October 2008 Newsletter
Remember, this Sunday morning at 2:00 a.m. we
change our clocks to “fall backward” to Standard time from Daylight Savings time. Is your AS/400, iSeries, and/or i5 ready? It certainly should be if you do regular PTF maintenance. The Energy Policy Act of 2005 was passed by the United States Congress on July 29, 2005 and signed into law on August 8, 2005. This law changes the time-change dates for Daylight Savings Time in the United States.
This issue of our newsletter has four articles. In the first article, we have notes about Daylight Savings time. In the second, as security is always a pressing issue for people, we uncover some open holes when using FTP. In the third article, we discuss how to control the crazy growth of DB2 Web Query log files. The last article is for your reference with updated PTF information for your use. For a list of events that we will be attending over the next few months, please go to Events.
iTech Solutions can help you improve performance, upgrade i5/OS, perform security audits, implement a High Availability solution, VoIP, Systems Management, PTF management, Blade installations, iSCSI Configurations, upgrade an existing machine, or upgrade to a new machine. If you are thinking of LPAR or HMC, then think iTech Solutions. We have the skills to help you get the most out of your System i. For more information on any of the articles below please visit us at iTech Solution or contact us at firstname.lastname@example.org . We would also like to know what you think of this newsletter and any items you would like us to discuss in future issues.
|| Daylight Savings Time.
|Remember, this Sunday morning at 2:00am we
change our clocks to “fall backward” to Standard Time here in the US. Is your AS/400, iSeries, and/or i5 ready? What about your other machines? How will the time change affect any policies and procedures?
The Energy Policy Act of 2005 was passed by the
In addition, the National Fire Center recommends
Since V5R3, i5/OS automatically changes the time
These PTFs are part of i5/OS 5722-SS1. If you are on V5R2, you will have to manually adjust your time, using WRKSYSVAL QTIME. You will also need to change the System Value for the Universal Offset, QUTCOFFSET. This value should represent the number of hours difference from Greenwich Mean Time. You only need to change this if you are at V5R2, otherwise this value is automatically changed at V5R3 and above.
The Time Zone that the machine is set up to use
If you are using a Hardware Management Console,
Many customers in the fall, do not wish to deal with the effects of the clock changing in the middle of their running jobs (which could cause the start time to be after the end time for instance), and they usually have a CL program that they execute about 1:50am on Sunday morning to just bring the system down with a PWRDWNSYS DELAY(600) RESTART(*YES) command. Then, when the system IPLs the time has fallen back and all the jobs have the correct time.
If you need help, we have done this at many of our customers, and can help you by monitoring your system for you or being part of one of our maintenance programs. Contact us and let iTech Solutions help you.
We have been working with a customer on securing their IBM i when their customers and users use FTP. What we found was that there was quite an exposure. First, any user with a user profile was able to upload and download files. Basically any file, that a user had read access to, could be downloaded to their PC. If they had more authority than just read, they could actually modify the data on their PC, and then upload that file right back to the iSeries. That is SCARY and a huge security hole. We created an exit point program that allowed only certain users to do FTP: we can control the time and, the library they wish to download files to. This, was all done based upon the userid with which they were signing into the iSeries to do their FTP.
In addition, we had another application where our customer was allowing his customer’s to upload data for them to work on. His customers would connect to their machine, but once they were given access to FTP and a valid userid/password combination, an intelligent user could put the file or get the file just about anywhere in the IFS. What we wanted to do, is for his regular users, prevent them from changing out of their Home directory, yet still allow the QSECOFR and his programmers to have full access via FTP. Again, we were able to help him control his environment through exit point processing.
DB2 Web Query log files
I am writing this article, because one of our customers had their Web Query log files grow from nothing to 210GB in just a few days. It was the reason we wrote the article a few months back on using PRTDIRINF (Previous Newsletters) .
I was talking to Matthew at the COMMON Directions conference, where I was speaking, and he was telling me he had the exact same problem, and that there was a way to control the size of these logs. After the conference Matthew shared some additional information with me, which I want to pass along.
When IBM® DB2® Web Query is running, the edaprint.log file that is located in /qibm/UserData/webquery/IBI/srv76/wfs is logging various pieces of diagnostic information concerning the reporting server. A new edaprint.log file is created each time Web Query is started, and the last five logs are archived as edipri##.log, where ## is a number 0-99. By default, there is no limit to the size the log can grow to, and five previous logs are archived and remain on the system.
