Simply 'i'

A recent article in IT Jungle just announced that Zend is going to be moving support and future development for Zend DBi off to another supplier. I did a quick review of the website for Percona and the pricing for their support for MySQL and various add-ons they have created and found the following price page. This means you should now expect to pay for support for Zend DBi separate to any support contract you decide to take with Zend.

This is not a bad move for Aura Equipments and their iAMP server solution, with iAMP you get the MySQL engine built in and support via the forums is still going to be free. You can purchase support for iAMP which will cover all of the installed products (Apache, MySQL and PHP) and have that support in one place. Add to that the ability to include the Easycom product as part of that support contract and it be comes very much a better option than the Zend stack which now requires the support with Percona and Zend plus the no fee based support for the open source XMLSERVICE to provide the same solution.

I am not sure why Zend took the move or how the IBMi community will respond. I do know this is not going to be a bad thing for Aura, who can capitalize on the fact that they provide a single point of contact for the total solution and at a price which is far below that of the total package required to run the various elements for Zend, Percona and the Open Source XMLSERVICE.

You can download and install the iAMP server from the Aura Equipments website.

Chris…

Things are still changing and we are releasing updates to the HA4i product on a regular basis. As customers use the products they ask for changes to existing processes or ask for new ones to be added, we are also always looking for better ways to carry out some of the tasks already built into the product. Here are some of the enhancements we have introduced.

Error logging is always being reviewed, there are a lot of messages which are sent that are of little or no consequence in a low activity environment but when you have a very active environment they can fill the message queues very quickly. We have removed a number of messages which are logged on both systems and result in additional logs which have more detail such as replication events. This has reduced the management of the systems as well as improving the ability to review the message logs to identify significant events.

Email of error messages was always done from the target system, if the target system was not available the email messages would not be sent so we have added a new process which checks for a remote email service and if it is available it will use that but if it is not it will fall back to sending the email from the source system. this has been beneficial to a number of the installs where internet connections have proven to be suspect and regularly fail.

I addition to the above we have provide a number of new features which allow the system status to be collected from both systems, if any conditions exist which require user intervention they can be emailed to a list of users for rectification. One of the major enhancements in this area is the ability to retrieve the apply status from the local or remote system using new commands, these can be used to manage processes which require the apply to be in a known state (backup of the remote system data etc).

We have always replicated the objects at the library level, this meant that every object in a library would be replicated on change. A previous enhancement allowed the omission of specific objects which could be added to a list of omissions, this has now been improved to allow the omission by generic name which provides for easier management and setup. Changes to the objects supported has also improved the coverage of objects which can be replicated such as configuration objects.

When an object replication event required the use of a command and the command failed due to non existence of the remote object we would normally record the event and move on, now we will check for the existence of the source object and it exists replicate the object. This has reduced the number of errors logged due to command failures which could have been due to object locks and provided a more robust replication process. Changes to the replication process have also introduced new retry capabilities which further reduce the number of object replication failures.

Audits have been improved to allow better notification of object differences plus new options have been added to the display which allow automated recovery of the error. New commands allow the audits to be run with control of the remote apply and object replication process which will retry any object failures and apply all stored journal entries prior to the audits being run which significantly reduces the number of false positive returns. File audits now allow the skipping of records in percentage terms, this can be a percentage from the start of the data file or a percentage of total records with the audit being run over the entire file. Object audits will check if the object is not being replicated (part of the omissions list) before checking each object, this removes any object error which is caused by the replication process ignoring changes.

Objects created in QTEMP and moved into a production library caused problems because the initial create message would be missed, but any subsequent updates would cause the request to be logged as an error. The replication process will now look for objects which are moved from QTEMP into the production libraries and trigger a replication request for the object.

