March 2010 Newsletter

Greetings!

Spring!  I can just feel it in the air as I write this month’s newsletter.  It is certainly the season of change, and as I look around we can see it even in our IBM i (AS/400, iSeries, i5, System i) world.  Last month IBM delivered some new POWER7 mid to high-end servers that we discussed in the February Newsletter.  We have all heard about a new version of IBM i being delivered this spring, version 7.1.  While IBM hasn’t made public exactly when it will be delivered, they have been forthcoming regarding many new enhancements. We reported about 7.1 in our October 2009 iTech Solutions Newsletter.  There are things changing all around us, but are you changing?  Are you keeping up with the new features and functions that are available to you?  Are you still on V5R2, V5R3, or V5R4?  It’s time to move forward.

One area that I am a firm believer in is education.  I believe that learning is a continuous process.  You need to invest in yourself, learn new skills, upgrade existing skills, learn new ways of doing things, learn about new technology, learn about ways to improve your life as well as your job; but no matter what you do you need to learn to continue to grow. You can’t learn by going to a one-hour session and then be done for the year.  It is a continuous process.   I am also very passionate about user groups, because it was there that I learned so much about the AS/400 and now the IBM i.  What I have learned at user groups has helped me so much in my career.  Don’t forget that there is just as much learning in the formal sessions at user groups as there is in the networking with other users.  Therefore, I would like to let you know about two user groups which I think provide excellent educational value.  First, there is the Northeast User Group Conference (NEUGC) coming up April 13 and 14th in Framingham, MA.  Then right afterwards, May 3rd to May 6th is the Annual COMMON conference, which is having their 50th annual conference this year in Orlando, Florida.  Both of these conferences have the best speakers in the world as their subject matter experts and provide an excellent value in meeting your educational needs.  I highly recommend both conferences.  I have been invited to speak at both conferences, and I look forward to meeting many of you again at these conferences.   Here are some of the sessions that I will be presenting:

  • What you need to know to upgrade i5/OS to V6R1 or V7R1.
  • Understanding, managing, and maintaining your HMC, FSP, and i5/OS.
  • Performance fundamentals.
  • LAB: Hardware Management Console (HMC).
  • Hosting virtual IBM i partitions on IBM i.


We have packed a lot of information into this newsletter, and I hope that you find this useful. This issue of our newsletter has five articles. In the first, we will address the need to manage user profiles with some spring cleanup.  The second is about iTech Solutions managed services to help you with all your iSeries needs. The third article is about using commands to manage tapes around in your tape media library.  The fourth article is about knowing what files are used by each query. The last article is for your reference with updated PTF information.

iTech Solutions can help you improve performance, upgrade i5/OS, perform security audits, implement a High Availability solution, Health Checks, Systems Management, Remote Administration,  PTF management, Blade installations, iSCSI Configurations, Backup/Recovery, upgrade an existing machine, or upgrade to a new machine.  If you are thinking of LPAR or HMC, then think iTech Solutions.  We have the skills to help you get the most out of your System i.

For more information on any of the articles below please visit us at on the web at iTech Solutions  or  email iTech Solutions.  We would love for you to let us know any articles that you wish for the future, or if you enjoy any of the articles in the current newsletters.

 
 

Spring Cleaning User profiles.

Spring cleaning

In the theme of this month’s newsletter, we are going to start doing a little spring cleaning on our user profiles.   This is one of the services that we provide during our iTech Solutions iSeries Health-check, as well as some of our remote monitoring services.  I thought this would be extremely valuable as I see unused profiles on so many customer machines each month.  It just amazes me how many customers don’t do anything to manage user profiles.  Have you ever heard the saying, “The strength of a chain is determined by the weakest link in the chain”?  Well user profiles are the access into your system, and as such you don’t want user profiles on your system belonging to people who have left the company, user profiles that have default passwords, or user profiles that haven’t had any activity in a few years.

