Just a curiosity question. If you did not have to do this level of testing and documentation how many staff would you not need to have working there? A lot of this is still good practice for large departments but here we are 8 people in the iSeries group and 4 in the windows server group. The iSeries group is making application changes (in-house apps) all day long. We do have testing environments and have multiple people in the testing of changes (including the end user department) before we implement but we do not document changes to this extent. I could imagine needing to double staff (including a few technical writers) in order to document and test not only our own changes but those sent to us by IBM and Microsoft and the other dozen vendors we purchase software from. (We actually had 168 software vendors at last count but most of those packages are used for teaching and not production work. (e.g. A digital x-ray imaging system for students to train on; a automotive maintenance shop ticket/estimating system; AutoCAD software; on and on and on..))
p.s. Would swapping a network cable be considered a "change to the environment"? We had one go bad earlier this week that we just plugged in a new one and tossed the old one. The only people who knew it happened where me and the cisco tech who was helping me.
-----Original Message-----
From: midrange-nontech-bounces@xxxxxxxxxxxx [mailto:midrange-nontech-bounces@xxxxxxxxxxxx] On Behalf Of Jones, John (US)
Sent: Wednesday, January 16, 2008 9:36 AM
To: Non-Technical Discussion about the AS400 / iSeries
Subject: RE: i5 Youngsters
A change to the OS is a change to the environment. Ditto hardware
changes. Ditto network changes like going to a new DNS or moving from
100Mb Half to Gb Full.
In short, anything that can potentially have an impact to the
application/data/security/environment should go through change
management.
Install the app: Change Management
Install vendor patches: Change Management. But while you can take the
vendors word that their patch won't break the app, you can't assume that
it won't have bad interaction with other components of your environment,
hence you have to test/document over and above what the vendor says.
It is a PITA but if you have a properly designed environment with
separate test & prod systems/partitions then you have the infrastructure
needed to do ChgMgt properly.
And mostly it's documenting things and making sure people don't make
changes they aren't supposed to make.
--
John A. Jones, CISSP
Sr. Analyst, Global Information Security
Jones Lang LaSalle, Inc.
Voice: +1.630-455.2787
FAX: +1.312.601.1782
Email: john.jones@xxxxxxxxxx
-----Original Message-----
From: midrange-nontech-bounces@xxxxxxxxxxxx
[mailto:midrange-nontech-bounces@xxxxxxxxxxxx] On Behalf Of Mike
Cunningham
Sent: Wednesday, January 16, 2008 8:29 AM
To: 'Non-Technical Discussion about the AS400 / iSeries'
Subject: RE: i5 Youngsters
I can understand that at an application level change but not the OS
level. So if you purchase a package (say a PDF output package) and then
install that vendors regular scheduled patches, you have to get that
vendor to document every patch, what each one did, and then prove that
it works even if it's a package feature you don't use?
-----Original Message-----
From: midrange-nontech-bounces@xxxxxxxxxxxx
[mailto:midrange-nontech-bounces@xxxxxxxxxxxx] On Behalf Of Jones, John
(US)
Sent: Wednesday, January 16, 2008 9:25 AM
To: Non-Technical Discussion about the AS400 / iSeries
Subject: RE: i5 Youngsters
Change management is much, much more than a log of the change. It
includes the request for the change, an approval of the change, the
implementation of the change, verification that the change was done and
that it works as advertised, and a back out plan in case the change has
to be un-done. Ideally it includes a testing phase where the change is
tested in a non-production environment.
--
John A. Jones, CISSP
Sr. Analyst, Global Information Security
Jones Lang LaSalle, Inc.
Voice: +1.630-455.2787
FAX: +1.312.601.1782
Email: john.jones@xxxxxxxxxx
-----Original Message-----
From: midrange-nontech-bounces@xxxxxxxxxxxx
[mailto:midrange-nontech-bounces@xxxxxxxxxxxx] On Behalf Of Mike
Cunningham
Sent: Wednesday, January 16, 2008 8:19 AM
To: 'Non-Technical Discussion about the AS400 / iSeries'
Subject: RE: i5 Youngsters
I guess I'm glad I don't live in that world yet but I do have a question
on the auditing. IBM keeps a log of all PFTs that are applied and there
is no way I know of to apply a pft without it being logged. Why wouldn't
the auditors consider that sufficient record for change management?