You will have seen a number of posts about using PHP for IBMi, these are all part of the modification process for the products, the new PHP interface for HA4i is constantly changing as we find new and innovative ways to use PHP and the Easycom solution to access the IBMi and its data and objects. The latest addition is a new dashboard where you have very little information to view, you simply have 3 indicators which identify the state of the 3 major replication process (Data, Spool and Object), if they are all green you have no need to look further. If you do see a change from green to yellow or red, a single click brings all of the information into view making management of the entire replication process very easy. If you are going to COMMON in Anaheim come see us at booth 119 where we will be demonstrating the new interfaces and showing the products in action, plus how the iAMP server and Easycom interact across multiple platforms.

if you are looking for a HA/DR solution HA4i is one you should consider.

Chris…

We have been looking at how to display the messages generated by our products to allow the user to view them. Generating a list of the messages and the first level text was pretty simple, but we wanted to be able to retrieve the 1st and second level text from the message after it has been selected. The reason we wanted to do it this way was to reduce the data being sent between the systems. We have the Easycom Server running on both systems so we use the functionality provided by it to call the required programs and generate the data. We are also running this from the iAMP Server which is running on one of the systems and calling Easycom on both systems, we think this is a great solution as it allows us to pull data from any IBMi system running Easycom which we have access to..

The first list is generated by a program call which creates a list of the messages in the queue using the QGYOLMSG API, this allows us to get all the messages at once and return them to the PHP page. Once the list has been built we then needed to be able to get the individual message information back, to do this we have to use the QMHLSTM API which allows us to pull a single message back using a message key which we had received using the QGYOLMSG API.

After some head scratching we finally found a way to get the message key passed into the QMHLSTM API in the correct format (the key is converted when being passed back to the PHP page so we had to convert it back to HEX from Character String) and the results are pretty swish even if I do say so myself…

Here is an image showing the list of messages retrieved in the first call, this is from our High Availability Product HA4i but we also have the same process installed for JobQGenie and DR4i.

Message Listings

The Display link in the left hand column links to a new page which display the following. We took a CPF message and not one of the HA4i Messages to show the second level text it retrieves.

Message Details

And that’s it, we can now display the content of the message queues very elegantly (OK so the CSS is not brilliant) and effectively. Application modernization at its best..

Chris…

A new version of iAMP Server is available from Aura Equipments which updates the PHP and MySQL content. See the full details on the Forums using the following Link.

Always get the latest versions by using iAMP Server and do not be forced to wait for IBM or Zend updates to get to the latest and greatest technology.

Chris…

We had been asked by a prospect for iAMP how they should go about configuring and installing SSL Certificates for the iAMP server. They had already found some information about creating and installing the certificates as it pertained to other platforms but not for the IBM i. Here is a link to the information we used as a basis for our setup.

Using the information provided we were able to create the setup for the iAMP server and now have a running server which serves both secure and non secure webpages.

First of all we had to create the directories we were going to use to generate the certificates, we decided on /usr/local/sslcert as the base directory for the certificates to be generated. Create the directories using the following commands from an IBMi command line.


mkdir '/www/usr/local/sslcert'
mkdir '/www/usr/local/sslcert/certs'
mkdir '/www/usr/local/sslcert/private'


Next we needed to create the files used by the process, it is important these are created in ASCII format so DO NOT use the IBMi commands (EDTF etc) to create them. We used notepad on a PC and transferred the files to the relevant directory on the IBMi using FTP.

First of all we need the config file here is a sample we used, The bold items need to be filled in by you. We named it openssl.conf as per the instructions.

#
# OpenSSL configuration file.
#

# Establish working directory.

dir = .