A user who wishes to have control over the maximum size of a the edaprint log and the number of logs archived on the system can do so by adding the following keywords in the edaserve.cfg file, which is located in /qibm/UserData/webquery/IBI/srv76/wfs/bin.
The value edaprint_history = n (where n is a number between 1 -99, 5 is default) controls how many of the archived files remain on the system before they are automatically removed.
The value edaprint_max_lines = nnnnnn (where nnnnnn is a number from 1 or greater, 0 is the default and means unlimited lines) controls the maximum number of lines that can be written to an edaprint.log file. A setting of at least 1000 is recommended. When the maximum number of lines are reached, the log is archived and a new log is created.
Note that Web Query must be restarted for this change to take effect; the first log file after you restart will actually grow somewhat longer than the max_lines value you have set. That is because the actual counting of the lines does not begin until after some start-up information has already been logged in the edaprint.log. The count starts after you see a line in edaprint.log similar to the following:
10/23/2007 14:06:23 EDAPLOG started (pid=535785.QWEBQRYADM.EDAPLOG)”
We have also found on our customer’s machines, that it is best to end Web Query right before your backups, and then start it back up. Here are the commands if you wish to do the same. You can easily add them in the job scheduler.
To Stop Web Query:
SBMJOB CMD(QWEBQRY76/ENDWEBQRY) USER(QWEBQRYADM)
To Start Web Query:
SBMJOB CMD(QWEBQRY76/STRWEBQRY) USER(QWEBQRYADM)
If you need addition help with setting up or configuring Web Query, please contact us at iTech Solutions contact us at iTech Solutions.
|Release levels and PTFs|
People are always asking me how often they should be performing PTF maintenance, and when is the right time to upgrade their operating system. I updated this article from last month with the current levels of PTFs. Let’s look at PTFs. First, PTFs are Program Temporary Fixes that are created by IBM to fix a problem that has occurred or to possibly prevent a problem from occurring. In addition, some times PTFs add new functionality, security, or improve performance. Therefore, I am always dumbfounded as to why customers do not perform PTF maintenance on their machine at least quarterly. If IBM has come out with a fix for your disk drives, why do you want to wait for your disk drive to fail with that problem, only to be told that there is a fix for that problem, and if you had applied the PTF beforehand, you would have averted the problem. Therefore, I think a quarterly PTF maintenance strategy is a smart move. Many of our customers are on our quarterly PTF maintenance program, and that provides them with the peace of mind of knowing their system is up to date on PTFs. Below is a table of the major group PTFs for the last few releases. You might notice that this week, IBM just created a new Security PTF Group, so I have added this to our list, as we are installing this for our customers on iTech Solutions Quarterly Maintenance program.
6.1 V5R4 V5R3 V5R2
Cumul. Pack 8288 8183 8267 6080
Grp Hipers 22 86 157 189
DB Group 6 17 22 25
Java Group 5 17 22 27
Print Group 5 25 16 7
Backup/Recov. 3 22 30 31
Security Group 2 2 3 –
The easiest way to check your levels is to issue the command WRKPTFGRP. They should all have a status of installed, and you should be up to the latest for all the above, based upon your release. Now there are more groups than the ones listed above, but these are the general ones that most people require. We can help you know which group PTFs you should be installing on your machine based upon your licensed programs. Here is a nice tidbit. The Cumulative PTF package number is broken down as YDDD, where Y is the year and DDD is the day it was released. Therefore, if we look at the cumulative package for V5R4, the ID is 8183. We can determine that it was created on the 183rd day of 2008, which is July 1st, 2008. Look at your machine and this will give you a quick indication of just how far out of date in PTFs you may be. I left V5R1 off the list, because if you are on V5R1, you don’t need to be worrying about PTFs, you really need to be upgrading your operating system. The same can be said for V5R2 and V5R3, but there are still customers who are on those releases.
If you have an HMC, you should be running V7.3.3, with PTF MH01119 installed. This is Serive Pack 2 for V7.3.3. For your Flexible Service Processor (FSP) that is inside your Power 5 or Power5+ (520, 515, 525, 550, 570), the level should be 01_SF240_358. Power 6 customers should be running EL320_083 (for M15, M25, and M50 machines) and EM320_083 (for MMA machines). If you need help with upgrading your HMC or FSP just give us a call. We will be happy to perform the function for you or assist you in doing it.