October 2011 Newsletter
i can do anything with iTech Solutions
While we come to the end of the baseball season with the World Series currently underway, don’t worry:with iTech Solutions, you have your bases covered all year long. You will be surprised at the number of ways we can help you. Each month our newsletter brings to light tips and techniques that help many System Administrators in their job, as well as help managers know what is happening in the IBM i world. We are happy to be able to help so many people in the IBM i community. The number of iTech Solutions customers is growing each month, and that is due to our commitment to our customers, our services, and the support that we provide. Find out for yourself what it is like to work with a business partner who cares about you and your success.
On Monday October 10, IBM announced the first IBM Champions for Power Systems. I was very honored to be named one of those first champions. I went to Miami to accept the award from Dr. Colin Parris, Vice President of IBM Systems and Technology Group, during the opening session of the 2011 Power System Systems Technical University. All I can say is that I love what I do, and I plan to continue it.
They will whisk you away. No, not the witches’ brooms at Halloween, but the New IBM Power7 machines that were announced in early October. The improvements are mainly in the area of I/O, with new PCIe Gen2 cards and slots for expanded bandwidth. The long anticipated large cache PCIe card was also delivered. New backplanes were delivered for many of the machines with an additional card slot, but note that these are not Power7+ machines. For all the information on the announcement, click here. For information on what these new features are, how you can take advantage of them, and for a quote on a new machine, please contact Glenn.
This issue of our newsletter has six articles. In the first, the topic is tape encryption and why you must be using this. The second article is about the IBM Champions. The third article lists some of the upcoming events in which iTech Solutions will be participating. The Fourth article is about cloud computing. The fifth article is on creating ZIP files directly on IBM i. The last article is for your reference with updated PTF information.
If you are still on V5R4, send Pete an email and he can help you upgrade to V6R1 or V7R1. With over 325 V6R1 upgrades done to date you know iTech Solutions has the expertise and know how.
iTech Solutions can help you improve performance, perform security audits; implement a High Availability solution; perform health checks, systems management, remote administration, PTF management, blade installations, iSCSI configurations, backup/recovery; upgrade an existing machine; or upgrade to a new machine. If you are thinking of LPAR or HMC, then think iTech Solutions. We have the skills to help you get the most out of your IBM i.
Sweeter than Halloween Candy: Encryption – Keeping Data Secure and Private.
Most of us backup our data every day. If you have been a reader of this newsletter, you know I am always telling everyone that they need to move their tapes off-site, because if a disaster happens and you lose the computer room and everything in it (computers and backup tapes), and you can’t recover. But what happens if someone misplaces your backup tape, steals your backup tape, or even reads the tape? Do you have information on that tape that is confidential? Social Security numbers? Name and addresses? Medical information? Credit card numbers? Well you can be liable for your loss! Continue to read.
On September 8th of this year, a Delaware pediatric health facility lost data on 1.6 million people. Three unencrypted backup tapes containing the personal information of more than a million and a half individuals have gone missing from Nemours, a children’s health system based in Wilmington, Del. What type of personal information? Names, addresses, dates of birth, Social Security numbers, direct deposit bank account numbers, and data on insurance and medical treatments, all information used to steal identity. You have to realize that there are both soft and hard costs when this happens. You don’t want to have the negative publicity when this gets out to the public, and you will have to pay legal fees and other costs to protect the identity of those individuals affected. In the case of Nemours, the affected individuals are being notified and offered one year of free credit monitoring and identity theft protection. In addition, the company is taking steps to strengthen its data security practices, such as encrypting all computer backup tapes. So they are fixing the problem after it has already happened, like fixing the barn door after the horses have already escaped. If it cost $50 a person to monitor someone’s credit for a year, and there were 1.6 million people, that would be an $80,000,000 bill. They could have been encrypting their tapes for under $10,000. Encryption seems like a no brainer. We don’t even know how many people wouldn’t come back to that company, which is an additional loss.