[ ca ]
default_ca = CA_default

[ CA_default ]
serial = $dir/serial
database = $dir/certindex.txt
new_certs_dir = $dir/certs
certificate = $dir/cacert.pem
private_key = $dir/private/cakey.pem
default_days = 365
default_md = md5
preserve = no
email_in_dn = no
nameopt = default_ca
certopt = default_ca
policy = policy_match

[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

[ req ]
default_bits = 1024 # Size of keys
default_keyfile = key.pem # name of generated keys
default_md = md5 # message digest algorithm
string_mask = nombstr # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req

[ req_distinguished_name ]
# Variable name Prompt string
#————————- ———————————-
0.organizationName = Organization Name (company)
organizationalUnitName = Organizational Unit Name (department, division)
emailAddress = Email Address
emailAddress_max = 40
localityName = Locality Name (city, district)
stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64

# Default values for the above, for consistency and less typing.
# Variable name Value
#———————— ——————————
0.organizationName_default = Shield Advanced Solutions Ltd
localityName_default = Caledon
stateOrProvinceName_default = Ontario
countryName_default = CA

[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always,issuer:always

[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash

The bolded items are simply shown when the request to build the keys is carried out, you can override these values when the command runs as well, it just allows you to press enter when these values are required to be entered which is useful when you generate lots of certificates.

Next we need to create the file which stores the serial number in it. This is going to be called serial (note it does not have a type such as .txt etc) and simply has the serial number assigned to the certificate. Again we used the 100001 serial number as suggested in the linked information.

The other document we created was certindex.txt, there is no content for this file.

Once we had created these files we used FTP to copy them to the /usr/local/sslcert directory on the IBMi.

Now to create the actual certificates. We need to use the PASE environment to access the openssl commands so on a command line issue the following command.


CALL QP2TERM


Now change the directory using the following command.

cd /usr/local/sslcert


Now we are ready to build the certificates.
Here is the command we ran in the QP2TERM environment, note we were still in the /usr/local/sslcert directory.

openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out cacert.pem -days 365 -config ./openssl.cnf


As the request runs you will see the following prompts returned.

Generating a 1024 bit RSA private key
……………………………….++++++
…………………….++++++
unable to write ‘random state’
writing new private key to ‘private/cakey.pem’
Enter PEM pass phrase:
You need to enter your pass phrase here, make sure you remember it and keep in a safe place. you will be asked to repeat it
Verifying – Enter PEM pass phrase:
Repeat the previous pass phrase
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Organization Name (company) [Shield Advanced Solutions Ltd]: Note how it is reading the data from the config file, we can press enter as this is what we want to use or enter new values

Organizational Unit Name (department, division) []: We did not configure a default for this so the prompt is blank, you can enter what you want
Email Address []: Same as above no default so enter an email address associated with the company who people can contact about the certificate
Locality Name (city, district) [Caledon]: Predefined in the config file
State or Province Name (full name) [Ontario]: again…
Country Name (2 letter code) [CA]: ….
Common Name (hostname, IP, or your name) []: Enter a value you want here which denotes the server

If you get no errors you should now have a couple of new files.

/usr/local/sslcert/cacert.pem
/usr/local/sslcert/private/cakey.pem

Now we need to create the server certificates for the http server (the above are the ROOT certificates). It is going to use these certificates just generated to build the server certificates so make sure you have these before moving to the next stage.

To build the server certificates we ran the following commands. We are still in the sslcert directory.


openssl req -new -nodes -out name-req.pem -keyout private/name-key.pem -config ./openssl.cnf


You will be asked similar questions to above BUT remember the Common Name HAS to be the name of your server such as “www.mysslserver.tst” which HAS to match that you will configure as the server name in the httpd.conf. We used our server name which is shield4.

Now we will create the certificate using the following command.

openssl ca -out name-cert.pem -config ./openssl.cnf -infiles name-req.pem


The following is a sample output.

Using configuration from ./openssl.cnf
Enter pass phrase for ./private/cakey.pem:
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
organizationName :PRINTABLE:’Shield Advanced Solutions Ltd’
organizationalUnitName:PRINTABLE:’Development’
localityName :PRINTABLE:’Caledon’
stateOrProvinceName :PRINTABLE:’Ontario’
countryName :PRINTABLE:’CA’
commonName :PRINTABLE:’shield4′
Certificate is to be certified until Mar 19 13:56:23 2013 GMT (365 days)
Sign the certificate? [y/n]:
y
1 out of 1 certificate requests certified, commit? [y/n]
y
Write out database with 1 new entries
Data Base Updated
unable to write ‘random state’

We saw the unable to write random state but the certificates were created?
So now we have to change the the config files for the iAMP server to allow it to run the ssl config. In the httpd.conf file which is located in the webserver config directory (/www/iamp/conf directory if you took the defaults) we need to enable the import of the ssl config file. This is a simple task of un-commenting the line ‘Include conf/extra/httpd-ssl.conf’ by removing the ‘#’ from the beginning.
Now we will install a couple of new directories where we will store the certificates, use the following commands on an IBMi command line.

