INFO-VAX Tue, 03 Jul 2007 Volume 2007 : Issue 360
Contents:
"Working Knowledge of UNIX, VMS, OS/400, VM/CMS, and MVS."
Backup problem
Re: Backup problem
Re: Backup problem
COBOL programmer wanted in the UK Hertfordshire
Re: creating firmware floppies on FreeBSD or VMS
Re: creating firmware floppies on FreeBSD or VMS
Re: expanding shadow size
Re: expanding shadow size
Re: expanding shadow size
Re: expanding shadow size
Re: expanding shadow size
Re: expanding shadow size
Installing 8.3 on DS10L
RE: OpenVMS - When downtime is not an option
Re: OpenVMS - When downtime is not an option
SAMBA External Field Test Announcement
Re: SAMBA External Field Test Announcement
Re: SSH newbie question
Re: SSH newbie question
Re: SSH newbie question
Re: TCPIP$GET_MX: getmxrr() failed
Re: TCPIP$GET_MX: getmxrr() failed
Re: TCPIP$GET_MX: getmxrr() failed
Re: TCPIP$GET_MX: getmxrr() failed
Re: TCPIP$GET_MX: getmxrr() failed
Re: TCPIP$GET_MX: getmxrr() failed
Re: TCPIP$GET_MX: getmxrr() failed
Re: TCPIP$GET_MX: getmxrr() failed
Re: TCPIP$GET_MX: getmxrr() failed
Re: TCPIP$GET_MX: getmxrr() failed
Re: TCPIP$GET_MX: getmxrr() failed
Re: TCPIP$GET_MX: getmxrr() failed
RE: Ten years ago...
Updated TCO study has OpenVMS AGAIN over AIX, Slowaris
Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris
Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris
Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris
Re: VMS security vulnerability (POP server)
Re: VMS security vulnerability (POP server)
Re: VMSclusters and data replication
Re: VMSclusters and data replication
RE: VMSclusters and data replication
Re: VMSclusters and data replication
Re: What is a CT-ADP80-AA?
Re: What is a CT-ADP80-AA?
Re: What is a CT-ADP80-AA?
----------------------------------------------------------------------
Date: Tue, 03 Jul 2007 07:52:23 -0800
From: "C.W.Holeman II" <cwhii_google_spam@yahoo.com>
Subject: "Working Knowledge of UNIX, VMS, OS/400, VM/CMS, and MVS."
Message-ID: <138koki5hsdpjb0@corp.supernews.com>
I came across this:
http://www.snee.com/bob/opsys.html
> "Working Knowledge of UNIX, VMS, OS/400, VM/CMS, and MVS."
> (I wanted to call it "Fake Your Way Through Minis and Mainframes," but
> McGraw-Hill wanted something that sounded more respectable.)
> Formerly a $49.50 hardcover from McGraw-Hill; now a set of Acrobat
> files free for you to download!
--
C.W.Holeman II | cwhii@Julian5Locals.com-5 http://JulianLocals.com/cwhii
To only a fraction of the human race does God give the privilege of
earning one's bread doing what one would have gladly pursued free, for
passion. I am very thankful. The Mythical Man-Month Epilogue/F.P.Brooks
------------------------------
Date: Tue, 03 Jul 2007 09:08:14 -0700
From: "Tom Linden" <tom-remove@kednos.com>
Subject: Backup problem
Message-ID: <op.tuwcf0sx8vlggw@murphus>
I was trying to backup a directory for commencing some modifications. =
Both src and
and target ar ODS-5 volumes and whether I set /PARSE-EXTENDED or not the=
=
results are the
same.
ODIN> back/ignore=3Dinterlock DISK$COMMON:[moin...] dsa11:[moin...]
%BACKUP-E-OPENOUT, error opening =
DSA11:[moin]moin-1^.5^.7-py2^.5.egg-info;1 as output -RMS-E-CRE, ACP fil=
e =
create failed -SYSTEM-W-BADFILEVER, bad file version number
Any idea what this all about?
-- =
PL/I for OpenVMS
www.kednos.com
------------------------------
Date: Tue, 03 Jul 2007 09:33:13 -0700
From: Volker Halle <volker_halle@hotmail.com>
Subject: Re: Backup problem
Message-ID: <1183480393.813726.81720@n60g2000hse.googlegroups.com>
Tom,
which version of OpenVMS and which BACKUP patch kit ?
I can successfully do this on OpenVMS Alpha V8.2 whether I set parse-
style extended or traditional:
$ back/log/ign=inter/sin *.* dsa64:<temp>
%BACKUP-S-CREDIR, created directory DSA64:[TEMP]
%BACKUP-S-CREATED, created DSA64:[TEMP]moin-1^.5^.7-py2^.5.egg-info;1
Volker.
------------------------------
Date: Tue, 03 Jul 2007 10:28:24 -0700
From: "Tom Linden" <tom-remove@kednos.com>
Subject: Re: Backup problem
Message-ID: <op.tuwf5m068vlggw@murphus>
On Tue, 03 Jul 2007 09:33:13 -0700, Volker Halle =
<volker_halle@hotmail.com> wrote:
> Tom,
>
> which version of OpenVMS and which BACKUP patch kit ?
>
> I can successfully do this on OpenVMS Alpha V8.2 whether I set parse-
> style extended or traditional:
>
> $ back/log/ign=3Dinter/sin *.* dsa64:<temp>
> %BACKUP-S-CREDIR, created directory DSA64:[TEMP]
> %BACKUP-S-CREATED, created DSA64:[TEMP]moin-1^.5^.7-py2^.5.egg-info;1
>
>
> Volker.
>
I tried on both 8.2 and 8.3.
This is the only patch since 8.3 was installed
DEC AXPVMS VMS83A_UPDATE V1.0 Patch Install Val =
26-FEB-2007
-- =
PL/I for OpenVMS
www.kednos.com
------------------------------
Date: Tue, 3 Jul 2007 14:37:46 +0100
From: "bob" <nospam@hotmail.com>
Subject: COBOL programmer wanted in the UK Hertfordshire
Message-ID: <1183469879.15077.0@proxy01.news.clara.net>
------------------------------
Date: Tue, 3 Jul 2007 16:38:13 +0100
From: Anton Shterenlikht <mexas@bristol.ac.uk>
Subject: Re: creating firmware floppies on FreeBSD or VMS
Message-ID: <20070703153812.GA62454@mech-aslap33.men.bris.ac.uk>
On Thu, Jun 28, 2007 at 12:27:58PM -0700, IanMiller wrote:
> I see The Hoff is not in favour of firmware upgrades by floppy
> http://64.223.189.234/node/385
thanks a lot, I burned a cd in the end, could not buy an official HP one,
nobody wanted to sell me one.