The story on Nemours serves as an alarming reminder that everyone should be encrypting their data. Even if you don’t have personal information, health information, or credit card information, you don’t want your data falling into anyone else’s hands, nor would you want your competitors to know your customers. So why isn’t everyone encrypting their data? Good question. The value far outweighs the cost. Implementing encryption can be a little bit difficult. Once you have set up encryption for tape drives a few times, it is quite easy to do. But the first time can be difficult. This is where iTech Solutions can help you set up tape encryption, a key vault for storage of keys, and help you establish the policies and procedures you need to use encryption. Learn how to handle keys, generate new keys, store the keys, configure the tape drives, configure the key store and key rotation, and manage your keys & tapes. Send Matt an email to set up an engagement to get your tapes encrypted.
There are two types of encryption: software based encryption using BRMS, and hardware based encryption. The software based encryption on the IBM i uses BRMS to handle the keys and encrypt the data. Since this is done in software, it will slow down the backup as well as the restore because the encryption is done on the server as you read and write the tape. Also the BRMS encryption option is an additional cost. Hardware encryption, which uses transparent LTO tape encryption as a hardware option on the tape drive, doesn’t have any performance impact like the software based does. The keys are stored in the Tivoli Keystore License Manager (TKLM), and the tape drive talks directly with the TKLM software. With hardware encryption, there is no performance impact as there is with software based encryption.
When your tapes are encrypted, your data is safe. Remember, if you don’t have the key to unencrypt the data, it is just a bunch of ones and zeros.
|2011 IBM Champions Power Systems.
The list of 2011 IBM Champions has just been announced, and we are proud to let you know that our own Pete Massiello from iTech Solutions has been awarded one of the first IBM Champions for Power Systems. “It’s a great honor to be recognized as a leader and mentor in the Power Systems community by IBM through this award,” said Pete Massiello, iTech Solutions President and award recipient.
The IBM Champion program recognizes innovative thought leaders in the technical community – and rewards these contributors by amplifying their voice and increasing their sphere of influence. An IBM Champion is an IT professional, business leader, developer, or educator who influences and mentors others to help them make best use of IBM solutions and services. IBM Champions are not employees of IBM.Learn more at Champions
iTech Solutions would like to congratulate to all the IBM Champions. For a complete list of 2011 IBM Champions and their profiles visit: https://www.ibm.com/developerworks/champion/
November 9th at 2:00pm EST Web cast: How to improve Disaster Recovery readiness.
We are known for our resiliency in New England, it’s part of who we are, yet even we did not predict the string of events that has unfolded in 2011 in our region. Perhaps 2011 is an anomaly, yet for many businesses the recent natural events focused the spotlight on the need for improved processes and preventative measures. Join Pete Massiello to hear about the experiences of several New England firms and to give you an overview of options to improve business continuity for your IBM i environment.
IBM i DevCon, Planet Hollywood, Las Vegas. November 2nd and 3rd.
November 29, at 2:00pm EST: Conference Call. Moving up to 7. IBM i 7.1 recent announcements & Power 7 value.
Let’s Do IT in the Clouds
Everyone is interested in the clouds these days, and there are many offerings. What would you like to do? Well for starters, did you know that iTech Solutions has one of most impressive IBM i cloud infrastructures in the northeast? You can host your entire machine at one of our sites, or perhaps just replicate your production machine to our cloud for high availability. The options are endless. Many of our customers don’t have a second location to which to replicate, so they replicate to one of our sites on one of our machines. They don’t need the second location and don’t need the second machine, and we operate, monitor, and administer the machine for them as well. Did you know that if you aren’t looking for moving your machine to the cloud, we also offer virtual IBM i administrators? You get all the expertise of an expert IBM i administrator when you need them, and just pay for what you use. Don’t get tricked by other companies offering you experienced IBM i administration. Go with iTech Solutions and get the treat this Halloween.
|Create .ZIP files and unzip directly from IBM i.