MKDIR '/www/iamp/conf/ssl.crt/'
MKDIR '/www/iamp/conf/ssl.key/'


Now you can copy the certificates into the relevant directories. This can be done through the copy option when viewing the IFS or the following commands.

CPY OBJ('/usr/local/sslcert/private/name-key.pem') TODIR('/www/iamp/conf/ssl.key/')
CPY OBJ('/usr/local/sslcert/name-cert.pem') TODIR('/www/iamp/conf/ssl.crt/')


The config file ‘/www/iamp/conf/extra/httpd-ssl.conf now needs to be changed to point to the correct certificates and keys. Open the config file in the editor and make the following changes.
The virtual host container can be changed to the following. Change the information to match what you entered as the Command Name for the ServerName or it will reject the start request. We created a sub directory in the htdocs directory to just hold the ssl server pages.

DocumentRoot “/www/iamp/htdocs/sslsrv”
ServerName shield4

Change the Certificate paths and names to show the following.
SSLCertificateKeyFile “/www/iamp/conf/ssl.key/name-key.pem”
SSLCertificateKeyFile “/www/iamp/conf/ssl.key/name-key.pem”

Now you can save the file and restart the server, the non secure pages will still show as before but now when you request a connection to the https server such as “https://shield4″ you will be prompted with a certificate challenge before allowing to view the page, accept the challenge and store the certificate after which the required page will be displayed.

That is it, we now have iAMP server up and running with certificates generated using the openssl commands. The other choice would be to create the certificates and copy them to the location required by the server.

If you have any questions etc let us know, we are not experts on this but having been through the exercise we can show it is possible to do.

Chris…

Thought we would create a video showing just how easy it is to install iAMP server on the IBMi. This is a fully functioning Apache,MySQL,PHP server with Easycom providing access to the IBMi data and objects using the i5_toolkit functions.

You will see from previous posts about installing PHP on the IBMi it has never been as easy as this was, and yes it only takes 5 minutes to install.

If you have been thinking about PHP and the IBMi and were put off by the complexity of other installs iAMP server is for you. Take it for a test drive today, you don’t have to remove any existing HTTP servers for this install and removal is just as simple as the install.

If you need an un-install script here is one we generated for a base install, just compile the CL and run.


PGM
MONMSG MSGID(CPF0000)
ENDSBS SBS(EASYCOM) OPTION(*IMMED)
ENDSBS SBS(IAMPSVR) OPTION(*IMMED)
DLYJOB DLY(5)
RMVLNK OBJLNK('/etc/iamp.tab')
RMVDIR DIR('/usr/local/iamp') SUBTREE(*ALL)
RMVDIR DIR('/usr/local/Easycom') SUBTREE(*ALL)
RMVDIR DIR('/var/mysql') SUBTREE(*ALL)
RMVDIR DIR('/www/iamp') SUBTREE(*ALL)
DLTLIB LIB(EASYCOM)
DLTLIB LIB(EASYCOMXMP)
DLTLIB LIB(IAMPSVR)
ENDPGM


If you need any help or advice on setting up and running iAMP server let us know, we are happy to help. You can also follow the links provided from the installed webserver welcome.html page to the Forums and documentation.

Chris…

We recently received the following email.

