Day: August 25, 2021

August 2021 Newsletter

This newsletter includes:

Last weekend was a weekend of preparation and planning as Hurricane Henri made a direct path towards Danbury, CT.  The storm shifted directions quite a few times, and in the end, we were very lucky as it moved east and all we got here was a lot of rain.  I mean a lot of rain, but that was ok. I would rather be prepared, and the hurricane misses us than unprepared and it hits us.  Would you be ready if you had a natural disaster strike your company?…

Why External Storage Makes Dollars and Sense for IBM i

IBM i can make use of internal disk in your Power system or external disk through a SAN.  For years, IBM i shops have relied on internal storage because of the simplicity and the cost savings.  As time marches on, we have to reconsider our approach to things and see if what once was a good fit makes sense now.

External storage offers a ton of value. 

 

With features like FlashCopy, hardware replication, and Easy Tier, you can implement a solution that reduces your downtime and improves the efficiency of your data processing—resulting in actual savings for your business.

Converged Storage

With an internal disk on IBM i, you can’t share the disk amongst other platforms. With an IBM FlashSystem, you have the opportunity to have a single platform for all your storage needs.  The single user interface simplifies management.  Easy Tier automatically manages your data efficiently, moving hot data to faster storage and storing long-term data on a slower, less expensive disk.

IBM FlashSystems use software-defined storage with Spectrum Virtualize. With a single interface, you can manage and maintain all of your storage.  You can even manage disparate storage on another provider’s SAN, such as HP or Dell. Bringing all your storage under one solution saves your administrators time.

According to a recent Forrester report, “The Total Economic Impact of IBM Spectrum Virtualize“, the benefits of implementing software-defined storage saves your business money. Customers who implemented Spectrum Virtualize to consolidate their storage achieved a 60% reduction in administration efforts. That’s a lot of time that can be put to use in ways that benefit your business and help it grow.

Data Reduction

Data is king, but having too much data can be expensive. Depending on your environment, adding disk can be a relatively easy task, adding a drive, for example. Or it can be more complicated and costly when you need to add expansion units before you can add drives. Better utilization of disk space means you spend less. According to the Forrester Report on Spectrum Virtualize, companies achieved a 33% improvement in utilization by reducing their data on an average of 3:1.

Not only does the solution positively improve your current disk utilization. It also provides you with the ability to save money in the future. With the average amount of storage growth at 15% per year, companies that implement Spectrum Virtualize are …

Need a New HMC? Here’s Why a “Virtual” HMC May Be a Very Good Choice

Many (the majority) of our customers have an HMC (Hardware Management Console) appliance to manage their IBM Power systems, whether it be to manage multiple partitions (LPARs) or even to manage a single partition machine, HMCs are critical to the IBM i technology ecosystem.

HMC technology has very much evolved through the years, running on different processors and on a code base that has undergone constant change as IBM Power hardware and virtualization technologies have become more and more advanced, and HMC technology needed to keep pace to support those advancements.

It wasn’t too long ago that an order from IBM for a new HMC meant getting an IBM xSeries (Intel processor based) server “appliance” where the HMC software was pre-loaded at the factory and it simply needed to be racked & cabled-up on installation and configured for use.  Times have changed a bit, and getting a new HMC now gets you an IBM Power-based server appliance not an Intel-based one, and, you now have the ability to go “virtual”, and the virtualized option is what we’ll be exploring a bit in this article.

First, a very quick general summary of what an HMC is, it is a Linux-based appliance that physically connects to the service processor (a.k.a. “FSP”, “server firmware”) of your IBM Power system and allows you to manage that physical system & its logical partitions, and provide console access to all partitions running on that system.  The chart below from IBM’s documentation shows an example HMC managing AIX, IBM i, and Linux partitions running on an IBM Power system:

The HMC is a classic “one-trick pony” as it basically is a closed/locked-down appliance that has only one but very important role, to manage one or multiple IBM Power systems and the virtualization/configuration environments of all partitions running on those systems from a single pane of glass.

