Re: Gold On LUN

2017-09-08 Thread Willemina Konynenberg
To me, all this seems to suggest some weakness in the virtualisation infrastructure, which seems odd for something as mature as z/VM. So then the follow up question would be: is the host infrastructure being used properly here? Is there not some other (managable) way to set things up such that

Re: Gold On LUN

2017-09-08 Thread Greg Preddy
Thanks Robert and others, We figured there would be a learning curve, I think we'll get it figured out, we just need to figure out everything, then how you do those things on SLES12. On 9/8/2017 3:28 PM, Robert J Brenneman wrote: Ancient history:

Re: Gold On LUN

2017-09-08 Thread Robert J Brenneman
Ancient history: http://www.redbooks.ibm.com/redpapers/pdfs/redp3871.pdf Without NPIV you're in that same boat. Even if you had NPIV you would still have to mount the new clone and fix the ramdisk so that it points to the new target device instead of the golden image. This is especially an

Re: Gold On LUN

2017-09-08 Thread Alan Altmark
On Friday, 09/08/2017 at 04:46 GMT, Scott Rohling wrote: > Completely agree with you ..I might make an exception if the only FCP > use is for z/VM to supply EDEVICEs AND the PCHID is configured in the IOCDS as non-shared. Alan Altmark Senior Managing z/VM and

Re: Gold On LUN

2017-09-08 Thread Alan Altmark
On Friday, 09/08/2017 at 05:14 GMT, canzon...@verizon.net wrote: > I'm a proponent of NPIV. But, limitations on how many NPIV wwpns can connect > to a SAN storage unit is a big problem. Am I right that only 64 allowed with > z14 per channel? With that rate, we ran out of slots for FICON

Re: Gold On LUN

2017-09-08 Thread Mark Post
>>> On 9/8/2017 at 10:19 AM, Greg Preddy wrote: > Bingo! No NPIV so our only hope is fixing the clone with it mounted to > gold server or in recovery mode, but if "It's all tooling, no direct > editing of any config files with SLES." then how do we fix this? As others have

Re: Gold On LUN

2017-09-08 Thread Mark Post
>>> On 9/7/2017 at 09:08 AM, Greg Preddy wrote: > All, > > We're doing SLES 12 on 100% LUN, with gold copy on a single 60GB LUN. > This is a new cloning approach for us so we're not sure how to make this > work. Our Linux SA got the storage admin to replicate the LUN, but when

Process to clone SLES 12 guest installed on LUN?

2017-09-08 Thread Rodery, Floyd A CIV DISA SEL2 (US)
In reference to some of the previous email traffic "Gold On LUN", is there a documented method to clone a SLES12 server that is installed on an FCP LUN and create a new guest using the cloned LUN? I know this is routinely done with EDEVs, but haven't seen much relating to accomplishing the

Re: Gold On LUN

2017-09-08 Thread canzonet1
Hi Scott/Alan, I'm a proponent of NPIV. But, limitations on how many NPIV wwpns can connect to a SAN storage unit is a big problem. Am I right that only 64 allowed with z14 per channel? With that rate, we ran out of slots for FICON cards. Regards, Tom -Original Message- From: Scott

Re: Gold On LUN

2017-09-08 Thread Scott Rohling
Completely agree with you ..I might make an exception if the only FCP use is for z/VM to supply EDEVICEs -- but I haven't seen an EDEVICE-only implementation yet myself - it's always in combination with some guest attached FCPs. I have had a hard time explaining FCP/NPIV to mainframe

Re: Gold On LUN

2017-09-08 Thread Alan Altmark
On Friday, 09/08/2017 at 02:20 GMT, Greg Preddy wrote: > Bingo! No NPIV *sigh* Folks have GOT to switch to NPIV!! If I audit such a system, it fails. It's like sharing passwords. No accountability, no separation, no access control, no assurance that the Golden Master is

Available now: Linux on z Systems publications for SUSE Linux Enterprise Server 12 SP3

2017-09-08 Thread Dorothea Matthaeus
This document describes the device drivers available to SUSE Linux Enterprise Server 12 SP3 for the control of IBM Z devices and attachments. It also provides information on commands and parameters relevant to configuring Linux on z Systems. New security features include FIPS mode and

Re: Gold On LUN

2017-09-08 Thread Steffen Maier
On 09/08/2017 04:46 PM, Steffen Maier wrote: On 09/08/2017 04:19 PM, Greg Preddy wrote: gold server or in recovery mode, but if "It's all tooling, no direct editing of any config files with SLES." then how do we fix this? You could run the customization in a chroot environment on the cloned

Re: Gold On LUN

2017-09-08 Thread Steffen Maier
On 09/08/2017 04:46 PM, Steffen Maier wrote: On 09/08/2017 04:19 PM, Greg Preddy wrote: Bingo!  No NPIV so our only hope is fixing the clone with it mounted to NPIV won't solve clone customization. It just solves perfect access control. Your boot from the un-customized clone disk would fail

Re: Gold On LUN

2017-09-08 Thread Steffen Maier
On 09/08/2017 04:19 PM, Greg Preddy wrote: Bingo!  No NPIV so our only hope is fixing the clone with it mounted to NPIV won't solve clone customization. It just solves perfect access control. Your boot from the un-customized clone disk would fail with perfect access control because of access

Re: Gold On LUN

2017-09-08 Thread Greg Preddy
Bingo! No NPIV so our only hope is fixing the clone with it mounted to gold server or in recovery mode, but if "It's all tooling, no direct editing of any config files with SLES." then how do we fix this? On 9/8/2017 9:05 AM, Scott Rohling wrote: That depends on whether NPIV is enabled ...

Re: Gold On LUN

2017-09-08 Thread Scott Rohling
That depends on whether NPIV is enabled ... otherwise this guest could have the same access as the one it was cloned from.. Scott Rohling On Fri, Sep 8, 2017 at 6:41 AM, Steffen Maier wrote: > Volume access control (LUN masking / host mapping) should prevent access >

Re: Gold On LUN

2017-09-08 Thread Steffen Maier
Volume access control (LUN masking / host mapping) should prevent access to a golden volume. You'd still need to customize disk clones to make them work but it should at least break early during boot and not accecss the golden image (especially not writable and thus potentially destroying its