Dear CEO,

(If you are not in charge of this, please forward this to your CEO, because this is urgent. Thanks)

We are a Network Service Company which is the domain name registration center in Shanghai, China. On Feb 20, 2012, we received an application from Hantong company requested “shieldadvanced” as their internet keyword and China (CN) domain names. But after checking it, we find this name conflict with your company name or trademark. In order to deal with this matter better, it’s necessary to send email to you and confirm whether this company is your distributor or business partner in China?

Kind regards

Edward Wang
Office Manager
Shanghai Office (Head Office)
3002, Nanhai Building, No. 854 Nandan Road,
Xuhui District, Shanghai 200070, China
Tel: +86-21-6191-8696
Mobile: +86-182-2195-1605
Fax: +86-21-6191-8697

So we thought this was a sincere attempt to stop a company from registering our domain with a Chinese (CN) registration. We responded with the following note suggesting that we had no affiliation with the company and that we felt they should not register the .CN domain for the company.

Edward

We do not have any partners in China so this is not a valid request from the Hantong company. We thank you for your attention in this matter and hope you can resolve the questions with that company.

Chris..

The today we received the following message.

Dear Chris,
Based on your company having no relationship with them, we have suggested they should choose another name to avoid this conflict but they insist on this name as CN domain names (.cn/.com.cn/.net.cn/.org.cn) and internet keyword on the internet. In our opinion, maybe they do the similar business as your company and register it to promote his company.
According to the domain name registration principle: Domain name and internet keyword which applied based on the international principle are opened to companies as well as individuals. Any companies or individuals have rights to register any domain name and internet keyword which are unregistered. Because your company haven’t registered this name as CN domains and internet keyword on the internet, anyone can obtain them by registration. However, in order to avoid this conflict, the trademark or original name owner has priority to make this registration in our audit period.
If your company is the original owner of this name and want to register these CN domain names (.cn/.com.cn/.net.cn/.org.cn) and internet keyword to prevent anybody from using them, please inform us. We can send you an application form with price list and help your company register them.

Kind regards

Edward Wang
Office Manager
Shanghai Office (Head Office)
3002, Nanhai Building, No. 854 Nandan Road,
Xuhui District, Shanghai 200070, China
Tel: +86-21-6191-8696
Mobile: +86-182-2195-1605
Fax: +86-21-6191-8697

It appears to be a scam where the Registrar is scouring the .com domains and sending this note out to hundreds if not thousand of them! I found the following link to a post about a similar request from the same person.

Just as a further push I did receive a note from a Lee Gareth email gareth@live.cn with the following content.

Dear Sirs,
We are Hantong company based in China. We will register the “shieldadvanced” as internet keyword and CN domain names .cn, .com.cn, .net.cn, .org.cn. We have handed in our application and are waiting for Mr. Edward Wang’s approval. We think this name is important for our products in Chinese market. Even though Mr. Edward Wang advises us to change another name, we will persist in this name.
Best regards
Gareth Lee

So if you are sent a note about a company trying to register your domain in China with a follow-up offer to sell it to you to protect your rights its probably going to be a scam. Not sure if anything can be done about this or even if it is legal to carry out this kind of fraudulent activity. We are going to ignore the request, if they do sell our domain to another company we can deal with that when it happens.

Chris…

We had a lot of issues recently with the hosting LPAR which caused us to un-install all of the Guest partitions except the iOS partition to see if they were having any adverse effects on the Hosting partition. A Reclaim Storage found a number of damaged objects but none of them related to the installs we had done. It also gives us a chance to go back over the installs and document what we did to get them up and running.
So this is a list of the actions we took with a number of pretty pictures to show some of the important steps. The HMC is used to setup the Partitions, we were going to use VPM but the restrictions on the number of Guest partitions meant we had to step up to the HMC/VIOS standard edition to meet the requirements.
This is the current partition information it shows we still have a Hosting partition (SHIELD3) and a Guest partition (IOS2) running. We also have a couple of other servers which are powered off at the moment which are not important for this exercise.