The most important consideration in user profile management is what you do to the user’s profile when the user leaves the companyDo you change the password for the user profile, disable the user profile, delete the user profile, or do nothing with the user profile?  I always hear “we can’t delete the profile because it owns objects” or “we can’t delete the profile because we run production jobs from that id”.  While both statements have some validity to them, what is really being said is “I don’t want to figure out what objects that profile owns” and/or  “I am too lazy to figure out how to run this job from another id”.  Ok, I understand everyone is busy and has way too many tasks than time to complete them, but security is important. When someone leaves the company, no matter if it was voluntary or involuntary, their profile should be disabled immediately.  Immediately!!  That will prevent anyone from using that profile to access your system.  This is extremely easy to do with the command CHGUSRPRF USRPRF(profile) STATUS(*DISABLED).   When a user profile is disabled, it is not valid for sign-on until an authorized user enables it. Yet, batch jobs can still be submitted for a disabled user profile.  This is a great first step, but just a first step.  I think you should also change the password for the profile as well, so that if it is enabled, the old password would not be valid for the user profile.  However, we are no way near done with this user profile. We need to reassign the objects that this profile owns before we delete it.  A good lesson to learn is that you shouldn’t run production jobs from a user’s profile.  Instead set up a generic profile that you can use for running batch jobs.   Now we need to address objects owned by a profile.  The easiest way to see the objects that a profile owns is with the command WRKOBJOWN USRPRF(userprofile).  This will give you a list of objects owned.  Now comes the hard part. What do you do with this list?  Well for that I can’t tell you exactly what to do, but you need to look at each object, and for those objects you wish to keep you, transfer to another user profile.  Then delete those objects you don’t want or need.   You can’t delete a user profile while it owns objects.

The next security exposure is having user profiles where where no one has ever signed on and may have a default password that you assigned, or similarly user profiles which haven’t signed on in some time.  We should also address passwords that haven’t been changed in a while, but I am going to leave that for another month.  To tackle the exposure, first I want to get a list of all the user profiles on the system by entering the following command:  DSPUSRPRF USRPRF(*ALL) OUTPUT(*OUTFILE) OUTFILE(QTEMP/DSPUSRPRF) .  Notice that I put the outfile into QTEMP:  this way when I sign off, the file is automatically deleted, and I didn’t leave a file which lists all my user profiles in a library accessible to everyone, like QGPL.  Now all I have to do is create a query or SQL over this file to retrieve the information that I need.  The SQL statement to list all the profiles that have not signed on this year would be SELECT * FROM QTEMP/DSPUSRPRF WHERE UPPSOD < ‘100101’ ORDER BY UPPSOD.  Give this a try, and see for yourself if there are any surprises.

Pretty simple, very effective, and it will prevent unauthorized access to your system.  Now all you need to do is set this up to run once a month and keep track of the user profiles on your system.  Of course, if you wish, iTech Solutions Managed Services can take care of this and many other system administration tasks for you each and every month.  Give us a call or email us.

 




Remote System Administration
and Monitoring.
How are you currently monitoring your system? Are you monitoring your replication software? What was the outcome of your last audit? Who checks that backups are done each night? Are you backing up everything you would need in the event you had to recover your system? When was the last time you applied PTFs? Are you in need of an i5/OS upgrade? Are your systems properly being managed and administrated? Is security being managed?  What happens when there are performance issues? Who is managing disk growth? These are some of the questions that you need to ask yourself. 

Everyone has different requirements for the administration, management, and monitoring of their systems, and iTech Solutions has many different programs that can address those needs.  Here at iTech Solutions we design our programs to meet the needs of our customers and can tailor each and every program so that it meets exactly what our customers require.  Every customer that I see is doing more and more tasks with the same or less staff. They just don’t have the time or the expertise in many instances to perform the systems administration, management, and monitoring. We can supplement your staff to address any and all of your system administration needs.
Through iTech Solutions advanced IBM i (AS/400, iSeries, System i) Administration & Monitoring Services, iTech Solution’s engineers can remotely perform 99% of the server management functions an engineer can provide onsite, except for those few activities that require someone to physically touch the machine. In those cases, we can utilize our client’s staff or be on-site.

