Re: Supporting zLinux
Rich, Is there a place I can find a list of the things that Hobbit will monitor? Also, is there any sort of documentation on how to write a new extension? The product looks good, but the documentation seems a bit spotty. Thanks, Jon snip If you have any questions, about the package you can ask me also. I am providing zSeries add-ons (for z/VM and z/VSE). There is a z/OS add on, but I don't have access to a z/OS system so I can not check it out. . . . I have a couple of customers that use Hobbit (http://hobbitmon.sourceforge.net) for network services monitoring. /snip -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
Oops... I forgot about contributed tests. There are a whole bunch of contributed tests available at http://www.deadcat.net. These are written for Big Brother, but should be compatible with Hobbit. Since there isn't yet a contributions site for Hobbit, my z/VM client is at http://www.vmassist.com/rs_samples. The VSE client is still under construction. Rich Smrcina wrote: The services that Hobbit can monitor are on this page: http://hobbitmon.sourceforge.net/docs/hobbit-config.html Under the heading 'Monitoring Network Services'. External tests (running on the Hobbit server) can be written using the 'bb' command. See: http://hobbitmon.sourceforge.net/docs/man1/bb.1.html Under 'Hobbit Message Syntax'. There are also examples later on. External clients can be written (running on a machine other than the Hobbit server) using a socket on port 1984. Open the socket to the Hobbit server, write the message, close the socket. There is no response. The socket based message is exactly the same as the examples for the internal tests. If you need more info, let me know. Jon Brock wrote: Rich, Is there a place I can find a list of the things that Hobbit will monitor? Also, is there any sort of documentation on how to write a new extension? The product looks good, but the documentation seems a bit spotty. Thanks, Jon snip If you have any questions, about the package you can ask me also. I am providing zSeries add-ons (for z/VM and z/VSE). There is a z/OS add on, but I don't have access to a z/OS system so I can not check it out. . . . I have a couple of customers that use Hobbit (http://hobbitmon.sourceforge.net) for network services monitoring. /snip -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- Rich Smrcina VM Assist, Inc. Main: (262)392-2026 Cell: (414)491-6001 Ans Service: (360)715-2467 rich.smrcina at vmassist.com Catch the WAVV! http://www.wavv.org WAVV 2006 - Chattanooga, TN - April 7-11, 2006 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- Rich Smrcina VM Assist, Inc. Main: (262)392-2026 Cell: (414)491-6001 Ans Service: (360)715-2467 rich.smrcina at vmassist.com Catch the WAVV! http://www.wavv.org WAVV 2006 - Chattanooga, TN - April 7-11, 2006 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
On Monday, 08/22/2005 at 11:40 AST, David Boyes [EMAIL PROTECTED] wrote: is there any option to eTrust (i.e. LDAP Server under zOS to interface to ACF2) that fit the LDAP model better than eTrust? or easier to implement than eTrust? Not that I know of, although the Linux IUCV driver we posted last week opens up a lot of interesting opportunities, such as connecting to the VM *RPI CP service, allowing you to implement a Linux guest as a CP external security manager. Once that's done (and the smart way to do it would be to write a *RPI to PAM bridge widget), then any authentication/authorization method available to Linux would be available for CP and Linux equally. This would be particularly helpful if the RACROUTE macro also used that interface -- I don't know for certain if it does, but Alan Altmark can probably confirm one way or another. If it does, then most of the IBM stuff would also work properly against an arbitrary AAA source. I'm still thinking a bit more about how this should be done, so don't take this as gospel. You would not write a *RPI to PAM bridge widget. *RPI is how the ESM provides services to the control program, not guests. RACROUTE is a CMS/GCS/MVS/VSE API shell whose job it is to hand the request to a vendor-provided service. That service does whatever the vendor wants it do: issue a diagnose, use IUCV, or VMCF, all in an attempt to requests services of the ESM. The guests do not connect to *RPI. The underlying communications mechanism to request services from the ESM is not architected. And rather than architect Yet Another Proprietary Interface, the better solution is for the ESM to provide LDAP-based authentication services. Then any guest or remote host can access the service. But, yes, you could write a new PAM that uses a non-standard interface to request ESM services. Alan Altmark z/VM Development IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
Alan: You make some good points so now instead of confused I am very confused (an easy task to do believe me, it is not you). My original question: do I need CA's eTrust or can I use any LDAP server to interface to ACF2 under zOS? no zVM in this shop yet but it is coming soon and no RACF yet but we have talked about the possibility. Regards, [EMAIL PROTECTED] NCCI Boca Raton, Florida 561.893.2415 greetings / avec mes meilleures salutations / Cordialmente mit freundlichen Grüßen / Med vänlig hälsning Alan Altmark [EMAIL PROTECTED]To: LINUX-390@VM.MARIST.EDU ibm.com cc: Sent by: Linux onSubject: Re: Supporting zLinux 390 Port [EMAIL PROTECTED] IST.EDU 08/23/2005 11:49 AM Please respond to Linux on 390 Port On Monday, 08/22/2005 at 11:40 AST, David Boyes [EMAIL PROTECTED] wrote: is there any option to eTrust (i.e. LDAP Server under zOS to interface to ACF2) that fit the LDAP model better than eTrust? or easier to implement than eTrust? Not that I know of, although the Linux IUCV driver we posted last week opens up a lot of interesting opportunities, such as connecting to the VM *RPI CP service, allowing you to implement a Linux guest as a CP external security manager. Once that's done (and the smart way to do it would be to write a *RPI to PAM bridge widget), then any authentication/authorization method available to Linux would be available for CP and Linux equally. This would be particularly helpful if the RACROUTE macro also used that interface -- I don't know for certain if it does, but Alan Altmark can probably confirm one way or another. If it does, then most of the IBM stuff would also work properly against an arbitrary AAA source. I'm still thinking a bit more about how this should be done, so don't take this as gospel. You would not write a *RPI to PAM bridge widget. *RPI is how the ESM provides services to the control program, not guests. RACROUTE is a CMS/GCS/MVS/VSE API shell whose job it is to hand the request to a vendor-provided service. That service does whatever the vendor wants it do: issue a diagnose, use IUCV, or VMCF, all in an attempt to requests services of the ESM. The guests do not connect to *RPI. The underlying communications mechanism to request services from the ESM is not architected. And rather than architect Yet Another Proprietary Interface, the better solution is for the ESM to provide LDAP-based authentication services. Then any guest or remote host can access the service. But, yes, you could write a new PAM that uses a non-standard interface to request ESM services. Alan Altmark z/VM Development IBM Endicott -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. This message may be an attorney-client communication and/or work product