One related question: I've two ds10l, one of which has
DS-KGPSA-DA (2Gb fibre hba). On that box
the LFU updated the pga firmware as well. Does this mean that
there is some nvram on the fibre card that was updated?
Is the fibre firmware upgrade performed only if a fibre hba is detected?
If I want to add a fibre card to the other box, where I just upgradeed the
firmware, do I have to rerun the upgrade for the fibre?
thanks
anton
--
Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 928 8233
Fax: +44 (0)117 929 4423
------------------------------
Date: Tue, 03 Jul 2007 08:53:37 -0700
From: "Tom Linden" <tom-remove@kednos.com>
Subject: Re: creating firmware floppies on FreeBSD or VMS
Message-ID: <op.tuwbrnt88vlggw@murphus>
On Tue, 03 Jul 2007 08:38:13 -0700, Anton Shterenlikht
<mexas@bristol.ac.uk> wrote:
> On Thu, Jun 28, 2007 at 12:27:58PM -0700, IanMiller wrote:
>> I see The Hoff is not in favour of firmware upgrades by floppy
>> http://64.223.189.234/node/385
>
> thanks a lot, I burned a cd in the end, could not buy an official HP one,
> nobody wanted to sell me one.
>
> One related question: I've two ds10l, one of which has
> DS-KGPSA-DA (2Gb fibre hba). On that box
> the LFU updated the pga firmware as well. Does this mean that
> there is some nvram on the fibre card that was updated?
Yes
> Is the fibre firmware upgrade performed only if a fibre hba is detected?
Yes
> If I want to add a fibre card to the other box, where I just upgradeed
> the
> firmware, do I have to rerun the upgrade for the fibre?
Yes, if that card hasn't been updated
Took a copy of last time I updated such a card, which you might find useful
>
> thanks
> anton
>
UPD> list
Device Current Revision Filename Update Revision
nt 5.70 nt_fw 5.71
pga0 DS3.20X3 kgpsa_8k_fw DS3.92A2
srm 5.7-8 srm_fw 6.8-9
cipca_fw A420
dfxaa_fw 3.20
fca_2354_fw CS3.92A2
fca_2384_fw HS1.81A5
fca_2684_fw TS1.81A5
kgpsa_7k_fw SS3.20X7
kzpdc_fw 3.40
kzpsa_fw A12
UPD> update
Confirm update on:
nt
pga0
srm [Y/(N)]y
WARNING: updates may take several minutes to complete for each device.
DO NOT ABORT!
nt Updating to 5.71... Verifying 5.71... PASSED.
pga0 Updating to DS3.92A2... Verifying DS3.92A2... PASSED.
srm Updating to 6.8-9... Verifying 6.8-9... PASSED.
UPD> list
Device Current Revision Filename Update Revision
nt 5.71 nt_fw 5.71
pga0 DS3.92A2 kgpsa_8k_fw DS3.92A2
srm 6.8-9 srm_fw 6.8-9
cipca_fw A420
dfxaa_fw 3.20
fca_2354_fw CS3.92A2
fca_2384_fw HS1.81A5
fca_2684_fw TS1.81A5
kgpsa_7k_fw SS3.20X7
kzpdc_fw 3.40
kzpsa_fw A12
UPD>exit
Initializing....
*** keyboard not plugged in...
256 Meg of system memory
probing hose 0, PCI
probing PCI-to-ISA bridge, bus 1
bus 0, slot 9 -- ewa -- DE500-BA Network Controller
bus 0, slot 11 -- ewb -- DE500-BA Network Controller
bus 0, slot 13 -- dqa -- Acer Labs M1543C IDE
bus 0, slot 13 -- dqb -- Acer Labs M1543C IDE
bus 0, slot 17 -- pga -- KGPSA-C
initializing GCT/FRU at ff42000
ewa0: link up : Negotiated 100BaseTX: full duplex
ewb0: link up : Negotiated 100BaseTX: full duplex
pga0.0.0.17.0 - Nvram read failed.
open fibre pga0.0.0.17.0
Testing the System
Testing the Disks (read only)
Testing ew* devices.
System Temperature is 38 degrees C
AlphaServer DS10 466 MHz Console V6.8-9, Jul 30 2004 09:36:47
>>> wwidmgr -set adapter -item 9999 -topo fabric
bus 0, slot 17 -- pga -- KGPSA-C
>>> wwidmgr -show ada
pga0.0.0.17.0 Link is down.
item adapter WWN Cur. Topo Next Topo
[ 0] pga0.0.0.17.0 2000-0000-c921-f8c6 FABRIC FABRIC
[9999] All of the above.
--
PL/I for OpenVMS
www.kednos.com
------------------------------
Date: Tue, 3 Jul 2007 08:41:31 +0200
From: "Klaus-D. Bohn" <info@it-bcsb.de>
Subject: Re: expanding shadow size
Message-ID: <4689ef96$0$27557$9b622d9e@news.freenet.de>
"Bob Gezelter" <gezelter@rlgsc.com> schrieb im Newsbeitrag
news:1183286512.476461.48610@n2g2000hse.googlegroups.com...
>
> David J Dachtera wrote:
> > Bob Gezelter wrote:
> > >
> > > On Jun 29, 8:55 pm, David J Dachtera <djesys...@spam.comcast.net>
> > > wrote:
> > > > "Klaus-D. Bohn" wrote:
> > > >
> > > > > Hello all together,
> > > >
> > > > > I have an existing problem with a shadow disk. I would like to
increase the
> > > > > shadow size without to dismount all the shadow members.
> > > > > [snip]
> > > > > What must i do to get the full volume size 17773524?
> > > >
> > > > As Hoff pointed out, can't be done without downtime.
> > > >
> > > > You'll need to negotiate a scheduled downtime with your customer. Be
sure to
> > > > explain that this is necessary if they want to realize the desired
benefit.
> > >
> > > David,
> > >
> > > A small note on the comment about downtime.
> > >
> > > If all that is needed is the SET VOLUME/LIMIT command, it is almost
> > > wrong to call it downtime. Planned properly (and executed with a
> > > command file) the downtime is limited to the availability of that
> > > volume for a matter of seconds. It will take longer to restart those
> > > applications that cannot quiesce and reacquire a file than it will
> > > take to do the actual change. It is, in my experience, far shorter
> > > than even a reboot (and if this is a data disk and not involved in the
> > > actual running of the cluster) will not be needed.
> > >
> > > It is true that even such a "blip" is a downtime, and needs to be
> > > handled appropriately, but there is a large difference between such a
> > > "blip" and a multi-hour downtime. Indeed, depending on what data is
> > > involved, it may not even meet the organization's definition of
> > > critical information, at least on the scale of a few minutes.
> > >
> > > Just my US$ 0.02 to ensure a clean record of the discussion.