iTech Solutions provides the following as part of our Remote IBM i Administration & Monitoring Services:

Hardware and Operating System Services:

  • System Administration – Configure, manage, and monitor system level services. Configure and manage i5/OS (OS/400) level security. Create and maintain file systems and directory structures. Create, modify, and remove user accounts. Management of remote server access as required. Provide administration support as needed for application software installations and upgrades.
  • Disk space Management – Proactively keep track of disk growth and usage.
  • Capacity Planning – Perform proactive system level capacity planning and performance tuning as required.
  • File Reorganization Management – Identify files requiring reorganization to improve performance and reduce disk space.
  • Hardware Maintenance – Remotely troubleshoot and resolve hardware problems. Coordination with IBM for of hardware & Operating System maintenance and repairs for critical events 24/7.
  • Firmware Upgrades – Perform proactive hardware and firmware upgrades as required.
  • HMC Upgrades – Perform proactive software and firmware upgrades on your HMC.
  • PTF Management – Apply patches, Program Temporary Fixes (PTFs), and new versions as necessary for the operating system.
  • i5/OS Upgrades – Perform i5/OS upgrades.
  • Operational Support – Troubleshooting, escalation, and resolution of hardware and software problems including access to trouble ticketing system.

Monitoring Services:

  • Server Monitoring – Monitoring of all IBM i platforms and i5/OS systems for errors and alerts.
  • Application Monitoring – Monitoring of client’s applications and processes as directed by client and as agreed upon.
  • Automated Alert System – Paging and e-mail notification of alerts to pre-determined escalation contacts by monitoring system.
  • Replication monitoring – Monitoring of your high availability replication software for out-of-sync objects, and apply issues.

Tape Backup Services:

  • Daily Tape Backups – Manage system level backup & recovery procedures. Perform daily incremental and weekly full backups to tape or to client specifications.

No matter what support you need, iTech Solutions can provide cost-effective administration, management, and monitoring of your iSeries servers. Our certified engineers have the knowledge, expertise, and experience to keep your iSeries servers running at peak performance. Our services have been proven to reduce IT operating costs by 60% or more while increasing services levels substantially.

Prices starting at just $995 per month for Remote iSeries Administration & Monitoring.  For additional information, please email pmassiello@itechsol.com

Managing tapes inside a Tape Media Library.      
 

You just purchased an autoloader tape media library, but you continue to use it as a tape drive.  Ok, don’t feel bad, almost everyone does.  But for those who have worked with the tape media library commands, they know media libraries are really fantastic.

First, how do you know if you have a tape media library?  Well, if you can only load just one tape at a time into the device, it’s a stand-alone device.  So, you don’t have the need for these commands.  But if you can load multiple cartridges into the tape device at once it is a tape media library.

If you do have a tape media library, you will notice that when you first connected your tape drive, it created two devices.  The first was called TAPMLB01 and the other was called TAP01.  Most people don’t know what to do with the TAPMLB01 and just vary it off, and vary the TAP01 device on.  Note: You can’t have both varied on at the same time. Many people use the control panel on the tape drive to perform these tape movement functions, but there are CL commands as well that you can use.  Once you start using these commands, you won’t want to use the control panel on the front of the tape drive.  Here are some of the commands:
  • ADDTAPCTG: Add Tape Cartridge
  • CHGTAPCTG: Change Tape Cartridge
  • DSPTAPCTG: Display Tape Cartridge
  • RMVTAPCTG: Remove Tape Cartridge
  • WRKTAPCTG: Work Tape Cartridge

If you need help or additional information on using your media library,  contact Pete via email at pmassiello@itechsol.com