Re: Supporting zLinux
Brad: I had been calling Linux for z-Series by the zLinux name until recently. I was told that zLinux (the name) is owned by TurboLinux. We run four (4) Linux under LPAR and will soon install zVM to manage our Linux partitions. We run four (4) zOS LPARS in the same z-Series box. We evaluated OmegaMon and decided to go with RMF.PM. The reason: simplicity (kiss) and we plan to use zVM for this purpose. We are in the process of installing eTrust for ACF2 authentication via LDAP (client on Linux and server on zOS 1.4). We do our volume backups using DF/DSS from zOS. We use DF/HSM for managing L1 and L2 migrations on zOS NFS mount points exported and used in Linux. We are planning to use Amanda to manage Linux directory level migrations to zOS with DF/HSM running behind the scenes. For monitoring, we have both approaches, a control area with access to the Linux monitors (operations) and alerts when threshholds are exceeded. We went through an extensive fact searching mission before we convinced senior IT management to bless Linux. The Total Cost of Ownership was a factor but more important was the high availability story and simplicity of Disaster Recover offered by the MF environment. We might end up migrating a lot of our applications from Sun Solaris and AIX plus some Windows applications. So far we have migrated some work out of zOS to Linux that just by license savings due to keeping the same size of our zOS MF justified and paid for the Linux project. The extra MIPS were planned for 2005/2006 and we released the same amount to Linux. If I can be of any assistance please feel free to contact me. Regards, [EMAIL PROTECTED] NCCI Boca Raton, Florida 561.893.2415 greetings / avec mes meilleures salutations / Cordialmente mit freundlichen Grüßen / Med vänlig hälsning Brad Brewer [EMAIL PROTECTED]To: LINUX-390@VM.MARIST.EDU om cc: Sent by: Linux onSubject: Supporting zLinux 390 Port [EMAIL PROTECTED] IST.EDU 08/12/2005 08:10 AM Please respond to Linux on 390 Port Just a couple of quick questions. Does anyone use any 3rd party tool,like OmegaMon, to monitor zlinux? Has anyone every tried to implement CA's eTrust ACF2 Security for zLinux? Has anyone tried doing volume level backups using FDR or DFSMS? Do companies have a production control area monitoring the monitor? Or do you page when alerts happen? Reason for questions. We are trying to build a case for the use of zLinux in our shop. Management wants to be assured that all the pieces are there before they will go forward. Thus the fact finding mission. Thanks, Brad Brewer Humana Inc. Technical Services System Software (502)580-3086 The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX
Re: Supporting zLinux
We also have TMON for zOS and the only thing you can see is the use of the IFL and LPAR's CPU usage. In our case we are not under zVM yet so each LPAR correspond to one Linux image. We also use our in-house developed Linux monitoring facility (same source of information as sar and acctcom) but in addition they watch applications, daemons, networks, mount points and all those little things that can break Service Level Agreements. I am just in the process of getting published in the CMG (Computer Measurement Group) magazine. I wrote all the daemon programs and WEB applications (mostly perl) and I can make them freely available if enough interst is shown. I can also send a copy of the article to anybody interested off-list. Please note that we are in the process of getting zVM and we will use zVM tools as well. There is a balance between what you monitor inside each Linux image (that zVM cannot see) and outside from zVM or zOS. We just came back from our D.R. drill and our DF/DSS backups under zOS of our zLinux worked like a charm. We init 2 the Linux image before we do backups of the system volumes using DF/DSS. After backups, we do an init 3. We are automating this process with UC/4 that does the scheduling for zOS, Linux and all of our Unix flavors (Sun and AIX) and also our Windows (w2k and w2k3). We do weekly backups of all of our Linux application volumes as well. Today we are using MySQL but soon we will start implementing Oracle. The Oracle guys might want to use Oracle tools for their backups. Regards, [EMAIL PROTECTED] NCCI Boca Raton, Florida 561.893.2415 greetings / avec mes meilleures salutations / Cordialmente mit freundlichen Grüßen / Med vänlig hälsning Jon Brock [EMAIL PROTECTED] To: LINUX-390@VM.MARIST.EDU Sent by: Linux oncc: 390 Port Subject: Re: Supporting zLinux [EMAIL PROTECTED] IST.EDU 08/12/2005 10:48 AM Please respond to Linux on 390 Port I am pondering how to go about monitoring the Linux guests here at my shop. We have ASG's TMON for our z/OS system, but I don't think they have a Linux product yet. For the moment, I'm thinking about trying some unholy combination of the VM Performance Toolkit, top, and maybe Nagios or mon. Nagios, mon, and other such products are capable of producing e-mails to lists of support personnel. (In our case, we can use an e-mail to trigger a pager if we want.) We also have ACF2 on z/OS, but I don't think there are any plans (yet) to expand that to Linux; it wouldn't surprise me, though, if we eventually went to some sort of LDAP setup. We use FDRINSTANT for our backups. We bring the VM/Linux volumes online to z/OS, shut down the Linux guests, run the snapshots, restart the guests, run the backups, and then vary the volumes back offline. I have not yet gotten an opportunity to try a test restore of the backups, though. Jon snip Just a couple of quick questions. Does anyone use any 3rd party tool,like OmegaMon, to monitor zlinux? Has anyone every tried to implement CA's eTrust ACF2 Security for zLinux? Has anyone tried doing volume level backups using FDR or DFSMS? Do companies have a production control area monitoring the monitor? Or do you page when alerts happen? Reason for questions. We
