Oct 26 2009 3:22AM GMT
Posted by: Steve Pitcher
AS/400,
iseries,
lto,
tape,
safe,
System i
OK, well it’s the first Fire King I’ve purchased and I hate Lord of the Rings with a passion but I needed a title.
I have a Fire King DM2520-3 being delivered this Wednesday. This little monster weighs in at a whopping 1050 lbs and will hold about 210 LTO tapes. I only need storage for about 100 tapes, so there’s plenty of room for growth, documentation, CD/DVD media and other goodies we want to keep out of harms way.
While scoping out a fire resistant safe, I was given a few clear requirements.
- Get the best fire rating possible
- The 3 hour rating may be overkill, considering a standard office fire temperature would be lower than the 2000 F heat that this safe is rated to protect against, so you can’t say I didn’t find the best available. Actually, a 1 hour rated safe would probably suffice for most businesses considering if flame is in direct contact for 1 hour with your data safe then you’re probably storing your tapes in an oil refinery. Heat away from the fire is a much lower temperature than the actual fire, and since most material/fuel will burn away fairly quickly, most 1 hour safes would do the trick.
- Theft protection
- Considering this thing will take a locksmith a couple of hours to bust into if the front keypad melted off…it’s not easily broken into. Plus you’re not going to get a few fellas to haul a 1050 lb box away without making a little noise and alerting security.
This puppy is also rated against 30 foot drops and explosions. I’m not sure what they test explosions with, but that would have to be a neat job.
I’m curious, what do you all use for storage protection? Are there others out there with bigger, better and cooler physical media storage systems?
Comments welcome.
Oct 23 2009 1:48AM GMT
Posted by: Steve Pitcher
AS/400,
iseries,
ibm i,
management central,
monitor,
systems management,
navigator
Check out the November edition of System i News magazine. I submitted an article a little while ago that’s now been published in the Pro VIP section.
Check out www.systeminetwork.com and get yourself a subscription to a great resource.
If you have any questions, please feel free to comment and I’ll do my best to help.
Oct 8 2009 7:28PM GMT
Posted by: Steve Pitcher
AS/400,
iseries,
System i,
IFS,
quota
Users and storage quotas. Groan…
If you’re using the IFS on your iSeries for users to store files then you’ve probably struggled with storage management. I’ve often compared managing user storage to being a credit card company with a lot of irresponsible customers. We give a customer a $1000 credit limit (i.e., 100 MB of storage) and they go on a spending spree. Once they’ve reached their limit they ask for more money. Since they have good credit we give them an extra $500 (i.e., bump their storage limit an additional 50 MB). We may do this a couple of times before we catch on and send them to the collection department to hound them on a regular basis to get below their credit limit.
When users reach their storage quotas, simple things like generating spooled files are a problem because they don’t have any space to generate them. Then they call IT when their reports don’t print.
Now, users who need their storage caps adjusted for a business requirement have a legitimate reason. I’ll adjust your quota accordingly and perhaps make a case to add disk. My beef lies with knuckleheads using 90% of their storage on pictures of their family trip to Disney World. If you can afford the digital camera and the trip then you can afford a flash drive or a DVD burner. So pretty please, keep the crap off the production server.
I put together a little automated email routine to inform users and cut down on storage related support calls. Personally, I’d say I’ve easily cut the storage support calls by 50%. Here’s the gist of what the user gets:
- A quick explanation that every user has a storage quota and that they’re approaching it.
- How much space they have left.
- A list of files they own in descending order of size. I also include the last change date of the object.
There’s a number of pieces that put this together.
- Retrieve a listing of iSeries users using the DSPUSRPRF command to an outfile and then do some quick query/400 work.
- I interface with our Domino server to get the email address for each user. This is done by way of a simple Domino agent that exports mail users to a csv file on our iSeries.
- I determine which users are exceeding 90% of their storage quota via the output of the DSPUSRPRF command above.
- I get a list of objects each user owns (using the RTVDIRINF command, some CL and query/400) and create a csv file for that user with some RPG. The csv file generation stuff was put together after reviewing Scott Klement’s awesome website that has a section on working with files on the IFS http://www.scottklement.com/rpg/ifs.html)
- Each user is emailed the notification with the attached csv. This is accomplished, in my scenario, with the Javamail application that you can install on your iSeries free of charge.
If anyone would like an explanation on how to do build this yourself, please let me know and I’d be happy to help. It’s a Frankenstein solution, but it’s free and works well.
Oct 8 2009 6:50PM GMT
Posted by: Steve Pitcher
How hard is it to make a pot of coffee in the office? Not very hard at all.
It seems as though some people believe that the Java Fairy comes around every couple of hours and fills the coffee machine up for everyone. Free coffee in the office isn’t a right, it’s a privilege. My company doesn’t have to pay for it, but they do. There’s a coffee shop well within walking distance to our office.
You may as well leave half an inch of motor oil in the pot too. The Java Fairy will take what little “coffee” you left in the pot and empty it down the sink.
It’s a simple, free perk that we get. The last I checked there’s not many of those left. I’m assuming this perk would disappear after some guy inadvertently burns the building down by leaving an empty pot on the burner over the weekend.
The blatant lack of consideration for other co-workers is appalling. It’s a smack in the face to the people that take it upon themselves to actually clean the coffee pot after the motor oil has morphed into pure tar and effectively becomes part of the pot itself.
