IBM Statement of Direction: Fibre Channel Endpoint Security
The first link was working, but here’s an updated link: https://www.ibm.com/docs/en/announcements/z-linuxone-2q-2024-statement-direction This link to the FAQ document still seems to be working: https://www.ibm.com/downloads/cas/Y6E9KLA8 — Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM Z/LinuxONE, Asia-Pacific sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
IBM Statement of Direction: Fibre Channel Endpoint Security
I’d like to draw your attention to this new IBM Statement of Direction regarding IBM Fibre Channel Endpoint Security with FICON-attached devices: https://www.ibm.com/docs/en/announcements/statement-direction-1-qtr-2024 More information is available here: https://www.ibm.com/downloads/cas/Y6E9KLA8 IBM Fibre Channel Endpoint Security is already available for all current model machines and some prior model machines. — Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM Z/LinuxONE, Asia-Pacific sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
OpenShift 4.15 Now Available
Red Hat OpenShift Container Platform Version 4.15 is now available. This release includes major new features for IBM LinuxONE and IBM Z servers: • a “bare metal” LPAR deployment option — sans z/VM, KVM, or z/OS; • support for multi-architecture compute nodes; • “SNO” (single-node OpenShift) support, with significantly lower resource requirements for applications and development environments that don’t need OpenShift’s high availability features; • easier installation options; and • a preview of hosted control planes. More details are available here: https://community.ibm.com/community/user/ibmz-and-linuxone/blogs/gerald-hosch1/2024/03/14/new-deployment-options-for-less-resource-reqs?CommunityKey=fd56de68-d38b-499b-a1f4-51010f4eee66 — Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM Z/LinuxONE, Asia-Pacific sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Cryptographic processor
Victor Echavarry asks: >Does Linux under z/VM support Cryptographic processor? Yes. For CPACF (CP Assist for Cryptographic Functions) you have nothing to do, really. Just make sure Feature Code 3863 is installed on your machine(s) if you want all CPACF functions. For IBM Crypto Express features, read on >Is there a book or document that explain this? Here’s the entry point into the z/VM documentation that describes how to configure IBM Crypto Express resources so that Linux (and other) guests can use them: https://www.ibm.com/docs/en/zvm/7.3?topic=features-configuring-crypto-express-adapters Are you looking for any more information beyond z/VM-related configuration? — Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM zSystems/LinuxONE, Asia-Pacific sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Webcast on Hyper Protect & LinuxONE Cloud
I'm hosting another technical Webcast at an Asia-Pacific friendly time: Friday, April 21, at 11:00 AM Singapore Time (03:00 UTC). The topic is IBM Hyper Protect Services and LinuxONE via IBM Cloud. It'll be 60 minutes total including Q To register please visit: https://ibm.biz/apac-webinar-subscription Or if you'd just like the calendar entry (.ics file) then that's available here: https://ibm.biz/hyperprotect0421 — Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM zSystems/LinuxONE, Asia-Pacific sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
IBM Webinar on OpenShift with Secure Execution
I'm hosting a Webinar this Friday (March 3) at 11:00 AM Singapore Time (03:00 UTC) on the new Secure Execution support available for Red Hat OpenShift Container Platform on IBM zSystems and LinuxONE servers. Secure Execution is available at no additional charge on IBM z15, LinuxONE III, and higher model servers. It improves the isolation/separation between workloads for better security. If you'd like to attend please visit this Web site to sign up: https://ibm.biz/apac-webinar-subscription There are other topics scheduled, and you may also be interested in those. Replays will be available if you cannot join live. This time should be convenient for countries in Asia-Pacific (India to New Zealand basically), and it may also work for the eastern Pacific (U.S. West Coast for example). There aren't a super abundance of live Webcasts in these time zones, so I like to mention them from time to time, especially when I'll be on. — — — — — Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM zSystems/LinuxONE, Asia-Pacific sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Taking some time
Congratulations and thanks Mark! — — — — — Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM zSystems/LinuxONE, Asia-Pacific sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
IBM LinuxONE Emperor 4 and z/VM 7.3 Announcements
For your reading pleasure IBM LinuxONE Emperor 4 https://www.ibm.com/downloads/cas/US-ENUS122-002-CA/name/US-ENUS122-002-CA.PDF z/VM 7.3 https://www.ibm.com/downloads/cas/US-ENUS222-215-CA/name/US-ENUS222-215-CA.PDF — — — — — Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM zSystems/LinuxONE, Asia-Pacific sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Can zLinux detect when files arrive in the virtual reader?
Would a NJE deployment on/with Linux — Sine Nomine's NJE/IP as a notable example — be relevant here? — — — — — Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM zSystems/LinuxONE, Asia-Pacific sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
NIST Announced Quantum-Safe Cryptographic Standards
The U.S. National Institute of Standards and Technology (NIST) has announced
four algorithms as new NIST standards in quantum-safe cryptography. The four
winning algorithms are:
CRYSTALS-Kyber public-key encryption ("general encryption")
CRYSTALS-Dilithium digital signatures
FALCON digital signatures
SPHINCS+ digital signatures
"NIST recommends CRYSTALS-Dilithium as the primary [digital signature]
algorithm, with FALCON for applications that need smaller signatures than
Dilithium can provide." SPHINCS+ is "somewhat larger and slower than the other
two" digital signature algorithms. NIST views SPHINCS+ as a "backup" algorithm
to Dilithium and FALCON.
IBM researchers developed CRYSTALS-Kyber, CRYSTALS-Dilithium, and FALCON in
collaboration with industry and academic partners. They are already available
in some IBM products including the new IBM z16 servers. (Previous generations
can of course use software implementations, and for many generations of IBM
zSystems/LinuxONE servers the classic algorithms that are quantum-safe, such as
AES-256, also enjoy deep hardware support.)
The significance of this NIST announcement is that you can (and should) start
evaluating your systems and software for quantum safety if you haven't started
already. There's still some more work on the standards front (such as an update
to TLS) that's expected, but NIST's announcement is big news.
NIST hasn't been able to settle on a "backup" algorithm to CRYSTALS-Kyber yet,
so NIST is leaving the door open for further refinement and evaluation of four
candidate "general encryption" algorithms.
For more information
https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms
https://research.ibm.com/blog/nist-quantum-safe-protocols
— — — — —
Timothy Sipples
Senior Architect
Digital Assets, Industry Solutions, and Cybersecurity
IBM zSystems/LinuxONE, Asia-Pacific
sipp...@sg.ibm.com
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Local webserver for ISOs
You may wish to consider setting up a caching proxy of some kind. — — — — — Timothy Sipples Senior Architect Digital Assets, Industry Solutions, and Cybersecurity IBM zSystems/LinuxONE, Asia-Pacific sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Kubernetes and Red Hat OpenShift Support for IBM Crypto Express
Applications running in Kubernetes and Red Hat OpenShift Container Platform environments can now exploit the FIPS 140-2 Level 4 certified IBM Crypto Express Hardware Security Modules (HSMs) available on IBM Z and IBM LinuxONE servers. This combination provides the strongest, best-in-industry cryptographic services for applications in these environments. For more information and links to download the containerized device plug-in software please visit: https://community.ibm.com/community/user/ibmz-and-linuxone/blogs/adam-jollans1/2022/02/02/ibm-z-crypto-red-hat-openshift - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
VM Workshop 2021 Presentations Available on YouTube
The 2021 VM Workshop assembled virtually on June 10 and 11, and the presentations are now available on YouTube here: https://www.youtube.com/channel/UCwHDyL91yiybsY71dwQpveg/videos There are presentations covering z/VM, Linux on IBM Z and LinuxONE, and z/VSE. The 2020 presentations are also available. It appears that you can turn on closed captioning for all these videos if/as needed. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
IBM Paying Bounties for Code Contributions
Just in case you're not aware, IBM is paying rewards to individuals who contribute to open source software projects -- including contributions to optimize and improve software for s390x architecture (IBM Z and LinuxONE servers). A frequently updated list is available here: https://www.bountysource.com/teams/ibm/bounties - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
WebAssembly (Wasm) Support Merged Upstream
WebAssembly, often abbreviated Wasm, is a binary instruction format for a stack based virtual machine. While Wasm is getting popular as a runtime environment within Web browsers, it's also sometimes used on servers for backend processing of various kinds. (I've been bumping into it on occasion for some of my customers' projects.) Wasm typically has some performance advantages over JavaScript, for example, so it's often used in conjunction with Node.js runtimes. There are also translators from other programming languages (e.g. C, C++, and Rust) into Wasm. You can read more about what Wasm is here: https://en.wikipedia.org/wiki/WebAssembly The WebAssembly community has kindly accepted source code contributions to add s390x architecture support. Details are available here: https://github.com/bytecodealliance/wasmtime/pull/2874 The current upstream Wasm code supports IBM z15 and LinuxONE III servers (including the LinuxONE Community Cloud, which is currently LinuxONE III), although there's some work underway to backport to IBM z14 and LinuxONE II. All backend Wasm features are supported, and Wasmtime is fully functional and passes all tests. Further performance tuning and SIMD (Z Vector Facility) exploitation are expected in the future. The community welcomes more contributors and reviewers, of course. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Red Hat OpenShift Container Platform Add-Ons Released
Red Hat has released more add-ons for OpenShift Container Platform on IBM Z and LinuxONE, including Red Hat OpenShift Serverless and Red Hat OpenShift Pipelines. Details are available here: https://docs.openshift.com/container-platform/4.7/serverless/serverless-release-notes.html#serverless-rn-1-14-0_serverless-release-notes https://docs.openshift.com/container-platform/4.7/cicd/pipelines/op-release-notes.html#op-release-notes-1-4_op-release-notes All Red Hat OCP add-ons are now generally available. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Experience IBM Spectrum Scale
David Mittelstdt asked: >Would Spectrum Scale be a good choice for OpenShift environments >and HA NFS? Yes, that's an excellent combination. FYI, Red Hat just released a "technology preview" of Red Hat OpenShift Container Storage 4.6 for Linux on IBM Z and LinuxONE: https://access.redhat.com/documentation/en-us/red_hat_openshift_container_storage/4.6/html/deploying_and_managing_openshift_container_storage_using_ibm_z/index - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Oracle client for SLES 15?