Re: Supporting zLinux
David: is there any option to eTrust (i.e. LDAP Server under zOS to interface to ACF2) that fit the LDAP model better than eTrust? or easier to implement than eTrust? One comment, I thought the conversation was around Omegamon for Linux (for z-Series). Then, Omegamon knows what is going on inside the Linux image. Regards, [EMAIL PROTECTED] NCCI Boca Raton, Florida 561.893.2415 greetings / avec mes meilleures salutations / Cordialmente mit freundlichen Grüßen / Med vänlig hälsning David Boyes [EMAIL PROTECTED]To: LINUX-390@VM.MARIST.EDU e.net cc: Sent by: Linux onSubject: Re: Supporting zLinux 390 Port [EMAIL PROTECTED] IST.EDU 08/12/2005 11:21 AM Please respond to Linux on 390 Port Does anyone use any 3rd party tool,like OmegaMon, to monitor zlinux? Omegamon XE does a fair job at Linux monitoring, as far as it goes. If you use Omegamon elsewhere, it's an OK addition to have one-console views. It does not do much in terms of deep introspection into what's going on inside the Linux guest. Most of the commercial products omit the ability to coordinate performance and monitoring information for both z/VM and Linux (no commercial advertising necessary from the vendors, please). The older Omegamons aren't really aware of Linux, so you'd need to upgrade to XE if you want it to do Linux. Omegamon/VM certainly doesn't know much about Linux, and hasn't seen any real enhancement in ages. Has anyone every tried to implement CA's eTrust ACF2 Security for zLinux? In the lab, it was rather difficult to get working and had a few areas where we thought it didn't really integrate all that well with the PAM model. Recent conversations with the one customer we have that is using it indicate that some of these areas are getting some attention inside CA, but we found that at this point, a Kerberos-based solution was more effective, more scalable, and easier to manage, especially in shops that had already taken the Windows Active Directory plunge (AD is Kerberos 5 and LDAP with a pretty front end). Has anyone tried doing volume level backups using FDR or DFSMS? You'll need the FDR Linux agent to get reliable backups due to the way Linux uses RAM-based caching. To get reliable volume level backups, your Linux systems would need to be completely down, and using volume-based backups is very difficult due to the relatively small size of 390 DASD volumes and the necessity to use LVM or MD to get big chunks of disk. Use of FCP SCSI disk to get big chunks of disk also complicates the use of FDR, as z/OS doesn't understand SCSI or FBA disk (and won't for a good long while yet). You should look into Amanda or Bacula (open-source tools) coupled with z/OS NFS as inexpensive alternatives that can be extended to non-zLinux systems easily. They do an excellent job of handling backups of Linux guests, and with a little work, take very good advantage of z/OS-based tape management. Do companies have a production control area monitoring the monitor? Or do you page when alerts happen? You should treat it as no different than any other production system. Do what you do
Re: Supporting zLinux
is there any option to eTrust (i.e. LDAP Server under zOS to interface to ACF2) that fit the LDAP model better than eTrust? or easier to implement than eTrust? Not that I know of, although the Linux IUCV driver we posted last week opens up a lot of interesting opportunities, such as connecting to the VM *RPI CP service, allowing you to implement a Linux guest as a CP external security manager. Once that's done (and the smart way to do it would be to write a *RPI to PAM bridge widget), then any authentication/authorization method available to Linux would be available for CP and Linux equally. This would be particularly helpful if the RACROUTE macro also used that interface -- I don't know for certain if it does, but Alan Altmark can probably confirm one way or another. If it does, then most of the IBM stuff would also work properly against an arbitrary AAA source. I'm still thinking a bit more about how this should be done, so don't take this as gospel. One comment, I thought the conversation was around Omegamon for Linux (for z-Series). Then, Omegamon knows what is going on inside the Linux image. Hmm. The demos of Omegamon for Linux I've seen were for running the monitoring server on Linux. The agents they were demoing didn't do much more than 'top'. Sounds like it's time to look at it again. The XE demo was really pretty spiffy, though. -- db -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
David: I am not familiar with the Linux IUCV driver you posted last week. However, RACROUTE interfaces to SAF so an easy place to make the inteface modifications you are suggesting will be the zOS SAF exit. From there, security goes to RACF/TOP/ACF2 as usual. I am afraid I am not a zVM guy either (except for using it in the 80's when pr/sm was not a reality yet and I needed to run my test MVS system - also as a PROFS/CMS user) so am I understanding correctly that you can issue RACROUTE under CP/VM to zOS? Regards, [EMAIL PROTECTED] NCCI Boca Raton, Florida 561.893.2415 greetings / avec mes meilleures salutations / Cordialmente mit freundlichen Grüßen / Med vänlig hälsning David Boyes [EMAIL PROTECTED]To: LINUX-390@VM.MARIST.EDU e.net cc: Sent by: Linux onSubject: Re: Supporting zLinux 390 Port [EMAIL PROTECTED] IST.EDU 08/22/2005 11:40 AM Please respond to Linux on 390 Port is there any option to eTrust (i.e. LDAP Server under zOS to interface to ACF2) that fit the LDAP model better than eTrust? or easier to implement than eTrust? Not that I know of, although the Linux IUCV driver we posted last week opens up a lot of interesting opportunities, such as connecting to the VM *RPI CP service, allowing you to implement a Linux guest as a CP external security manager. Once that's done (and the smart way to do it would be to write a *RPI to PAM bridge widget), then any authentication/authorization method available to Linux would be available for CP and Linux equally. This would be particularly helpful if the RACROUTE macro also used that interface -- I don't know for certain if it does, but Alan Altmark can probably confirm one way or another. If it does, then most of the IBM stuff would also work properly against an arbitrary AAA source. I'm still thinking a bit more about how this should be done, so don't take this as gospel. One comment, I thought the conversation was around Omegamon for Linux (for z-Series). Then, Omegamon knows what is going on inside the Linux image. Hmm. The demos of Omegamon for Linux I've seen were for running the monitoring server on Linux. The agents they were demoing didn't do much more than 'top'. Sounds like it's time to look at it again. The XE demo was really pretty spiffy, though. -- db -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. This message may be an attorney-client communication and/or work product and as such is privileged and confidential. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you
