Discover the IBM Mobile Systems Remote App

Monitor the Health of Your IBM i Environment with Systems Director

Secrets of an AIX Administrator, Part 5

Explore Backup and Restore with Tivoli Storage Manager

Yo u r P u r e , A I X , A n d I B M i Au t h o r I t Y

A P e n to n P u b l i c At i o n n o v e m b e r 2012 / v o l . 1 / n o. 7

Plus >>

Checklist

DeploymentHosted Infrastructure

for

By using WebSmart templates, I was able to create a page with a table of DB2/400 production data in under 10 minutes. And three days later, I had developed the wholesite that took me almost two months to accomplish using other tools.— Thomas Hughes, Benetech

Visit BCDsoftware.com/power to learn more. 630-986-0800TMs mentioned are those of BCDII or of their respective owners. © MMXII BCDII

Accelerate your web application development with WebSmart®

Open source and host on IBM i, Linux or Windows PHP: IBM i centric & faster for RPG

programmers to learnILE:

With Websmart you begin with a fully functioning web application instead of spinning your wheels �guring out how to start.

Features that will accelerate your web development:

Templates create base HTML and PHP or RPG

HTML tools, code prompting and debugger

DB2, MySQL, MS SQL and Oracle templates

Wizards to call back-end RPG programs

Web Services, AJAX and jQuery enabled

Select your ride. O�ered in two powerful editions:

Rapidly develop any type of PHP or RPG web application and speed through the web development learning curve.

W

INNER OF

IND

US T R Y AWAR

DS40

W

INNER OF

IND

US T R Y AWAR

DS40

Video is Loading...

Checklist for Using Hosted Infrastructure — Mel BeckmanWhether you call it colocation, software as a service, web hosting, or the cloud, any time your applications move offsite, you need to do your due diligence. You have a responsibility to assess reliability, predict app performance, maintain data security, provide for disaster recovery, and—above all—maintain your business’s continuity. In this article, Mel Beckman lists the 10 most important principles for using hosted infrastructure and keeping your offsite experience a profitable and safe one.

Cover Story ▼

Access articles online at www.POWERITPro.com.

Features 37 Monitoring IBM i with

IBM Systems Director Erwin Earley

51 Secrets of an AIX Administrator, Part 5 Christian Pruett

Power at Work 55 Discovering IBM Mobile Systems Remote Greg Hintermeister

63 Keep Your Files Private with EFS David Tansley

73 SAN Migration via LVM: Don’t Forget Raw Logical Volumes

Anthony English

77 How Do I Create a Virtual Optical Disk? Rob McNelly

78 How to Control SSH Access to a Server David Tansley

79 The Tivoli Storage Manager Cheat Sheet, Part 1

Christian Pruett

N o v e m b e r 2 0 1 2 | v o l . 1 N o . 7

Chat with Us

Twitter

5 Power News

12 New Products

15 Industry Issues: IBM Unleashes POWER7+ and Power Systems Software Solutions Chris Maxcer

21 IBM’s Dark Matter Seamus Quinn

83 Hot or Not: Interfacing Change Sean Chandler

85 Advertising Index

In every Issue

25

25 w w w . P O w E R I T P R O . c O m P O w E R I T P R O / N O v E m b E R 2 0 1 2

The concept of hosted infrastructure isn’t a new one, but the advent of public cloud computing has made it a lot easier to buy offsite compute services. Not all hosted infrastructure is in

the public cloud, however. The economies of cloud-based infrastruc-ture have created a surge in the use of private colocation, or “colo,” facilities that let you host your own servers, switches, and routers, or lease dedicated hardware from the colo operator. It’s true that you can buy cloud computing resources in smaller increments with zero capital investment. But in the long run, the cloud still costs more than owning your own hardware.

The fly in the ointment has always been finding a place to put that hardware. If you operate it on your own premises, you must spend money building out a physical data center with the accompanying redundant power, cooling, and network facilities. And you pay top dollar for these, because you’re buying at the lowest purchase tier.

But colo facilities eliminate the need for data center build-out. They’ve already built massive data centers with multiple power sup-pliers, backup generators, excess cooling capacity, and connectivity directly to the core of the Internet. What’s more, that core connectivity

Mel Beckmanis senior technical editor for POWER IT Pro.

Email

Cover StoryCover Story

Taking infrastructure offsite requires preparation

Checklist

DeploymentHosted Infrastructure

for

P O W E R I T P R O / N O v E m b E R 2 0 1 2 W W W . P O W E R I T P R O . c O m26

Cover Story

puts your company in very close proximity to your customers, suppli-ers, and anyone else you do business with, by dint of cutting Internet routes in half. In fact, some of your closest business partners might well be in the same colo facility you select.

Whether you’re using the public cloud or private colos, you can’t operate your gear and applications in the same way you would “back at the ranch.” Typically, a colo won’t be in the same city as your enterprise HQ; perhaps not even in the same country. That distance matters in an emergency, when you could be losing thousands of dollars every minute. The following precepts are essential rules to fol-low when you’re moving corporate computing jewels into any kind of hosted environment. Follow them and you’ll reap benefits from hosted infrastructure.

Implement Out-of-Band ManagementOut-of-band (OOB) management is the practice of using a separate, dedicated network path for routine administrative traffic: monitoring, configuration, and diagnostics. Many organizations, including the vaunted Amazon, have shortchanged themselves by running man-agement tools over the same network as their hosted applications. Although so-called “in-band” management works in the short term—and seems to save money—it fails you at the worst possible moment: when the production network is saturated due to some sort of appli-cation fault or transport overload.