Initial-HMC

First thing to do is create the configuration for the LPAR, we created one called RedHat with the following requirements.
1. The Partition would use .2 of a processor uncapped.
2. Maximum Virtual processors will be 2.
3. It will have 1GB of memory.
4. It will use the LHEA resource for the LAN.
5. We need a Serial Server Virtual adapter for the console.
6. It will not have Power control
This is the summary which is produced for the LPAR profile.

New-RedHat-partition-information

You will notice we have no Physical IO, all of the storage is provided by the Virtual storage device. The next change we have to make is to add the storage definition to the Hosting partition. We need to add the change twice as the LPAR is currently running because updating the profile will only take effect once the partition is restarted, we need the active partition to be updated to recognize the new storage requirement.

Here is a picture of the updated Host Partitions Virtual adapter settings. We also added it to the profile so when a restart of the LPAR happens the new profile will have the same information. Strange IBM doesn’t automatically update the profile.

SCSI-adapter-update-Host-LPAR

That is all we had to do for the HMC configuration we did a quick start of the LPAR with a console screen which showed it connected correctly and we did manage to see the initial startup of the console connection.
Next we created the objects required in the hosting partition to allow the LPAR to be started and installed.
First step is to create the Console user for the remote console access. This allows the console to be started and have sufficient authority to carry out the required tasks. To configure you need to go through SST and create a new Console user which is accessed from the Work with service tools user IDs and Devices menu option then the Service tools user IDs menu option. Most of the default options are acceptable but you need to add at least the following options when you create the new ID.
– System partitions – operations
– System partitions – administration
– Partition remote panel key
Once you have updated the profile you can exit back to the command line and the profile should be enabled for use. Here is a view of the profile authorities after creation.

Console-User

To install RedHat we need to create a Network Server Description, this is connected to a Network Storage Space which is how the installation can be carried out. To install RedHat we need to create a storage space of about 6GB according to the manuals we looked through. The recent install of Linux SuSe (which was the first install we did) worked well with 10GB of disk space so we thought we would use a bit more for this install just so we can install more utilities so we settled on 20GB.
Creating the NWSD is the first object to be created, there are a couple of items we tripped over so we have added a couple of images of our configs to show them.
First of all we found the use of *AUTO required the Partition entry had to match exactly the HMC definition we had created. We also wanted to control when the partition was started so we changed the Online at IPL to *NO.

Network Storage definition 1

The next changes are related to the installation media, we used the WRKLNK command to find the correct path to the install image on the CD, the manuals we had read through previously had totally different paths defined so it is important you find the correct path before you attempt to do the install

Network Storage definition 2

We are going to install the product from a *STMF (we were baffled by the AIX install which was installed from CD but had *NWSSTG as the IPL source?). Another gotcha is the Power Control setting, make sure that this is set to *NO for the installation otherwise the NWSD will refuse to vary on. We added the VNC=1 to say we want to have a VNC server started at IPL. This allows us to get to the graphical interface when using RedHat.
Now the definition is created we need to create the network storage space to attach to the definition. As with all IBMi functions you can access them via the menu or list options plus use the command directly. Here is our storage space setup.

Network Storage Space 1

After pressing enter the system will go out and allocate the entire space and format it for use. The disk utilization will increase based on the amount allocated not

Network Storage definition 2

The format and allocation of the space takes a bit of time so time to make a coffee while you wait. Once the storage space has been created and formatted you now need to link the storage space to the definition.

Network Storage Link defined

Now we are ready to activate the partition. You can achieve this by taking option 8 from the WRKNWSD list which will show you the partition and take option 1 against it. If the NWSD does not become ACTIVE you have a configuration problem somewhere which has to be resolved before you can go any further.

Active Network Storage Definition

We are now ready to install the Linux OS. The redbook we looked at mentioned the ability to use the VNC graphical interface to do the install but as we have no network connection to the install device we could not figure out what they were on about? So we took the console window option as the only way we could install the RHE OS. To get to the console just start the partition from the HMC and select the Open Terminal Window from the Console dropdown. You should see something like the following.

