Sometimes human resources may be stretched so thin that only one production VM
environment is possible. There may be established billing procedures, various
government
and departmental certifications, complex ESMs, performance monitoring, and
hardware constraints
that make separate IFL-only and
We have a customer that wants to install Linux in an LPAR by itself. Their
system is a separate CEC without a VM license. It seems I should be able to
install Linux under VM onto dedicated volumes and using real OSA addresses, and
then IPL via the HMC for the assigned LPAR. If that's true then
Very good. I'll pass these caveats along to the z/OS group. What are the
consequences of keeping the Linux volumes online to z/OS, for example on a
system that runs FDR disk level backups?
Thanks for the information.
Ray Mrohs
-Original Message-
From: The IBM z/VM Operating System
?
Did you import the public keys for z/VM using the gskkyman
utility of the GSKADMIN machine?
Ronald Egnot
Operating System Support Unit
Federal Bureau of Investigation
-Original Message-
From: The IBM z/VM Operating System
[mailto:ib...@listserv.uark.edu] On Behalf Of Mrohs, Ray
, 2010 12:13 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Getting ftps to work
On Friday, 06/18/2010 at 09:50 EDT, Mrohs, Ray
ray.mr...@usdoj.gov
wrote:
On the Linux side, using openssl to generate a x509 server
certificate
in
/etc/ssl/private/. On the VM side, I get the certificate
Hi,
I am trying to get the ftps client to work in z/VM 5.4 going to a SLES11
server. So far, pure-ftpd secures the control channel only. Data channel
security isn't supported in the SLES11 distribution version, and due to our
site's aggressive scanning policies, I'm not eager to support a
We used to run a product called XDR in place of DDR. It used standard labels
and had a few other nice features like CMS file level restores. I'm not sure if
the company is still around but their web site is still up:
http://www.seqsoft.com/
Ray Mrohs
Ivica Brodaric wrote:
I didn't want to start a war of words about a poor little
Signal, but I cannot resist now. SIGNAL should be used only
if you want to branch to a piece of code from which you will
never come back. In other words, it should be reserved for
*abnormal* changes in the
Guys, please realize what I put forth works for ME, and it is up to YOU
to either use it, modify it, or throw it in the trash. As it stands, it
works perfectly well for its limited intended purpose in my plain-jane
VM admin environment. I usually don't shoot for elegant or proper
when I want it
I deal with SFS administration only rarely and I have trouble
remembering the fussy syntax for even the more common functions. I put
together this little REXX to help me along. It's by no means complete,
but maybe some people in the same situation will find it useful. Note
K8SYSU: is an example -
I didn't but I'm looking at it now. It looks much more thorough. Thanks
for pointing it out.
Ray
From: The IBM z/VM Operating System
[mailto:ib...@listserv.uark.edu] On Behalf Of Kris Buelens
Sent: Wednesday, February 24, 2010 10:25 AM
My posting was the result of frustration with SFS. I wasn't thinking
about perfect code structure. Frankly, at a certain age you care less
about those things, as long as it works and the boss is happy. :-) But I
understand your criticism.
Ray
From:
CA's VMBackup HiDRO does everything except Linux file-level backups. We
use it here to backup CMS minidisks, SFS, and full DASD images. As a
bonus, it has a standalone module for bare metal DR restores. It will
backup and restore whole Linux volumes but as stated before, the Linux
instance better
You (or your managenment or your auditors) may want separate and
dedicated production and test environments, where the whole production
platform has to meet strict change control, security, or CA standards.
When there are lots of hurdles to jump, political or otherwise, its
sometimes easier to
The link comes right back up after its disconnected. But from a security
standpoint it seems that a link that is idle and stays connected to its
peer is more secure than one that is waiting for a connection to happen.
Maybe these firewall rules are aimed more at unattended workstations. If
all
Hi,
Our network firewalls have a policy of dropping all connections that are
idle for 30 minutes. That is causing our VM-to-VM link to drop and
restart throughout the day. The network guy asked if there is an RSCS
keepalive option, since changing firewall policies is like moving
mountains. TCPIP
The real ultimate solution would have been to do a restart dump so that
IBM could take a look at what was last happening on your system.
Hopefully your OPERATOR id has its console output spooled to someplace.
Type Q R OPERATOR or Q P OPERATOR. If you don't have VM:Spool, you need
to get those
EDT, Mrohs, Ray
ray.mr...@usdoj.gov
wrote:
This is slightly off-topic but if anyone has the 5.4 SSLSERV running
with the Rumba or WRQ Reflection 3270 emulator, please contact me
offline. Thanks.
Neither Rumba nor Reflection work correctly. We are working with
Attachmate to fix Reflection
This is slightly off-topic but if anyone has the 5.4 SSLSERV running
with the Rumba or WRQ Reflection 3270 emulator, please contact me
offline. Thanks.
Ray Mrohs
U.S. Department of Justice
202-307-6896
-Original Message-
From: The IBM z/VM Operating System
Update and heads-up: Our problem turned out to be a bad MCL update on
the z890 that only affected apps doing long CCW chains. We are fortunate
enough to have a backup system to move VM to while the problem was being
investigated and patched. There is a lesson here about non-disruptive
MCL changes
The MCL is 55. We are not sure what the level set was, but there were
one or more patches put on piecemeal that spontaneously caused the
errors. We have now been upgraded to 55.13, and a test VM that we just
brought up confirms that the problem has been resolved.