> >
> > Well, it's generally considered that "downtime" means the application is
not
> > available to the users, regardless of the cause.
> >
> > Large applications - and their underlying software infrastructure
(databases,
> > etc.) can, indeed, impose extensive periods of unavailability just to
allow a
> > single volume to be DISMOUNTed, MOUNTed privately, prepared for DVE,
then
> > DISMOUNTed and reMOUNTed back to the system so that the software layers
can be
> > restarted in the proper order. In my case, at work, it's two(2) hours,
minimum.
> >
> > The OP simply stated that his client is downtime averse in that they
will not
> > allow the steps needed to permit this.
> >
> > Hence, my comment, as it was.
> >
> > --
> > David J Dachtera
> > dba DJE Systems
> > http://www.djesys.com/
> >
> > Unofficial OpenVMS Marketing Home Page
> > http://www.djesys.com/vms/market/
> >
> > Unofficial Affordable OpenVMS Home Page:
> > http://www.djesys.com/vms/soho/
> >
> > Unofficial OpenVMS-IA32 Home Page:
> > http://www.djesys.com/vms/ia32/
> >
> > Unofficial OpenVMS Hobbyist Support Page:
> > http://www.djesys.com/vms/support/
>
> David,
>
> Indeed. I have seen many systems where the minimum interruption is
> measured in hours. Then again, I have seen many environments, where
> that is not true. I have also seen many environments where the
> question is nuanced, in terms of which data is being spoken of.
>
> I posted the comment not to belittle the downtime issue but to
> emphasize the importance of treating it as a quantitative, not a
> qualitative question.
>
> When I am involved in design or modification of a system, I generally
> try to reduce the need for interruptions, and the impact of the
> inevitable disruptions that do occur, but I digress.
>
> Herr Bohn's original request does indeed refer to the fact that his
> client is downtime adverse, but I do not see any detailed background
> information upon which to judge the question of what degree of
> sensitivity this particular disk volume has. Thus my comment about the
> "blip" versus "downtime".
>
> IMHO, there is a significant difference between a blip on the order of
> seconds, done under the control of a script that once initiated,
> dismounts the volume, remounts the volume as private, does the needed
> SET VOLUME command, dismounts the volume, and remounts the volume to
> the cluster; and a multi-hour operation using BACKUP to save and
> restore the contents. Also note that since the MOUNTs are orderly
> (each following a controlled DISMOUNT rather than a crash), there will
> not be an extensive delay while rebuilding the data structures.
>
> Have I seen this situation in production environments that must
> otherwise maintain 24x7 availability: YES. An example is archives of
> online bills and statements. They frequently grow on an ongoing basis.
> However, they often do not grow on a minute to minute basis. It is
> often possible to prevent additions to the volume, interrupt access to
> the archive, and then re-allow access to the archive without ever
> having even interrupted the 24x7 parts of the application.
>
> In the end analysis, it is important to understand (and even more
> important to research in detail) each situation. I have seen far too
> many sites where the unverified presumption has been that if a volume
> is mounted at startup, it must be available continuously, forever.
>
> - Bob Gezelter, http://www.rlgsc.com
>
Sorry for the dealy!
Now, i have the result (private mount with limit) on my test system:
$ sh dev dsa2
Device Device Error Volume Free Trans
Mnt
Name Status Count Label Blocks Count
Cnt
DSA2: Mounted 0 TEST 8337680 1
1
$5$DKD200: (IDEFIX) ShadowSetMember 0 (member of DSA2:)
$ set volume/size DSA2:
$ sh dev dsa2
Device Device Error Volume Free Trans
Mnt
Name Status Count Label Blocks Count
Cnt
DSA2: Mounted 0 TEST 17717856 1
1
$5$DKD200: (IDEFIX) ShadowSetMember 0 (member of DSA2:)
$
Buuuuuuuuuuuuut what is about the availability? That disk is a common disk
in a high availability cluster. We must do a cluster shutdown to expand the
volume size? What is that? At this point i can't understand OpenVMS (high
availability, scalability, flexibility, and so on). Sorry, that is very
crazy and not acceptable.
Klaus
------------------------------
Date: Tue, 3 Jul 2007 09:28:58 +0000 (UTC)
From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply)
Subject: Re: expanding shadow size
Message-ID: <f6d4sq$f0s$1@online.de>
In article <4689ef96$0$27557$9b622d9e@news.freenet.de>, "Klaus-D. Bohn"
<info@it-bcsb.de> writes:
> Buuuuuuuuuuuuut what is about the availability? That disk is a common disk
> in a high availability cluster. We must do a cluster shutdown to expand the
> volume size? What is that? At this point i can't understand OpenVMS (high
> availability, scalability, flexibility, and so on). Sorry, that is very
> crazy and not acceptable.
Think about it. You are changing something very low-level in the disk
structure. I think it is OK to accept some down-time for this,
especially since this is a relatively new feature of VMS. (If it was
available from day one, perhaps it could have been implemented without
down-time.)
Note: I have not yet done this. SET VOLUME/LIMIT requires the private
MOUNT. I don't think SET VOLUME/SIZE does (at least this is not
mentioned in HELP, whereas it is for /LIMIT). Assume this is correct.
Get a NEW DISK. Use SET VOLUME/SIZE and perhaps SET VOLUME/LIMIT to get
it to the size you want. (If I understand correctly, with a cluster
size of more than 8 the limit is set to the default of 1 TB, which is
also the maximum.) "Size you want" should be the CURRENT size of the
shadow set. Now, add this shadow set to the current shadow set (full
copy); if the current shadow set already has 3 members, drop 1 (just
dismount the physical disk; no shutdown or whatever needed) and add in
the new one with a full copy. Now, get another NEW DISK and set it to
the same size. When the shadow copy completes, drop the old disk from
the shadow set and add this new disk with a full copy. (For a
three-member shadow set, repeat the previous two steps.) Now, use SET
VOLUME/SIZE to go to the new size.
------------------------------
Date: Tue, 3 Jul 2007 09:32:08 +0000 (UTC)
From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply)
Subject: Re: expanding shadow size
Message-ID: <f6d52o$f0s$3@online.de>
In article <f6d4sq$f0s$1@online.de>, helbig@astro.multiCLOTHESvax.de
(Phillip Helbig---remove CLOTHES to reply) writes:
> In article <4689ef96$0$27557$9b622d9e@news.freenet.de>, "Klaus-D. Bohn"
> <info@it-bcsb.de> writes:
>
> > Buuuuuuuuuuuuut what is about the availability? That disk is a common disk
> > in a high availability cluster. We must do a cluster shutdown to expand the
> > volume size? What is that? At this point i can't understand OpenVMS (high
> > availability, scalability, flexibility, and so on). Sorry, that is very
> > crazy and not acceptable.