-----Original Message-----
From: midrange-nontech-bounces@xxxxxxxxxxxx
[mailto:midrange-nontech-bounces@xxxxxxxxxxxx] On Behalf Of Jones, John
(US)
Sent: Wednesday, January 16, 2008 9:08 AM
To: Non-Technical Discussion about the AS400 / iSeries
Subject: RE: i5 Youngsters
EMC has just announced SSDs for their SANs. I'm not sure when they'll
ship (or what they'll cost!), but I'd assume this year. I'm typing this
off-line so I can't look up the announcement at the moment.
PCI-X v. -E: Cache transfers may benefit but we also need the Infiniband
implementation to up the intra-frame transfer speed before that's of
much use beyond the internal CEC drives. HSL at 2GB/s is already quite
fast although not quite full bus speed & certainly slower than main
storage..
I can understand the frustration about automating PTFs but also consider
the flip side. In organizations that have to adhere to SOX, SAS70,
other audit standards, or frameworks like COBIT, all changes to the
system must have associated change management records. So any automated
system still fails the test as accompanying change management records
would be missing. Our auditors look at installed PTFs and check them
against our change management system.
Change management is a hassle but it's critical to do in any regulated
environment. It's also quite useful when troubleshooting so it's
beneficial in unregulated environments as well.
That's not to say we couldn't have an automated method but have it be
optional, like MS provides with SUS & MOM. But MS fails that test on
occasion with silent installation of unapproved updates. And even if
you use SUS/MOM now you're talking about yet another server in the farm.
For me, when we do the change management process for adding PTFs it's
pretty easy to point Fix Central at the system and get everything in one
shot. Only takes a minute or two per LPAR and then I ignore the browser
for a while.
Bind: Then IBM should fix it/move to a newer release. Have they fixed
it in V5R4? How many System i shops use Bind on System i? It may not
be worth the effort. Not an excuse but development dollars are always
limited.
Intel v. POWER: Which Intel CPUs have 30+MB Cache? Which exceed 4.7GHz?
Which lead the spec benchmarks? If you're going to compare current
Intel chips you have to use current POWER chips - POWER6 @ 4.7GHz.
Itanium could have been competitive if Intel had used x86-64, but they
wanted a departure and let AMD define 64-bit x86 computing. Intel has
good processor technology - I have 3 Quad Core systems at home - but
they compete more with horizontal scaling than vertical. They do get
better each generation, though.
I can tell you our iSeries running JDE with a 200+GB database runs
circles around our SQL servers that handle 20-60GB databases. That
iSeries LPAR is 1.5 1.6GHz POWER5s and the SQL Servers are dual-quad
core Xeons. And the iSeries is running everything - presentation, apps,
batch, database while the SQL servers are running SQL server and have
other servers for the presentation & app layers (curious how Windows
doesn't seem to understand much in the way of batch workloads).
--
John A. Jones, CISSP
Sr. Analyst, Global Information Security
Jones Lang LaSalle, Inc.
Voice: +1.630-455.2787
FAX: +1.312.601.1782
Email: john.jones@xxxxxxxxxx
-----Original Message-----
From: midrange-nontech-bounces@xxxxxxxxxxxx
[mailto:midrange-nontech-bounces@xxxxxxxxxxxx] On Behalf Of Lukas Beeler
Sent: Tuesday, January 15, 2008 3:31 PM
To: Non-Technical Discussion about the AS400 / iSeries
Subject: Re: i5 Youngsters
On 1/15/08, Jones, John (US) <John.Jones@xxxxxxxxxx> wrote:
I don't doubt that the layout of the 515 is not service-friendly but
not
having seen one I'd have to wonder if the layout is designed for
better
airflow or makes sense from some other strategic standpoint.
The machine is short, like a small pizza box. Maybe to make dual-use
as a tower easier.
performance-tuned firmware. I hope we can skip 2.5" platter-based
drives and go straight to SSDs, either 2.5" or 3.5".
Well, the whole SSD thing *is* going to be interesting, but i doubt
that we'll see SSDs in mainstream servers in the next two or three
years.
that do better with larger size and/or better airflow. I also think
IBM
tends to size them a little larger than necessary so they aren't as
stressed if the chassis is maxed out.
That is usually the case with most "better" server hardware.
There's nothing wrong with PCI-X beyond it not being popular.
Performance-wise we aren't maxing it out (yet). Not being popular
will
Transfers from an IOA Cache can surely benefit from PCI-E attachment.
drive up adapter expense some, but they can engineer bridge chips
easily
enough to adapt PCI-E cards to PCI-X. That said, POWER6 systems have
both PCI-E and Infiniband in addition to PCI-X. See section 2.1.2 of
RedBook 5052.
