November 2012 Bytware News
Saturday, November 3rd, 2012
As IBM’s midrange hardware and software have evolved, we’ve gone through trends of decentralization as well as centralization. The consolidation of IBM i infrastructure in a single location has brought a number of changes to the wadxy we manage our operations. At first, single data centers had multiple AS/400s with user environments controlled strictly through subsystem technology. Later, the trend changed to multiple partitions on a single iSeries running OS/400, which was connected to physical I/O adapters and possibly virtual TCP/IP interfaces.
Today, the latest Power Systems™ have multiple IBM i, AIX, or Linux partitions—potentially fully virtualized micro-partitions—hosted on a single Power Systems server. These developments in IBM i and the POWER7® processor have put us in the middle of a consolidation revolution. Here are three technologies that can help you join it.
1. Subsystems
Thanks to subsystem technology, the IBM i operating system (and its predecessors OS/400 and i5/OS) could be designed to allow multiple environments to run concurrently. Subsystem definitions allow the administrator to segregate work (interactive, batch, server) into their own memory pools and their own separate and distinct job queues, all sharing a portion of processor time. This was the first form of consolidation technology and is still strong today. In fact, with the horsepower available on a single system today, it is quite possible to consolidate multiple systems and thousands of users onto a single Power Systems server with a single partition.
Do you have multiple companies or divisions? Break them apart by subsystem, with each user environment assigned to a specific job description that will direct them into the proper subsystem and the appropriate libraries and directories. For motivation, consider one of our customers who, thanks to subsystem technology, consolidated more than 800 dedicated store system AS/400s to six POWER7 partitions running IBM i. Imagine how much easier the administrator’s job got and how much energy was saved!
An additional consideration when consolidating is the security of your data. While the workload runs in distinct configurations, the server configuration and application data remain united. Depending on the nature of the data, it is critical that IBM i security controls are fully understood, deployed, and monitored. Privileged users can access the data across all of the workloads or applications, meaning that it becomes difficult to secure data across different companies or corporate divisions.
2. Independent Auxiliary Storage Pools
Independent ASP (iASP) technology is another form of consolidation. iASPs let administrators isolate data onto groups of disks that can switch between partitions. Multiple iASPs can be attached to a single system. For example, this could allow multiple divisions or customer workloads to be consolidated on a single partition. You could consolidate different business operations, multiple development or simulation environments, or even multiple versions of an application onto one partition using the same library names housed in separate iASPs while keeping the data totally isolated.
ASP technology allows for more segregation of the application data but usually requires program changes before it can be supported. This is because library and directory objects are referred to with the same name but with an iASP prefix. IBM supports full disk encryption (FDE) via disk pools that are assigned to an ASP. Although this is not a “silver bullet” for data encryption, it protects data transmission to and from the disk drive (important in a SAN environment), and when a disk unit is removed or stolen.
3. Virtualization
Consolidation via virtualization is not new to IBM i. The IBM i single-level storage technology is a form of virtualization and was first implemented on the System/38, allowing for virtual memory where the OS regards all primary (RAM) and secondary storage (DASD) as one large pool. Single-level storage allows processes and jobs to run without the programmer having to estimate how many programs or how much data to load into memory at one time. This greatly simplifies handling a large company’s “big data” needs and simplifies programming and database management.
Another technology is virtual media, which allows backups without physical tapes and, thanks to CD image catalogs, product installs to run without physical CDs. Virtual media allows program installs and updates to be shared across multiple partitions with ease and without having to physically load media. Virtual tape can be combined with iASP technology for backup to a storage area network (SAN). This iASP could then be attached to another partition for recovery or archiving.
Virtual partition technology is available with PowerVM, which, in combination with iASP technology, adds tremendous capabilities to our IBM i world. But virtualized partitions weren’t invented on Power Systems—they have been around in the mainframe environment for years. Power just improved on the technology. And it is truly exciting technology, as it allows as many IBM i, AIX, or Linux partitions as are needed to be created and enabled. All you need is disk, memory, and CPU (and appropriate licensed programs from IBM).
Why might you create a virtual partition? Simple: To better utilize resources. For instance, a fully virtualized partition could be created to test a new cumulative PTF package or new version of the operating system, then deleted when the testing is complete. A test partition could be created to validate a new release of application software. Virtual partitions can be copied. Virtual partitions can be suspended when unneeded, thereby freeing up resources for other partitions. Suspended partitions are saved to disk much like a file or a directory. This is very similar to virtual memory technology, where pages of memory are sent to disk when not needed and brought back as required.
Virtualized partitions cut power consumption and allow for CPU and I/O resource sharing. Another feature is active memory sharing, which allows the dynamic exchange of memory between active virtual partitions. And then there is the crown jewel of virtualization: Live Partition Mobility, which allows you to move a virtual partition—while it is active—between frames, with no system outage to the end user.
