August 2017 Newsletter
This newsletter includes:
- How good are your backups?
- Who Unplugged my Excel Plugin?
- IBM Adds Support for SMB2 on 7.2
- SPOF in the IBM i World
- Release Levels and PTFs
If you live in the area impacted by Hurricane Harvey, we hope this newsletter finds you and your loved ones safe. We also wanted to let you know that iTech Solutions is here for you during this time. If you need technical support, to ask questions during a save or restore, need help on bringing your system back up after the floods subside, or have a hardware failure that you need help to debug, give us a call. We will help at no charge. We can even work with you to perform a restore while you attend to other things like your house and family. We can help you with any IBM i System Admin function you need help with. We stand with the members of the IBM i community during this time, don’t hesitate to ask for some help. If you need a recovery machine or partition, we can help you out again at no charge for 30 days.
For the rest, are you prepared and ready if this were to happen to you? I believe that it is important to review your backups, analyze what is being backed up, and what isn’t, and what plans you have to put your system back together in the unlikely event that you were to have a disaster. Remember, backup isn’t just about checking to make sure there are no error messages in QSYSOPR, but actually testing a full system restore. You want to test out the process when it isn’t an emergency. It is for a full test of your system recovery based upon how you normally backup your system. If you don’t have a machine to test a recovery on, contact our sales group and they can setup a contract for you to use one of our systems in your location, or our location to perform a disaster recovery test.
Keeping your OS Current is Now Easier Then Before
We have many customers who have us perform their OS Upgrades and PTF Maintenance today. They want the peace of mind of keeping current and the ease of not having to perform the work themselves. While this is a great way to keep current, we have a new offer that makes it even easier for you.
Our new OS Subscription service was designed to offer our customers a proactive method for keeping their OS current, for a low monthly cost. The service includes three (3) PTF applications and one (1) OS upgrade over a 24 month period. The idea is that you are applying PTF’s every 6 months and you can upgrade your OS once during that time period, at your convenience. The benefit of this approach is two-fold. First, we will develop a plan with you to apply PTF’s every 6 months, keeping you up to date. Second, you will only have to get a single approval to keep your OS current for two years, instead of four separate service engagements. There is actually an additional benefit to the business, which is that keeping current can now become an operational expense.
The best part is that this option is affordable for companies of all sizes. For a small monthly fee, a small shop can now easily get an approval from Management to have iTech Solutions keep your OS current. If you struggle to keep up with PTF’s and are still on 7.1, this is a great option for you. Contact our sales team today to learn more about this service offering. It’s never been easier to keep your IBM i OS current.
What’s New at iTech Solutions
What do you think of our new newsletter template? Updated and easier to read, as well as being mobile friendly, it resizes itself based upon the different devices used to read the newsletter (PCs, tablets, phones, etc.). I would also like to welcome Patrick Nip to our sales staff, he was formerly with IBM and is here to help our customers. He is another great addition to our sales force.
This issue of our newsletter has 6 articles. The first article by Pete on How good are your backups? The second article from Nathan is Who Unplugged my Excel Plugin? The third article is from Steve on IBM Adds Support for SMB2 on IBM i 7.2. The fourth article by Charlie is on Single Points of Failures. The fifth article lists some of the upcoming events in which iTech Solutions will be participating. The last article is for your reference with updated PTF information. Please note that for all 7.1 customers that are on the Quarterly or Semi-annual iTech Solutions PTF maintenance plan, we will be installing the latest PTFs as you are most likely now on Technology Refresh 11. For the 7.2 customers, we will be installing 7.2 Technology Refresh 6, and 7.3 will be Technology Refresh 2.
How good are your backups?
Wait, don’t answer too quickly.
If you have been paying attention to the news this week, you heard about Hurricane Harvey battering the greater Houston area, and causing so much widespread destruction. Mainly from the rain and floods, and when people start to get their personal lives back together, the next item will be their jobs. Having knowledgable people and good procedures are two important parts of a recovery. Where are their backup tapes? Which tapes should we use? What gets saved on what backup? Where are the Disaster Recovery procedures? What order do we use the tapes in? If there are replicated systems, have you already performed a role swap? Where are their replicated systems?