Have you tried Version 19.9 (several steps up from the 19.3 release you're using), available here: https://www.oracle.com/database/technologies/instant-client/zlinux-downloads.html ? - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Moving a Linux guest from z/VM to KVM?
I'd like to point out that there's a general trend toward workload containerization, and a big driver is that it's easier to move container images around than whole operating system instances. Thus if you shift workloads into container images, you should end up with fewer, skinnier OS instances that you don't care as much about moving around since it's easy enough to (re)create them. That's the theory, anyway. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390 smime.p7s Description: S/MIME Cryptographic Signature
"Awesome Free Stuff for Your Mainframe" on 2020-10-16 at 04:00 UTC
You're most welcome to join the "Awesome Free Stuff for Your Mainframe" Webcast that I'm hosting live at 04:00 UTC (12 noon Singapore Time) on Friday, October 16, 2020. To join the party, please register here: https://bit.ly/35JtcoA If this time is impossible because you'll be asleep or otherwise occupied, that's OK. My understanding is that if you register you should still receive a link to view a recording. There are a couple people on this list who are directly participating in this Webcast, and I'd especially like to thank you along with the many contributors. We'll have some light, quick demonstrations of various freebies, and I'll also open the floor to live audience questions (typed via a chat box). It was more difficult than I expected to choose the freebies to highlight since there's so much great stuff. However, I think I've come up with a reasonably broad and now current freebies list, and I'll publish it shortly before the Webcast at the IBM Z and LinuxONE Community Web site. Thanks again. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: CIS - buffer overflow attacks
Herald ten Dam wrote: >In paragraph 2.9.9 it stated: "Starting with the 2.6.x >kernel releases, Linux offers Address Space Layout >Randomization (ASLR) and the No-eXecute (NX bit) for >mitigation of buffer overflow attacks." So possibly it >is in sles11, but certaintly in sles12. That statement is generic and varies by architecture. For example, KASLR (Kernel Address Space Layout Randomization) on s390x architecture debuted in Linux kernel 5.2. Linux distributors pretty routinely backport new features to earlier kernel release levels, and it looks like SUSE has done that for KASLR on s390x with SUSE 15 SP1 at least. Mark Post probably has more details how far back it goes, but I wouldn't assume any SLES 12 or prior. Back to Victor's original question for a moment: >Does anyone knows is under z/Linux, SUSE, exist a feature >to protect from buffer overflow attacks? Yes, please have a look at Secure Execution for Linux and IBM Hyper Protect Virtual Servers (with Secure Build) as critical security enablers for this class of issues and others. For example, SUSE introduced support for Secure Execution for Linux with SLES 15 SP2. A few more details are available on SUSE's blog here: https://www.suse.com/c/security-at-the-core-suse-support-for-the-new-ibm-z15-and-linuxone/ SUSE released SLES 15 SP2 in July, 2020. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Encryption again - Question on TKE use to CCA
Marcy, It seems like what you're envisioning is to have a "service" image to run catcher.exe (slight correction: it's actually catcher.exe rather than panel.exe) to facilitate TKE Workstation interactions with various Crypto Express CCA mode physical features (and associated domains) spread across several machines. That all seems fine to me, but one threshold question that comes to mind is whether sharing a single IP address supports "fast enough" operations. What I mean is that with a single IP address you'll only be able to have one instance of this service image running at any one time. If you're in a future situation where you have to perform lots of TKE operations across multiple machines/features/domains very quickly -- some sort of calamity involving rapid fire TKE operations -- your operational "throughput" *could* be significantly limited with only one running service image at a time. A slight, simple variation here would be to have a single service image with a default startup IP address but then allow an authorized operator to switch the image to a different IP address once that image starts up. That way you could have multiple instances of this service image running as long as only one of them is starting up at any one time. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Calico tool
Phil Tully asked: >I was just wondering if anyone was using the Calico tool on >s390 linux ? IBM shipped and still supports Calico as part of its IBM Cloud Private software product, including for s390x architecture (IBM Z, LinuxONE). IBM published the IBM Cloud Private Community Edition container images on DockerHub, for example -- they're still there, including the Calico container images. So it's highly likely there are some Calico users on s390x architecture via this particular pathway. IBM has also published information on building Calico from source, available here and updated just last month (August, 2020): https://github.com/linux-on-ibm-z/docs/wiki/Building-Calico-3.x - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: IUCV 2WAY missing from AF_IUCV in zLinux?
Alan Altmark wrote: >But imagine what you could do if an AF_INET/AF_INET6 provider could be >configured to simply acts as a shim layer, redirecting all AF_INET and >AF_INET6 socket calls to the VM TCPIP machine. Linux's own TCP/IP stack >would be effectively inop. That would enable almost any Linux network app >to work on behalf of VM. The possibilities are tantalizing. Analogous to the z/VSE Fast Path to Linux? https://www.ibm.com/support/knowledgecenter/SSB27H_6.2.0/fa2ti_lfp_overview.html Any parallels, inspiration, etc. that could be drawn from that available piece of software (no additional charge to all z/VSE licensees)? Or not really? - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: SAP Sysbase ASE driver for db2 on zLinux
IBM includes this note in its support matrix for Db2 Federation ( https://www.ibm.com/support/pages/node/957245): "For other data sources not listed in Table 4, customer can also use federation server to access them and perform basic operations like querying remote data via JDBC wrapper, as long as the required JDBC driver comply with 6.0 standard. But they are not optimized so there might be some data types and functions not supported well and the performance is not expected to be as good as the optimized data sources." The reference to "6.0 standard" must be an error since there is no JDBC 6.0 yet. That could mean JDBC 4.0 (or higher) since the JDBC 4.0 specification was introduced with Java 6. So have you tried a JDBC driver for Sybase ASE, such as jConnect (filename probably jconn4.jar), jTDS, or possibly Progress Software's? For example, jConnect is included with SAP's SDK for ASE, and the driver itself is a single file that should be named jconn4.jar. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: VM system name
Would this readout make better sense? $ zhypinfo NoLayer TypeName IFL CP -- 2.2 z/VM_Guest guest myguest2 0 2.1 z/VM_Resource_Pool poolpooltest 3 0 2.0 z/VMhypervisor myzvm 8 0 1 partition guest S38LP43 10 0 0 machine hostS38 34 10 Then you wouldn't need two columns of numbers. The levels are simply embedded in the sequence numbers. Counting would be consistent with the -l and -L outputs, of course. Omitting the second column of numbers also frees up more space for the text or even another column. Are the underscores necessary? Maybe "z/VM guest" instead? (Or are they for parsing?) Or maybe you don't even need the "guest"/"resource pool" additions in the Layer column when you've already got a Type column and decimalized sequence numbers. And would it make sense to print the hypervisor release level in the Layer column, e.g. "z/VM 7.2"? I don't like unnecessary jargon, so I highly prefer "partition" and "machine." I thought about "physical," but sometimes the machine/CEC/CPC isn't physical (zPDT, QEMU). Or use "base" if you prefer. But, honestly, we really don't need 58 questions per month about what a CEC is, which seems inevitable, doesn't it? So let's avoid that. And how about a little more insight in the Type column for partition and machine? What happens with SMT2 v. SMT1 in this readout? (Should something happen?) Putting these suggestions all together except for the SMT2 one, plus some others, here's what you might end up with: $ zhypinfo # Layer Type NameIFLsCPs 2.2 Linux 4.18guest myguest2 0 2.1 z/VM 7.2 pool pooltest 3 0 2.0 z/VM 7.2 hypervisormyzvm 8 0 1 partition z/VM S38LP43 10 0 0 machine z14 S38 34 10 I like "#" a little better as a column label (or maybe "Seq."), and I've pluralized IFL and CP. "Fun" question: what should a z/OS Container Extensions readout look like? If the machine is reporting back something beyond the known model generations, then you could print ">z15" or "z15+" or "z16?" until zhypinfo is updated. When zhypinfo is updated you then insert the model generation without the question mark and update the question mark to be "z17?" (for example). Loop, repeat. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: VM system name
Mark Post wrote:
>I was thinking more in terms of command line switches that determine
>what should be returned. For example:
>cmdname --guest Would return the name of my running guest
>cmdname --host Would return the name of the z/VM or KVM host.
>cmdname --lpar Would return the name of the LPAR.
>cmdname --cec Would return the name of the CEC. Or CPC, since I
think
>that's the current IBM name.
If I get a vote, I would prefer plain English, avoiding unnecessary
jargon, even IBM's. :-) How about:
--guest
--hypervisor
--partition
--platform
The last one could report the IBM Z Personal Development Tool ("ZPDT") or
QEMU, as notable examples, so sometimes the answer is non-physical. Hence
CPC isn't universally applicable even if the jargon were acceptable. If
platform isn't the right word then "base" and "server" are possible
alternatives. "Host" clashes with popular terms such as "hostname," so
it's not my favorite here.
If there are precedents that are also reasonably jargon free, they're
probably fine.
>There's already the systemd-detect-virt command to tell you what
>hypervisor is in use, so that wouldn't be needed. I can't say for sure
>if many people would be interested in finding out they're running 6
>layers of virtualization deep and what each of those is. If someone does
>want that, they should speak up.
The following execution environment details are some of the ones useful to
me, anyway: physical machine model and submodel (e.g. 8562-T02 Max13),
capacity machine model (if any CPs are supplying any capacity, e.g. "G03";
otherwise "A00" or "400" would probably be reported)(*), machine serial
number, whether CPACF is fully activated (i.e. whether Feature Code 3863
is present), whether Secure Execution for Linux (Feature Code 0100) is
present, Crypto Express features (lszcrypt shows these details), the SMT
mode, whether the machine is in any significant state of distress
(thermally throttled processors for example), whether it's Securely
Booted, firmware (driver) details if knowable, temporary v. permanent
capacity characteristics That's off the top of my head. These details
are already available in many cases, but maybe some are missing.
(*) It could still be useful to know the machine's CP configuration even
if CPs aren't currently involved in supplying capacity. It's very useful
to know if they are, even a little, since CPs are available in subcapacity
configurations.