>
> Think about it. You are changing something very low-level in the disk
> structure. I think it is OK to accept some down-time for this,
> especially since this is a relatively new feature of VMS. (If it was
> available from day one, perhaps it could have been implemented without
> down-time.)
>
> Note: I have not yet done this. SET VOLUME/LIMIT requires the private
> MOUNT. I don't think SET VOLUME/SIZE does (at least this is not
> mentioned in HELP, whereas it is for /LIMIT). Assume this is correct.
If this assumption is correct, then you can do what you want without
down-time to the cluster. You do need "down-time" for the disk, but if
it is a new disk, this doesn't matter.
------------------------------
Date: Tue, 03 Jul 2007 09:37:10 -0500
From: David J Dachtera <djesys.no@spam.comcast.net>
Subject: Re: expanding shadow size
Message-ID: <468A5F16.43936C88@spam.comcast.net>
"Klaus-D. Bohn" wrote:
> [snip]
> Sorry for the dealy!
>
> Now, i have the result (private mount with limit) on my test system:
>
> $ sh dev dsa2
>
> Device Device Error Volume Free Trans
> Mnt
> Name Status Count Label Blocks Count
> Cnt
> DSA2: Mounted 0 TEST 8337680 1
> 1
> $5$DKD200: (IDEFIX) ShadowSetMember 0 (member of DSA2:)
> $ set volume/size DSA2:
> $ sh dev dsa2
>
> Device Device Error Volume Free Trans
> Mnt
> Name Status Count Label Blocks Count
> Cnt
> DSA2: Mounted 0 TEST 17717856 1
> 1
> $5$DKD200: (IDEFIX) ShadowSetMember 0 (member of DSA2:)
> $
>
> Buuuuuuuuuuuuut what is about the availability? That disk is a common disk
> in a high availability cluster. We must do a cluster shutdown to expand the
> volume size? What is that? At this point i can't understand OpenVMS (high
> availability, scalability, flexibility, and so on).
Well, understand a few things here:
1. The point is to get the volume into a condition where all the application
files are closed and the volume can be DISMOUNTed temporarily.
So, it's not strictly a VMS issue.
2. *ALL* the cluster members who have that volume MOUNTed know about it's
CURRENT characteristics. No current o.s. is architected to allow such data to
"change on the fly" while a volume is MOUNTed. Don't believe me? See what it
takes to do DVE on UN*X, for example.
3. A "cluster shutdown" is not necessary - only the application(s) whose file(s)
are on that volume and are currently open. This includes, by the way, INSTALLed
images.
4. Properly prepared (during scheduled downtime or at volume INITIALIZE-ation
time), all volumes can be expanded (but not contracted!) in uptime, even without
HBVS. It's the preparation that needs to be done properly and in an isolated,
controlled environment.
> Sorry, that is very crazy and not acceptable.
Show me a current system that does what you want the way you want it to happen.
Hope this helps.
--
David J Dachtera
dba DJE Systems
http://www.djesys.com/
Unofficial OpenVMS Marketing Home Page
http://www.djesys.com/vms/market/
Unofficial Affordable OpenVMS Home Page:
http://www.djesys.com/vms/soho/
Unofficial OpenVMS-IA32 Home Page:
http://www.djesys.com/vms/ia32/
Unofficial OpenVMS Hobbyist Support Page:
http://www.djesys.com/vms/support/
------------------------------
Date: Tue, 03 Jul 2007 09:58:58 -0700
From: Malcolm Dunnett <nothome@spammers.are.scum>
Subject: Re: expanding shadow size
Message-ID: <468A8052.5080903@spammers.are.scum>
Klaus-D. Bohn wrote:
> Buuuuuuuuuuuuut what is about the availability? That disk is a common disk
> in a high availability cluster. We must do a cluster shutdown to expand the
> volume size? What is that? At this point i can't understand OpenVMS (high
> availability, scalability, flexibility, and so on). Sorry, that is very
> crazy and not acceptable.
>
I suppose the short answer is that if you'd thought ahead and
set the volume expansion limit at the time the volume was created
you wouldn't have to shut anything down to expand the volume now.
I wonder why the INIT command doesn't by default set the
volume expansion limit to be the maximum allowable by the
clustersize. Is there a penalty in doing so (other than a
few blocks in the bitmap?)
------------------------------
Date: Tue, 03 Jul 2007 10:17:01 -0700
From: AEF <spamsink2001@yahoo.com>
Subject: Re: expanding shadow size
Message-ID: <1183483021.187178.143690@g4g2000hsf.googlegroups.com>
On Jul 3, 5:28 am, hel...@astro.multiCLOTHESvax.de (Phillip Helbig---
remove CLOTHES to reply) wrote:
> In article <4689ef96$0$27557$9b622...@news.freenet.de>, "Klaus-D. Bohn"
>
> <i...@it-bcsb.de> writes:
> > Buuuuuuuuuuuuut what is about the availability? That disk is a common disk
> > in a high availability cluster. We must do a cluster shutdown to expand the
> > volume size? What is that? At this point i can't understand OpenVMS (high
> > availability, scalability, flexibility, and so on). Sorry, that is very
> > crazy and not acceptable.
>
> Think about it. You are changing something very low-level in the disk
> structure. I think it is OK to accept some down-time for this,
> especially since this is a relatively new feature of VMS. (If it was
> available from day one, perhaps it could have been implemented without
> down-time.)
>
> Note: I have not yet done this. SET VOLUME/LIMIT requires the private
> MOUNT. I don't think SET VOLUME/SIZE does (at least this is not
> mentioned in HELP, whereas it is for /LIMIT). Assume this is correct.
>
> Get a NEW DISK. Use SET VOLUME/SIZE and perhaps SET VOLUME/LIMIT to get
> it to the size you want. (If I understand correctly, with a cluster
> size of more than 8 the limit is set to the default of 1 TB, which is
> also the maximum.) "Size you want" should be the CURRENT size of the
> shadow set. Now, add this shadow set to the current shadow set (full
> copy); if the current shadow set already has 3 members, drop 1 (just
Maybe I'm missing something, but won't the full copy operation
overwrite everything on the NEW DISK, including the SET VOLUME/LIMIT
effects?
> dismount the physical disk; no shutdown or whatever needed) and add in
> the new one with a full copy. Now, get another NEW DISK and set it to
> the same size. When the shadow copy completes, drop the old disk from
> the shadow set and add this new disk with a full copy. (For a
> three-member shadow set, repeat the previous two steps.) Now, use SET
> VOLUME/SIZE to go to the new size.
