× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



One quick question: If the goal is to set up multi-tenant situations on a
system, and you set the minimum storage for each tenant at 480GB (80x6 to
support V7R2) then why not just give each of them a virtually hosted
partition (hosted by IBM i or VIOS) and be done with it? The security is
entirely up the tenant and your networking/system administration and
management are somewhat more streamlined and mainstream. Now you're not
carving up physical storage, and it's more efficient. (see iDevCloud --
That's how Larry and I set it up to start with and Pete and Larry continue
to this day doing it that way)

Want to use PowerHA to provide HA services, then put the NWS storage in the
iASP. Done. There are a couple of small gotchas in that approach but it
solves the security and a plethora of other problems I can think of in an
iASP environment.

--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Nathan Andelin
Sent: Thursday, October 02, 2014 6:07 PM
To: Midrange Systems Technical Discussion
Subject: Re: iASP security

The promotional material associated with IASPs seems to be over-reaching -
at least to me. They promote partitioning disk units between tenants. That
leads to running more disk drives without much in return, as far as I can
tell. I seem to recall Power HA relying on it.

I recall reading that when you vary off an IASP, you can no longer use the
Libraries (or SQL Schemas) associated with it.

It seems to me that Libraries already offer a suitable means of separating
tenant data, without needing to assign disk units to each.

The "help" associated with INLASPGRP says that the SETASPGRP command can be
used to change the thread's initial setting.

Nathan.


On Thu, Oct 2, 2014 at 4:08 PM, Aaron Bartell <aaronbartell@xxxxxxxxx>
wrote:

The session or Job may be associated with an "Initial ASP Group", but
what
does that mean? I doubt that it has anything to do with user-object
authority.

That's what I am trying to figure out. iASP is being declared, by
IBM, as a good SaaS-model-way to separate out multi-tenant situations
(i.e. same named libs but different iASP). What I am trying to
determine is if this SaaS they are talking about was in a situation
where the user didn't have access to a command line and instead it was
only through a browser. I shot an email off to IBM but also wanted to get
community input.

Aaron Bartell

On Thu, Oct 2, 2014 at 4:40 PM, Nathan Andelin <nandelin@xxxxxxxxx> wrote:

I don't have a server with multiple IASPs to test this, but I
question
the
assertion about users being "placed in" an IASP when they sign-in.
The session or Job may be associated with an "Initial ASP Group",
but what
does
that mean? I doubt that it has anything to do with user-object
authority.

Nathan.


On Thu, Oct 2, 2014 at 3:14 PM, Aaron Bartell
<aaronbartell@xxxxxxxxx>
wrote:

Hello,

I have some iASP security questions I hope someone can answer.
Let me
lay
out a scenario:

*Scenario*
- I have a single IBM i instance, let's call this IBMi1
- I have two IASPs configured, IASP1 and IASP2
- I have two users configured, USR1 and USR2 (QSECURITY=30,
USRCLS(*PGMR))
- USR1 has a *JOBD with INLASPGRP(IASP1)
- USR2 has a *JOBD with INLASPGRP(IASP2)
- I have two libs, LIB1 is in IASP1 and LIB2 is in IASP2
- I have two RPG *PGM objects, RPG1 is in LIB1 and RPG2 is in LIB2

When USR1 logs into a IBMi1 5250 session (and inherently placed in
IASP1),
can they see or attempt to invoke LIB2/RPG2 in IASP2 if the
authority
is
*PUBLIC(*USE)?

Can USR1 see or invoke IFS files in IASP2 if files are set to
chmod
go+rx?

I would test this myself except I am having issues setting up the
scenario
on IBM's PDP
<


https://www-304.ibm.com/partnerworld/wps/servlet/ContentHandler/stg_co
m_sys_power-development-platform

service
(I have an email into support). I would try iASP on the variety
of
other
servers I have access to, but I don't want to accidentally hose
anything
:-P

Thanks,
Aaron Bartell
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.