Console-window

The option 1 which is out of sight in this picture is the first option to take it sets the language for the install. Next we need to set up the boot options. Your install may be different so you may need to change a few things. We were installing from the CD so we had to select the device information using the options presented after pressing option 5. Once the boot device had been set the console will re-connect and see the installation image available on the CD.

Booting-from-CD-into-RedHat

We had to press enter a couple of time to get through to the actual installer (anaconda) and we also took the option not to check the media as we decided as it has only just been created and it has not been scratched or anything else it should be OK. The install procedure is pretty straight forward although the selection process for some entries was a bit confusing but after letting the Autopartition do its business and allowing it to remove all existing data the install went off pretty smoothly. We only used the default installation for expediency as we are only going to use this demo development with PHP and Easycom in mind although that did amount to 692 packages..
Once the installation is finished you can remove the installation CD and press enter to reboot the partition. At this point it will not be able to start RedHat because the NWSD is set to start from the CD so it will simple go into the console management software, just close the terminal window at that point.
We now need to tell the NWSD where the real boot device is so we need to go in and set the correct boot point which is the *NWSSTG option. This requires the NWSD is turned off and started again after it is updated. The following screen shows the new settings.

Active Network Storage Definition

Now we should be able to start the partition again and it will boot into RedHat. For us the partition in the HMC was showing it was loading the Firmware so we took the option to end the partition and started it up again. This did bring up the same state because it was trying to boot from the network, we simply change the boot device back to the Hard Drive we had configured and it started up.

RedHat partition re-booted

Now we need to configure the network etc so we can access the OS from the VNC client and Putty, as this is specific to our install we have not provided screen shots and this is a normal activity for configuring Linux. Perhaps once we get the Apache Server up and running with Easycom installed we will go over that part?

So that is it we now have a fully functioning RedHat Enterprise partition running as a Guest under an IBMi hosting partition.

If you have any questions about the install or what we have done since let us know.

Chris…

We have been playing around with the setup of our IBMi system to run various guest partitions that are running difference supported OS’s. The first install was another IBMi guest partition which would allow us to run HA testing between partitions and not require the use of a second system. The next partition we installed was a Linux partition which is running SuSe Linux, this is going to allow us to test the running of Easycom clients to the IBMi Easycom servers to pull back IBMi data and objects. Finally the last partition is going to be running AIX which will be used as a test platform to run PHP/Easycom in the same manner we do for Linux. As an additional future option we will install a RedHat partiton to allow us to run the PHP Easycom processes mainly to allow us to get comfortable with running RedHat and the PHP/Easycom setup.

The IBMi install was a breeze when we look back, setting up the initial Partition information using the HMC and building the NWSD etc was a challenge but IBM was very good at helping us get things running. Due to the lack of supply of the AIX software (that’s a whole story on its own) we moved to the Linux install next, with all of the information we had gathered while setting up the IBMi partition that went very well and took less than a day to complete including all the configuration.

AIX is a totally different story, to say I hate AIX is pretty strong but I am not far off. Trying to get a reason interface (KDE was our preference) and a VNC server setup and running has been a nightmare! I though with the limited knowledge we have with Linux it should be pretty achievable but that was not to be! BUT we have finally managed to get things up and running (I am not sure I want to try to restart the box though in case it does not come back up in the same manner) and have a working PHP/Easycom install. I should warn you the PHP/Easycom install is a botch up that we did with the help of our friends at Aura, we have taken the iAMP server and chnaged a few things to allow it to run on AIX, putting it all together in an RPM is a distant dream but it should be possible. IBM does have its own Apache and PHP bundle but we took the iAMP server route to see just what issue it would present and how effective it will be when running the i5_toolkit function to the IBMi and we could not be sure the AIX modules generated would run under the IBM bundle.

So long story short we now have a working POWER Systems configuration that allow AIX to pull IBMi data and objects for the HTTP server to present.

Here is a picture of the VNC client running on a Windows 7 Laptop that is connected to a AIX Guest running under a IBMi hosting partition running iAMP server and pulling data from another IBMi parition! WoW that a lot of complexity!