- - - - - - - - - -
Timothy Sipples
I.T. Architect Executive
Digital Asset & Other Industry Solutions
IBM Z & LinuxONE
- - - - - - - - - -
E-Mail: sipp...@sg.ibm.com
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: RHEL 8 32 bit libraries
Red Hat provides an official answer to this question here: https://access.redhat.com/solutions/4966101 Ashwin Bhemidhi wrote: >We run an in house developed application ( 3270 SNA controller) that >needs the 31 bit libraries. The application was written in 'C' >programming language couple of decades ago. Is it feasible, and it would it make sense at least as a short-term measure, to statically link the (hopefully few) libraries you need? Of course there are a few disadvantages with static linking, notably that static linking puts you in the library maintenance business, for security patching for example. I'm assuming the libraries you need can still be compiled from source and linked in 31-bit mode. Another possible avenue to explore is a "radical" one: what this 3270 SNA controller is actually doing. Typically it's been a long, long time since operating systems that support SNA such as z/OS have required separate, "off board" controllers/gateways. You can contact me directly if you'd like to discuss such possibilities. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Free Mainframe Stuff 2020: Reply Here with Nominations
[Cross-posting to LINUX-390 since Linux-related nominations are most welcome, per the explanation below.] Everyone likes free stuff, right? Please reply to this message with your nominations for the new, bigger, even more exciting 2020 edition of "Free Stuff for Your Mainframe." To get you started (in other words, to let you know about the freebies I surely know about already), the 2016 edition of this particular list is posted here: https://community.ibm.com/community/user/ibmz-and-linuxone/blogs/andrii-vasylchenko1/2016/08/16/free-stuff-for-your-mainframe-2016-update Nominations are welcome in all of the following categories (and likely a couple more that I haven't thought of): * oriented to the machines themselves (e.g. IBM HMC Mobile, Feature Code 0115) * whole operating systems and tools that can start up on their own (e.g. ZZSA) * for all 5 major operating systems (z/OS, z/VSE, z/TPF, z/VM, Linux on Z) N.B. For Linux on Z I'll probably limit this particular list to software that has some reasonably specific IBM Z and/or IBM LinuxONE affinity, and/or affinities to other IBM Z operating systems and their workloads. LXCMS is one possible example in that vein. * for mainframe middleware (Db2 for z/OS, CICS TS, IMS, MQ, WAS for z/OS, etc., e.g. SupportPacs for CICS and MQ) * for various subsystems and tools (e.g. ISPF add-ons such as Zigi, RACF tools such as PWDCOPY) * programming languages (e.g. IBM Open Enterprise Python for z/OS) * handy sample code, such as useful REXX scripts * programming libraries, modules, and tools (e.g. Rocket Software's Git for z/OS) * free mainframes (e.g. the LinuxONE Community Cloud, the Master the Mainframe Learning System) * tools for mainframe storage * public cloud services with mainframe affinities (e.g. https://optimizer.ibm.com ) * mainframe planning and estimation tools (e.g. the IBM Z Batch Network Analyzer) * free security-related tools and offers with mainframe affinities (e.g. free TLS certificates, as long as you can actually use them in z/OS RACF for example) * free mainframe-related books and education * free "abandonware" * trialware and "juniorware," but only if it offers real, material value (this'll be a personal judgment call) * client device-installed software that has mainframe affinities (e.g. IBM Explorer for z/OS, terminal emulation software, development tools, etc.) I'd like to hold a Webcast to highlight a few of these gems, probably sometime in late August or September (2020), repeated a couple times to cover various timezones better. During this Webcast there'd be a few quick, ~5 minute demonstrations of mainframe freebies. If you're interested in having 5 minutes of additional fame and would like to volunteer to show off your favorite freebie(s), please reply to this message indicating your interest. Nominations close on July 31, 2020. Thanks, everyone! - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: KVM question.
Of course z/VM can run any/all IBM Z operating systems, including both z/VSE and Linux. And it can do so within even a single z/VM LPAR. There are some significant resource and operational efficiencies in that sort of configuration. In 2017 IBM announced general availability of sub-capacity licensing for z/VM, so you can now license z/VM one engine at a time. Previously you had to license z/VM for all the IFLs, all the CPs, or both, per machine. Let's suppose for example you have 1 IFL and 3 CPs -- machine capacity model 3907-C03 with 1 IFL as an example. You could configure a z/VM LPAR that spans the IFL and one CP (shared or dedicated), and that would require only 2 engines of z/VM licensing (down from the 4 previously required in this scenario). z/VSE could then run both in its own LPAR(s) and within the z/VM LPAR. Many variations are possible, of course, but that's one sample variation. Either way (or both), I very much like the idea of using a second level hypervisor to run Linux, and to do so right at the beginning. Then you really don't have to give much thought to adding more Linux instances, even if the "new" Linux instances are for release upgrade reasons. It's not hard to do. In fact, in some ways it's easier to start off with a second level hypervisor. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: zLINUX and z/VSE
More ideas in no particular order: * MQ queue managers working in conjunction with the MQ Client for z/VSE (no charge/"as is"). * The VTAPE server is a good idea, but that can be even further extended if you place the IBM Spectrum Protect server on Linux on Z. VTAPE can then feed into Spectrum Protect. * The IBM z14 supports Secure Service Containers with Feature Code 0104, so it's possible to have highly secured, complementary container image runtimes via IBM Hyper Protect Virtual Servers. * z/VSE supports LDAP-based authentication. One option is to use z/VM's LDAP server, or it's possible to run a LDAP server on Linux on Z, such as OpenLDAP. * DevOps-related built tools can run on Linux on Z, for automated and coordinated deployments even into z/VSE. * IT service management servers of certain kinds (beyond the e-mail alerting mentioned, which is a good one) that are managing and monitoring z/VSE-hosted services. * Db2 was mentioned, but it's also possible to redirect VSAM access to a Linux on Z-hosted file system or database. All of these databases and data stores can then be encrypted, and the encryption/decryption performance on an IBM z14 machine is superb. * Encryption key management, for example IBM Security Key Lifecycle Manager for Linux on Z in support of storage device encryption (disk, virtual tape, tape) and other security requirements. * If you're running IBM's CICS Transaction Gateway then Linux on Z is the second best place to run it. (First best is z/OS.) * If you're still running any SNA gateway functions elsewhere then IBM Communications Server for Linux on Z could be a better option. * Dignus's compilers run very well on Linux on Z and also support z/VSE and z/VM CMS. * You can use Linux on Z in support of administrative and operational tasks. For example, you can serve z/VSE and z/VM documentation from Linux. You can run issue trackers, project managers, automated service mailboxes, and other tools to organize tasks. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Docker to provision Linux on Z/VM
Peter wrote: >Does anyone has a practice to use docker to deploy linux in zVM ? Please expand on your question if possible. For example, are you looking for one, or a set of, Docker container images that provide(s) provisioning services for various Linux guests on z/VM? Or do you want to run Linux container images in Docker running on a Linux guest under z/VM? Or something else? - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Development Environment for s390x
John Mertic wrote: >How translatable would this be to other OSes? I recall qemu running on >across Linux, MacOS, and Windows. In terms of host operating systems, QEMU is available for all those operating systems and others, such as the various BSDs. There is no particular processor architectural dependency required to run QEMU (at least for core functionality). You can run QEMU on a Raspberry Pi running Linux, for example. I see there are some container image builds of QEMU, so it looks like QEMU also runs on z/OS 2.4 (z/OS Container Extensions) as another example. In terms of guest operating systems, for s390x architecture it's strictly Linux. Currently QEMU presents a guest environment that resembles a significantly reduced subset of an IBM z13 or first generation LinuxONE machine. It's just enough functionality to run all the various s390x architecture Linux distributions since (as I write this) the z13/1st gen. LinuxONE machine level is the highest minimum. Ubuntu Linux 20.04 LTS (s390x), for example, requires an IBM z13 or first generation LinuxONE machine, or higher. That's really the whole point, to do "just enough" to make it work. Guest images are designed to be portable. Here are a few downloadable guest images: https://wiki.qemu.org/Testing/System_Images For example, if you want to run a FreeDOS guest on QEMU running on a LinuxONE or Linux on Z machine, that'd work. Give it a try if you like. You could even run FreeDOS via QEMU on the LinuxONE Community Cloud. For Red Hat Enterprise Linux on the LinuxONE Community Cloud use this command to install QEMU: sudo yum install qemu-kvm And for SUSE Linux use this command: sudo zypper install qemu Or you can build QEMU from source code if you wish, and if you need the latest release and cannot locate it in existing repositories. Instructions are available here: https://www.qemu.org/download/#source Yes, you can (for example) run a FreeDOS guest on QEMU running on a Linux s390x guest running on QEMU on your Mac. The performance might not be terrific, but it'll work. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Notable ClefOS EPEL Additions
Thanks, Neale! The gzip and zlib improvements are particularly impressive. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Linux for IBM Z/LinuxONE on a PC or Mac with QEMU
Dan Horák wrote: >and with virt-manager it should be even easier, it will hide all the low >level details and will present a VM that "just work" Yes, virt-manager is a handy tool (where available). Alan Altmark wrote: >Nice piece of work! (I never realized QEMU was a general purpose >emulator, capable of doing cross-platform emulation.) There are some occasionally interesting permutations available, such as: (a) QEMU on a s390x architecture machine can run guests for other processor architectures (ARM, x86, MIPS, etc.) I can easily imagine certain interesting, development-related use cases for this capability, actually. This'll be in TCG mode. (See below.) (b) QEMU on a s390x architecture machine can run s390x architecture Linux guests. For example, you could run s390x Ubuntu 20.04 LTS (which as a minimum IBM z13/first generation LinuxONE model baseline) on an IBM z12 model machine or prior, although this too would have to run in TCG mode. (See below.) (c) There are Docker/OCI container images for QEMU that can be quite handy if you're using Docker, Podman, or some other container runtime. Let's assume you have Docker or Podman installed on your favorite Linux distribution on your laptop or desktop. For example, to install Podman on Red Hat Enterprise Linux (RHEL), use these commands: sudo yum install podman-docker sudo touch /etc/containers/nodocker The second command is optional and suppresses a warning message that Podman is not Docker. OK, now try these commands. To display the processor architecture of the host Linux operating system: uname -m Now try running the same command but in a s390x architecture Ubuntu container image: sudo docker run --rm -t s390x/ubuntu uname -m Here I'm assuming you have a network connection to Docker Hub to pull down the Ubuntu container image. If you're not running on a s390x architecture machine then you should get an error message. OK, let's fix that sudo docker run --rm --privileged multiarch/qemu-user-static --reset -p yes sudo docker run --rm -t s390x/ubuntu uname -m Magic! :-) If you like, try some other commands and see what else you can do. Mark Post wrote: >It always has been, but SUSE, for example, has never built it with that >option for our products because the performance is rather horrible. When you're running a s390 or s390x architecture guest in QEMU, it's typically using the fallback TCG accelerator. TCG stands for Tiny Code Generator. TCG consists of a frontend and a backend. The frontend translates the guest's processor instructions to intermediate/"universal" TCG operations. The backend then translates TCG operations into the host processor's instructions. This TCG path is written in C/C++ so it's highly portable, and it also tends to be correct. It's not particularly designed for performance, although the developers still use the word "accelerator" since it's faster than earlier technologies. When the QEMU host is a s390x machine you can run a s390 or s390x guest using the KVM accelerator as long as the emulated guest's model profile is no higher than the host. That's quite fast since it's basically passthrough, but why? Well, the reason you might do that is to emulate an earlier machine model environment (a subset) on a later machine model. That could be useful for certain functional testing. More information on QEMU's s390x guest support is available here: https://www.qemu.org/docs/master/system/target-s390x.html - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Linux for IBM Z/LinuxONE on a PC or Mac with QEMU