Re: Supporting zLinux
I am not familiar with the Linux IUCV driver you posted last week. http://www.sinenomine.net/vm/fsiucv has many helpful facts about the driver and a few handy examples. Only works under VM, though. However, RACROUTE interfaces to SAF so an easy place to make the inteface modifications you are suggesting will be the zOS SAF exit. From there, security goes to RACF/TOP/ACF2 as usual. I am afraid I am not a zVM guy either (except for using it in the 80's when pr/sm was not a reality yet and I needed to run my test MVS system - also as a PROFS/CMS user) so am I understanding correctly that you can issue RACROUTE under CP/VM to zOS? Well, RACROUTE would go via the VM external security manager interfaces to RACF (if RACF is your ESM), and if RACF/VM is configured to consult a shared database with RACF on z/OS, then you'd end up with the same effect. I don't think RACF on z/OS plugs into the VM ESM interface at all, even if it is running as a VM guest (which is too bad -- it'd be a nice feature). VSE may be a different story -- they're a lot more pragmatic about VM support than the z/OS guys are. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
David: thank you. not what i wanted to hear but saves me looking for nirvana. it seems i am going to have to fight my way through the eTrust interface at this junction. Regards, [EMAIL PROTECTED] NCCI Boca Raton, Florida 561.893.2415 greetings / avec mes meilleures salutations / Cordialmente mit freundlichen Grüßen / Med vänlig hälsning David Boyes [EMAIL PROTECTED]To: LINUX-390@VM.MARIST.EDU e.net cc: Sent by: Linux onSubject: Re: Supporting zLinux 390 Port [EMAIL PROTECTED] IST.EDU 08/22/2005 04:31 PM Please respond to Linux on 390 Port I am not familiar with the Linux IUCV driver you posted last week. http://www.sinenomine.net/vm/fsiucv has many helpful facts about the driver and a few handy examples. Only works under VM, though. However, RACROUTE interfaces to SAF so an easy place to make the inteface modifications you are suggesting will be the zOS SAF exit. From there, security goes to RACF/TOP/ACF2 as usual. I am afraid I am not a zVM guy either (except for using it in the 80's when pr/sm was not a reality yet and I needed to run my test MVS system - also as a PROFS/CMS user) so am I understanding correctly that you can issue RACROUTE under CP/VM to zOS? Well, RACROUTE would go via the VM external security manager interfaces to RACF (if RACF is your ESM), and if RACF/VM is configured to consult a shared database with RACF on z/OS, then you'd end up with the same effect. I don't think RACF on z/OS plugs into the VM ESM interface at all, even if it is running as a VM guest (which is too bad -- it'd be a nice feature). VSE may be a different story -- they're a lot more pragmatic about VM support than the z/OS guys are. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. This message may be an attorney-client communication and/or work product and as such is privileged and confidential. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail, and delete the original message. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
I'm hip. I haven't gotten into learning about the NRPE stuff yet, though. I'm willing to be a manual guinea pig if I can scrape up the time. That is a bit . . . challenging . . . these days, with a toddler and all. Jon snip Nagios works well for this, but it's a bear to configure. The documentation is really, really awful. The combination of Nagios and NRPE agents is pretty slick though. I'm still working on a Nagios book -- anyone interested in being a early guinea pig and reading drafts? /snip -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
__ Ranga Nathan / CSG Systems Programmer - Specialist; Technical Services; BAX Global Inc. Irvine-California Tel: 714-442-7591 Fax: 714-442-2840 Jon Brock [EMAIL PROTECTED] rgTo LINUX-390@VM.MARIST.EDU Sent by: cc Linux on 390 Port Subject [EMAIL PROTECTED] Re: Supporting zLinux .MARIST.EDU 08/19/2005 11:50 AM Please respond to Linux on 390 Port [EMAIL PROTECTED] .MARIST.EDU I'm hip. I haven't gotten into learning about the NRPE stuff yet, though. I'm willing to be a manual guinea pig if I can scrape up the time. That is a bit . . . challenging . . . these days, with a toddler and all. Jon snip Nagios works well for this, but it's a bear to configure. Could not agree more. But boy, the traffic that goes through Nagios mailing list? - phenominal. I have written some nifty perl scripts to report status via nrpep. I would like to use SNMP alerts to nofity Nagios (our operators call it 'nachos'!) on exception basis rather than poll every 10 minutes, like we do now. The documentation is really, really awful. The combination of Nagios and NRPE agents is pretty slick though. Nagios documentation is a good start but there is a lot of stuff that one needs to experiment to get it working. The VRML stuff is great. I'm still working on a Nagios book -- anyone interested in being a early guinea pig and reading drafts? Try me. But with the workload piling on, dont expect quick responses. /snip -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
Barton, one question about ESALPS We have looked at tools for monitoring WebSphere, something to get into the JVM and get information about it. We've done a trial on on product and found that it was capable of breaking one of our applications just by being present. Had to do with wrappering DB2 calls. We're going to be looking at another soon. Can ESALPS get into the innards of WebSphere or is it more a Linux system monitoring tool? We definitely need something, and I'm not sure that Tivoli Performance viewer and RMFPM for Linux are going to be enough. Barton Robinson [EMAIL PROTECTED] ity-software.com To Sent by: Linux on LINUX-390@VM.MARIST.EDU 390 Port cc [EMAIL PROTECTED] IST.EDU Subject Re: Supporting zLinux 08/12/2005 03:03 PM Please respond to Linux on 390 Port [EMAIL PROTECTED] IST.EDU There are three overriding issues with monitoring linux guests. 1) Overhead of monitoring. If each agent takes 5% of a processor for monitoring, multiply that by say 50 servers, is this good? Or will turning off your monitor solve your performance problem? 