AEF
------------------------------
Date: Tue, 03 Jul 2007 10:37:34 -0700
From: "Tom Linden" <tom-remove@kednos.com>
Subject: Installing 8.3 on DS10L
Message-ID: <op.tuwgkwj98vlggw@murphus>
I am trying to install on a disk in an HSG80. When prompted for a device I
am given following options, but am missing the drive onto which I wish to
install
Enter device name for target disk: (? for choices) ?
Device Device Error Volume Free
Trans Mnt
Name Status Count Label Blocks
Count Cnt
DAD0: Online 0
DQA0: Offline 1
DQA1: Offline 1
DQB0: Mounted wrtlck 0 ALPHA083 7965
87 1
DQB1: Offline 1
DVA0: Online 0
$1$DGA1: () Online 0
$1$DGA2: () Online 0
$1$DGA3: () Online 0
$1$DGA4: () Online 0
$1$DGA5: () Online 0
$1$DGA6: () Online 0
$1$DGA7: () Online 0
$1$DGA8: () Online 0
$1$DGA9: () Online 0
$1$DGA10: () Online 0
This is not picking up $1$DGA11:
What do I need to do here?
Seen from the cluster I have
ODIN> sho dev dg
Device Device Error Volume Free
Trans Mnt
Name Status Count Label Blocks
Count Cnt
$1$DGA1: (ODIN) ShadowSetMember 0 (member of DSA1:)
$1$DGA2: (ODIN) ShadowSetMember 0 (member of DSA1:)
$1$DGA3: (ODIN) ShadowSetMember 0 (member of DSA2:)
$1$DGA4: (ODIN) ShadowSetMember 0 (member of DSA2:)
$1$DGA5: (ODIN) ShadowSetMember 0 (member of DSA11:)
$1$DGA6: (ODIN) ShadowSetMember 0 (member of DSA11:)
$1$DGA7: (ODIN) ShadowSetMember 0 (member of DSA0:)
$1$DGA8: (ODIN) ShadowSetMember 0 (member of DSA0:)
$1$DGA9: (ODIN) ShadowSetMember 0 (member of DSA12:)
$1$DGA10: (ODIN) ShadowSetMember 0 (member of DSA12:)
$1$DGA11: (ODIN) Online 0
where $1$DGA11 is a striped mirror set seen from the controller
HSG80-TOP>sho stripe
Name Storageset Uses Used by
------------------------------------------------------------------------------
DVGRPSM0 stripeset MIRR_0 D11
MIRR_1
HSG80-TOP>sho mirror
Name Storageset Uses Used by
------------------------------------------------------------------------------
MIRR_0 mirrorset DISK50000 DVGRPSM0
DISK60200
MIRR_1 mirrorset DISK30300 DVGRPSM0
DISK40000
--
PL/I for OpenVMS
www.kednos.com
------------------------------
Date: Tue, 3 Jul 2007 08:50:08 -0400
From: "Main, Kerry" <Kerry.Main@hp.com>
Subject: RE: OpenVMS - When downtime is not an option
Message-ID: <FA60F2C4B72A584DBFC6091F6A2B8684024C0B06@tayexc19.americas.cpqcorp.net>
> -----Original Message-----
> From: Bill Todd [mailto:billtodd@metrocast.net]
> Sent: July 2, 2007 8:25 PM
> To: Info-VAX@Mvb.Saic.Com
> Subject: Re: OpenVMS - When downtime is not an option
>=20
> david20@alpha2.mdx.ac.uk wrote:
> > In article <L_-
> dnViYMsHBaRrbnZ2dnUVZ_v6tnZ2d@metrocastcablevision.com>, Bill Todd
> <billtodd@metrocast.net> writes:
> >> JF Mezei wrote:
> >>> Bill Todd wrote:
> >>>> Please explain exactly how a virus, trojan, or worn can infect a
> >>>> server via any legitimate use of email on that server.
> >>> Over the years, there have been plenty of pathces issued to
> prevent such
> >>> things from happening on many of the unix SMTP servers. (think
> buffer
> >>> overflow with a TO FROM etc that are way too long and contain
> code).
> >> You're as welcome as Paul is to provide a *specific* example of
> such an
> >> exposure in a current Windows environment, JF. Otherwise, stop
> blowing
> >> the same kind of hot air that Kerry so often does: it's not
> responsive
> >> to the challenge that I posed (but then hot air never is, is it).
> >>
> >
> > Since in this instance we are talking SMTP servers the Microsoft
> equivalent is
> > Exchange.
> > The last such vulnerability was in May.
> > See http://www.microsoft.com/technet/security/bulletin/ms07-026.mspx
> >
> > in particular the MIME decoding vulnerability CVE-2007-0213
> >
> > Note. That particular patch also fixes a couple of denial of
> services
> > vulnerabilities in IMAP and the calendar service.
> > The calendar services works by sending emails with vCal or iCal
> properties
> > and that had a critical remotely exploitable vulnerability in May
> 2006
> > see http://www.microsoft.com/technet/security/bulletin/ms06-019.mspx
>=20
> I already discussed the above at length elsewhere, so won't replicate
> that content here.
>=20
> >
> > Of course this only affects you if your server is running Exchange.
>=20
> Exactly: they are *Exchange* bugs, not *Windows* bugs. My comment to
> JF certainly admits your response, but its intent was that neither
> email
> server operation nor end-user email use should be able to compromise
> the
> integrity of the server *OS* (because OS stability is what has been
> under discussion here).
>=20
[snip ..]
Ok, perhaps you could shed some light on the above.
If the design and/or architecture of the OS platform allows an
application bug to provide access to protected data and/or provides
elevated rights on the system, does sit matter if it is an application
or kernel OS issue?
How does the end result (compromised system) differ from a kernel issue?
Do you think a hacker or worm or Trojan cares about if it is a
application or kernel issue?
Regards
Kerry Main
Senior Consultant
HP Services Canada
Voice: 613-592-4660
Fax: 613-591-4477
kerryDOTmainAThpDOTcom
(remove the DOT's and AT)=20
OpenVMS - the secure, multi-site OS that just works.
=20
------------------------------
Date: 3 Jul 2007 12:42:00 -0500
From: koehler@eisner.nospam.encompasserve.org (Bob Koehler)
Subject: Re: OpenVMS - When downtime is not an option
Message-ID: <+gCKvqOu80+A@eisner.encompasserve.org>
In article <Nb6dnTSCDrtvHxTbnZ2dnUVZ_gCdnZ2d@metrocastcablevision.com>, Bill Todd <billtodd@metrocast.net> writes:
> Bob Koehler wrote:
>
> ...
>
> It's MS crap. I know their business model and there
>> is pressure to produce low quality products so they can sell you
>> a replacement next year.
>
> Not quite: it's pressure to push products out the door with all sorts
> of bells and whistles that will entice you to buy them *this* year (or
> at least this product cycle).
