Upload
jen-cintora
View
223
Download
4
Tags:
Embed Size (px)
DESCRIPTION
POWER IT Pro offers an array of resources, news, and perspectives on IBM Power systems and servers, including Pure, AIX, and IBM i.
Citation preview
Discover the IBM Mobile Systems Remote App
Monitor the Health of Your IBM i Environment with Systems Director
Secrets of an AIX Administrator, Part 5
Explore Backup and Restore with Tivoli Storage Manager
Yo u r P u r e , A I X , A n d I B M i Au t h o r I t Y
A P e n to n P u b l i c At i o n n o v e m b e r 2012 / v o l . 1 / n o. 7
Plus >>
Checklist
DeploymentHosted Infrastructure
for
By using WebSmart templates, I was able to create a page with a table of DB2/400 production data in under 10 minutes. And three days later, I had developed the wholesite that took me almost two months to accomplish using other tools.— Thomas Hughes, Benetech
Visit BCDsoftware.com/power to learn more. 630-986-0800TMs mentioned are those of BCDII or of their respective owners. © MMXII BCDII
Accelerate your web application development with WebSmart®
Open source and host on IBM i, Linux or Windows PHP: IBM i centric & faster for RPG
programmers to learnILE:
With Websmart you begin with a fully functioning web application instead of spinning your wheels �guring out how to start.
Features that will accelerate your web development:
Templates create base HTML and PHP or RPG
HTML tools, code prompting and debugger
DB2, MySQL, MS SQL and Oracle templates
Wizards to call back-end RPG programs
Web Services, AJAX and jQuery enabled
Select your ride. O�ered in two powerful editions:
Rapidly develop any type of PHP or RPG web application and speed through the web development learning curve.
W
INNER OF
IND
US T R Y AWAR
DS40
W
INNER OF
IND
US T R Y AWAR
DS40
Video is Loading...
Checklist for Using Hosted Infrastructure — Mel BeckmanWhether you call it colocation, software as a service, web hosting, or the cloud, any time your applications move offsite, you need to do your due diligence. You have a responsibility to assess reliability, predict app performance, maintain data security, provide for disaster recovery, and—above all—maintain your business’s continuity. In this article, Mel Beckman lists the 10 most important principles for using hosted infrastructure and keeping your offsite experience a profitable and safe one.
Cover Story ▼
Access articles online at www.POWERITPro.com.
Features 37 Monitoring IBM i with
IBM Systems Director Erwin Earley
51 Secrets of an AIX Administrator, Part 5 Christian Pruett
Power at Work 55 Discovering IBM Mobile Systems Remote Greg Hintermeister
63 Keep Your Files Private with EFS David Tansley
73 SAN Migration via LVM: Don’t Forget Raw Logical Volumes
Anthony English
77 How Do I Create a Virtual Optical Disk? Rob McNelly
78 How to Control SSH Access to a Server David Tansley
79 The Tivoli Storage Manager Cheat Sheet, Part 1
Christian Pruett
N o v e m b e r 2 0 1 2 | v o l . 1 N o . 7
Chat with Us
5 Power News
12 New Products
15 Industry Issues: IBM Unleashes POWER7+ and Power Systems Software Solutions Chris Maxcer
21 IBM’s Dark Matter Seamus Quinn
83 Hot or Not: Interfacing Change Sean Chandler
85 Advertising Index
In every Issue
25
25 w w w . P O w E R I T P R O . c O m P O w E R I T P R O / N O v E m b E R 2 0 1 2
The concept of hosted infrastructure isn’t a new one, but the advent of public cloud computing has made it a lot easier to buy offsite compute services. Not all hosted infrastructure is in
the public cloud, however. The economies of cloud-based infrastruc-ture have created a surge in the use of private colocation, or “colo,” facilities that let you host your own servers, switches, and routers, or lease dedicated hardware from the colo operator. It’s true that you can buy cloud computing resources in smaller increments with zero capital investment. But in the long run, the cloud still costs more than owning your own hardware.
The fly in the ointment has always been finding a place to put that hardware. If you operate it on your own premises, you must spend money building out a physical data center with the accompanying redundant power, cooling, and network facilities. And you pay top dollar for these, because you’re buying at the lowest purchase tier.
But colo facilities eliminate the need for data center build-out. They’ve already built massive data centers with multiple power sup-pliers, backup generators, excess cooling capacity, and connectivity directly to the core of the Internet. What’s more, that core connectivity
Mel Beckmanis senior technical editor for POWER IT Pro.
Cover StoryCover Story
Taking infrastructure offsite requires preparation
Checklist
DeploymentHosted Infrastructure
for
P O W E R I T P R O / N O v E m b E R 2 0 1 2 W W W . P O W E R I T P R O . c O m26
Cover Story
puts your company in very close proximity to your customers, suppli-ers, and anyone else you do business with, by dint of cutting Internet routes in half. In fact, some of your closest business partners might well be in the same colo facility you select.
Whether you’re using the public cloud or private colos, you can’t operate your gear and applications in the same way you would “back at the ranch.” Typically, a colo won’t be in the same city as your enterprise HQ; perhaps not even in the same country. That distance matters in an emergency, when you could be losing thousands of dollars every minute. The following precepts are essential rules to fol-low when you’re moving corporate computing jewels into any kind of hosted environment. Follow them and you’ll reap benefits from hosted infrastructure.
Implement Out-of-Band ManagementOut-of-band (OOB) management is the practice of using a separate, dedicated network path for routine administrative traffic: monitoring, configuration, and diagnostics. Many organizations, including the vaunted Amazon, have shortchanged themselves by running man-agement tools over the same network as their hosted applications. Although so-called “in-band” management works in the short term—and seems to save money—it fails you at the worst possible moment: when the production network is saturated due to some sort of appli-cation fault or transport overload.