Listening to the news, it will be days before the floods start to subside, and even longer before people can get back into their businesses. What will be left? Did they do a backup beforehand? Are the backups under water with the machine? If this was your company could you last over 2 weeks before you were able to be back on-line? As we watch the aftermath of Hurricane Harvey, what are you doing to protect your environment, data, and computers. This might be a good time to look at replicating to our IBM i in the Cloud.
Having customers in Texas, this hits a little closer to home for us, but you never know when disaster is going to strike. A while ago, we got a call from a new client which had a disk failure without RAID, and they couldn’t recover their system after the disk was replaced. I asked them why they called us, and they told us that IBM had recommended they contact us. First, you should always have some level of disk protection, which is your first defense against loss of data. My preference is RAID5 with Hot Spare for most customers, it gives that added level of protection. There is always Mirroring or RAID6 as well, but for most of our customers RAID5 with Hot Spare provides ample protection. I am not going to get into the specifics of the issues why this customer couldn’t recover, but I thought their experience would make a great article to remind our customers to ensure that your backups are able to be used for a recovery. I want to ask you a few questions. Remember, you only have to answer to yourself right now, but in a disaster, you will be answering to the management of the company, and quite frankly your job is on the line if you aren’t following best practices.
Of course, I am assuming that you are doing backups, but I have seen companies who don’t backup their machines, or they don’t back the machine up often enough. How often is often enough? It depends. Sorry, there is no answer that works for everyone. You need to balance availability of your system, as your system is usually down during the backup, and how difficult you want to make your recovery. The best backup is a Full system backup (GO SAVE 21) every night, but of course that isn’t always practical. Some companies backup their system fully once a week, once a month or quarterly. Then each night, they backup their data libraries. Some companies backup the entire system quarterly, a few libraries weekly, and then other libraries daily. One problem that I always see with selective library backups is that library names change or new libraries get added, but the backup procedure isn’t changed. Also, don’t forget there could be data in the IFS that also needs to be backed up. Everyone’s backup solution is different, and it should be analyzed to determine if it is meeting the needs of the company. Can you recover from this backup strategy?
Once you have a backup, it is imperative that the tape is taken off site. You don’t want to keep the backup and the backup tape in the same computer room. What would happen if the computer were to catch on fire, both the backup and the machine could be destroyed. Remember, that iTech Solutions has both Cloud based backups for your IBM i, which gets the data immediately off site, as well as replicated Virtual Tape Libraries which will also get your virtual tape off-site. Our cloud based backup is encrypted in transit and at rest for your protection.
Backups are great, but let’s talk about a small problem with backups. Let’s use an example. Each night at midnight, we do a full backup, which takes 1 hour. Great. During the day, our company is entering data, running jobs, taking phone orders, shipping, invoicing, etc. If the machine were to die at 10:00pm, then we would have lost 19 hours of data. Oh, that isn’t good. Yet, we have a full backup each night. We have no backup of all the transactions that happened during the day until the next backup at midnight. That is where replication comes in. We have quite a few customers that are replicating to our IBM i in the cloud to ensure that as soon as one transaction is entered on the system, it is immediately sent to our IBM i machine in the cloud. This means these customers don’t have the problem of losing their transactions since the last backup. We can even perform target side backups on our cloud, so that you have no downtime each day on your system (the source system). This provides higher availability for your customers.
OK, so now we should understand the different types of backups and services that you can have. The question is, when was the last time you tested your recovery. Don’t put the article down now, because I asked you an uncomfortable question. From my experience if you haven’t tested your recovery you have no idea if you actually can recover. I mean really test it out, don’t just try to restore one file from last night’s backup and think you are a superhero. The only time you are allowed to wear a red cape, is after you have successfully taken your backups and tried a recovery. Even if you don’t have a machine, iTech Solutions will bring a machine to your location, or you can bring your tapes to us (or send them to us), and we will help you recover your machine. I have done hundreds of recoveries, and I can tell you that the customer always learns something from each and every recovery I have been involved with. Collect your quarterly backups, your daily tapes and let’s try to see if you can recover. Let’s see what you might be missing. Let’s determine any issues that you have now, so that you can fix and correct them while it’s a test. Do you want to tell the owners of your company that you “thought” we had good backups? If it isn’t backed up you can’t recover it. If you don’t have the latest copy, you can’t give them the correct data. If you aren’t replicating, then you have to understand you will only be able to recover up to the last backup that you performed.