I've posted a relatively short guide on how to run a s390x architecture Linux distribution as a QEMU guest. The instructions are available here: https://ibm.biz/BdqyHE QEMU is a popular cross-processor emulator related to KVM, and it's available for a wide variety of devices running Linux, macOS, Microsoft Windows, and other operating systems. While there is some existing documentation explaining how to run s390x Linux on QEMU, much of the information is dated and scattered. I struggled a bit to figure out the correct QEMU parameters. I also wanted to see whether the just released Ubuntu 20.04 LTS would work since Ubuntu 20.04 LTS now requires an IBM z13/first generation LinuxONE minimum baseline. Fortunately the current release of QEMU (and a few releases prior) just barely meets this z13 baseline well enough. For certain software build processes, functional testing, and educational purposes, running s390x Linux via QEMU works pretty well. A real IBM Z or IBM LinuxONE machine offers much better performance and considerably more functionality, of course, so I prefer the LinuxONE Community Cloud and IBM Cloud Hyper Protect Virtual Servers as notable examples. However, s390x Linux on QEMU can be useful in certain contexts. It's also fun, especially on a 12 year old laptop. :-) Thanks to the many project contributors and maintainers who make this approach possible. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Satellite server for zlinux
Peter wrote: >Does satellite Server concept works for Mainframe ? >If this is a doable can we run satellite Server on x86 and push the >fixes running on zVM ? Functionally, as reported, it works fine, but bear in mind that the overall service level of whatever you're trying to accomplish can be no better than what the "weakest link" supports. IBM Z and LinuxONE servers are justifiably famous for supporting high quality service outcomes, and X86-based servers...don't share that characteristic. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390 smime.p7s Description: S/MIME Cryptographic Signature
Re: FTP client: sles 15
ITschak Mugzach wrote: >I need to upload a file to SuSE 15.1. FTP is not installed and I can't find >a client / server in the repos (installation materials). what is the name >of the ftp? client or server, I don't care. Daniel P. Martin wrote: >Best recommendation: Enable 'openssh' on the server, install an SSH >client on the remote system, and use sftp to transfer materials. Plan to >adjust server-side firewall rules if the system is not already enabled >for SSH connections. I agree. We really ought to be consistently applying at least basic security practices and precautions every time, all the time. Network encryption is a basic security practice. So, let's not use FTP but rather SFTP or FTPS. Evidently SuSE 15.1 leaves FTP out of its distribution as a security "nudge." Here are a couple more file transfer options: * Commands such as wget and curl support HTTPS and can transfer files. This choice is likely the most "firewall friendly." * Network File System (NFS) with an encrypted transport such as IPSEC. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Pervasive disk encryption questions
Reinhard Buendgen wrote: >As for the recommendation, I am not sure where it is written. But I >remember that there was a time where IBM would only sell at least two to >enforce/encourage redundancy. But I am not sure whether this is still >true fro small systems. I believe it's possible to order every IBM Z and IBM LinuxONE machine with even a single Crypto Express feature. The configuration tool will warn against it, but it's possible. >Anyway one reason to have redundancy within you system is the support >of non-disruptive service to your adapters. I guess planned maintenance >is an event that is more frequent then actual unplanned failures. Sure, and that all broadly makes sense, which is why IBM warns that a single feature is not generally recommended. (I can think of a couple exceptions, which is probably why IBM allows such orders to my knowledge.) But it's a very separate question whether it makes sense to configure two domains per Linux guest. Linux guests can bounce up and down all the time, planned or unplanned, and you must plan for that reality and deal with it already, especially in a production environment. >But again if your HA failover solution is really fast, you can trigger a >planned failover ... well that add sto the management bill and you will >observe some outage that is certainly longer than the retry the kernel >performs within the system... Right, but you've already got to prepare for that and do that for myriad reasons, "all the time." >once a file system is mounted on a PAES encrypted dm-crypt volume you no >longer need the CryptoExpress adapter as long as your Linux system runs >in that guest. Protected key dm-crypt only needs the CryptoExpress >adapters when the dm-crypt volume gets is opened (which must happen >before the mount step). For the dm-crypt open operation with the PAES >cipher a CCA secure key is provided to the kernel and the kernel >transforms this secure key (with the help of the Crypro Express adapter) >into a protected key. Once dm-crypt knows the protected key, it no >longer need the secure key or the crypto adapter, it uses the protected >key instead. This property is also nice if you want to change the master >keys of your adapter. If you can do that during a period where you do >not need to open a dm-crypt device, it will work concurrently to using >your volumes. That's great news. So, to summarize, a whole CCA domain can go offline for whatever reason(s), and the Linux guest that depends on that CCA domain for dm-crypt/LUKS2 will keep chugging along as long as its file systems are mounted (and as long as it doesn't need some other vital-to-the-guest service from the CCA domain). Then that Linux guest will be able to mount additional encrypted volumes when the CCA domain comes back online and is otherwise suitably configured. In other words, with reasonable assumptions, a temporary CCA domain outage is nondisruptive to its Linux guest. That's awesome! Anyway, "Spend your CCA domains wisely" if you think it'll be a constraining number, but I think there's a good argument that one CCA domain per Linux guest can be a perfectly reasonable, viable, production configuration. -------- Timothy Sipples IT Architect Executive, Digital Asset & Other Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Pervasive disk encryption questions
Reinhard Buendgen wrote: >The number 680 just reflects the recommendation to achieve >crypto redundancy per configuration (once configured properly >the Linux kernel will do the rest). Where is that recommendation coming from? Is there any nuance to it, and does it still make sense? >As for the level of redundancy (device redundancy, HA cluster, or DR >cluster), it is the customers choice to decide the kind of penalty (ms, >secs , mins) he or she is willing to accept in case of a the failure of >a single resource. Also note that for certain workloads (workloads >managing a shared state, e.g. R/W data bases), HA clusters may be >pretty complex and impact performance. Sure, but "What else is new?" A single Linux guest has a single kernel, and it's a single point of failure -- a relatively big one. Metaphorically speaking, having a second bucket positioned at the same well doesn't help me water the plants any better when I have no water, and I must already plan for having no water. Moreover, if you are incurring these various overheads, penalties, and complexities already -- as you typically would be in a production deployment, unavoidably -- does it still make sense to double the consumption rate of a somewhat finite resource (CCA domains), particularly if it's constraining, and end up with a *quad* (a pair of Linux guests, clustered, sitting atop 4 CCA domains)? And if a "quad" makes sense there, does it make equal sense to double every component everywhere in the delivery of application services? For example, if you're running a pair of clustered Java application servers, shouldn't you actually have *four* of them (two running in each Linux guest)? Then, if one Java application server instance fails, you still have both Linux guests/kernels providing service. That's fundamentally the same redundancy idea, right? (And we're just getting warmed up. ;)) Marcy Cortes wrote: >If there's only one and that card fails, does the file system get unmounted >and/or throw errors? Or does it continue on and just have issues at next >reboot? That's a really great question, too. It might not be as dire an event as one might ordinarily think with protected key operations (only, and fully instantiated), but I'll let Reinhard chime in. >Is there any way to test card failure? How about just issuing a VARY OFFLINE CRYPTO command in z/VM? In a test z/VM LPAR, of course! Here's the syntax: Q CRYPTO DOMAIN to find the list of Crypto Express adapters and their domains. You should see something like "CEX6C" or "CEX7C" for the Crypto Express features that are configured in CCA mode. So let's suppose that "AP 013" is the Crypto Express adapter that you want to vary offline. This command should do that: VARY OFFLINE CRYPTO AP 13 -------- Timothy Sipples IT Architect Executive, Digital Asset & Other Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Pervasive disk encryption questions
I'd like to comment on the 680 number for a moment. I don't think 680 is the correct number of Linux guests that can use protected key dm-crypt/LUKS2 encrypted volumes. I'd like to argue the case for why the current maximum number is 1,360 guests per machine that can use this particular feature. (It's a security feature that doesn't exist on any other platform, we should note, so it's either 680 or 1,360 more Linux guests than any other machine.) The number 680 is derived by taking the current maximum number of physical Crypto Express features per machine (16), configuring them all in CCA mode, multiplying by the current maximum number of domains per feature (85)(*), then dividing in half, with the idea being that each Linux guest would benefit from the services of two CCA domains spread across two physical Crypto Express features. I think this last assumption is fairly arbitrary. A single Linux guest is one kernel running within only one instance of the hypervisor (which may or may not be nested). It's a singleton, inherently. In a production environment you'd presumably have something more than singleton Linux guests running particular workloads, at least if they're important workloads. You pick up redundancy there. If a particular Linux guest is offline for whatever reason, there's another handling the workload (or ready to handle it), with its own Crypto Express domain. You certainly could decide to add Crypto Express redundancy on a per guest basis in addition to whole Linux guest redundancy, but if you're going to measure the outer bound maximum number I don't think you ought to assume "redundancy squared." It seems rather arbitrary to me that that's where you draw that particular line. There is no intrinsic limit to the number of Linux guests using dm-crypt/LUKS2 encrypted volumes with clear keys. You can also decide on a guest-by-guest basis whether to double up on Crypto Express CCA domains or not, which would mean a current upper bound limit somewhere between 680 and 1,360 Linux guests using CCA domains. And/or you can decide how many Crypto Express features you want to configure in another mode, notably EP11. If for example you configure two Crypto Express features in EP11 mode, then there are up to 14 available for CCA mode, supporting up to 1,190 Linux guests using protected key dm-crypt/LUKS2 (up to 595 if you decide to double them all up, or somewhere in between if you double up some of them). Anyway, this is an interesting discussion! If you're pushing these limits or at least forecast you will, let IBM know, officially. (*) This particular number is 40 on IBM z14 ZR1, LinuxONE Rockhopper II, and their predecessor models. Adjust the rest of the math accordingly for these machine models. -------- Timothy Sipples IT Architect Executive, Digital Asset & Other Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: SMS server on zlinux
Nowadays aren't most organizations just using authorized APIs, for example Twilio's: https://www.twilio.com/sms to send classic SMS text messages if they must? And using push messaging technology to a mobile application otherwise, e.g. via Apple Push Notification services (APNs), MQTT, etc? Obviously you can do all of that, and more, from a Linux guest -- and from Docker/OCI environments, for that matter -- in very straightforward ways. Timothy Sipples IT Architect Executive, Digital Asset & Other Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: OpenShift 4.2 for Linux on Z now available as a tech preview.