What files does my Query use? IBM i Operating System
How many times have you wanted to know which files are used by some queries? Or perhaps you are making a change to a physical file, and you want to change any queries that use the file which you are changing?  You already know that the DSPPGMREF command will tell you what files are used by a program.  Well now in V6R1, IBM has enhanced the DSPPGMREF to also show you which files are used by an SQL Packages and Query definitions.  Although, there is one drawback:  you must go in and change the query once you are on V6R1 and save the query definition for the information to be displayed by the DSPPGMREF command.  Any query that hasn’t been resaved since upgrading to V6R1 will not show any information about files being used.  If you want to see all what files are being used by every query on your system residing in a user library, enter the command DSPPGMREF PGM(*ALLUSR/*ALL)  OUTPUT(*OUTFILE) OBJTYPE(*QRYDFN)  OUTFILE(library/outfile) .  Now the file outfile in library would have a listing of every file used by your queries.  This is an excellent tool to help manage your queries.

 If you require any help or would like to learn more about how iTech Solutions can help you manage your environment and get more from your existing system, please contact iTech Solutions.

Release levels and PTFs
 

iSeries Family

People are always asking me how often they should be performing PTF maintenance, and when is the right time to upgrade their operating system.  I updated this article from last month with the current levels of PTFs. Let’s look at PTFs.  First, PTFs are Program Temporary Fixes that are created by IBM to fix a problem that has occurred or to possibly prevent a problem from occurring.  In addition, some times PTFs add new functionality, security, or improve performance.  Therefore, I am always dumbfounded as to why customers do not perform PTF maintenance on their machine at least quarterly.  If IBM has come out with a fix for your disk drives, why do you want to wait for your disk drive to fail with that problem, only to be told that there is a fix for that problem, and if you had applied the PTF beforehand, you would have averted the problem.  Therefore, I think a quarterly PTF maintenance strategy is a smart move.  Many of our customers are on our quarterly PTF maintenance program, and that provides them with the peace of mind of knowing their system is up to date on PTFs.  Below is a table of the major group PTFs for the last few releases.  This is what  we are installing for our customers on iTech Solutions Quarterly Maintenance program.

Releases

                     6.1    V5R4    V5R3    V5R2
Cumul. Pack  10047  9321    8267   6080

Grp Hipers        58     123     169      189

DB Group          13       25      24        25

Java Group       11       22      23        27

Print Group       17       39      20         7

Backup/Recov.  12       29      33        31

Security Group   16      14        7         –

 
Blade/IXA/IXS    13      14        –          –
 
Http                  12       22      17         –                



The easiest way to check your levels is to issue the command WRKPTFGRP.  They should all have a status of installed, and you should be up to the latest for all the above, based upon your release.  Now there are more groups than the ones listed above, but these are the general ones that most people require.  We can help you know which group PTFs you should be installing on your machine based upon your licensed programs. Here is a nice tidbit.  The Cumulative PTF package number is broken down as YDDD, where Y is the year and DDD is the day it was released.  Therefore, if we look at the cumulative package for V5R4, the ID is 9104. We can determine that it was created on the 104th day of 2009, which is April 14, 2009.  Look at your machine and this will give you a quick indication of just how far out of date in PTFs you may be.  I left V5R1 off the list, because if you are on V5R1, you don’t need to be worrying about PTFs, you really need to be upgrading your operating system.  The same can be said for V5R2 and V5R3, but there are still customers who are on those releases.

If you have an HMC, you should be running V7R7.1  If your HMC is a C03, then it should stay at V7R3.
For your Flexible Service Processor (FSP) that is inside your Power 5 or Power5+ (520, 515, 525, 550, 570), the code level of the FSP should be 01_SF240_382. Power 6 (940x M15, M25, & M50 machines, and 8203-E4A & 8204-E4A) customers should be running EL350_038.  For Power6 (MMA, 560, and 570 machines) your FSP should be at EM350_038. If you have a Power6 595 (9119-FMA) then you should be on EH350_038. POWER7 the firmware level is AL710_043.
If you need help with upgrading your HMC or FSP just give us a call.  We will be happy to perform the function for you or assist you in doing it. Contact Pete Massiello.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*