In summary, backups are your first step in your recovery, but you need to test a restore to make sure you have everything you need to recover your system. Do you know if what you are writing to tape is readable? You have no idea until you try to recover it. Don’t wait until your job is on the line, contact iTech Solutions today to schedule your recovery. The job you save, might be your own!
Who Unplugged my Excel Plugin?
Those of you who have begun to make the switch from IBM i Access for Windows to the Java-based IBM i Access Client Solutions product may have noticed a popular feature lacking from the new offering: the Excel data transfer plugin. The Excel add-in began to have problems when Office 2013 was released because Microsoft chose to make changes to the plugin infrastructure in Excel and IBM decided not to update the plugin to conform to these changes, resulting in a lackluster experience. Further decisions by IBM in the realm of support for various Windows platforms have complicated matters…namely the lack of support for anything but ACS on Windows 10.
While the Excel plugin (And the Windows client in general) may be on life support, its functionality is hugely popular with end users and as we all know users don’t like a lot of change. Client Solutions is a great product once you get used to it but it has a learning curve – just about everything it does, it does differently from the old software. This leaves system admins facing an army of pitchfork-wielding coworkers if they cannot find ways to ease the transition. The Excel plugin in particular needs a more elegant solution than CPYTOIMPF.
Enter, the Data Transfer tool. The data transfer tool in Access Client Solutions looks and acts very similarly to the version present in Access for Windows, but in this case IBM has taught an old dog a few new tricks. In ACS, we can now target an Excel spreadsheet directly. This is the official replacement for the Excel add-in, and here’s how it works:
- Open an Excel file and leave Excel running in the background. It can even be minimized.
2. The main ACS window and then select “Data Transfer.” On the “From IBM i” tab fill in the library/file from which to extract data. For the output device, select “Active Excel Spreadsheet.” To control what data is extracted, use the Data Options button.
3. Press “Start Transfer.” The data will be transferred and loaded into Excel, which should pop forward and become active for further editing.
A desktop shortcut can be created to point directly to a data transfer definition to make it easier/quicker for the user to open the Data Transfer tool. It is pretty simple. For help with any other IBM i problem, send an email to iTech Solutions.
IBM Adds Support for SMB2 on 7.2
It seems that every week there’s news of a company getting breached or being held ransom with malicious code. It’s no wonder that security is a hot button topic as of late. And just because you use IBM i does not mean you’re immune to all the latest threats. IBM has been hardening IBM i consistently and it hasn’t changed with IBM i 7.3.
In July we were working with a customer who ran IBM i 7.1 to get them off Server Message Block (SMB) version 1 with NetServer, but they couldn’t upgrade to 7.3 because of yet-to-be-announced ISV support. We figured that the only way to get around the SMB1 issue was to implement Samba with SMB2 support on IBM i 7.2 or upgrade to 7.3 where both NetServer and Samba supports SMB2. SMB is a network file sharing protocol. There are three versions: SMB1, SMB2 and SMB3. Microsoft has been recommending customers disable SMB1 due to the fact that it is essentially broken and compromised by a number of widely known ransomware variants. Eventually, Microsoft will likely eventually disable SMB1 by way of a Windows update which will effectively shut down communications from Windows computers to IBM i partitions only running SMB1. This means that if you do file and print sharing on your IBM i 7.1 partition, it’s a good possibility that eventually Windows won’t talk to it.
This isn’t new. Microsoft has been telling its customers to disable SMB1 for years. Recent ransomware attacks desperately underscore that need.