Tuan Hoang wrote: >It will run on whatever env RHEL8 is supported. >RHCOS is built from RHEL8 contents/binaries. That means IBM z13 processors and higher, including IBM LinuxONE Emperor and IBM LinuxONE Rockhopper machines and higher. ---- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: backup product
Harley Linker wrote:
>You may want to investigate IBM's Spectrum Protect.
>I don't know if it supports SLES 15 or not though.
It does. The IBM Spectrum Protect clients support SLES 15 for IBM Z (and
LinuxONE). From what I can find, IBM declared client support for SLES 15
starting with Spectrum Protect Version 8.1.6, released in September, 2018.
My recollection is that SLES 15 became available sometime in July, 2018. So
IBM only took about 60 days to add SLES 15 as an officially supported
Spectrum Protect client.
For the record, the IBM Spectrum Protect servers are not yet officially IBM
supported on SLES 15, as I write this. SLES 12 for IBM Z / LinuxONE, and
various other platforms and releases, are officially IBM supported. I
presume that SLES 15 support is around the corner, but please ask IBM
through its official channels.
Source:
https://www.ibm.com/support/pages/overview-ibm-spectrum-protect-supported-operating-systems
By the way, the IBM Infrastructure Suite for z/VM includes IBM Spectrum
Protect.
CommVault does support Linux on Z, but I too see they haven't added SLES 15
for IBM Z ("s390x") yet to their various platform lists. You might ask them
when they plan to add SLES 15 to their lists.
--------
Timothy Sipples
IT Architect Executive, Industry Solutions, IBM Z & LinuxONE
E-Mail: sipp...@sg.ibm.com
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Redhat build first time
Jake Anderson wrote: >This is the first time building redhat guest on zVM. I don't have >a web server or Apache to place the redhat executables. Is there >a other method to follow and build Redhat golden image ? If you have access to the Hardware Management Console (HMC), you can create removable media with all the Red Hat files you need then retrieve them from there during installation as a guest under z/VM. That process is explained pretty well here: https://www.ibm.com/support/knowledgecenter/en/SSB27U_7.1.0/com.ibm.zvm.v710.hcpl0/ftploc.htm This path uses the z/VM FTP server. It can be used not just for the initial boot but also for the Anaconda-based installation if need be. Some patience may be required depending on your HMC model, media type, and z/VM guest resources. I've never tried it, but theoretically, speculatively, the Anaconda-based installation could run via NFS (Network File System). z/VM has a NFS server, or perhaps you have some NAS (Network Attached Storage) that's reachable within the boundaries of your environment. If you have another operating system on the machine, notably z/OS, with a FTP, HTTP, and/or NFS server available and reachable, you can load the necessary Red Hat files there then install from that network source. Presumably you're using a PC or Mac as your user access vehicle to instruct z/VM, and presumably there's a network connection to z/VM. Could you run a lightweight FTP, HTTP, and/or NFS server on that PC or Mac? It sure seems like that'd be technically possible, at least. Or maybe you're not, and maybe you're using the HMC directly. If so, see above. I recommend consulting IBM's "Getting Started with with Linux on IBM Z" document, IBM Publication No. SC24-6287. Here's the current direct link (subject to change): https://www.vm.ibm.com/library/710pdfs/71628700.pdf ------------ Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Zimbra Collaboration server on Linux on Z
The source code is available under an OSI compliant license, so anybody is free to give it a try. https://github.com/Zimbra/ Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Url for Redhat 8 download for zlinux
There's no direct link as far as I know, but this path should work: 1. Go here: https://access.redhat.com/products/red-hat-enterprise-linux/evaluation 2. Look for the "Red Hat Enterprise Linux for Mainframe" box and click on the Continue button within that box. 3. Log onto your Red Hat account and proceed with the download. (Register for a new account if you don't have one.) Direct download links are available for the related Fedora Linux distribution, listed here (scroll down to "s390x Architecture"): https://alt.fedoraproject.org/alt/ Red Hat explains the relationship between RHEL and Fedora here: https://www.redhat.com/en/technologies/linux-platforms/articles/relationship-between-fedora-and-rhel -------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: Current Docker Community Edition for Ubuntu/Debian?
I don't see anything newer than Docker-CE 18.06.3 for s390x architecture at that link, Neale. I'm looking for 18.09.6. Docker can be built from source, of course (I assume), but official binaries (e.g. .deb) would be nice. Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Current Docker Community Edition for Ubuntu/Debian?
Does anyone happen to know of a download location for a more current Docker CE build for Ubuntu or Debian Linux on Z/LinuxONE? The current release of Docker CE is 18.09.6. I've found up to 18.06.3. Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: SLES 15 - no help?
No emoji required: Linux and GNU/Linux are most definitely not UNIX. Linux and UNIX are separate, distinct, registered trademarks. These trademarks apply when they apply and don't when they don't. As a comparison, an Apple iPhone running iOS is not a Google Pixel running Android. However, they're both smartphones that both run operating systems. Even though they have much in common in terms of their actual codebase, Apple's iOS is not UNIX, but Apple's macOS is. As another example, IBM's z/OS is UNIX, but FreeBSD, OpenBSD, and NetBSD are not UNIX. Are we having fun yet? :-) I applaud software distributors that support concise, parsimonious installations for those who choose them. Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: SLES 15 - no help?
Michael MacIsaac wrote: >I get my hands on a minimal SLES 15 for the first time. >I try to edit a file: ># *vi foo* >-bash: vi: command not found ># *vim foo* >-bash: vim: command not found >HUH? A UNIX with no vi? NEVER seen that before. If you haven't, you still haven't. SLES is Linux®, but Linux is not UNIX®. I've encountered many Linux distributions without vi/vim, man, info, and help commands. -------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
Re: RHEL 8 on zVM 6.4 ?
Jan Stodola wrote:
>you can run RHEL-8 on zVM 6.4 if you run it on z13 or later.
Yes, and that's a RHEL 8 requirement. All currently available LinuxONE
machines are OK, too (LinuxONE Emperor, Emperor II, Rockhopper, and
Rockhopper II).
If you're using z/VM Single System Image (SSI) features that span across
machines, then you might need all the SSI machines to be at least at z13 or
LinuxONE level. As I recall, SSI reports the lowest machine level within
the group to all guests in the group ("lowest common denominator" style),
and RHEL 8 might not appreciate a too low model report even if its physical
machine happens to be suitable model in reality. If that's your situation
then I suggest creating either a separate, suitable SSI group that excludes
the pre-z13/pre-LinuxONE machine(s) or a non-SSI z/VM instance on a
suitable machine.
----
Timothy Sipples
IT Architect Executive, Industry Solutions, IBM Z & LinuxONE
E-Mail: sipp...@sg.ibm.com
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: IBM EE on zLINUX
Jake Anderson wrote: >One of our shop has IBM EE running on a Linux machine and some of the SNA >desktop users connecting via this Linux to the z/OS. So trying to >understand the architecture on why this route would have taken . There's likely room for simplification. ---- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: IBM EE on zLINUX
Jake Anderson wrote: >Has anyone implemented IBM EE on zLINUX ? >I am looking for some manual to read on and understand >the configuration. I assume you mean Enterprise Extender. You can, with IBM Communications Server for Data Center Deployment, IBM Program Number 5725-H32. In addition to the product documentation there's a "redpaper" available here: http://www.redbooks.ibm.com/redpapers/pdfs/redp4998.pdf There's also the Enterprise Extender redbook as background: http://www.redbooks.ibm.com/redbooks/pdfs/sg247359.pdf Any particular reasons? ------------ Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Xymon
Berry van Sleeuwen wrote: >We don't have TCPIP available in VSE so we can't use >it unmodified in VSE. I think you can, actually. Just set up z/VSE Linux Fast Path or the z/VSE Network Appliance (z13/z13s or higher for the latter), which are both available at no additional charge with your z/VSE base operating system license, then connect to Xymon running on Linux on the same IBM Z machine. If for some odd reason you don't wish to run the Xymon server on Linux on that machine, use xymonproxy for Linux on Z as a forwarder. As far as the network connectivity configurations, true, you cannot monitor something if you cannot connect to it. But that should be a configuration choice, not a permanent state of being. Xymonproxy might also be helpful here. ---- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: Xymon
Here's the main landing page for the z/VM, z/OS, and z/VSE clients for
Xymon (that Juha Vuori maintains):
http://savannah.nongnu.org/projects/zxymon
Here's the main landing page for the Xymon systems and network management
software project on Sourceforge:
https://sourceforge.net/projects/xymon/
Source code is available there. Pre-built binaries are available in many
cases. In Ubuntu 18.04 LTS ("Bionic"), for example, the package name for
the server is xymon_4.3.28-3build1_s390x.deb and should be available from
the main repositories. Neale Ferguson built RPMs for the Xymon server and
client, available here:
http://download.sinenomine.net/epel/epel-7/s390x/xymon-4.3.28-2.el7.s390x.rpm
http://download.sinenomine.net/epel/epel-7/s390x/xymon-client-4.3.28-2.el7.s390x.rpm
The z/OS and z/VSE clients include some basic monitoring for CICS, which is
quite interesting. You'll probably want to configure Xymon to monitor other
subsystems and workloads across operating systems and devices.
