Volume 0808-1 iTips - A Free Service from illustro August 6, 2008
Welcome Back, iTippers!
We are excited to announce the return of iTips to the VSE community. As most of you are already aware, iTips is a free service provided by illustro to give you weekly tips and tricks from the expertise of our staff. Within each newsletter, you will find the weekly "iTip", with topics spanning many aspects of our industry.

Please spread the word within your organizations and invite your coworkers to sign up so they can benefit from this as well!

 

Have You Seen What You've Been Missing?
...in your VSE TCP/IP systems that is. illustro's z/IPMon® is the only full function problem and performance manager for your critical VSE TCP/IP systems. We know you have invested enormous amounts of time and money in your VSE systems and you've never been able to peer inside your TCP/IP system to manage any issues, errors or to even see what went wrong yesterday - until now!

z/IPMon is the central nervous system for managing your VSE communications, connections and any protocols happening in your system. Dynamic updates using a 100% Web-based AJAX interface give you instant alerts on all activity in your system. Need to know what went wrong yesterday? z/IPMon's exclusive Retrospect® feature allows you to go back in time and view all activity from any previous point in time and replay the session to look for traffic anomalies. We want you to be "in the know" and it's about time you were! Come See What You've Been Missing today!
Click Here to Understand What's Happening Inside Your TCP/IP System!

 View an interactive video demo of z/IPMon in action

 You can start a FREE TRIAL of z/IPMon today - Click Here!

This Week's iTip!

Privilege classes for VM guests
If you are running VM with z/OS, z/VSE, or z/Linux guests, you should review the CP privilege classes assigned to those guests. Quite probably your guests are allowed more authority than you need, which can have unfortunate consequences.

Examine the directory entry for each guest, particularly the USER card. It will look something like:

USER VSEPROD PASSWORD 64M 64M ABCDEFG

This defines userid VSEPROD (with a password of "PASSWORD") to have 64M of virtual storage, and CP privilege classes A through G. Absent any class override definitions (more on that in a bit), this means that your VSE guest can execute any CP command, including those that can alter real storage or shut down the VM system. Since CP commands can be executed programatically, this also means that any job that can get into supervisor state can, for example, forceably log off any other virtual machine on the same VM image. If your auditors found out, they'd have kittens.

Far better to limit the scope of what your VSE (or z/OS, or z/Linux) guest can do by restricting the privilege classes to B, F, and G, although the required classes may be different in your shop. Class B allows attach and detach of real devices, such as tape drives. Class F allows hardware diagnostics, and every user on the system should have class G, or innocuous "general user" class commands.

If you want to get precise with the privileges that you allow, consider creating a class override file. This mechanism allows you to define a new CP privilege class that contains just the commands you specify. The idea is to take an unused class (IBM only defines commands in classes A-G) and add commands that your guest needs to that new class, while not adding any commands that you don't want your guest to have.

For example, if you wanted to allow all class "A" commands except for SHUTDOWN (brings down the VM system) or FORCE (logs off another user) then you'd use an override file to create a new class, say "V", that contains all of the commands currently in class "A" except for SHUTDOWN and FORCE. Then you'd remove class "A" from the VSEPROD directory entry, and add class "V".

All of the facilities mentioned in this article are documented in "CP Planning and Administration" and "CP Command and Utility Reference" for your release of VM, so go and tighten up your system security.

Do you have something to add to this tip? Add it to the VSEWiki page!
Get Started on Migrating Your VSE 3.x System Before It's Too Late
With Help from illustro - the VSE Experts!
   
Time is Ticking. As you know, IBM has announced the end of technical support for VSE version 3.1 effective July 2009.

ACT NOW to make sure your critical VSE system is supportable by IBM!

NOW is the time to start the process, and illustro is making it Easy for you. Why should you use illustro?

Here are just a few of the many reasons:
  • Over 20 years of Experience with VSE Migrations. Our staff has been helping VSE customers all around the world with their migration needs for 2 decades.
  • Unmatched Expertise - illustro's professionals have a wide range of expert knowledge and skills. That's why IBM turns to us to provide VSE education and even to speak at their technical conferences.
  • 100% Success Rate with Migrations - NEVER Failed! Every one of our customers are available as a reference. We offer a 100% satisfaction guaranteed.
  • Non-invasive/Reduced Expenses - Our team can complete portions of the migration on our site so the impact on your environment is minimized. Remote access to our system allows you to test your new system setup
  • Costs are Capped - We will scope your migration project to take everything into account, and provide a proposal with a fixed fee. This means we will accomplish the migration regardless of the number of hours required, guaranteed!
  • Proven Methodology - illustro's iMoveTM  Project Method for Migrations embodies 2 decades of experience to ensure nothing is forgotten and the process is streamlined.
  • Entire Project or Assistance - Some of our customers just don't have any time out from their busy day-to-day to focus on a migration project, and ask for us to do the entire project. Others just want some assistance to ensure best practices are used and to ensure success. 
  • On Site Cutover - One of our system engineers will be onsite on the day you plan production cutover, and will stay until all issues are resolved. We're there in the trenches with you.

 
Migrations typically take several weeks to months, so it's important to start the planning and scheduling process NOW!
 
Call Us or email today to request your FREE project proposal.
With VSE Version 3 support ending soon,
our schedule will book up fast!

Visit illustro.com/UpgradeVSE to learn more
or Call us Toll Free at 866-4-illustro (outside the U.S. +1.214.800.8900)

We Want to Hear From YOU!
Tell us what you want to know in iTips and give suggestions on topics - send an email to itipsfeedback@illustro.com

1950 Stemmons Frwy. • Suite 2016 • Dallas, TX 75207
Toll-free U.S. & Canada: 866.4.illustro(866.445.5878)
Phone: +1.214.800.8900 • Fax: +1.214.800.8989 • illustro.com • info @illustro.com