2) The CPU numbers from inside Linux are just WRONG. This is so very easy to prove - but not obvious when you are just testing. Wrong by and order of magnitude happens 3) You are sharing resources. 80% of your servers are idle, and in reality, maybe less than 80%, but exactness doesn't matter. Should you monitor an idle server? should you monitor only a few servers because you can only afford to? Most agents for Linux wake up every few seconds or minute and say, hey, what am i doing? - oh, nothing, guess i'll wake up in 3 seconds and see if that has changed. So at any point in time, your agent is wasting maybe 5% of a processor to find out nothing. So if you have an agent that uses a lot of resource and provides you bad data, should you run it? ESALPS solves these 3 problems. 1) the netsnmp agent takes between .3 and 1% per server, usually on the lower side, somewhat tuneable. 2) the data is integrated with z/VM data, so the process data is corrected. 3) vm identifies inactive guests, why wake up an inactive guest to find out it does nothing. So ESALPS does not monitor idle servers. And yes, alerts are provided as well as lots of other things you haven't thought about yet (And sorry David, i know you said no vendors, but since nobody seems to talk about the issues of production type installations, it was necessary) Date: Fri, 12 Aug 2005 10:48:26 -0400 From: Jon Brock [EMAIL PROTECTED] I am pondering how to go about monitoring the Linux guests here at my = shop. We have ASG's TMON for our z/OS system, but I don't think they = have a Linux product yet. For the moment, I'm thinking about trying = some unholy combination of the VM Performance Toolkit, top, and maybe = Nagios or mon. Nagios, mon, and other such products are capable of = producing e-mails to lists of support personnel. (In our case, we can = use an e-mail to trigger a pager if we want.) We also have ACF2 on z/OS, but I don't think there are any plans (yet) = to expand that to Linux; it wouldn't surprise me, though, if we = eventually went to some sort of LDAP setup. We use FDRINSTANT for our backups. We bring the VM/Linux volumes online = to z/OS, shut down the Linux guests, run the snapshots, restart the = guests, run the backups, and then vary the volumes back offline. I have = not yet gotten an opportunity to try a test restore of the backups, = though. =20 Jon snip Just a couple of quick questions. Does anyone use any 3rd party tool,like OmegaMon, to monitor zlinux? Has anyone every tried to implement CA's eTrust ACF2 Security for = zLinux? Has anyone tried doing volume level backups using FDR or DFSMS? Do companies have a production control area monitoring the monitor? Or = do you page when alerts happen? Reason for questions. We are trying to build a case for the use of = zLinux in our shop. Management wants to be assured that all the pieces are = there before they will go forward. Thus the fact finding mission. If you can't measure it, I'm Just NOT interested!(tm) // Barton Robinson - CBW Internet: [EMAIL PROTECTED] Velocity Software, IncMailing Address: 196-D Castro Street P.O. Box 390640 Mountain View, CA 94041 Mountain View, CA 94039-0640 VM Performance Hotline: 650-964-8867 Fax: 650-964-9012 Web Page: WWW.VELOCITY-SOFTWARE.COM // -- For LINUX-390 subscribe
Re: Supporting zLinux
At this time, ESALPS can monitor websphere application resource, thus if one server is supporting multiple applications, esalps can report cpu by application. And all processes are reported. Beyond that requires a well designed interface that does not increase overhead. The solutions i've looked at so far are unuseable because of their overhead, or should only be used on a manual basis as need arrises, not all the time. There are several applications that have this same requirement: Oracle, WAS, DB2, probably SAP and Domino as well. Each application has their own set of instrumentation, it is just a matter of externalizing that at a low cost. If your instrumentation costs too much resource, it will make the platform more difficult to justify. Just taking instrumentation designed for a distributed server where cycles are cheap rarely works for the z platform. For a real world, production example, i put this on the web site last week: http://velocitysoftware.com/applic.html; Note the cost of snmpd note how many servers running? This is the velocity software version of netsnmp. My objective is to maintain this low cost of operation, and still keep adding data metrics. Date: Mon, 15 Aug 2005 08:46:28 -0500 From: James Melin [EMAIL PROTECTED] Barton, one question about ESALPS We have looked at tools for monitoring WebSphere, something to get into the JVM and get information about it. We've done a trial on on product and found that it was capable of breaking one of our applications just by being present. Had to do with wrappering DB2 calls. We're going to be looking at another soon. Can ESALPS get into the innards of WebSphere or is it more a Linux system monitoring tool? We definitely need something, and I'm not sure that Tivoli Performance viewer and RMFPM for Linux are going to be enough. There are three overriding issues with monitoring linux guests. 1) Overhead of monitoring. If each agent takes 5% of a processor for monitoring, multiply that by say 50 servers, is this good? Or will turning off your monitor solve your performance problem? 2) The CPU numbers from inside Linux are just WRONG. This is so very easy to prove - but not obvious when you are just testing. Wrong by and order of magnitude happens 3) You are sharing resources. 80% of your servers are idle, and in reality, maybe less than 80%, but exactness doesn't matter. Should you monitor an idle server? should you monitor only a few servers because you can only afford to? Most agents for Linux wake up every few seconds or minute and say, hey, what am i doing? - oh, nothing, guess i'll wake up in 3 seconds and see if that has changed. So at any point in time, your agent is wasting maybe 5% of a processor to find out nothing. So if you have an agent that uses a lot of resource and provides you bad data, should you run it? ESALPS solves these 3 problems. 1) the netsnmp agent takes between .3 and 1% per server, usually on the lower side, somewhat tuneable. 2) the data is integrated with z/VM data, so the process data is corrected. 3) vm identifies inactive guests, why wake up an inactive guest to find out it does nothing. So ESALPS does not monitor idle servers. And yes, alerts are provided as well as lots of other things you haven't thought about yet (And sorry David, i know you said no vendors, but since nobody seems to talk about the issues of production type installations, it was necessary) If you can't measure it, I'm Just NOT interested!(tm) // Barton Robinson - CBW Internet: [EMAIL PROTECTED] Velocity Software, IncMailing Address: 196-D Castro Street P.O. Box 390640 Mountain View, CA 94041 Mountain View, CA 94039-0640 VM Performance Hotline: 650-964-8867 Fax: 650-964-9012 Web Page: WWW.VELOCITY-SOFTWARE.COM // -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Supporting zLinux