If you’re building a colo installation, OOB (pronounced “oobie”) is straightforward to implement. You set up an isolated VLAN for management traffic and purchase an alternative communication path from a telecom provider, such as a DSL, Multiprotocol Label Switching (MPLS), or another low-cost, low-bandwidth circuit. It’s best if the OOB circuit isn’t Internet-based, because any Internet problem affecting your colo could potentially impact, for example, an Internet DSL circuit. But even a back door Internet path is bet-ter than in-band management. Cellular modems are becoming a

27 w w w . P O w E R I T P R O . c O m P O w E R I T P R O / N O v E m b E R 2 0 1 2

Hosted Infrastructure

popular OOB service, but you might have problems with reliable cell reception inside a large colo facility.

In Amazon’s massive cloud services outage in the spring of 2011, OOB would have saved the day. A technician error resulted in saturated data paths between Amazon’s multiple East Coast data centers, swamp-ing the in-band management traffic. As a result, Amazon technicians weren’t able to wrest back control of the network for four days.

With wide area network (WAN) services getting steadily cheaper, you might find that a dedicated circuit is cheap insurance against being locked out of your hosted infrastructure. All major cloud pro-viders let you purchase private WAN services from various telecom suppliers, so make an OOB WAN (yes, that’s a bad pun) the first item on your colo checklist.

Build an Isolated Management NetworkFor security reasons, it’s always a good idea to separate management and application traffic, even in your HQ network. Isolating manage-ment traffic within your slice of hosted infrastructure goes hand-in-hand with OOB management, but it’s not the same thing for colo and public cloud environments. In a colo, you control the physical topology of the LAN interconnecting your equipment, so it’s easy to set up separate physical and/or logical networking. In a public cloud, however, you don’t necessarily even know what city your servers are in, let alone how they physically interconnect.

In the colo realm, isolating management traffic isn’t necessarily simple. Not all devices have separate management Ethernet ports, and some might still use serial ports for management. Cisco rout-ers, for example, and standalone AIX servers still use dedicated serial ports for some low-level administrative chores such as firmware upgrades. If you have a say in equipment selection, choose gear that provides dedicated Ethernet management ports. These don’t need to be high-speed gigabit connections—100BaseT is fine. It’s also a good idea to provide a separate physical Ethernet switch fabric for OOB so

P O W E R I T P R O / N O v E m b E R 2 0 1 2 W W W . P O W E R I T P R O . c O m28

Cover Story

that management connections can survive a failure in the front-side application network fabric.

In a colo environment, you might be tempted to use your primary border firewall as the portal for OOB. Resist that temptation. Even a fully redundant, hot-failover firewall installation can die completely, and then where will you be? Keep OOB facilities as redundant and separate as possible.

Install Deep InstrumentationA common practice in local enterprise data centers is to set up worst case scenario alarms for such things as HVAC, power, and server fail-ures, but to leave lower-level monitoring of network traffic, band-width utilization, and host resources to ad-hoc tools. When a problem arises, you’re already on-site, so “jacking in” a network monitor or protocol analyzer is easy to do. But in a hosted environment, you have to build in deep network monitoring because you can’t just attach to the network anywhere, or anytime, you want. Traveling a few hundred—or a few thousand—miles isn’t going to be practical in terms of incident response.

That deep instrumentation requires tools to collect data, filter it, format it for presentation, and issue alerts when anomalies occur. Is a CPU running hot? A network link congested? A SAN disk about to fail? You should be monitoring for these and a host of other condi-tions. You can deploy free open-source tools, such as Cacti, Nagios, Zenoss, and OpenNMS, to instrument your hosted facilities, or pur-chase ready-built commercial tools. It’s worth at least trying out the demos of commercial instrumentation products—you’ll get some great insight into what you want to monitor, and you might well dis-cover that building your own tools isn’t worth the hassle.

Establish Security Incident and Event ManagementDeep instrumentation probes infrastructure devices on a regular basis, recording variables and tracking them over time. Security Incident

29 w w w . P O w E R I T P R O . c O m P O w E R I T P R O / N O v E m b E R 2 0 1 2

Hosted Infrastructure

and Event Management (SIEM) uses information generated by those devices in the form of system logs, Simple Network Management Protocol (SNMP) traps, and other alert messages. SIEM is a way to listen to the “chatter” generated by the myriad components in your infrastructure and correlate events that could be early warnings of an impending problem. With SIEM, you replace manual log review—which typically happens only after a problem arises—with automated event analysis.

A quality SIEM system lets you tailor the events you’re looking for while adapting to event stream changes on the fly, notifying you of unusual event sequences even if you didn’t explicitly program for them. At its simplest level, SIEM searches incoming events for such keywords as “fail,” “error,” and “intrusion.” But the real power of SIEM is its ability to notice patterns of suspicious events and notify you that something is afoot. For example, failed logins at three differ-ent devices in the span of a few minutes might well signal a concerted inside attack on your hosted infrastructure. Spend time testing SIEM products with your own event streams to compare how well each prospective product works in your runtime environment.

As with instrumentation tools, free, open-source SIEM packages such as Simple Event Correlator and SAGAN are available. This is one network tool arena where the open-source community hasn’t kept up with commercial developers, so you should experiment with one or more proprietary products before settling for open source.

Control Service Quality with Policies and EnforcementComedian Lily Tomlin once quipped about quality control: “If we don’t control quality, it could get out of hand.” In the confines of a hosted infrastructure environment, it’s possible for quality to be delivered inappropriately. You want high-priority applications to get the resources they need (in the form of CPU, memory, and band-width) to accomplish their mission-critical objectives. You don’t want a lower-priority application to sap infrastructure performance.