Yes, i know. But there are no POWER6 based smaller machines.
Sure, i5/OS has problems and PTFs are released pretty much daily, but
how often do you have to actually load a PTF to address a problem
you're
having? It's exceedingly rare for most shops to have to do that.
Also,
the OS is huge and includes the database and all of the other bits we
love so PTFs cover a lot of territory.
They do. And the only thing about PTFs that i really hate is that you
can't automate them. (which would be really beneficial for very small
shops that only get help if somethings broken).
I've had several cases this year in which i needed PTFs. Web Query is
proudly leading the list with 5 PMRs and uncountable PTFs. Next comes
optical library handling.
Oh, and when we upgraded our test machine to V5R4 a few days after GA,
things weren't uninteresting either.
Bind and other OSS-type apps do tend to be behind the latest. But as
long as there isn't a critical bug in the old version I don't really
see
anything wrong with that.
Older versions of bind are susceptible to a variety of DNS poisoning
attacks.
FWIW the box in question isn't sub-2GHz; it's a POWER5+ with 48GB RAM
and 3TB DASD (RAIDed capacity). Our other i5 is a POWER5 and will
probably go 5+ or 6 sometime this year.
The fastest POWER5+ CPUs are 2.2 Ghz and dual core. They're way behind
Intel's current offerings.
--
Read my blog at
http://projectdream.org
--
This is the Non-Technical Discussion about the AS400 / iSeries
(Midrange-NonTech) mailing list
To post a message email: Midrange-NonTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-nontech
or email: Midrange-NonTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/midrange-nontech.
This email is for the use of the intended recipient(s) only. If you
have
received this email in error, please notify the sender immediately and
then
delete it. If you are not the intended recipient, you must not keep,
use,
disclose, copy or distribute this email without the author's prior
permission. We have taken precautions to minimize the risk of
transmitting
software viruses, but we advise you to carry out your own virus checks
on
any attachment to this message. We cannot accept liability for any loss
or damage caused by software viruses. The information contained in this
communication may be confidential and may be subject to the
attorney-client
privilege. If you are the intended recipient and you do not wish to
receive
similar electronic messages from us in the future then please respond to
the
sender to this effect.
--
This is the Non-Technical Discussion about the AS400 / iSeries
(Midrange-NonTech) mailing list
To post a message email: Midrange-NonTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-nontech
or email: Midrange-NonTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/midrange-nontech.
--
This is the Non-Technical Discussion about the AS400 / iSeries
(Midrange-NonTech) mailing list
To post a message email: Midrange-NonTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-nontech
or email: Midrange-NonTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/midrange-nontech.
This email is for the use of the intended recipient(s) only. If you
have
received this email in error, please notify the sender immediately and
then
delete it. If you are not the intended recipient, you must not keep,
use,
disclose, copy or distribute this email without the author's prior
permission. We have taken precautions to minimize the risk of
transmitting
software viruses, but we advise you to carry out your own virus checks
on
any attachment to this message. We cannot accept liability for any loss
or damage caused by software viruses. The information contained in this
communication may be confidential and may be subject to the
attorney-client
privilege. If you are the intended recipient and you do not wish to
receive
similar electronic messages from us in the future then please respond to
the
sender to this effect.
--
This is the Non-Technical Discussion about the AS400 / iSeries
(Midrange-NonTech) mailing list
To post a message email: Midrange-NonTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-nontech
or email: Midrange-NonTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/midrange-nontech.
--
This is the Non-Technical Discussion about the AS400 / iSeries
(Midrange-NonTech) mailing list
To post a message email: Midrange-NonTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-nontech
or email: Midrange-NonTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/midrange-nontech.
This email is for the use of the intended recipient(s) only. If you have
received this email in error, please notify the sender immediately and then
delete it. If you are not the intended recipient, you must not keep, use,
disclose, copy or distribute this email without the author's prior
permission. We have taken precautions to minimize the risk of transmitting
software viruses, but we advise you to carry out your own virus checks on
any attachment to this message. We cannot accept liability for any loss
or damage caused by software viruses. The information contained in this
communication may be confidential and may be subject to the attorney-client
privilege. If you are the intended recipient and you do not wish to receive
similar electronic messages from us in the future then please respond to the
sender to this effect.
--
This is the Non-Technical Discussion about the AS400 / iSeries (Midrange-NonTech) mailing list
To post a message email: Midrange-NonTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-nontech
or email: Midrange-NonTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at
http://archive.midrange.com/midrange-nontech.
As an Amazon Associate we earn from qualifying purchases.