Just a couple of quick questions. Does anyone use any 3rd party tool,like OmegaMon, to monitor zlinux? Has anyone every tried to implement CA's eTrust ACF2 Security for zLinux? Has anyone tried doing volume level backups using FDR or DFSMS? Do companies have a production control area monitoring the monitor? Or do you page when alerts happen? Reason for questions. We are trying to build a case for the use of zLinux in our shop. Management wants to be assured that all the pieces are there before they will go forward. Thus the fact finding mission. Thanks, Brad Brewer Humana Inc. Technical Services System Software (502)580-3086 The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
We use OmegaMon to monitor our quests. It's been a mixed bag for us. Running on 30 or 40 guests on the same lpar can eat up some CPU depending on what you are monitoring. We have seen between 2% to 5% per guest for CPU. You really have to leverage want you need to monitor from within the guest vs. what you can monitor from outside the guest... My 2 pennies worth... --- Derric Goodwin Distributed Systems Integration Acxiom/TransUnion. Chicago, Il. Ph:(312)985-3312 email: [EMAIL PROTECTED] [EMAIL PROTECTED] 8/12/2005 7:10:22 AM Just a couple of quick questions. Does anyone use any 3rd party tool,like OmegaMon, to monitor zlinux? Has anyone every tried to implement CA's eTrust ACF2 Security for zLinux? Has anyone tried doing volume level backups using FDR or DFSMS? Do companies have a production control area monitoring the monitor? Or do you page when alerts happen? Reason for questions. We are trying to build a case for the use of zLinux in our shop. Management wants to be assured that all the pieces are there before they will go forward. Thus the fact finding mission. Thanks, Brad Brewer Humana Inc. Technical Services System Software (502)580-3086 The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
I am pondering how to go about monitoring the Linux guests here at my shop. We have ASG's TMON for our z/OS system, but I don't think they have a Linux product yet. For the moment, I'm thinking about trying some unholy combination of the VM Performance Toolkit, top, and maybe Nagios or mon. Nagios, mon, and other such products are capable of producing e-mails to lists of support personnel. (In our case, we can use an e-mail to trigger a pager if we want.) We also have ACF2 on z/OS, but I don't think there are any plans (yet) to expand that to Linux; it wouldn't surprise me, though, if we eventually went to some sort of LDAP setup. We use FDRINSTANT for our backups. We bring the VM/Linux volumes online to z/OS, shut down the Linux guests, run the snapshots, restart the guests, run the backups, and then vary the volumes back offline. I have not yet gotten an opportunity to try a test restore of the backups, though. Jon snip Just a couple of quick questions. Does anyone use any 3rd party tool,like OmegaMon, to monitor zlinux? Has anyone every tried to implement CA's eTrust ACF2 Security for zLinux? Has anyone tried doing volume level backups using FDR or DFSMS? Do companies have a production control area monitoring the monitor? Or do you page when alerts happen? Reason for questions. We are trying to build a case for the use of zLinux in our shop. Management wants to be assured that all the pieces are there before they will go forward. Thus the fact finding mission. /snip -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
I have a couple of customers that use Hobbit (http://hobbitmon.sourceforge.net) for network services monitoring. shameless-plug I will be giving a presentation at SHARE about Hobbit. Hopefully if there's enough time I will be able to also give a demo. /shameless-plug Jon Brock wrote: I am pondering how to go about monitoring the Linux guests here at my shop. We have ASG's TMON for our z/OS system, but I don't think they have a Linux product yet. For the moment, I'm thinking about trying some unholy combination of the VM Performance Toolkit, top, and maybe Nagios or mon. Nagios, mon, and other such products are capable of producing e-mails to lists of support personnel. (In our case, we can use an e-mail to trigger a pager if we want.) We also have ACF2 on z/OS, but I don't think there are any plans (yet) to expand that to Linux; it wouldn't surprise me, though, if we eventually went to some sort of LDAP setup. We use FDRINSTANT for our backups. We bring the VM/Linux volumes online to z/OS, shut down the Linux guests, run the snapshots, restart the guests, run the backups, and then vary the volumes back offline. I have not yet gotten an opportunity to try a test restore of the backups, though. Jon snip Just a couple of quick questions. Does anyone use any 3rd party tool,like OmegaMon, to monitor zlinux? Has anyone every tried to implement CA's eTrust ACF2 Security for zLinux? Has anyone tried doing volume level backups using FDR or DFSMS? Do companies have a production control area monitoring the monitor? Or do you page when alerts happen? Reason for questions. We are trying to build a case for the use of zLinux in our shop. Management wants to be assured that all the pieces are there before they will go forward. Thus the fact finding mission. /snip -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- Rich Smrcina VM Assist, Inc. Main: (262)392-2026 Cell: (414)491-6001 Ans Service: (360)715-2467 rich.smrcina at vmassist.com Catch the WAVV! http://www.wavv.org WAVV 2006 - Chattanooga, TN - April 7-11, 2006 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