If you’re building a colo installation, OOB (pronounced “oobie”) is straightforward to implement. You set up an isolated VLAN for management traffic and purchase an alternative communication path from a telecom provider, such as a DSL, Multiprotocol Label Switching (MPLS), or another low-cost, low-bandwidth circuit. It’s best if the OOB circuit isn’t Internet-based, because any Internet problem affecting your colo could potentially impact, for example, an Internet DSL circuit. But even a back door Internet path is bet-ter than in-band management. Cellular modems are becoming a
27 w w w . P O w E R I T P R O . c O m P O w E R I T P R O / N O v E m b E R 2 0 1 2
Hosted Infrastructure
popular OOB service, but you might have problems with reliable cell reception inside a large colo facility.
In Amazon’s massive cloud services outage in the spring of 2011, OOB would have saved the day. A technician error resulted in saturated data paths between Amazon’s multiple East Coast data centers, swamp-ing the in-band management traffic. As a result, Amazon technicians weren’t able to wrest back control of the network for four days.
With wide area network (WAN) services getting steadily cheaper, you might find that a dedicated circuit is cheap insurance against being locked out of your hosted infrastructure. All major cloud pro-viders let you purchase private WAN services from various telecom suppliers, so make an OOB WAN (yes, that’s a bad pun) the first item on your colo checklist.
Build an Isolated Management NetworkFor security reasons, it’s always a good idea to separate management and application traffic, even in your HQ network. Isolating manage-ment traffic within your slice of hosted infrastructure goes hand-in-hand with OOB management, but it’s not the same thing for colo and public cloud environments. In a colo, you control the physical topology of the LAN interconnecting your equipment, so it’s easy to set up separate physical and/or logical networking. In a public cloud, however, you don’t necessarily even know what city your servers are in, let alone how they physically interconnect.
In the colo realm, isolating management traffic isn’t necessarily simple. Not all devices have separate management Ethernet ports, and some might still use serial ports for management. Cisco rout-ers, for example, and standalone AIX servers still use dedicated serial ports for some low-level administrative chores such as firmware upgrades. If you have a say in equipment selection, choose gear that provides dedicated Ethernet management ports. These don’t need to be high-speed gigabit connections—100BaseT is fine. It’s also a good idea to provide a separate physical Ethernet switch fabric for OOB so
P O W E R I T P R O / N O v E m b E R 2 0 1 2 W W W . P O W E R I T P R O . c O m28
Cover Story
that management connections can survive a failure in the front-side application network fabric.
In a colo environment, you might be tempted to use your primary border firewall as the portal for OOB. Resist that temptation. Even a fully redundant, hot-failover firewall installation can die completely, and then where will you be? Keep OOB facilities as redundant and separate as possible.
Install Deep InstrumentationA common practice in local enterprise data centers is to set up worst case scenario alarms for such things as HVAC, power, and server fail-ures, but to leave lower-level monitoring of network traffic, band-width utilization, and host resources to ad-hoc tools. When a problem arises, you’re already on-site, so “jacking in” a network monitor or protocol analyzer is easy to do. But in a hosted environment, you have to build in deep network monitoring because you can’t just attach to the network anywhere, or anytime, you want. Traveling a few hundred—or a few thousand—miles isn’t going to be practical in terms of incident response.
That deep instrumentation requires tools to collect data, filter it, format it for presentation, and issue alerts when anomalies occur. Is a CPU running hot? A network link congested? A SAN disk about to fail? You should be monitoring for these and a host of other condi-tions. You can deploy free open-source tools, such as Cacti, Nagios, Zenoss, and OpenNMS, to instrument your hosted facilities, or pur-chase ready-built commercial tools. It’s worth at least trying out the demos of commercial instrumentation products—you’ll get some great insight into what you want to monitor, and you might well dis-cover that building your own tools isn’t worth the hassle.
Establish Security Incident and Event ManagementDeep instrumentation probes infrastructure devices on a regular basis, recording variables and tracking them over time. Security Incident
29 w w w . P O w E R I T P R O . c O m P O w E R I T P R O / N O v E m b E R 2 0 1 2
Hosted Infrastructure
and Event Management (SIEM) uses information generated by those devices in the form of system logs, Simple Network Management Protocol (SNMP) traps, and other alert messages. SIEM is a way to listen to the “chatter” generated by the myriad components in your infrastructure and correlate events that could be early warnings of an impending problem. With SIEM, you replace manual log review—which typically happens only after a problem arises—with automated event analysis.
A quality SIEM system lets you tailor the events you’re looking for while adapting to event stream changes on the fly, notifying you of unusual event sequences even if you didn’t explicitly program for them. At its simplest level, SIEM searches incoming events for such keywords as “fail,” “error,” and “intrusion.” But the real power of SIEM is its ability to notice patterns of suspicious events and notify you that something is afoot. For example, failed logins at three differ-ent devices in the span of a few minutes might well signal a concerted inside attack on your hosted infrastructure. Spend time testing SIEM products with your own event streams to compare how well each prospective product works in your runtime environment.
As with instrumentation tools, free, open-source SIEM packages such as Simple Event Correlator and SAGAN are available. This is one network tool arena where the open-source community hasn’t kept up with commercial developers, so you should experiment with one or more proprietary products before settling for open source.
Control Service Quality with Policies and EnforcementComedian Lily Tomlin once quipped about quality control: “If we don’t control quality, it could get out of hand.” In the confines of a hosted infrastructure environment, it’s possible for quality to be delivered inappropriately. You want high-priority applications to get the resources they need (in the form of CPU, memory, and band-width) to accomplish their mission-critical objectives. You don’t want a lower-priority application to sap infrastructure performance.