AIX running under IBMi through a VNC connection

Now to grow some hair back.

Chris..

We have been running 3 separate IBM i systems for a number of years now so that we could test the products we develop and provide some level of recovery should one of the systems have a failure. We also run a number of Linux based systems which we have used for virtualization projects and development of the PHP websites we run as well as Windows desktops and Servers. As you can imagine that burns up not only a lot of power but a lot of time to manage each of the separate environments and keep each one up to date with fixes and software patches.

Previously we never felt we had an IBMi system that could handle a Virtualized environment so we never attempted to put one in place and just kept replacing the existing systems as needed. At the end of last year we looked at getting one of the new Power7 systems to replace the old iSeries (520) we have and use it to build our dream setup of multiple partitions running on a single footprint. Unfortunately we felt IBM’s pricing policy (we pay 30% more than our US cousins for the same system due to IBM’s pricing policy for Canada. They are not the only ones that do it either as we found out so any tech solution from US base providers costs you more in Canada than it does in the US.) was out of touch with reality with the Loonie now being on par if not higher than the greenback.. So we decided to take an alternative route, after some discussion with a close friend and hardware guru we decided to beef up our existing 8203-E4A Power6 system and test out what the performance would be in a virtualized environment.

First thing we needed to do was to decide whether to run this under a HMC or go for the new Power VM Virtualization method. The Power VM seemed like a suitable option but we wanted to gain some experience with HMC and the restriction of the number of LPAR’s you could create under Power VM plus micro partitioning of the CPU sealed the deal. This meant we had to order a new copy of the PowerVM standard edition, we also added AIX Version 7 and a 3 year SWMA for each of the products. Next we needed to order a HMC and some additional disks (4 x 140GB), a Raid controller and more memory (additional 4 GB), we looked at IBM but again found the pricing to be too high for us to make it worth our while. So we found a HMC on eBay and ordered disk, Raid controller and memory for an IBM business partner in Europe (Yes it was far cheaper to order and pay delivery from Europe than to order in North America).

Once the disk and memory was installed and configured with the new Raid capabilities we set up the HMC and made it the console for all of our existing systems which replaced the old LAN console technology we had been using. All we needed now was the software to allow us to partition the systems CPU, this was where the fun started.
We placed the order before the Christmas break for all of the software in the hopes of being able to download the software and get started while there wasn’t much customer activity in the expectation it would be a pretty simple affair. 6 weeks later and we still don’t have the software. Some of that is due to our request to download the software originally but after seeing that the download was over 70GB we decided it was too much and would be far quicker to order the media. That was after it took IBM nearly a month just to get the downloads to show up on our entitlement page. Then IBM said it would take a week to deliver the media which came and went with only an update being delivered and not the actual based installation media! I have to say the invoicing department is on the ball though as we did get the invoices almost as soon as the orders were placed.

This did not stop us from doing anything though, we were installing IBMi and SuSe Linux on the system as well so we could moved ahead with that while IBM sorts out the other issues. The SuSe Linux media was easily obtained and downloaded and we already have copies of the IBMi software so we moved ahead and installed those first. The next post will be about the experiences we had while installing each of those LAPR’s and some of the problems we stumbled across especially with the lack of clear and understandable documentation for installing guest partitions under IBMi.

Hope fully IBM will get us the AIX software before we write about the other installs, but I have to say my fears about the performance hit the partitioning would have on the work we carry out was totally unfounded, it even seems to run better now than it did before and the guest partition that replaced an old 515 system is definitely faster than we could have hoped for. The older 520 and 515 will still be around as they will be our recovery systems should anything happen to the new setup but they are powered down and off line for now.

So this post started off with the heading of “IBMi where i really does stand for integration” and I am going to say we are very happy with the results so far, we do have integrated the work of 4 systems into one and seen no detrimental performance issues so far. Once we have AIX we will have our dream system all under one roof.

Chris…