Does anyone use any 3rd party tool,like OmegaMon, to monitor zlinux? Omegamon XE does a fair job at Linux monitoring, as far as it goes. If you use Omegamon elsewhere, it's an OK addition to have one-console views. It does not do much in terms of deep introspection into what's going on inside the Linux guest. Most of the commercial products omit the ability to coordinate performance and monitoring information for both z/VM and Linux (no commercial advertising necessary from the vendors, please). The older Omegamons aren't really aware of Linux, so you'd need to upgrade to XE if you want it to do Linux. Omegamon/VM certainly doesn't know much about Linux, and hasn't seen any real enhancement in ages. Has anyone every tried to implement CA's eTrust ACF2 Security for zLinux? In the lab, it was rather difficult to get working and had a few areas where we thought it didn't really integrate all that well with the PAM model. Recent conversations with the one customer we have that is using it indicate that some of these areas are getting some attention inside CA, but we found that at this point, a Kerberos-based solution was more effective, more scalable, and easier to manage, especially in shops that had already taken the Windows Active Directory plunge (AD is Kerberos 5 and LDAP with a pretty front end). Has anyone tried doing volume level backups using FDR or DFSMS? You'll need the FDR Linux agent to get reliable backups due to the way Linux uses RAM-based caching. To get reliable volume level backups, your Linux systems would need to be completely down, and using volume-based backups is very difficult due to the relatively small size of 390 DASD volumes and the necessity to use LVM or MD to get big chunks of disk. Use of FCP SCSI disk to get big chunks of disk also complicates the use of FDR, as z/OS doesn't understand SCSI or FBA disk (and won't for a good long while yet). You should look into Amanda or Bacula (open-source tools) coupled with z/OS NFS as inexpensive alternatives that can be extended to non-zLinux systems easily. They do an excellent job of handling backups of Linux guests, and with a little work, take very good advantage of z/OS-based tape management. Do companies have a production control area monitoring the monitor? Or do you page when alerts happen? You should treat it as no different than any other production system. Do what you do with your other platforms. Reason for questions. We are trying to build a case for the use of zLinux in our shop. Management wants to be assured that all the pieces are there before they will go forward. At this point, I'd say it's as complete as any of the other Unix-based solutions in terms of system management and monitoring capabilities. Application availability for ISV software is still coming along, but the tools to manage the environment are there and solid (modulo some remaining foot-dragging for the z/VM piece from IBM and others). -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
Nagios, mon, and other such products are capable of producing e-mails to lists of support personnel. (In our case, we can use an e-mail to trigger a pager if we want.) Nagios works well for this, but it's a bear to configure. The documentation is really, really awful. The combination of Nagios and NRPE agents is pretty slick though. I'm still working on a Nagios book -- anyone interested in being a early guinea pig and reading drafts? -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
I had Nagios up for quite a while. It's not too bad once you understand it. I'd be happy to look at the drafts. -Original Message- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] Behalf Of David Boyes Sent: Friday, August 12, 2005 11:49 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: [LINUX-390] Supporting zLinux Nagios, mon, and other such products are capable of producing e-mails to lists of support personnel. (In our case, we can use an e-mail to trigger a pager if we want.) Nagios works well for this, but it's a bear to configure. The documentation is really, really awful. The combination of Nagios and NRPE agents is pretty slick though. I'm still working on a Nagios book -- anyone interested in being a early guinea pig and reading drafts? -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 If you are not an intended recipient of this e-mail, please notify the sender, delete it and do not read, act upon, print, disclose, copy, retain or redistribute it. Click here for important additional terms relating to this e-mail. http://www.ml.com/email_terms/ -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
I wish I could be there at SHARE, but I would have to pay for the membership, hotel, travel, meals, etc. Jon snip I have a couple of customers that use Hobbit (http://hobbitmon.sourceforge.net) for network services monitoring. shameless-plug I will be giving a presentation at SHARE about Hobbit. Hopefully if there's enough time I will be able to also give a demo. /shameless-plug /snip -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
If you are interested check out the web site. The author has a demo site that he set up with alot of the monitoring features. If you have any questions, about the package you can ask me also. I am providing zSeries add-ons (for z/VM and z/VSE). There is a z/OS add on, but I don't have access to a z/OS system so I can not check it out. Jon Brock wrote: I wish I could be there at SHARE, but I would have to pay for the membership, hotel, travel, meals, etc. Jon snip I have a couple of customers that use Hobbit (http://hobbitmon.sourceforge.net) for network services monitoring. shameless-plug I will be giving a presentation at SHARE about Hobbit. Hopefully if there's enough time I will be able to also give a demo. /shameless-plug /snip -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- Rich Smrcina VM Assist, Inc. Main: (262)392-2026 Cell: (414)491-6001 Ans Service: (360)715-2467 rich.smrcina at vmassist.com Catch the WAVV! http://www.wavv.org WAVV 2006 - Chattanooga, TN - April 7-11, 2006 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
Have you looked at ESALPS from Velocity Software? Information can be found at www.velocitysoftware.com - Original Message - From: Jon Brock [EMAIL PROTECTED] To: LINUX-390@VM.MARIST.EDU Sent: Friday, August 12, 2005 7:48 AM Subject: Re: Supporting zLinux I am pondering how to go about monitoring the Linux guests here at my shop. We have ASG's TMON for our z/OS system, but I don't think they have a Linux product yet. For the moment, I'm thinking about trying some unholy combination of the VM Performance Toolkit, top, and maybe Nagios or mon. Nagios, mon, and other such products are capable of producing e-mails to lists of support personnel. (In our case, we can use an e-mail to trigger a pager if we want.) We also have ACF2 on z/OS, but I don't think there are any plans (yet) to expand that to Linux; it wouldn't surprise me, though, if we eventually went to some sort of LDAP setup. We use FDRINSTANT for our backups. We bring the VM/Linux volumes online to z/OS, shut down the Linux guests, run the snapshots, restart the guests, run the backups, and then vary the volumes back offline. I have not yet gotten an opportunity to try a test restore of the backups, though. Jon snip Just a couple of quick questions. Does anyone use any 3rd party tool,like OmegaMon, to monitor zlinux? Has anyone every tried to implement CA's eTrust ACF2 Security for zLinux? Has anyone tried doing volume level backups using FDR or DFSMS? Do companies have a production control area monitoring the monitor? Or do you page when alerts happen? Reason for questions. We are trying to build a case for the use of zLinux in our shop. Management wants to be assured that all the pieces are there before they will go forward. Thus the fact finding mission. /snip -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