Live partition mobility (LPM) is similar to PowerHA in that it copies the entire partition’s data at the disk level out to a SAN on your network, which in turn is attached to another Power Systems frame. The advantage is that you can activate this copied partition on the target frame in seconds; and any remaining updates happen after the partition comes up on the target. This is not a substitute for a high availability fail-over plan using PowerHA or another mirroring tool. LPM is used for planned system outages; workload balancing by moving a partition from light to busy systems; or for consolidation of multiple virtual partitions onto one hardware frame.
IBM i, Unix, and Linux Consolidation
One IBM Power Systems frame can host IBM i, Linux Red Hat or SUSE, or AIX Unix partitions in a single “footprint.” This is a great opportunity for server consolidation. However, this does cross “political” boundaries that may exist in your IT structure, since those systems are all supported in one place, from one PowerVM or HMC console, and are sharing CPU, memory, power, and rack space. This might be a great opportunity to consolidate those duties or, at a minimum, cross-train those administrators. Bring factions together to discuss the advantages of this consolidation: reduced power consumption; having a single vendor; and a simplified, more flexible environment.
An additional consideration when running multiple operating systems on a single Power Systems server is the possibility of virus and malicious code infestation. While IBM i is immune to viruses designed to attack Windows or Unix, it can serve as a quiet host to viruses and malicious code. Because IBM i cannot execute this code it can become a virtual Typhoid Mary, spreading malicious code to client PCs and to partitions that can execute it. In fact, this immunity makes it difficult to trace the infection back to its true source: IBM i. It is therefore important to monitor the integrity of IBM i Objects and all files stored on the Power Systems server—across mixed-OS partitions—to avoid costly infections and data loss.
xSeries Consolidation
One other opportunity for consolidation is to host your x86 Windows server disk on a Power Systems shared disk using iSCSI, so when your IBM i saves the integrated file system (IFS), it also saves the Windows storage environment. There’s nothing like the peace of mind you get from an IBM i backup.
Whether you use traditional subsystems, independent ASPs, or virtualization, it will take some time to learn how to use the technology and how to use it at your company. And plan ahead: Power Systems technology is moving so fast, IBM will no doubt release a new technology refresh, adding new features to the virtual environment, giving us more opportunities to consolidate, and more technology to study and implement.
Consolidating for Automation and Security
Automating the monitoring of system events and notification can improve the efficiency and productivity of your organization while at the same time saving you significant money. Such automation can also ease the burden of regulatory compliance. Likewise, taking steps to ensure the security and integrity of your data on mixed-platform Power Systems can help you avoid the types of data breaches that are impacting companies both large and small. Bytware’s Messenger and StandGuard solutions make it easy for to cover all of these bases with cost-effective monitoring, security, and anti-virus tools that have been trusted by companies worldwide for more than 20 years.
Ready to join the revolution? Learn more about automated monitoring and notification by downloading the Messenger Technical Packet and Interactive Calculator, which can show you exactly how much a period of downtime could cost your organization. And to learn more about preventing malicious code from impacting your operations, download the IFS Security Bundle, which includes a recorded webinar, IFS Security white paper, and the StandGuard Anti-Virus Technical Packet. These instant downloads are absolutely free. No forms required.
Using Messenger to Monitor Domino
Lotus Domino products typically run smoothly, and they are built to be very reliable. To ensure that they continue to run smoothly, administrators should be equipped with the right set of tools for analyzing problems when they occur. What can administrators do to improve efficiency and optimize their system?
If you are given the task of Lotus Domino administration, you need a way to get the most out of your valuable time. Bytware’s Messenger can help you monitor Lotus Domino and assist you in taking steps to ensure a smooth and optimized environment.
When a Domino server runs out of disk space, users will experience trouble sending and receiving e-mail. Often times, e-mail will be deleted and “write” errors will appear. Using the supplied DISK monitor in MessengerPlus or MessengerConsole will allow you to detect sudden changes in disk growth or when disk space is reaching a specified threshold. When specified thresholds are reached, the software triggers an alert that tells the administrators of the impending disk disaster.
The health and stability of an application may rely upon a number of running Domino jobs. If the required jobs or subsystem fail to start or stay running, Messenger can alert you and can even restart the jobs or subsystems automatically. Within Messenger, use the supplied JOBRUN monitor to verify subsystem DOMINO0xx is active at all times. Or take advantage of the supplied JOBRUN monitor to verify each job in the Domino subsystem is active (for example, AMGR, HTTP, UPDATE, EVENT, ROUTER, SCHED, and SERVER jobs).
There are other job attributes relating to Domino jobs that will alert you to a potential problem, such as the job consuming too much CPU. Messenger’s preconfigured JOBMON monitor can detect any job consuming too much CPU or otherwise hogging resources. You can fine-tune the monitor to pay special attention to a job running under user QNOTES and alert the administrator of the condition.
All Domino data files should be owned by user profile QNOTES. And QNOTES must have read and write access to these data files. In addition, Domino writes temporary files to /tmp and QNOTES must have write access to this directory. Because many Domino jobs run under user QNOTES, an authority failure by that user could halt processing. Messenger supplies you with an Audit Journal monitor (QAUDJRN) that can detect any Authority Failures (AF entry type) from user QNOTES and alert the security administrator and the Domino administrator to the condition so it can be remedied quickly.