It’s not my place to regulate who gets to drink coffee from the coffee machine. If it was I’d be like Jerry Seinfeld’s Soup Nazi. You don’t clean the pot, you don’t use it. You take the last cup and leave a shot glass full burning away in the pot, no more cups for you!
I’m done prancing around the subject with people. Next time I see someone leave a dab of coffee at the bottom of the pot and put it back on the burner, I’m taking a picture of it and emailing it to everyone in the office and singling out the bugger that left it there. Hints don’t work with these people. Coaching doesn’t work. Promoting a sense of responsibility and community doesn’t work.
Maybe some old school chastising would?
Last chance.
Don’t mess with the coffee.
Sep 19 2009 2:22PM GMT
Posted by: Steve Pitcher
I’ll be doing a few things on Wednesday, September 23rd that will surely provide blog content.
- Updating Domino 8.0.2 to 8.0.2 Fix Pack 2 on our System i as well as our Windows server that hosts our Blackberry Enterprise Server.
If that goes fine (hey, it’s a snap!):
- Installing a new Domino server instance on System i.
- Installing Quickr on System i.
- I’m going to try really hard to get up to date on PTF’s as we’re about a year behind. Not too bad, but it should be done soon.
This machine hosts two 24×7 companies so it’s not often I get to shut her down, open up the hood and tinker about. I’m going to make the most of it.
Stay tuned.
Sep 19 2009 2:03PM GMT
Posted by: Steve Pitcher
I came across these instructions I posted a few years ago. It’s still relevant and beats the heck out of typing in your software keys.
http://search400.techtarget.com/tip/0,28…
Sep 3 2009 3:36AM GMT
Posted by: Steve Pitcher
AS/400,
qsecofr,
authority,
iseries
Well, 99% of the time they don’t. They probably don’t need any special authorities either. Here are a few examples of vendors trying to break the rules.
XYZ Software
I’m working with a new application vendor (we’ll call them XYZ Software) and they need access to our system to do some custom programming and software configuration.
Here’s what they asked for right off the bat:
1. Telnet port opened up on our firewall in order to access our iSeries
2. A new user profile with QSECOFR authority.
Well, the 1st request wasn’t going to happen…period. We use other methods to allow external parties secure access to our network.
The 2nd request I would allow only if the vendor could supply detailed reasons why they would need such excessive authority. As well, this profile would most certainly be audited. Not surprisingly, what they need to do (restoring objects to the XYZ software libraries and compiling programs) doesn’t require QSECOFR authority at all. Actually, it’s not even close. In reality the XYZ profile would just need proper access to the XYZ library in order for them to compile programs and restore objects to that library.
Vendors attempt to gain much more authority than they need in order to minimize your IT staff getting in their way in the future. They don’t want the hassle of asking for authority to a command or a library so they go for broke and tell you they “need” QSECOFR authority.
ABC ERP Software
Another vendor I’ve dealt with, I’ll call them ABC ERP Software, really gets away with murder in terms of going against industry security standards. I’m sure I could make a fortune going to their customer sites and plugging the security holes, but that’s another story.
ABC Software, sadly, was given a profile called ABC which was a copy of the QSECOFR profile. Let’s say it was somewhat “needed” at the time as they were given the entire task of setting up a new iSeries server, restoring licensed programs, installing ptf’s, etc., so we let it fly. Once we got the new ERP up and running I wanted to scale that profile back to a less dangerous set of authorities.
This vendor had a fit. I was told by their Senior iSeries guru in a very curt email that if I changed anything about the profile then the ERP system would fall apart at the seams. I called his bluff and asked how and why each special authority was needed. He then displayed either true ignorance towards system security or a barrage of BS that would silence most iSeries techs afraid stand up to the scary senior analyst.
I was told the ABC profile needed *SERVICE and *JOBCTL special authorities to run a STRDBG command. Untrue! To debug a program, you only need *change authority to the object. If you don’t have *change, you need *use on the object AND *service special authority.
Also, they wanted *SERVICE so that they could access the System Service Tools. No thank you.
I was also told that they have to have *SPLCTL as they “need” to view all user’s spooled files. Again with the “need.” Sure buddy. On our payroll server. Right.
In the end I successfully debunked the necessity of 5 of the 8 special authorities ABC company wanted, including *ALLOBJ.
A few months later this “guru” stated that any user that wanted to use Fax/400 needed to have *SPLCTL. Also, I remember him stating that all users should have their MAXSTG set to *NOMAX to compensate for the lack up garbage collection in their ERP. You see, they have a GUI spooled file viewer that creates temporary PDF files in QDLS…but these files would stay there forever. Unbelievable.
Always question anyone who doesn’t have a vested interest in your company. You hold the responsibility for the security of your system, not them.
Sep 3 2009 12:28AM GMT
Posted by: Steve Pitcher
I’ve submitted an article that’s hopefully going to be published in System i News magazine in the next little while.
The article focuses on how to use Management Central to perform just about any kind of monitoring for messages or system events and how to alert administrators about them. Once the article is published I’ll post the link here and discuss any questions you may have. I believe you have to register at systeminetwork.com in order to view their issues online. It’s a great magazine, so I’ll suggest you join up as it’s a great resource for all things i.