HI, Brad. Brad Brewer wrote: Just a couple of quick questions. Does anyone use any 3rd party tool,like OmegaMon, to monitor zlinux? Yes, we have sites running the IBM Performance Toolkit with some degree of success. IBM offers a Linux application (for free, I believe) that can feed Linux data into the Perf Toolkit, but I think the overhead of running the code outweighs the information it supplies. I would recommend that you look into the Velocity Software product ESALPS for your Linux on z/VM performance monitoring and reporting needsit seems to be the best of breed in that area. Has anyone every tried to implement CA's eTrust ACF2 Security for zLinux? I've implemented CA's eTrustAccessControl (all one word! :-) for z/Linux. Other than a few gotchas in the install process, it seems to work well. It also comes with a feature that allows it to be used in conjunction with CA's ACF2 mainframe security package. Has anyone tried doing volume level backups using FDR or DFSMS? Do companies have a production control area monitoring the monitor? Or do you page when alerts happen? As Dr. Boyes mentioned, treat z/Linux as you would any other mission critical production system. There are a number of both open-source and commercial offering available to monitor and react to what the z/Linux systems are doing. There are job scheduling systems available as well. Reason for questions. We are trying to build a case for the use of zLinux in our shop. Management wants to be assured that all the pieces are there before they will go forward. Thus the fact finding mission. Thanks, Hope this was of some help. drop me a note off-list if you'd like more information or pointers to any of these things. Have a good one. DJ Brad Brewer Humana Inc. Technical Services System Software (502)580-3086 The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
There are three overriding issues with monitoring linux guests. 1) Overhead of monitoring. If each agent takes 5% of a processor for monitoring, multiply that by say 50 servers, is this good? Or will turning off your monitor solve your performance problem? 2) The CPU numbers from inside Linux are just WRONG. This is so very easy to prove - but not obvious when you are just testing. Wrong by and order of magnitude happens 3) You are sharing resources. 80% of your servers are idle, and in reality, maybe less than 80%, but exactness doesn't matter. Should you monitor an idle server? should you monitor only a few servers because you can only afford to? Most agents for Linux wake up every few seconds or minute and say, hey, what am i doing? - oh, nothing, guess i'll wake up in 3 seconds and see if that has changed. So at any point in time, your agent is wasting maybe 5% of a processor to find out nothing. So if you have an agent that uses a lot of resource and provides you bad data, should you run it? ESALPS solves these 3 problems. 1) the netsnmp agent takes between .3 and 1% per server, usually on the lower side, somewhat tuneable. 2) the data is integrated with z/VM data, so the process data is corrected. 3) vm identifies inactive guests, why wake up an inactive guest to find out it does nothing. So ESALPS does not monitor idle servers. And yes, alerts are provided as well as lots of other things you haven't thought about yet (And sorry David, i know you said no vendors, but since nobody seems to talk about the issues of production type installations, it was necessary) Date: Fri, 12 Aug 2005 10:48:26 -0400 From: Jon Brock [EMAIL PROTECTED] I am pondering how to go about monitoring the Linux guests here at my = shop. We have ASG's TMON for our z/OS system, but I don't think they = have a Linux product yet. For the moment, I'm thinking about trying = some unholy combination of the VM Performance Toolkit, top, and maybe = Nagios or mon. Nagios, mon, and other such products are capable of = producing e-mails to lists of support personnel. (In our case, we can = use an e-mail to trigger a pager if we want.) We also have ACF2 on z/OS, but I don't think there are any plans (yet) = to expand that to Linux; it wouldn't surprise me, though, if we = eventually went to some sort of LDAP setup. We use FDRINSTANT for our backups. We bring the VM/Linux volumes online = to z/OS, shut down the Linux guests, run the snapshots, restart the = guests, run the backups, and then vary the volumes back offline. I have = not yet gotten an opportunity to try a test restore of the backups, = though. =20 Jon snip Just a couple of quick questions. Does anyone use any 3rd party tool,like OmegaMon, to monitor zlinux? Has anyone every tried to implement CA's eTrust ACF2 Security for = zLinux? Has anyone tried doing volume level backups using FDR or DFSMS? Do companies have a production control area monitoring the monitor? Or = do you page when alerts happen? Reason for questions. We are trying to build a case for the use of = zLinux in our shop. Management wants to be assured that all the pieces are = there before they will go forward. Thus the fact finding mission. If you can't measure it, I'm Just NOT interested!(tm) // Barton Robinson - CBW Internet: [EMAIL PROTECTED] Velocity Software, IncMailing Address: 196-D Castro Street P.O. Box 390640 Mountain View, CA 94041 Mountain View, CA 94039-0640 VM Performance Hotline: 650-964-8867 Fax: 650-964-9012 Web Page: WWW.VELOCITY-SOFTWARE.COM // -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Supporting zLinux
Would you car to share the gotchas with AccessControl? Always interested in communicating to our Developers on how to make it smoother. CA does have an entire management suite for Linux on z/VM. And it is affordably prices per IFL engine. The Hidro Backup product in it does do the backups you are looking for. Be careful with the IBM Toolkit. Customers I've talked to indicate it takes a lot of cycles and real storage to run. I'd be interested in what others have experienced. Norman Hollander CA Technology Services -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390