With IBM i 7.1 and the latest HTTP Group PTF,IBM i supports the user’s ability to both create (.zip) archive files and extract the contents of (.zip) archive files. This support includes native APIs and a service program to create (.zip) archive files, and the ability to extract the contents of (.zip) archive files. Multiple files and directories within IBM i can be compressed and packaged into a single archive file using the QzipZip API. Using the QzipUnzip API, the contents of the (.zip) archive file can be extracted to the target IBM i system. The service program QZIPUTIL has entry points that can be called by any other ILE program to create and extract (.zip) archive files. It is a system state user domain service program that adopts *USER authority. The service program has the following exported functions – QzipZip and QzipUnzip. The zip and unzip implementation on IBM i uses the open source zlib library to inflate and deflate the files. These new APIs are included in the latest level of the HTTP Server Group PTF – SF99368.
The syntax for the APIs are:
If you are not on V7R1, then you can’t take advantage of these new features. Contact Pete to upgrade your operating system.
|Release levels and PTFs|
People are always asking me how often they should be performing PTF maintenance, and when is the right time to upgrade their operating system. I updated this article from last month with the current levels of PTFs. Let’s look at PTFs. First, PTFs are Program Temporary Fixes that are created by IBM to fix a problem that has occurred or to possibly prevent a problem from occurring. In addition, some times PTFs add new functionality, security, or improve performance. Therefore, I am always dumbfounded as to why customers do not perform PTF maintenance on their machine at least quarterly. If IBM has come out with a fix for your disk drives, why do you want to wait for your disk drive to fail with that problem, only to be told that there is a fix for that problem, and if you had applied the PTF beforehand, you would have averted the problem. Therefore, I think a quarterly PTF maintenance strategy is a smart move. Many of our customers are on our quarterly PTF maintenance program, and that provides them with the peace of mind of knowing their system is up to date on PTFs. Below is a table of the major group PTFs for the last few releases. This is what we are installing for our customers on iTech Solutions Quarterly Maintenance program.
7.1 6.1 V5R4 V5R3
Cumul. Pack 11270 11256 11137 8267
Tech. Refresh 3
Grp Hipers 43 103 164 169
DB Group 11 21 31 24
Java Group 6 17 27 23
Print Group 3 21 44 20
Backup/Recov. 10 23 41 33
Blade/IXA/IXS 8 22 15 –
HTTP 10 22 29 17
TCP/IP 5 13 20 16
Security 9 23 18
The easiest way to check your levels is to issue the command WRKPTFGRP. They should all have a status of installed, and you should be up to the latest for all the above, based upon your release. Now there are more groups than the ones listed above, but these are the general ones that most people require. We can help you know which group PTFs you should be installing on your machine based upon your licensed programs. Here is a nice tidbit. The Cumulative PTF package number is broken down as YDDD, where Y is the year and DDD is the day it was released. Therefore, if we look at the cumulative package for V5R4, the ID is 9104. We can determine that it was created on the 104th day of 2009, which is April 14, 2009. Look at your machine and this will give you a quick indication of just how far out of date in PTFs you may be. I left V5R1 & V5R2 off the list, because if you are on V5R1 or V5R2, you don’t need to be worrying about PTFs, you really need to be upgrading your operating system. The same can be said for V5R3, but there are still customers who are on those releases.
If you have an HMC, you should be running V7R7.2M0 SP2 or V7R7.3M0 SP1. If your HMC is a C03, then it should stay at V7R3.5 SP3.
For your Flexible Service Processor (FSP) that is inside your Power 5 or Power5+ (520, 515, 525, 550, 570), the code level of the FSP should be 01_SF240_403. Power 6 (940x M15, M25, & M50 machines, and 8203-E4A & 8204-E4A) customers should be running EL350_108. For Power6 (MMA, 560, and 570 machines) your FSP should be at EM350_108. If you have a Power6 595 (9119) then you should be on EH350_108. POWER7 the firmware level is AL730_035 for 8202-E4B (710, 720, 730, 740), AL730_035 for 750 (8233-E8B) & 755 (8236-E8C). Use AM730_035 for 770 (9117-MMB) & 780 (9179-MHB).
If you need help with upgrading your HMC or FSP just give us a call. We will be happy to perform the function for you or assist you in doing it. Contact Pete Massiello.