While that is true, I know from former Microsoft employees that there
is actually presure to include bugs.
------------------------------
Date: Tue, 03 Jul 2007 04:00:52 -0700
From: Neil Rieck <n.rieck@sympatico.ca>
Subject: SAMBA External Field Test Announcement
Message-ID: <1183460452.445771.19230@n2g2000hse.googlegroups.com>
I just received this email from HP:
Common Internet File System (CIFS) based on Samba
External Field Test Announcement
Dear valued HP OpenVMS Customers,
The CIFS Engineering group is pleased to announce the availability of
HP OpenVMS Common Internet File System (CIFS) based on Samba External
Field Test Version T1.0 in support of both the Alpha and Integrity
platforms.
The field test may be run on HP OpenVMS V8.3 Alpha and/or HP OpenVMS
V8.3 Integrity. Plans are to initiate our CIFS field test on Monday,
July the 2nd and have field test run through the end of August 2007.
The production release of CIFS is currently planned for submission to
manufacturing in "September of 2007".
As a field test site, you have the opportunity of utilizing our newest
technology before anyone else! In return, we would appreciate your
feedback about our product. Your feedback is very important to us.
Sites should test on non-production machines only. Use of field test
software on production machines is highly discouraged
The kits, along with documentation are available from the HP OpenVMS
Common Internet File System web site:
http://h71000.www7.hp.com/network/CIFS_for_Samba.html
Here you will find a hot link with a registration request. The process
is similar to one we employed to provide access to the evaluation down
loads. Follow the easy steps to access the software and documentation:
DOCUMENTATION and INSTALLATION:
Before accessing the field test site, please read the enclosed
document "Read Before Installing HP OpenVMS Common Internet File
System (CIFS) Version T1.0 release", which describes the contents and
known restrictions of the release and tells how to download and unzip
the field test kits. No temporary licensing is required for field
testing.
NOTE:" READ BEFORE INSTALLING NOTE GOES HERE!"
Please install the kits as soon as you can. Please send an e-mail
message confirming your installation. Also tell me about any problems
you encounter with the web site.
If you have any problems with the software or documentation, please
submit a problem report to "openvms-cifs-field-test@hp.com".
Thank you for participating in the CIFS Version T1.0 field test.
Please contact me or the CIFS account with questions at any time
during the field test. As always, we appreciate your support in these
matters so that we may provide you with the technologies that you need
in support of your business.
Sincerely,
Lawrence (Larry) Woodcome
OVMS Networks Business Mgr
Hewlett Packard Company
110 Spit Brook Rd, MS ZKO3/4-S23
Nashua, NH 03062-2698
Tel 603-884-5419
Fax 603-884-0763
lawrence.woodcome@hp.com
###
As stated in the email, you must be running OpenVMS-8.3
Neil Rieck
Kitchener/Waterloo/Cambridge,
Ontario, Canada.
http://www3.sympatico.ca/n.rieck/
------------------------------
Date: Tue, 03 Jul 2007 06:24:55 -0700
From: IanMiller <gxys@uk2.net>
Subject: Re: SAMBA External Field Test Announcement
Message-ID: <1183469095.380854.199750@m36g2000hse.googlegroups.com>
http://www.openvms.org/stories.php?story=07/06/30/7754868
Been there, got that :-)
Note the points in the docs that it will run on V8.2 but performance
is not good due to lack of support in the CRTL on that version.
I also read a note about slow performance on OpenVMS Alpha V8.3
the kit includes sources and utilities to help transfer shares (not
users) from advanced server.
So give it a go on OpenVMS V8.3 (I64 preferred) and see.
------------------------------
Date: Tue, 3 Jul 2007 12:23:28 +0000 (UTC)
From: david20@alpha2.mdx.ac.uk
Subject: Re: SSH newbie question
Message-ID: <f6df40$bg4$1@south.jnrs.ja.net>
In article <46881632.8010501@comcast.net>, "Richard B. Gilbert" <rgilbert88@comcast.net> writes:
>JF Mezei wrote:
>> Phillip Helbig---remove CLOTHES to reply wrote:
>>
>>> When you telnet into your router (presumably from outside your LAN),
>>> everything echoed on your screen is potentially available.
>>
>>
>>
>> From the outside, one can only reach one machine (a vms box). The
>> router is not reacheable from the outside, nor is the mac or any other
>> machine from a telnet point of view.
>>
>> So telnet traffic is really just confined to within my lan to access
>> rourters, switches, test the tcpip stack of another vms box etc etc. It
>> is ridiculous to incur the additional overhead of ssh for such simple
>> tasks.
>>
>> Now, if my systems were handling bank transactions and I had no many
>> employees I couldn't know all of them, then I would consider blocking
>> telnet since some folks might be listening onto the ethernet. (although
>> with switches, this is getting harder to do).
>
>If you have the privileged password to a Cisco switch, monitoring the
>traffic on a port on that switch can be done with relative ease. It's
>not so easy for "Joe User" to monitor traffic on a switched ethernet
>these days.
>
That hasn't been true since the release of dsniff see for instance
http://www.infoworld.com/articles/op/xml/00/05/29/000529opswatch.html
There are now many publicly available tools which include this functionality.
David Webb
Security team leader
CCSS
Middlesex University
------------------------------
Date: Tue, 03 Jul 2007 06:18:13 -0700
From: "Tom Linden" <tom-remove@kednos.com>
Subject: Re: SSH newbie question
Message-ID: <op.tuv4knzv8vlggw@murphus.linden>
On Tue, 03 Jul 2007 05:23:28 -0700, <david20@alpha2.mdx.ac.uk> wrote:
> In article <46881632.8010501@comcast.net>, "Richard B. Gilbert"
> <rgilbert88@comcast.net> writes:
>> JF Mezei wrote:
>>> Phillip Helbig---remove CLOTHES to reply wrote:
>>>
>>>> When you telnet into your router (presumably from outside your LAN),
>>>> everything echoed on your screen is potentially available.
>>>
>>>
>>>
>>> From the outside, one can only reach one machine (a vms box). The
>>> router is not reacheable from the outside, nor is the mac or any other
>>> machine from a telnet point of view.
>>>
>>> So telnet traffic is really just confined to within my lan to access
>>> rourters, switches, test the tcpip stack of another vms box etc etc. It
>>> is ridiculous to incur the additional overhead of ssh for such simple
>>> tasks.
>>>
>>> Now, if my systems were handling bank transactions and I had no many
>>> employees I couldn't know all of them, then I would consider blocking
>>> telnet since some folks might be listening onto the ethernet. (although
>>> with switches, this is getting harder to do).