Literally the next week after speaking to this customer about his predicament, IBM announced that they were supporting SMB2 on NetServer in IBM i 7.2. In order to get NetServer working on SMB2 you need to download and apply the following PTFs: MF63692, MF63693, and MF63694.
On Windows 10 and 8.1, along with Windows Server 2012 R2 and 2016 you can permanently remove SMB1. You can’t remove SMB1 on Windows 7, but you can disable it. Microsoft has provided instructions for disabling or removing SMB1 here. If you have a domain, you can remove SMB1 via Group Policy here.
Yet another reason to get off IBM i 7.1! Don’t wait until the last minute. Get secure. Stay supported. If you want to upgrade,contact us.
SPOF in the IBM i World
A SPOF (Single Point of Failure) is any component of an IT application that, if it were to fail, would cause the application to be unavailable to users. In other words, the system would be DOWN. There are many components of an IT application and the goal of this article is to identify the SPOFs and provide alternatives for minimizing their impact on application availability. IT components not only include hardware and software, but also include the network and power source.
Dual (redundant) power supplies are standard features on IBM Power servers and also on expansion drawers for disk drives and adapters. Power supplies are not a SPOF, but they should be connected to different power sources to eliminate the power source as a SPOF. In smaller shops one power supply is connected to a UPS and the other power supply is connected directly to utility power. If either utility power or the UPS should fail, electricity will still be supplied to the server. In larger shops, each power supply is attached to a different UPS. And for installations with the highest up time requirements, the UPS will have a backup generator. Electricity should never be a SPOF for IBM Power Servers.
On IBM HMC’s (Hardware Management Consoles) dual power supplies are a recommended option, not a standard feature. So, make sure that you ask for it!
Users access your server through your network. If the network is down, or the server’s connection to the network fails, then your application is down. Ideally, your server should have more than one connection to the network. Standard 1GB network adapters for IBM Power servers are inexpensive, and have 4 ports. Network adapter cards rarely fail, but they do fail and when that happens users cannot access the server. Even if you only need 1 network connection, your server should be configured with 2 network adapters so that they are not a SPOF. Using Link Aggregation or Virtual IP, you can be using multiple adapters so as not to worry if one fails.
IBM i offers two disk protection options that eliminate a single disk drive as a SPOF, mirroring and RAID. With mirroring, each disk drive is assigned a mirrored backup. Whenever a disk write occurs, the operating system writes the data to the mirrored pair, keeping the pair in sync. RAID, however, is implemented not by IBM i, but by the disk adapter. A RAID-5 array is a group of 3 or more disk drives. The RAID array maintains redundant data that allows the array to rebuild data from a failed disk drive.
When a disk drive failure occurs, the server stays fully operational, but the mirrored pair or the RAID array have become a SPOF, until the failed disk drive has been replaced. With RAID, there is noticeable system performance degradation while the RAID array has to rebuild data from a failed disk drive. With mirroring, a failed disk drive does not affect system performance.
You can eliminate a disk drive failure from causing the disk subsystem to become a SPOF by using the Hot Spare option. One or more disk drives can be designated as Hot Spares that automatically replace a failed disk drive. Hot Spares can be designated in both mirroring and RAID environments. When a disk drive fails, IBM i will rebuild the data from the failed drive on to the hot spare and the system will return to normal operation. With Hot Spare, the disk subsystem is only a SPOF during data rebuild – which depends on the size of the drive. Without Hot Spare, the disk subsystem is a SPOF until the failed disk drive is replaced – hours or days. That means that a second disk drive failure to a RAID array or a mirrored pair will bring the system down. Considering the low cost of disk drives and the high cost of application downtime, Hot Spares are highly recommended.
Disk drives are connected to the server via disk adapters. Current IBM i systems are configured with paired disk adapters. Should one adapter fail, the remaining adapter will automatically take over and the server will remain operational.
Few servers these days use tape drives in the operation of the application. Tape is commonly used just to backup servers. If the tape drive failed, you would not be able to run a backup, but the application would continue to run. If a tape drive is required for the operation of your application, let’s say you need to create a tape to send data to another server, then a second tape drive and tape adapter are needed to eliminate tape as a SPOF.