--------
Timothy Sipples
IT Architect Executive, Industry Solutions, IBM Z & LinuxONE
E-Mail: sipp...@sg.ibm.com
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: VoltDB on z?
Lee Stewart wrote: >z14's are 5.0 GHz... The 5.2 GHz figure is correct for the dual frame models (including LinuxONE Emperor II machines). It's 4.5 GHz for the single frame z14 ZR1 and LinuxONE Rockhopper II. You might be thinking of the IBM z13 (and LinuxONE Emperor) which feature(s) 5.0 GHz main processors. On all these machines the clock speeds are continuous and for every main processor core. Deviations are only for serious, abnormal thermal events (a too hot data center for example) requiring the machine to reduce clock speed to protect itself. These are not short duration peak "turbo" burst figures. ---- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: VoltDB on z?
Christian Borntraeger wrote: >We do have both variants (crc32 and crc32c) as vector code in >the kernel Yes, this support was introduced in Linux kernel 4.8 which was released in October, 2016. It requires a z13 processor or higher. It's perhaps possible a distributor backported this feature to a prior kernel release, although I don't know whether that happened. It's also possible to build a 4.8 or higher kernel without this support (if CONFIG_CRYPTO_CRC32_S390 is not selected as a kernel build option). The 2016 code commits are available here: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=19c93787f573c6cffe9c25d3be20e3b40112b7ea https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f848dbd3bc1a71274241c080b57eb912ff9f0098 ---- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: VoltDB on z?
Neale Ferguson wrote: >IBM has an implementation of CRC-32C using vector registers >which could probably be adapted for use with voltdb. That source code is available here: https://github.com/linux-on-ibm-z/crc32-s390x As one example, MongoDB started supporting hardware accelerated CRC on IBM Z and LinuxONE machines (z13 processors and higher) a couple years ago. ---- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: S3 compatible private cloud server for Linux on Z
The approach you've sketched out looks fine, but you might need (or at least want) a couple other software products to complete the picture: 1. IBM Cloud Tape Connector for z/OS (IBM Program Number 5698-ABM, or also available as part of 5698-AAJ). CTC provides a software-based virtual tape library (CTC "Virtual Tape Emulation"), which fully replaces IBM Virtual Tape Facility for Mainframe (VTFM). CTC also directly connects z/OS to cloud object storage, with support for a variety of storage APIs including S3 and even FTP. 2. If you have z/VM, Backup and Restore Manager for z/VM (5697-J06, or also available as part of 5698-IS2) could make a lot of sense. There are a few variations in how to channel z/VM backups into cloud object storage, but one way is to use Backup and Restore Manager to backup to an ECKD volume which CTC then takes onward. If Backup and Restore Manager can push backups into CTC VTE directly, fantastic, but I'm not sure about that. -------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: S3 compatible private cloud server for Linux on Z
What do you mean by "S3 compatible," Jim? Are you looking for Amazon Simple Storage Service (S3) API compatibility in a cloud storage server? Assuming that's what you're looking for, and among commercial offerings, IBM Spectrum Scale should work for you: https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.2/com.ibm.spectrum.scale.v5r02.doc/bl1ins_S3APIemulation.htm IBM Spectrum Scale uses an IBM supplied and supported distribution of OpenStack Swift's S3 API to provide these features. You can of course obtain the OpenStack Swift codebase separately if you wish. -------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: RHEL 7.6 install in an LPAR
It looks fairly difficult and might not even be possible given how the kernel seems to work in this area, but, in the meantime, if you want to suggest a small addition to Red Hat's documentation, that'd be nice. The relevant section of the Installation Guide is located here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/installation_guide/sect-parameter-configuration-files-samples-s390 I suggest adding these sentences just below the generic.prm example (assuming I've got this information correct): "Give your new parameter file a name meaningful to your installation practices and standards. All parameters in your parameter file must be specified within the first line using only spaces between parameters. This single line can be practically any length. If your text editor wraps lines on screen (as shown in the above example), please make sure your editor does not insert any line breaks (LF or CR/LF) between parameters." I can definitely see how this part of the Installation Guide is confusing. The example certainly looks like line breaks are acceptable or even required. Red Hat accepts product suggestions here: https://www.redhat.com/en/about/product-contact -------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: RHEL 7.6 install in an LPAR
Any change planned to parsing generic.prm? If a change is planned, will the revised parsing also ignore DOS/Windows text file conventions (i.e. CR/LF) in the same places where LF would appear (and be ignored)? If somebody wants to point me to the part of the kernel that does this, maybe I could do it. It's been a long time since I submitted a Linux kernel patch, but maybe I can still figure it out. :-) Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Openstack on zlinux
To add a little to the excellent answers, if you're using z/VM you'll likely want to obtain and use the z/VM Cloud Connector: http://www.vm.ibm.com/sysman/cloudcon.html Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE, Multi-Geography E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Advice on indexing PDFs
I found a recent RPM for recoll available here: http://rpmfind.net/linux/fedora-secondary/development/rawhide/Everything/s390x/os/Packages/r/recoll-1.23.7-7.fc29.s390x.rpm It's an almost current (early 2018) release of recoll, built for Fedora Rawhide Linux on Z/LinuxONE, the development version of Fedora Linux. More details here, including the important "Requires" information: ftp://rpmfind.net/linux/RPM/fedora/devel/rawhide/s390x/r/recoll-1.23.7-3.fc29.s390x.html -------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: LDAP on z/Linux: Anyone hosting a LDAP server on z/Linux?
For those of you with z/VM, you already have the IBM Directory Server, a full LDAP server included with base z/VM. The z/VM LDAP server is derived from the LDAP server included in the base z/OS operating system. Here's the technical introduction for z/VM 6.4's LDAP server: https://www.ibm.com/support/knowledgecenter/en/SSB27U_6.4.0/com.ibm.zvm.v640.kldl0/tivdint1001262.htm It's fully IBM supported, so you can open PMRs and whatnot. If you have z/VM RACF then z/VM LDAP is fully integrated with that, if you wish. (You don't have to. You can use it as a "generic" LDAP server, too.) Alan Altmark explains how some of the LDAP-RACF integration works in this older presentation here: http://www.vm.ibm.com/devpages/altmarka/ldaplinx.pdf That information was published around the time of z/VM 5.4, but it's still mostly relevant to the current release. And it's all free if you already have z/VM. There's no additional licensing required for LDAP clients, whether or not they are z/VM guests. As an example, z/VSE includes LDAP sign-on support, and you can turn on that feature and use it with your licensed z/VM (with z/VM LDAP server) installation, no additional charge. Got some cloud servers halfway across the country that need a LDAP server? Sure, fine, no problem -- hook 'em up to z/VM LDAP. It's just part of the base z/VM package, with unlimited clients of any/every type that understand standard LDAPv3 protocol. There are also quite a large number of IBM software products for Linux on Z/LinuxONE that include the IBM Security Directory Server (formerly IBM Tivoli Directory Server) for Linux on Z/LinuxONE, so you might already have LDAP servers that way. Just check the license, though, since they vary. -------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE, Multi-Geography E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: z/Linux 32-bit modules
Ingo Adlung wrote: >Not only may the distributors at some point choose to >deprecate 31 (32) bit compat mode, but all performance >optimizations for the gcc compiler back-end for >new Z hardware are done for 64-bit only. OK, that's some confirmation of what I suspected might be happening. And I assume it's exactly the same story for all the other 64-bit processor architectures (X86-64, Power, ARM), that the compiler and processor design people are focusing on optimizing 64-bit programs. I recommend focusing on the compilers and their optimizers. As mentioned, IBM's JVMs and JIT already reduce bit counts opportunistically, and with some parameter overrides available if you don't like the defaults. Compilers might be able to do the same thing, especially if you give the compiler some hints about your code and its needs. If there are benefits available yet to be won (are there?), they'll be most winnable there. -------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE, Multi-Geography E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: z/Linux 32-bit modules
Hypotheses are interesting, but does anyone have any comparative performance-related data? It's not too hard for me to imagine that the compiler writers and maintainers might actually be able to do a better job with their 64-bit code optimizers if they have less work to do otherwise. Let me also go out on a limb and suggest the whole idea of cryptocurrency mining (and consumption of nation-level quantities of electricity, and growing) is a huge(r) problem. :-( Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE, Multi-Geography E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: z/Linux 32-bit modules