Affected apps are CA Hidro, and
Hi All,
Just looking for possible causes of a new problem. We started getting
interface control checks whenever Hidro or Connect:direct try to start
up. In both cases they are doing their own version of formatting or
writing to disk. System is up and running, and regular CMS formats, as
well as
How else can a company maintain a high operating system MTBF, unless
they do what they can to keep it off of cheap and/or unknown hardware?
-Original Message-
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Tony Thigpen
Sent: Wednesday, August 13, 2008 9:55 PM
We have been using Filezilla 3.0.3 for SSL file transfers between
Windows and z/VM 5.2. More recent versions of Filezilla, 3.0.4 and
beyond, no longer work. Sessions drop during the first few packet
exchanges, and before the certificate gets displayed or user
authentication. Before we go into
Bireley
BlueZone Software
www.bluezonesoftware.com
Free BlueZone Secure FTP
-Original Message-
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Mrohs, Ray
Sent: Wednesday, May 28, 2008 2:24 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Filezilla and SSL FTP
We have been
If your site runs port scans against your z/VM 5.2 SSLSERV, you might
get notes from the network people saying you are running an old 2.0
version of SSL.
Ray Mrohs
-Original Message-
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Alan Altmark
Sent: Tuesday,
Is there a list of z/VM software products and/or applications that will
NOT run on an IFL?
Ray Mrohs
-Original Message-
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Alan Altmark
Sent: Saturday, April 26, 2008 11:55 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject:
Unless anything has changed, SSLSERV is a non-starter if you have more
than 126 concurrent sessions. Aside from that, it is very stable with
the latest patches (our VM is 520). An alternative is to get your VM
behind a network firewall, then get an SSL device like Illustro's to
protect all your
We are moving our mainframe connections from Cisco to OSA. My OSA test
environment has VM's TCPIP attaching to the VSWITCH, which provides some
failover redundancy at the expense of slightly more complication, i.e.
VSWITCH creation and authorization. In the past I simply defined TCPIP
directly to
Hi,
Here's a current swap status on SLES10 with 400M.
swapon -s
FilenameTypeSizeUsed
Priority
/dev/dasdf1 partition 74988 63932
-1
/dev/dasdg1 partition 149988 23064
-2
, October 15, 2007 4:53 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: Secure file transfer options?
On Oct 15, 2007, at 3:17 PM, Mrohs, Ray wrote:
What are my options for encrypted file transfers between Solaris and
z/VM 5.2? I have secure FTP running in VM, and a test using the
FileZilla
What are my options for encrypted file transfers between Solaris and
z/VM 5.2? I have secure FTP running in VM, and a test using the
FileZilla desktop client shows that it works. I'm not sure about Solaris
yet, but the sftp client in Linux does not appear to work with VM's
secure FTP. I'm
From: The IBM z/VM Operating System
[mailto:[EMAIL PROTECTED] On Behalf Of Mrohs, Ray
Sent: September 24, 2007 3:32 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: VM SSL Appliance with TCP/IP
Hi
Hi,
We are in the process of hooking up 2 SSL front ends for our VM TN3270
traffic. One box wil be primary, the other backup. For full redundancy,
I plan to use 2 OSA ports (separate cards), and 2 TCP/IP stacks in VM.
The SSL boxes will be configured identically and cabled directly to the
OSAs to
TCPIP how will you switch over to the backup?
Is there some failover built in or will it be manual?
Tom
-Original Message-
From: The IBM z/VM Operating System
[mailto:[EMAIL PROTECTED] Behalf Of Mrohs, Ray
Sent
I just did the same with stunnel provided with SLES10. It seems to work
fine. Now what are the disadvantages compared to SSLSERV?
Ray Mrohs
U.S. Department of Justice
202-307-6896
-Original Message-
From: The IBM z/VM Operating System
[mailto:[EMAIL PROTECTED] On Behalf Of
A beginner DDR image would be very nice. Then all you need is something
to edit the config from CMS before starting the new image, such as SNA's
EXT2TOOL. Putting /config on it's own little file system would make the
configurations sharable/movable between images.
Ray Mrohs
U.S. Department of
-Original Message-
From: The IBM z/VM Operating System
[mailto:[EMAIL PROTECTED] On Behalf Of Marcy Cortes
Sent: Wednesday, May 02, 2007 7:23 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: z/VM usability
CMS for applications is pretty clearly a dead end, although I don't
think
For what it's worth...
MODCF1 EXEC
/* Get, FILEL, and put back system CF1 disk */
'CPREL A'
'CP LINK * CF1 CF1 W'
'ACC CF1 W'
'ACC 193 Z'
'FILEL * * W'
say 'Checking the SYSTEM CONFIG file for errors.'
'CPSYNTAX SYSTEM CONFIG W'
'REL W (DET'
'REL Z'
'CPACC MAINT CF1 A SR'
Exit
You can create
Don't forget to retain the record for the current period if you plan to
IPL before 3/11, otherwise you system may come up in GMT.
Ray Mrohs
U.S. Department of Justice
202-307-6896
-Original Message-
From: The IBM z/VM Operating System
[mailto:[EMAIL PROTECTED] On Behalf Of David
How many sites are using SSL for end-to-end encryption of TN3270
sessions? I am looking at SSLSERV as well as external appliances such as
Visara's. We will provide this for about 800 concurrent CMS users at
peak times.
My main concerns are:
1. reliability and proven load-handling capability
2.
41 matches
Mail list logo