If Domino jobs are sharing the system with interactive jobs, they’ll have a Run Priority of 20, which makes them equal to interactive jobs. To guarantee users won’t complain that Domino jobs are stealing their resources, use the supplied JOBMON monitor to detect any job in the DOMINOxx subsystem with a Run Priority lower than 30. If found, Messenger can respond by running command CHGJOB JOB(&MN/&MU/MJ) RUNPTY(30) to automatically reprioritize the offending Domino job and keep your interactive users happy.
Even the best-built products may encounter problems that cause them to hang or crash. When this happens, the quicker you can isolate, analyze, and fix the problem, the quicker your user community will be up and running. When there is a Domino server failure, an NSD* job is created on the system. This job collects info about server failure and documents settings about the environment at the time of the crash to assist you in troubleshooting. At the time of a server crash, NSD begins to run and collect diagnostic information. Message LNT099C is sent to the IBM i QSYSOPR message queue to notify you of the crash. At this point the server will attempt to restart; however, if you have chosen not to restart the server automatically another message is sent to the QSYSOPR message queue stating “Enter a character to allow Domino job to continue.” You may need to answer the message in order for the server to restart. If the Domino server is configured to restart itself automatically, but fails to restart, message LNT0928 will contain error codes returned by the server and will also appear in QSYSOPR. MessengerPlus or MessengerConsole supplies you with a QHST monitor to detect any messages from job NSD* present in the History Log. It also ships preconfigured with a QSYSOPR monitor that will capture those LNT messages and respond automatically for you.
As a Lotus Domino administrator, you are faced with a plethora of challenges each day—users forgetting their passwords and applications not working as expected. Bytware’s Messenger will help you free up your time and give extra focus to your Domino environment so you can enjoy a smooth, reliable server.
A New Point of View for Messenger Customers
For years you have been using Messenger to monitor your systems and send notifications, and you’ve been using the power of SEQUEL to access information on your System i. Both have become invaluable management tools. Now you can bring them together with a new way to view events and messages using a SEQUEL ViewPoint Dashboard for Messenger. We worked closely with the SEQUEL group to create three Messenger dashboards for you to use as-is or to customize to meet your own unique needs.
The Event Dashboard gives you a snapshot of your Event Counts from four perspectives: Count by Date; Count by Severity; Count by Message Queue; and Total Events for the Month.
The Pager Dashboard provides critical paging information, including Pager Status, Pager Messages by Date, Today’s Pager Message Count by Status, and Total Pages Sent Today.
The Bytware Dashboard includes both the Event Dashboard and Pager Dashboard data to help you get a quick overview of what’s been happening on your system. It has Event Counts by Event Date, Count by Severity, Count by Message Queue, Pager Status, Pager Message Count by Pager Message Status, Pager Message Count by Pager Message Date, Total Events for the Month and Total Pages Sent Today.
With the flexibility of SEQUEL ViewPoint, you can easily add to, remove from, or tweak the Dashboards to give you the view that is most helpful. Want more event information? Create a new View for Current Events to show events that haven’t been acknowledged yet and drop it into your Event dashboard. Need to report on paging statistics? You can easily save or print your charts and export data results to an .xls file. The dashboards even have links to both the Bytware and Sequel websites so you can easily contact us for help if you need it.
Are you ready for a new point of view? The Messenger Dashboard for SEQUEL is available for download on the Bytware website at http://www.bytware.com/support/mp/sequel-dashboard.html. (Note: You will need your support access code to log in to the download page.) Installation instructions are provided on the website, so if you meet the minimum requirements you can install today!
Q&A
Q1. My company recently upgraded its mail server, and the name was changed. Now my e-mail pages aren’t going out. Is there a setting in MessengerPlus that needs to be updated with the new mail server information?
A1. Yes. You will need to update the *SMTP Paging Company to reflect the new mail server name. Go into MPLUS, 50 Setup menu, option 3 Work with paging companies, 2 to change on *SMTP, press Enter to the second screen, update the server name, and press Enter to save your change. If DNS is not enabled on your system, you may also have to create a Host Table Entry for the mail server in CFGTCP Option 10.
Q2. Why don’t I see some of my old events in MessengerPlus when I go to Work with Events?
A2. When certain conditions are resolved, such as a job in MSGW or CPU too high, MessengerPlus recognizes that it is no longer a current condition and automatically acknowledges the event. You can find these events by going to Work with Events, F17=Subset view, Display old messages Y, and press Enter.
Q3. My virus scan detected an infected file in one of my IFS directories during my full system scan last weekend. The file was moved to the /Quarantined folder, but now I don’t know what to do with it.
A3. You will need to review the files in the Quarantined folder and remove them before your next full system save. Once a file has been identified as infected and can’t be cleaned, the file attribute for Scan status is changed to *FAILURE and the OS won’t allow a file with this status to be saved.