>>
>> If you have the privileged password to a Cisco switch, monitoring the
>> traffic on a port on that switch can be done with relative ease. It's
>> not so easy for "Joe User" to monitor traffic on a switched ethernet
>> these days.
>>
> That hasn't been true since the release of dsniff see for instance
>
> http://www.infoworld.com/articles/op/xml/00/05/29/000529opswatch.html
Have any of these tools been ported to VMS?
>
> There are now many publicly available tools which include this
> functionality.
>
>
> David Webb
> Security team leader
> CCSS
> Middlesex University
>
--
PL/I for OpenVMS
www.kednos.com
------------------------------
Date: Tue, 3 Jul 2007 15:05:35 +0000 (UTC)
From: david20@alpha2.mdx.ac.uk
Subject: Re: SSH newbie question
Message-ID: <f6dojv$ehj$2@south.jnrs.ja.net>
In article <op.tuv4knzv8vlggw@murphus.linden>, "Tom Linden" <tom-remove@kednos.com> writes:
>On Tue, 03 Jul 2007 05:23:28 -0700, <david20@alpha2.mdx.ac.uk> wrote:
>
>> In article <46881632.8010501@comcast.net>, "Richard B. Gilbert"
>> <rgilbert88@comcast.net> writes:
>>> JF Mezei wrote:
>>>> Phillip Helbig---remove CLOTHES to reply wrote:
>>>>
>>>>> When you telnet into your router (presumably from outside your LAN),
>>>>> everything echoed on your screen is potentially available.
>>>>
>>>>
>>>>
>>>> From the outside, one can only reach one machine (a vms box). The
>>>> router is not reacheable from the outside, nor is the mac or any other
>>>> machine from a telnet point of view.
>>>>
>>>> So telnet traffic is really just confined to within my lan to access
>>>> rourters, switches, test the tcpip stack of another vms box etc etc. It
>>>> is ridiculous to incur the additional overhead of ssh for such simple
>>>> tasks.
>>>>
>>>> Now, if my systems were handling bank transactions and I had no many
>>>> employees I couldn't know all of them, then I would consider blocking
>>>> telnet since some folks might be listening onto the ethernet. (although
>>>> with switches, this is getting harder to do).
>>>
>>> If you have the privileged password to a Cisco switch, monitoring the
>>> traffic on a port on that switch can be done with relative ease. It's
>>> not so easy for "Joe User" to monitor traffic on a switched ethernet
>>> these days.
>>>
>> That hasn't been true since the release of dsniff see for instance
>>
>> http://www.infoworld.com/articles/op/xml/00/05/29/000529opswatch.html
>Have any of these tools been ported to VMS?
Not that I'm aware of.
David Webb
Security team leader
CCSS
Middlesex University
>>
>> There are now many publicly available tools which include this
>> functionality.
>>
>>
>> David Webb
>> Security team leader
>> CCSS
>> Middlesex University
>>
>
>
>
>--
>PL/I for OpenVMS
>www.kednos.com
------------------------------
Date: Tue, 3 Jul 2007 06:07:40 +0000 (UTC)
From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply)
Subject: Re: TCPIP$GET_MX: getmxrr() failed
Message-ID: <f6cp3c$s6$2@online.de>
In article <43b64$46893609$cef8887a$14076@TEKSAVVY.COM>, JF Mezei
<jfmezei.spamnot@vaxination.ca> writes:
> Phillip Helbig---remove CLOTHES to reply wrote:
> >> > > Phillip Helbig---remove CLOTHES to reply wrote:
> >> > > > getmxrr: name = 87.139.7.213])
>
> > The question is, what does the error mean? And why the funny format
>
> Well, it is pretty obvious: SMTP cannot obtain the mx record (DNS) for
> ip 87.139.7.213
Right. However, why the "])" at the end? Why does SMTP want to obtain
the mx record for this IP?
> Is it alwasy the same IP mentioned ?
Yes.
> Is it always present no matter what the sender is ?
Yes. It is in TCPIP$SMTP_RECV_RUN.LOG which doesn't mention the sender;
I would have to compare timestamps of these log files with entries in
OPERATOR.LOG, but since the error is always present, the answer is
"yes".
> Is your mail routed to some forwarding SMTP server before getting to you
> ? Would that IP belong to that forwarding SMTP server ?
No, mail comes in directly. (If there is a problem at my end, then
there are lower priority MX servers, but they are not neded now.)
Again, this started happening sometime last week and I have never seen
it before.
------------------------------
Date: Tue, 03 Jul 2007 10:41:46 +0200
From: "P. Sture" <paul.sture.nospam@hispeed.ch>
Subject: Re: TCPIP$GET_MX: getmxrr() failed
Message-ID: <paul.sture.nospam-78546F.10414603072007@mac.sture.ch>
In article <f6aiqf$ddl$1@online.de>,
helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to
reply) wrote:
> > > > getmxrr: name = 87.139.7.213])
> > > > > getmxrr: res_search() failed
> > > > > TCPIP$GET_MX: getmxrr() failed
> > > >
<snip>
>
> Yes. My ISP is 1&1. Legally, my internet connection has nothing to do
> with Deutsche Telekom, but behind the scenes the DSL connection from 1&1
> is a "resell" connection from Deutsche Telekom.
>
> The question is, what does the error mean? And why the funny format
> with "])" at the end? Since everything appears to be working, what
> effects does the error have? Has anyone else seen this?
FWIW getmxrr is documented here:
<http://orange.kame.net/dev/cvsweb.cgi/sendmail/src/Attic/domain.c?cvsroo
t=apps&rev=1.2>
It looks as if garbage is being passed in the name field, but of course
that doesn't give us the why.
Note this bit in the source at the above URL:
----
case HOST_NOT_FOUND:
#if BROKEN_RES_SEARCH
case 0: /* Ultrix resolver retns failure w/ h_errno=0 */
#endif
/* host doesn't exist in DNS; might be in /etc/hosts */
----
Could it be picking up some garbage that has found its way into the
TCPIP SET HOST entries?
--
Paul Sture
------------------------------
Date: Tue, 3 Jul 2007 09:31:01 +0000 (UTC)
From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply)
Subject: Re: TCPIP$GET_MX: getmxrr() failed
Message-ID: <f6d50l$f0s$2@online.de>
In article <paul.sture.nospam-78546F.10414603072007@mac.sture.ch>, "P.
Sture" <paul.sture.nospam@hispeed.ch> writes:
> In article <f6aiqf$ddl$1@online.de>,
> helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to
> reply) wrote:
>
> > > > > getmxrr: name = 87.139.7.213])
> > > > > > getmxrr: res_search() failed
> > > > > > TCPIP$GET_MX: getmxrr() failed
> > > > >
> >
> > Yes. My ISP is 1&1. Legally, my internet connection has nothing to do
> > with Deutsche Telekom, but behind the scenes the DSL connection from 1&1
> > is a "resell" connection from Deutsche Telekom.
