158D 158E q dasd details 1586 1586 CUTYPE = 2107-E8, DEVTYPE = 3390-0A, VOLSER =, CYLS = 0 CACHE DETAILS: CACHE NVS CFW DFW PINNED CONCOPY -SUBSYSTEM YY Y -N N -DEVICE N- - NN N DEVICE DETAILS: CCA = 00, DDC = -- DUPLEX DETAILS: -- HYPERPAV DETAILS: ALIAS VOLUME IN POOL 26 CU DETAILS: SSID = 0227, CUNUM = 1580 Mark mentioned... The Q DASD DETAILS does not contain the HYPERPAV DETAILS ...snip... Looks like the device is not even detecting HyperPAV status. This appears to be the case to me as well. A base device is only marked as a base when we find at least one alias that is associated with either the base subchannel (PAV) or the base subchannel's pool (HyperPAV). Until then, the responses you see for Q PAV, Q CU, Q DASD DETAILS, etc., can look like you have described here. If you have the device string defined to HCD, what happens if you query one of the supposed alias subchannels? Perhaps they still need to be varied online? Regards, Eric Eric Farman z/VM I/O Development IBM Endicott, NY -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Security question about having zLinux web servers out in DMZ.
On 3/30/11 8:56 AM, Ron Foster at Baldor-IS rfos...@baldor.com wrote: We have a couple of zLinux web servers that are running in a couple of z/VM guests that are connected to our DMZ. The new folks say this is a show stopper as far as hooking up the two networks. This is a political decision, not a technical one, and one based on a flawed assumption that System z = one image of z/OS. They're used to the concept that machines run one OS and are not safely partitionable. If they expose a typical machine to the Internet, then they're exposing the whole thing. In the scenario you just described, there is no risk (or no more risk than they are already taking by exposing ANY Linux machine to the internet) and each system is separated and isolate IF they do the networking right. Is this a common restriction? That is, you have to have your DMZ based web servers running on some other platform so that your mainframe is not exposed to the internet. Yes, if you're used to the one-system, one-OS, one-image rule. It does NOT apply to virtualized Linux and virtual machines. This is policy, not technical merit. They run the same (if not an inflated) risk by exposing Intel machines to the Internet. If the networking is properly engineered and ANY system that is exposed to the Internet is correctly separated with DMZs and firewalls, then exposing the mainframe is no more risk than exposing any other platform. It's the network segment that has to be separate, not the machine. I know that we will end up conforming to the rules that the new folks have, but I was just wondering if the new folks really know what they are talking about. They're going to hit exactly the same issues with ANY virtualized platform. Probably worth exploring how much they trust their switch VLANs; same issue. -- db -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Security question about having zLinux web servers out in DMZ.
Everyone, Thanks for the good responses. Right now My Boss and his Boss are talking to the security guys. I have told them some of what you all have told me. It could be useful. Richard, Thanks for the offer to help. We shall see how things progress from here. Thanks, Ron On 3/30/2011 12:32 PM, Tom Duerbusch wrote: Not a valid restriction. Open Systems and Network types only run a single stack in a box (vast majority of the time). Here, they still can't grasp that I have some 70 stacks running on a single box. (but there is only 2 ethernet cables...so you can't have 70 stacks) From their viewpoint, treat each stack as a standalone box when dealing with them. Just like standalone boxes, if you have one stack routing to another stack, it is the same as one box being routed to another box. If some stacks need to be passed thru the DMZ to the outside world, just identify the IP addresses envolved. Tom Duerbusch THD Consulting Ron Foster at Baldor-ISrfos...@baldor.com 3/30/2011 10:56 AM Hello listers, Our company has recently been acquired by another company. We are at the point of having to get our two networks to talk to each other. Before we can do that, we have to comply with certain security rules. One of them being that the mainframe cannot be exposed to the internet. We have a couple of zLinux web servers that are running in a couple of z/VM guests that are connected to our DMZ. The new folks say this is a show stopper as far as hooking up the two networks. The questions I have are: Is this a common restriction? That is, you have to have your DMZ based web servers running on some other platform so that your mainframe is not exposed to the internet. Or, the new folks just don't understand the built-in security provided by the z10 and z\VM 6.1. I know that we will end up conforming to the rules that the new folks have, but I was just wondering if the new folks really know what they are talking about. Thanks, Ron -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/ . -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/