Paul Edwards wrote: >I don't want to use -m64 because that uses the >64-bit registers for everything, but I wish to produce >compact modules using only 32-bit registers and >pointers. OK, so let's dig into this a bit. Have you taken one or more of your programs and compared -m31 and -m64 variants? How much more compact is the -m31 variant? Have you got any indication(s) of what impact(s) that difference yields, such as a performance impact? Quantifying the potential benefit is important. By the way, Java and Java run-times are agnostic to such issues. In IBM's 64-bit JVMs, including those for z/OS and for Linux on Z/LinuxONE, there's an interesting "halfway house" feature called "compressed references." This feature is automatically enabled when the Java heap size is configured below a certain amount which varies depending on platform and JVM release level but is never less than 25 GiB minus 16 bytes. "Compressed references" means that Java object references are stored in 32-bit representation, so the object size is the same as a 32-bit object. I'll let IBM explain more: "As the 64-bit objects with compressed references are smaller than default 64-bit objects, they occupy a smaller memory footprint in the Java heap. This results in improved data locality, memory utilization, and performance. You might consider using compressed references if your application uses a lot of native memory and you want the VM to run in a small footprint." In that particular set of use cases that IBM describes, evidently there's enough of a benefit with compressed references in Java. Otherwise, presumably IBM wouldn't have implemented the feature. You could do something similar in C programs, I imagine. You'd still compile -m64, but you'd embed "bracketed" AMODE31 code (with 2 GiB addressing) as/where it makes performance/compactness sense, if it makes sense. At least, that's my broad understanding of how it'd work. Moreover, conceivably an optimizing compiler could do this for you, perhaps with some "hinting," analogous to how IBM's JVM and JIT handles this optimization with its compressed references. That brings up an interesting point about running compactness tests. It'd be best to run a couple tests using the latest releases of the optimizing compilers, and to direct them to do as much optimization as they know how. I know of four C/C++ compilers for Linux on Z/LinuxONE: * GNU (gcc family) * Clang/LLVM * IBM XL C/C++ * Dignus If you can run tests with them all across at least a couple of your programs, fantastic. There's a trial edition of IBM's compiler here: https://www.ibm.com/developerworks/downloads/r/xlcpluslinuxonz/index.html Dignus has a Web-based trial which might be enough for these purposes. Details here: http://www.dignus.com/products.shtml Does anyone happen to know if expanded storage and/or data spaces would be relevant and useful here? Finally, I don't think there's a strong argument for *disk* storage compactness of program modules, within reason. Apple seems to have no trouble now distributing only 64-bit mobile apps, even if they might be slightly larger stored on the (relatively tiny) flash media in their 64-bit iPhones, iPads, and iPod touches. Memory and especially processor resource efficiency could be interesting if it's significant, but maybe this is an optimizing compiler job rather than a kernel one? -------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE, Multi-Geography E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: 7.5 package levels
Russ Herrold wrote: >It may turn out that we (ClefOS) need to fork and offer two >variants I guess I'd call them "streams" rather than "forks." For what it's worth, Red Hat seems to offer at least 3 major streams now: Fedora (their "community" release), RHEL Structure A, and RHEL. The RHEL Structure A/RHEL pair of streams is a unique offering for the s390x architecture branch, at least for now. (Is it a one-time aberration or the start of something new? I have no idea, so ask Red Hat, I guess.) In RHEL 7.5, Red Hat decided to offer kernel 3.10 (only) for all POWER processors prior to POWER9, and (only) kernel 4.14 for POWER9. For X86-64 it's only 3.10, and for ARM64 it's only 4.14. There are certain newer capabilities that RHEL 7.5 doesn't support on s390x that RHEL 7.5 Structure A does. Red Hat's release notes explain all that. But it's possible to mix RHEL and RHEL Structure A instances on the same machine and in a Red Hat supported way. (And, for that matter, other supported RHEL releases.) It looks like the minimum RHEL 7.5/RHEL 7.5 Structure A machine model requirement hasn't changed since RHEL 7.4, so it's z196/z114 processors or higher, which includes all LinuxONE machines. I don't have a strong view on the "right" approach for Linux release streams. It really depends on end users and what they prefer, and they might choose particular Linux distributors based on their different release/service stream approaches. There are some important principles, though. I'd say that maintaining security currency is quite important, as a notable example. But that'll likely mean not waiting too long to exploit new system features since many of those new features are often security-related. ------------ Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE, Multi-Geography E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: 7.5 package levels
There's a new dual build/delivery approach that Red Hat has introduced with RHEL 7.5. RHEL 7.5 offers an alternate build stream called "Structure A," which is a Red Hat supported installation with kernel_alt packages. With Structure A you get more hardware exploitation, especially on IBM z14 and LinuxONE Emperor II/Rockhopper II machines, and that might or might not affect the package version answers. The RHEL 7.5 release notes explain this all pretty well: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/7.5_release_notes/index RHEL 7.5 either includes kernel 3.10 or, in the Structure A build, kernel 4.14. Red Hat then backports critical fixes to both kernels as it services RHEL 7.5. Did you install the Structure A build, Daniel? -------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE, Multi-Geography E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: z/Linux 32-bit modules
Paul Edwards wrote: >I would like the z/Linux kernel to be modified >to start an ELF32 binary in AM64 and have access >to a full 4 GiB address space. Leaving aside technical viability for a moment, I have a basic application change management concern. Shouldn't the program binary make its own decisions about changing its execution environment in such fashion? I can imagine, without much imagination, many possible program breakages if the kernel changed the execution environment that way. At a minimum, any such kernel behavioral change would necessarily have to be selective, with some sort of whitelisting mechanism. However, if you agree that each program binary should properly make such decisions for itself, with much better knowledge of its own capabilities for healthy living within that new memory environment of up to 4 GiB, then the very same application developer(s) could make an ELF64 (-m64) decision for the whole program. Or, alternatively, and if I understand Martin Schwidefsky correctly, the program developer could make a more selective, sub-program sam64 in/out decision if she needs memory above the 2 GiB bar. The hobbyist community shared my concern in another but broadly similar context when it modified the MVS 3.8j operating system, designed for 24-bit addressing (16 MiB), to add 31-bit addressing (2 GiB) in what they dubbed "MVS/380." However, as far I know they didn't attempt to force that new addressing mode onto any 24-bit programs. Instead, they provided the above-line memory services and then allowed particular programs to exploit those additional services if/as they wished, but only if they wished. The fundamental reason they added those 31-bit services, besides fun and enjoyment, is that MVS 3.8j simply didn't support anything but 24-bit addressing. However, that's not a problem with Linux (or with z/OS). The operating system already supports 64-bit addressing really well, and developers are already free to exploit those capabilities, with knowledge of their own code and its quirks and foibles. The administrator managing Linux can enforce memory resource limits, so if there's a desire to limit ELF64 (or sam64'ed) application memory consumption to 4 GiB, no problem. The program might not like that either, of course, but the OS can enforce such limits. It seems like your idea would be a neat, creative trick if viable, but how would help? ------------ Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE, Multi-Geography E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Idea: Using SCRT to report on Linux usage; maybe a way to reduce the entry level cost for Linux on Z?
David Boyes wrote: >My main concern with the tool Tim mentioned is how closely >is it tied to the whole BigFix tool ecosystem? SCRT doesn't >seem to require any external dependency stuff to work >(other than a working Java interpreter), and a quick look >at the docs appear to show that the other tool seems to >bring in a whole bunch of other dependencies, some of which >are priced. Is that the case? ILMT is still zero charge, including the BigFix components that now come with it. See here for reference: http://www.ibm.com/support/docview.wss?uid=swg21993303#A2 If (and only if) you're going to use BigFix for other purposes, beyond what the components provided with ILMT are doing to support ILMT, then you'd have to license BigFix. As a general matter, IBM has indeed reduced the cost of entry to use Z and LinuxONE. Here are some examples: * The IBM Cloud's HyperSecure Database as a Service (DBaaS) offerings run on IBM LinuxONE machines. See here for an introduction: https://www.ibm.com/blogs/systems/hypersecure-dbaas-evolution-cloud-databases/ * The IBM Cloud's Blockchain Platform also runs on IBM LinuxONE machines. Details here: https://www.ibm.com/blockchain/platform/ * The IBM LinuxONE Community Cloud offers Linux virtual machines on real IBM LinuxONE machines for up to 120 days at no charge: https://developer.ibm.com/linuxone * The LinuxONE Rockhopper II, introduced last week, has further improved "on premises" and Cloud Service Provider (CSP) platform economics. In most countries, LinuxONE systems and software are now available via cloud-like pay-as-you-use pricing, even though they are "on premises" machines. That characteristic is at least uncommon among servers. -------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE, Multi-Geography E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Idea: Using SCRT to report on Linux usage; maybe a way to reduce the entry level cost for Linux on Z?
Dave Gibney wrote: >But, is the z/OS MIPS/MSU pricing model (IMO, one of the >major drags on the platform) really being extended into >this arena. SCRT facilitates sub-capacity licensing of z/OS, z/VSE, and software products for those operating systems such as CICS and WebSphere Application Server. Before SCRT you were generally required to license your whole machine at full capacity for all products. That's still an option if you prefer it; simply skip SCRT. Variable Workload License Charges (VWLC) for z/OS and related products were introduced about 18 years ago. IBM License Metric Tool (ILMT) facilitates sub-capacity licensing of software products on Linux (including Linux on Z and LinuxONE), Windows, AIX, and some other operating systems. The details are slightly different, in particular SCRT has some finer granularity (a good thing), but the broad concepts are similar. Likewise, there's no *requirement* to use ILMT. If you don't use ILMT, then you must license the full capacity of the machine (s) where you run the IBM software products. ILMT was introduced many years ago but well after the first SCRT release. ---- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE, Multi-Geography E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Idea: Using SCRT to report on Linux usage; maybe a way to reduce the entry level cost for Linux on Z?
