× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2014

RE: [Bulk] Re: iASP security

Aaron,

I'm not sure how a hosted LPAR is going to be cost prohibitive since there
is no extra cost to spin up a small partition, but I'll take it at face
value.

--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Aaron
Bartell
Sent: Monday, October 06, 2014 8:23 AM
To: Midrange Systems Technical Discussion
Subject: Re: [Bulk] Re: iASP security

A lot of good iASP feedback. I am initially documenting it in this publicly
editable GoogleDoc for ease/simplicity, though it should eventually end up
on wiki.midrange.com: http://bit.ly/whyibmi_iasp

<JimO: then why not just give each of them a virtually hosted partition
(hosted by IBM i or VIOS) and be done with it?

Cost prohibitive. Though I do believe this will get better in the future as
IBM continues to see IBM i adopted for cloud. Though I wonder if the 70-day
trial could work for some of the CI uses I am envisioning (see below).

<Larry: So you kinda can get to programs in the IFS if invoking them this
way works for you.

This is one of my concerns - that others can see the various iASP devices
and objects.

Let me back up a bit to convey a portion of the "why" behind my questions.
The IBM i community stands to gain a lot from the open source community via
PASE. The issue is that the open source community doesn't have dead simple
access to IBM i so Continuous Integration** tests can be run for our
platform. To see what I am talking about check out https://travis-ci.org.
In short, imagine if each time a commit was done to libxml2 that it would
spin up a logical environment on IBM i to compile and unit test to learn
whether the changes will work on IBM i.

**http://en.wikipedia.org/wiki/Continuous_integration

The chroot** environment approach gets close to meeting this need, but with
security holes once /QSYS.LIB gets involved. Obviously those security holes
aren't nearly as detrimental for open source CI so I think this could still
be an option. One thing chroot doesn't have that docker.io does is the
ability to limit resources*** (i.e. CPU) and that is one area I was curious
whether iASP might be able to help.

**youngiprofessionals.com/wiki/index.php/PASE/CHROOT
***http://bit.ly/workload_groups


Aaron Bartell
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.