A server’s motherboard is a SPOF, there can only be one in a Scale-out IBM Power Server, but with Enterprise class Power Servers, each node has a motherboard. The design of the motherboard incorporates many features to prevent server failure due to the failure of a critical component. If a processor core fails, it can be de-configured and replaced with a spare core. Memory failures can also be circumvented using the self-healing techniques built in to every Power server. There is no call to action here, the motherboard is extremely reliable and self-healing, but for more information read the Reliability, Availability and Serviceability (RAS) chapter of the Technical Overview and Introduction IBM Redbook for your server model.
Single Points of Failure
The motherboard and the software components (operating system, IBM licensed programs, 3rd party programs or application code) of your server are SPOF’s. There is little or nothing that you can do in the configuration of the server to prevent a system failure should one of these components fail. However, there is something that can be done to keep your application running when a server fails, and that is a High Availability/Disaster Recovery (HA/DR) solution. With HA/DR a second server, the backup server, is available to run the production workload when the production server fails. There are many different HA/DR options available that vary in cost, the time to recover from an outage (RTO- Recovery Time Objective), and the amount possible data loss (RPO – Recovery Point Objective).
Clustering provides the highest level of availability. With clustering, multiple servers are setup to run the production workload and when a server fails, the other servers in the cluster pick up its workload and there is no downtime. Clustering is the most expensive HA/DR solution and requires modifications to applications to implement Commitment Control.
Data Replication provides the next level of high availability, either through hardware or software data replication. With data replication, the data on the backup (target) server is kept in sync with the production (source) server by replicating updates as they occur. With data replication, there will be a short outage after the production server fails and before the backup server is made ready to run the production workload. Data replication solutions are very popular on IBM i.
With other HA/DR options, Backup/Restore via tape for example, the backup server will eventually come online to run the production workload, but there will be an outage (hours to days) and possibly some lost data.
You can increase application availability by eliminating SPOF’s:
- Plug redundant power supplies into redundant power sources
- Have a spare network adapter that is configured, connected to the network and ready to go
- Use disk hot spares to keep the disk subsystem fully protected from disk failures
- If your application cannot suffer at outage longer than it takes for a repair, then look at High Availability/Disaster Recovery solutions.
Every company has different needs and requirements, give iTech Solutions a call or send us an email so that we can help you determine how best to reduce your failures, and be prepared with a solution that is best for you.
Sept 19, 2017 – OMNI Technical Conference – IBM Schaumburg, IL
- Everything you need to know to upgrade to IBM i 7.3
- Step by Step guide to building Virtual partitions hosted by IBM i
- HMC, IBM i, FSP, and Firmware: Putting the pieces together
- How to be a Rockstar System Administrator using Navigator for i
Sept 21, 2017 – VTMUG Technical Conference – Doubletree Hotel, Burlington, VT
Come visit Laurie & Paul in the expo.
Sept 27-29, 2017 – Magic Virginia Beach IBM i User Conference Holiday Inn Virginia Beach, VA
Come visit Charlie in the expo.
Oct 2 – 4, 2017 – COMMON Fall Conference. Hyatt Regency St. Louis, Missouri
Visit Laurie in the Expo for information on our products and services, as well as participate in our COMMON social media challenge.
Pete will be speaking on:
- What you need to know when Upgrading IBM i to 7.3, 7.2, and 7.1
- Step-by-step guide to creating IBM i partitions hosted by IBM i
- Cool Things in Navigator for IBM i to be a Rock Star Administrator
- HMC, IBM i, FSP, and Firmware: Putting all the pieces together
- Tips and Tricks to improve System performance and Save Disk Space
Steve will be speaking on:
- Rapid Fire Administration
- IBM i and our False Sense of Security.
Oct 17 – 19, 2017 – Jack Henry & Associates Annual Conference Gaylord Opryland, Nashville, TN
Visit Laurie & Pete in the Expo.