IBM already has a sub-capacity accounting tool for Linux on Z and LinuxONE: the IBM License Metric Tool (ILMT). ILMT is already facilitating sub-capacity licensing of IBM software products on Linux on Z and LinuxONE. Details here: https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/IBM%20License%20Metric%20Tool ILMT is also available for (and common on) Windows, AIX, Linux on X86, etc. And it's a no charge, supported tool. I don't know if IMLT allows non-IBM software accounting, but that seems like a great idea to me if it's not already available. Try here if you want/need to lodge a Request for Enhancement (RFE): https://www.ibm.com/developerworks/rfe/?BRAND_ID=301 Be sure to look for preexisting ILMT RFEs that might be similar before opening a new one. IBM also already has sub-capacity licensing for z/VM, also via ILMT. Details here: https://www.ibm.com/common/ssi/rep_ca/7/897/ENUS217-267/ENUS217-267.PDF Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE, Multi-Geography E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: PHP on zLinux to DB2 on zOS connection
You also have the option to simplify, to connect directly to Db2 for z/OS if you wish. Connecting via the Db2 Connect gateway/server is quite optional; you don't actually need to get it working. :-) Db2 Connect *licensing* is still required. If you follow the direct/simpler path, then you'd most likely install the latest IBM Data Server Client or Client Runtime for Linux on Z and LinuxONE, available for download here: https://www.ibm.com/support/docview.wss?uid=swg27016878 Specific PHP setup instructions for the Client are available here: https://www.ibm.com/support/knowledgecenter/en/SSEPGG_11.1.0/com.ibm.swg.im.dbclient.php.doc/doc/t0011926.html You'd also make sure that there's a Db2 Connect license key activated on/for the Db2 for z/OS subsystem, using the db2connectactivate (.sh) command. Details are available here for Db2 Connect Unlimited Edition, for example: https://www.ibm.com/support/knowledgecenter/en/SSEPGG_11.1.0/com.ibm.db2.luw.licensing.doc/doc/r0057377.htm l I've provided the direct documentation links for Version 11.1 of the IBM Data Server Client and Db2 Connect. (Version 11.1 Data Server Client and Db2 Connect are compatible with Db2 for z/OS Version 12, too.) Adjust the release levels if you need to, but the latest releases would be great, to avoid bumping into possible past/known problems that have already been fixed. As yet another option, you should be able to run your PHP programs directly on z/OS. PHP for z/OS is available for download from Rocket Software here: http://www.rocketsoftware.com/zos-open-source Optional support is also available from Rocket Software. The PHP version currently available for download is Version 5.4.4, but I believe you can request a later beta version (PHP 7.something) from Rocket. Version 5.4.4 for z/OS, at least, can connect to Db2 for z/OS. Db2 Connect licensing is not required when your PHP programs run on z/OS. Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z & LinuxONE, Multi-Geography E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Interrupt affinity cannot be set on Mellanox card
James, Have you consulted any specific LinuxONE or Linux on Z network performance tuning documentation yet? There are many other parameters and settings that can influence performance. Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z and LinuxONE, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Interrupt affinity cannot be set on Mellanox card
Alan Altmark wrote: >It might, however, be an interesting idea to make the ioctl()s in the >device driver a no-op instead of not being present or generating its own >errnos. That way folks can turn the knob, feel better, but not see any >change since "it doesn't get any better than this". I like the general idea, although I'm not sure I like the specifics. Here's what Jingmin Zhai wrote, for reference: >We stopped the 'irqbalance' service first, then >echo > /proc/irq//smp_affinity >But get >"echo: write error: Input/output error" I suppose that's not a helpful error message, but it's echo that's generating the message. However, no-op'ing (accepting basically anything from echo and doing nothing) doesn't seem entirely satisfying either. How about a "no-op" plus a log message -- "I heard you, but I took no action because I'm already optimized for this thoroughly virtualized platform"? ------------ Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z and LinuxONE, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Interrupt affinity cannot be set on Mellanox card
Sebastian Ott wrote: >Setting irq affinity is currently not supported on s390. This platform's I/O architecture is unique. What are the real-world issues associated with not being able to set this parameter on this platform? And what are the suggested mitigations? ---- Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z and LinuxONE, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: How many Intel cores does an IFL emulate
*All* resources have cost attributes. I'm quite sure Netflix, for example, spends a huge sum on computing resources, although to my knowledge they don't have a mainframe -- at least not one of their own. (Maybe they should!) I would also point out that the world's top wealthiest people often acquired their fortunes in computing...but never specifically in mainframe computing, at least not so far. Those individuals are wealthier than anybody in human history, as it happens. Yes, mainframe owners and operators usually carefully monitor and manage mainframe resources. Sometimes their resource management practices make economic sense, sometimes not. At the same time, there's widespread agreement that other computing resources aren't generally being carefully monitored and managed enough. Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z and LinuxONE, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: How many Intel cores does an IFL emulate
in their needs and characteristics, sometimes a lot, *thank goodness* there are a few different computing platform choices. ------------ Timothy Sipples IT Architect Executive, Industry Solutions, IBM Z and LinuxONE, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Crazy idea - a KVM-SMAPI interface?
Do the z/VM Cloud Manager Appliance (CMA) and xCAT provide what you need? http://www.vm.ibm.com/sysman/openstk.html Timothy Sipples IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: The Mainframe vs. the Server Farm: A Comparison
Willemina Konynenberg wrote: >But according to the datasheets, upgrading, say, an H06 to an H13 >"requires planned down time" Well, keep in mind there's "always" a second machine *somewhere*, in another data center. For disaster recovery purposes, at least. That second machine can also be used for planned primary site outages. (There's something called "Capacity for Planned Events, or CPE, available if/when you have that requirement.) There are some other options, in no particular order: 1. The LinuxONE Emperor and IBM z13 machines do not require planned downtime when adding processor drawers, except if you are upgrading a machine specifically to the very highest density model (LinuxONE Emperor model LE1, IBM z13 model NE1). 2. You can certainly start right off the bat with a LinuxONE Rockhopper L20, or IBM z13s N20 model, and configure it with one or more IFLs. That is, if the planned outage would be a concern for some reason, no problem, plan ahead (a bit) and get some more physical capacity than otherwise if you think there's a reasonable or better possibility you will grow enough, soon enough. There's a bit of cost to do that, but relative to the alternatives it should still be more affordable. 3. You can roll in a "swing" machine (my term for it) during an upgrade. There are at least three variants. (a) For example, if you have an IBM zBC12 H06 that's running out of capacity, then you could simply order an IBM z13s N10 or N20, install it roughly or actually alongside your zBC12 machine, swing the workloads over to the new machine over a period of time (at least reasonably nondisruptively, presumably), then let IBM collect the zBC12 for your trade-in. (b) Or, alternatively, "borrow" a used older model machine that's still adequate enough for temporary use during a planned "quiet" interval, swing the workloads over to that temporary machine, let IBM upgrade your zBC12 to a z13s, roll onto the z13s, then let IBM collect the used machine. (c) Or, as still yet another option, swing your workloads to an IBM z System or LinuxONE remotely hosted environment (offered through IBM's or somebody else's cloud), upgrade your machine, then swing back. These events don't happen very often, and that's the point. (Every model cycle is, usually, "best practice.") When you can be concise and parsimonious in your server infrastructure, your hardware upgrades are simpler overall and apply to all or most of your infrastructure, all at once. You can ask IBM for advice on which approach makes the most business sense in your circumstances. ------------ Timothy Sipples IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Oracle on VM
David Boyes opined: >Tim's idea would be useful if z/OSe was still actively marketed by IBM zNALC z/OS, and the Solution Editions for z/OS, are the successors-of-interest to z/OS.e (and also to NALC z/OS). The successors are, in every respect, much better. IBM announced zNALC on January 9, 2007, i.e. over a decade ago. To be clear, I'm not asserting that my idea is "useful." I'm just answering the question, that's all. The range of new use cases for Oracle Database 10g R2 for z/OS on z/VM is likely to be extremely limited at best, especially given that Oracle Database 12c for Linux on z/VM is available. I'm still not sure why "pretend Linux doesn't exist..." is part of the need/desire/curiosity. z/OS and Linux both exist, and thrive. >A full z/OS license at current prices just for creating appliances would be >difficult to make work in a cost-effective manner Last I checked, zNALC z/OS with a reasonable set of optional z/OS elements had/has a U.S. commercial price starting at about $125/month, including standard IBM Support (24x7 Severity 1). For prospective OEMs, I don't know, but give your friendly IBM representative a call if you'd like to explore something. FYI, z/VM 6.4 already includes select components derived from z/OS 2.2. That's no secret because IBM just told the world that fact in the z/VM 6.4 announcement letter. Alan could probably tell you more (if he's allowed :-)), but my understanding (just reading what IBM has written) is that z/VM's z/OS-derived components support certain z/VM elements and features using common, battle tested codebases. One notable example is z/VM's LDAP client and server feature. The z/OS-derived components are really for z/VM's own use. However, perhaps z/VM's preexisting z/OS-derived components would interest you, and perhaps IBM would be interested in helping support whatever project you have in mind. No guarantees, of course, but it doesn't hurt to ask. -------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Oracle under z/VM without Linux?
For another "bizarre" answer, this path might work: 1. Obtain z86VM (beta) from Mantissa Corporation; 2. Obtain Microsoft Windows from Microsoft; 3. Install and run Microsoft Windows on z86VM on z/VM; 4. Obtain Oracle Database for Windows from Oracle; 5. Install and run Oracle Database for Windows on Microsoft Windows on z86VM on z/VM. Oracle Database 11g Express Edition is available here, at no charge, if you'd like to experiment with this particular recipe: http://www.oracle.com/technetwork/database/database-technologies/express-edition/overview/index.html To my knowledge, Mantissa's z86VM product is still in beta. Some information is available here: http://www.mantissa.com/mantissa-product-families/virtualization/ Mantissa has not certified Microsoft Windows yet, as far as I know. For now, at least, you'll need to stick to 32-bit Windows and 32-bit Oracle Database since z86VM does not include X86-64 support. I'm not sure why there's a desire (or curiosity?) to run Oracle under z/VM without Linux, but I'm answering the question as asked. -------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: Oracle under z/VM without Linux?
Oracle Database up through 10g R2 *can* run under z/VM without Linux. I'm referring to Oracle Database 10g R2 for z/OS, and of course z/OS can run on z/VM very well indeed. Hypothetically, Oracle or an authorized Oracle remarketer could ship Oracle Database in virtual "appliance" form for z/VM, similar to the Oracle virtual appliances available for Oracle VM VirtualBox. However, that hypothetical virtual appliance would still include at least a few parts of Linux. -------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
Re: LinuxOne and Oracle License
You can enforce the same caps on LinuxONE engines that you can on z System IFLs. To elaborate on that suggestion (which I like), you can also define a 5th LPAR if you wish that's outside the LPAR group. Allocate a bit of memory to that 5th LPAR, and use the 5th LPAR as a z/VM and/or Linux testbed (for example), without your licensed Oracle software. That'll provide an environment for testing z/VM and Linux patches and updates, as a "bonus." And/or you can play with KVM, Hyperledger, Apache Spark whatever you like, really, as long as you're still honoring all license agreements. -------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA E-Mail: sipp...@sg.ibm.com -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 -- For more information on Linux on System z, visit http://wiki.linuxvm.org/