For many years, getting an HMC meant getting a dedicated physical box from IBM that ran the Linux operating system and the HMC software, but with widespread adoption of Intel-based virtualization technologies (like VMware) in just about every organization that has an IBM Power system, you now have a great alternative to installing/implementing the appliance, the Virtual HMC.

You can purchase the IBM Virtual HMC software to run on multiple supported virtual machine hypervisors, and currently, the supported x86 hypervisors (for IBM product code 5765-HMW) are KVM 2.5.0 on …

A Simple IBM i Penetration Test Lesson

iTech Solutions has had IBM i penetration testing as a service for a little while now. While not discussing anything confidential, offering a little friendly advice based on some of the generic and even specific things encountered on a penetration test will certainly be to the benefit of IBM i customers such as yourselves.

First, let’s explain the meat of what iTech does on a pen test.

  1. Perimeter Test – attempts to catalog and breach your systems from outside the firewall.
  2. Black Box Test – attempts to find and breach your IBM i partition(s) from inside the firewall. No knowledge of any system specifics (even the IP address) are given in advance.
  3. White Box Test – attempts to elevate authority of an existing user to get around security rules on the system. This is the equivalent of a rogue user attempting to steal data or do some damage.

For each test, the ground rules are agreed upon by both parties. Some customers want you to spend a little extra time on a particular service (i.e., EDI, web servers) which is certainly doable. Others want nobody in the local IT department to know about it in order to test efficacy, alerting and reaction of an attacker tripping a tripwire.

The minority of shops are watertight. Many are not. Some are far more wide open than they thought. So much so that all three aspects of their penetration tests have taken less than 20 minutes combined. That means breaching the system from outside the firewall with a set of working credentials and then either elevating authority to gain more control or simply by having excess rights with the profile used in the very first place.

How does that happen? It’s usually the combination of two things.

Network Address Translation (NAT) rules on a firewall is the first massive problem. A NAT rule will take a port on a firewall public IP address and map it to a corresponding IP address on a local server. For instance, you may have a public IP address of 142.175.10.xxx and a local address of 10.10.10.50 for your IBM i server with an FTP server running on port 21. External FTP clients would connect to your firewall IP address with an FTP request on port 21 and the firewall would route that request to 10.10.10.50 on port 21. It’s simply a traffic cop. So review your firewall …

COMMON Survey

As many of you know, I have long been a big supporter of COMMON, the IBM Power Systems Users Group, having served on its board for a few terms, as well as having the honor to be President of COMMON for 3 terms. I believe that the COMMON organization has the best in-person education in the world. No matter if you are going to COMMON North America, or COMMON Europe, they both help educate the IBM I community.

As with every organization, they have been affected by the COVID-19 pandemic. The organization is trying to gather information to know how to best serve the IBM i community, and if you could answer a few questions, that would be extremely helpful. It would be helpful to COMMON, but could also help you in that COMMON can create education that would satisfy your needs.  If you have heard me speak, you will have known that I believe that our own education is something we all have to manage ourselves and be responsible for. That means knowing where you can get the education to advance your career and skillsets, what to consume, and how does this makes you more valuable to your current company, and any future employer.

Please spend 5 minutes on this survey.  Thanks for your time.

[Take Survey Here]

More from this month:

iAdmin Fall 2021: A Virtual IBM i Conference Hosted by iTech Solutions

iAdmin Fall 2021

A virtual IBM i Conference hosted by iTech Solutions

Now Available On-Demand!

Originally recorded: Tuesday, November 9th – Wednesday, November 10th 
9:00 AM – 5:00 PM ET

Two Full Days. Live IBM i Focused Sessions. No Cost.

This is a full virtual experience that will bring IBM i education right to you. We certainly miss seeing faces at in-person conferences, so our goal is to make this as immersive and interactive as possible.

[Register Now]