April 23 – 25, 2018 – Northeast User Group Conference, Sheraton Framingham, MA
May 20 – 23, 2018 – COMMON Annual Conference & Expo, Marriott River Center, San Antonio, TX
PTF Section Header
People are always asking me how often they should be performing PTF maintenance, and when is the right time to upgrade their operating system. I updated this article from last month with the current levels of PTFs. Let’s look at PTFs. First, PTFs are Program Temporary Fixes that are created by IBM to fix a problem that has occurred or to possibly prevent a problem from occurring. In addition, some times PTFs add new functionality, security, or improve performance. Therefore, I am always dumbfounded as to why customers do not perform PTF maintenance on their machine at least quarterly. If IBM has come out with a fix for your disk drives, why do you want to wait for your disk drive to fail with that problem, only to be told that there is a fix for that problem, and if you had applied the PTF beforehand, you would have averted the problem. Therefore, I think a quarterly PTF maintenance strategy is a smart move. Many of our customers are on our quarterly PTF maintenance program, and that provides them with the peace of mind of knowing their system is up to date on PTFs. Below is a table of the major group PTFs for the last few releases. This is what we are installing for our customers on iTech Solutions Quarterly Maintenance program.
The easiest way to check your levels is to issue the command WRKPTFGRP. They should all have a status of installed, and you should be up to the latest for all the above, based upon your release. Now there are more groups than the ones listed above, but these are the general ones that most people require. We can help you know which group PTFs you should be installing on your machine based upon your licensed programs. Here is a nice tidbit. The Cumulative PTF package number is broken down as YDDD, where Y is the year and DDD is the day it was released. Therefore, if we look at the cumulative package for V7R1, the ID is 16120. We can determine that it was created on the 120th day of 2016, which is April 29th, 2016. Look at your machine and this will give you a quick indication of just how far out of date in PTFs you may be.
If you have a Hardware Management Console (HMC,) you should be running:
|HMC (CR4 last release)||V7R7.9||
If we have a model listed above in the HMC column that is the highest level of firmware that model of the HMC can be upgraded to.
- Note that release 8.8.x does not support any POWER5 servers.
- Version 7.7.9 is not supported as of 12/30/2016 and cannot be installed on HMC models C03, C04 or CR2.
- If an HMC is used to manage any POWER7 processor based server, the HMC must be a model CR3 or later model rack-mount HMC or C05 or later desk side HMC.
- HMC V8R8.1 is supported on rack-mount models CR5, CR6, CR7 and CR8; and on desktop model C08. These listed models meet or exceed the V8R8.1 minimum memory requirement of 2GB however 4GB is recommended.
- If you want to manage a POWER8 machine, you need to be on at least HMC 8.8.1
Some notes on the new HMC release V8R8.6 that just came out:
- Will be the last release to support POWER6.
- Will be the last release to allow ‘classic’ UI login.
- Will be the last release that supports the model CR5, CR6 and C08.
- The HMC must be at version V8 R8.4.0 or later to be upgraded to HMC V8 R8.6.0. This requirement is enforced during installation.
If you have a Flexible Service Processor (FSP) your firmware should be:
|Power5 or 5+||520, 515, 525, 550, 570||SF240_418_382||last|
|Power6||940x, M15, M25, M50||EL350_176_038||last|
|8203-E4A, 8204-E8A, 8204-E4A||EL350_176_038||last|
|MMA, 560, 570||EM350_176_038||last|
|Power7||8231-E1B, 8202-E4B, 8231-E2B, 8205-E6B, 8233-E8B, 8236-E8C||AL730_154_035|
|8231-E1C, 8202-E4C, 8205-E6C||AL740_163_042|
|Power7+||8231-E1D, 8202-E4D, 8231-E2D, 8205-E6D||AL770_116_032|
|Power8||8408-E8E, 8284-21A, 8284-22A, 8286-41A, or 8286-42A||
|9119-MHE or 9119-MME||SC860_082_056|
If you need help with upgrading your HMC or FSP just give us a call. We will be happy to perform the function for you or assist you in doing it. Contact Pete Massiello.