Once I wrap my head around all that, it's still AIX so that means it can
still be compromised, yes?

Enough about all this, the point is made. Some services should not be
virtualized without hard backup. Then again you set it up as you choose
and roll the dice....... Just remember even in craps the odds are in the
house's favor......


--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On Wed, Oct 13, 2021 at 11:43 AM Rob Berendt <rob@xxxxxxxxx> wrote:

Of course, since the backups of such servers are done with IBM Spectrum
Protect and they reside on an AIX lpar on an IBM Power server with internal
drives hosted by IBM i, and the backup SP server has never been 'activated'
and tested, we should be good, right?



Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob
Berendt
Sent: Wednesday, October 13, 2021 12:06 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: Do you run DHCP on IBM i?

I suspect the one in Garrett is a dedicated appliance. They should be
able to get to that. Garrett is also the closest to employees. So it
could be fixed first, or at least attended to by someone while the rest are
enroute to the other locations.

I'm going to the DC in Grand Rapids on Thursday the 14th.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Jim
Oberholtzer
Sent: Wednesday, October 13, 2021 11:53 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Do you run DHCP on IBM i?

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.


And when the bad guys get that backup first, then hit the primary?

I have customers near you that had that very thing happen, the backups were
all clobbered about 10 minutes before the balance of the Virtualized
environment was encrypted. (IBMi only had three files in the IFS to
restore, otherwise it was unaffected). It took them quite some time to
rebuild all of that. IBMi had to wait until the network guys cobbled
together the DNS/DHCP etc.



--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On Wed, Oct 13, 2021 at 10:40 AM Rob Berendt <rob@xxxxxxxxx> wrote:

Again, we have redundant servers (vm based) in different data centers in
different states.
If one fries, dhcp will roll over to the other one.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Jim
Oberholtzer
Sent: Wednesday, October 13, 2021 11:30 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx

Subject: Re: Do you run DHCP on IBM i?

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.


OK, and when the VMWare or other virtualization got clobbered and
DNS/DHCP
etc, are required for the recovery, but wait they are on the virtualized
stuff, that requires the virtualization to recover, wait my head
hurts.....

Sure, run the servers on a virtualized environment, but have a hard back
up. Maybe it's even the third version of it. it's kinda like insurance,
when you don't need it, it's a real bother, until you do.

Too many times I've heard the "it's really fault tolerant and we have
backups", OK, how long to recover that stuff before the entire network is
available again? Answer: "um, we don't know it's never been done...."

Uh huh.....



--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On Wed, Oct 13, 2021 at 9:58 AM Rob Berendt <rob@xxxxxxxxx> wrote:

Jim,
We used to follow the dogma that things like DNS servers, etc should
have
their own hardware but we're backing away from that. Why use a 1U
server
when you can just make it a virtual server on your vmware server? This
allows snapshots, etc. And you can always set up a redundant on a
different vm server.
Why complicate the save/restore with dedicated hardware?

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Jim
Oberholtzer
Sent: Wednesday, October 13, 2021 10:50 AM
To: Midrange Systems Technical Discussion <
midrange-l@xxxxxxxxxxxxxxxxxx

Subject: Re: Do you run DHCP on IBM i?

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and
know
the content is safe.


I'm guessing the auditors would not like the IBM DHCP server since most
of
them can't spell "i" without help. The server works just fine, however
it
might not be quite as updated as one from Microsoft or on a Linux
distribution.

In the end things like DHCP, DNS, etc while they run just fine on IBM i
are
usually left to external devices. I advocate a physical server since
most
virtualization software relies on DNS too much, and that makes
recoveries
somewhat more difficult. Backups virtualized, no sweat, primary, that
should have it's own hardware. (face it a 1U server is really cheap)

--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On Wed, Oct 13, 2021 at 9:38 AM Scott Williams <
scottwill0707@xxxxxxxxx>
wrote:

Bossman says IBM told him not to run DHCP on the IBM i server so we
have
a
Windoze server handling that. It seems DHCP can run on IBM i, but I
can't
get a straight answer about why running DHCP on IBM i is "bad". Can
anyone
shed light on this? Do you run DHCP for your LAN on the IBM i? If
not,
what
solution do you use for your workplace LAN?

Thanks.
--
Scott Williams
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.