> >
> > The question is, what does the error mean? And why the funny format
> > with "])" at the end? Since everything appears to be working, what
> > effects does the error have? Has anyone else seen this?
>
> FWIW getmxrr is documented here:
>
> <http://orange.kame.net/dev/cvsweb.cgi/sendmail/src/Attic/domain.c?cvsroo
> t=apps&rev=1.2>
>
> It looks as if garbage is being passed in the name field, but of course
> that doesn't give us the why.
>
> Note this bit in the source at the above URL:
>
> ----
> case HOST_NOT_FOUND:
> #if BROKEN_RES_SEARCH
> case 0: /* Ultrix resolver retns failure w/ h_errno=0 */
> #endif
> /* host doesn't exist in DNS; might be in /etc/hosts */
> ----
>
> Could it be picking up some garbage that has found its way into the
> TCPIP SET HOST entries?
Again, this started happening last week. I hadn't changed anything for
a while before that, in particular, I hadn't change anything in the
local host database (which is small and looks fine). It's also been a
while since the last changed to the TCPIP software.
------------------------------
Date: Tue, 3 Jul 2007 09:48:00 +0000 (UTC)
From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply)
Subject: Re: TCPIP$GET_MX: getmxrr() failed
Message-ID: <f6d60g$gak$1@online.de>
In article <f6d50l$f0s$2@online.de>, helbig@astro.multiCLOTHESvax.de
(Phillip Helbig---remove CLOTHES to reply) writes:
> Again, this started happening last week. I hadn't changed anything for
> a while before that, in particular, I hadn't change anything in the
> local host database (which is small and looks fine). It's also been a
> while since the last changed to the TCPIP software.
Problem solved! It was a typo in SMTP.CONFIG (which I do update
relatively often) in a bad-clients entry!
I normally rely mainly on RBLs, but when I notice (I have the
corresponding console next to my main graphics terminal) repeated
rejections of a certain IP due to being in an RBL, I add the entry to
the bad-clients list to cut down on noise. (I noticed the typo because
I added 88.238.119.197 to the bad-clients list just now; today, there
have been 100 connection attempts from it. I just added 122.167.178.184
as well after several repeated attempts.)
This demonstrates one of the disadvantages of configuration files as
opposed to SET/SHOW commands: syntax errors are not caught early enough.
(In this case, the indication of a syntax error in the log file, instead
of the error indicated, would have at least helped to solve the problem
more quickly.)
By the way, since 1-JUN-2007 there are 28245 RBL rejections mentioned in
the operator log, but only 12 due to bad clients, at least 6 of the
latter being from today.
------------------------------
Date: Tue, 3 Jul 2007 09:53:08 +0000 (UTC)
From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply)
Subject: Re: TCPIP$GET_MX: getmxrr() failed
Message-ID: <f6d6a3$gak$2@online.de>
In article <f6d60g$gak$1@online.de>, helbig@astro.multiCLOTHESvax.de
(Phillip Helbig---remove CLOTHES to reply) writes:
> By the way, since 1-JUN-2007 there are 28245 RBL rejections mentioned in
> the operator log, but only 12 due to bad clients, at least 6 of the
> latter being from today.
Up from 12 to 22 now.
I'm assuming that it is more efficient in terms of resources to reject
stuff at the bad-clients stage as opposed to the RBL stage.
------------------------------
Date: Tue, 3 Jul 2007 10:09:37 +0000 (UTC)
From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply)
Subject: Re: TCPIP$GET_MX: getmxrr() failed
Message-ID: <f6d791$h6q$1@online.de>
Of course, since the problematic address is definitely due to the
typographical error in SMTP.CONFIG, why is STMP doing an MX lookup on
it? If the address is in the bad-clients list, then the connection
should just be dropped. As far as I can tell, the translation is not
reported in OPERATOR.LOG nor in the SMTP log files, so why bother with
the lookup at all?
True, the log files do occasionally say, e.g.,
Client IP address 85.103.243.252 unbacktranslatable (gethostbyaddr returned NULL)
(I'm NOT using this as a rejection criterion at the moment.) However,
if the address is in the bad-clients list, wouldn't it be better to just
drop the connection then and there, without doing further processing?
Especially considering the fact that addresses in the bad-clients list
are probably there because of repeated attempts.
Of course, it would be even better to reject stuff based on addresses
much earlier on. This is possible, but the number of such addresses is
limited. What is needed is something like the bad-clients list in
SMTP.CONFIG, but for TCPIP or even TCP (i.e. including UDP).
------------------------------
Date: Tue, 03 Jul 2007 13:12:40 +0200
From: "P. Sture" <paul.sture.nospam@hispeed.ch>
Subject: Re: TCPIP$GET_MX: getmxrr() failed
Message-ID: <paul.sture.nospam-20D02F.13124003072007@mac.sture.ch>
In article <f6d60g$gak$1@online.de>,
helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to
reply) wrote:
> In article <f6d50l$f0s$2@online.de>, helbig@astro.multiCLOTHESvax.de
> (Phillip Helbig---remove CLOTHES to reply) writes:
>
> > Again, this started happening last week. I hadn't changed anything for
> > a while before that, in particular, I hadn't change anything in the
> > local host database (which is small and looks fine). It's also been a
> > while since the last changed to the TCPIP software.
>
> Problem solved! It was a typo in SMTP.CONFIG (which I do update
> relatively often) in a bad-clients entry!
>
Good.
> I normally rely mainly on RBLs, but when I notice (I have the
> corresponding console next to my main graphics terminal) repeated
> rejections of a certain IP due to being in an RBL, I add the entry to
> the bad-clients list to cut down on noise. (I noticed the typo because
> I added 88.238.119.197 to the bad-clients list just now; today, there
> have been 100 connection attempts from it. I just added 122.167.178.184
> as well after several repeated attempts.)
>
> This demonstrates one of the disadvantages of configuration files as
> opposed to SET/SHOW commands: syntax errors are not caught early enough.
> (In this case, the indication of a syntax error in the log file, instead
> of the error indicated, would have at least helped to solve the problem
> more quickly.)
Syntax checkers for config files seem to be common in the unix world. I
wonder if there's something suitable for the SMTP.CONFIG file.
> By the way, since 1-JUN-2007 there are 28245 RBL rejections mentioned in
> the operator log, but only 12 due to bad clients, at least 6 of the
> latter being from today.
I had 4 hours worth of RBL rejections for the same IP address yesterday.
I have "SPAM-Action: OPCOM, ACCOUNTING" in my SMTP.CONFIG, but no RBL
messages in operator.log (they were being broadcast to the console
though).
Does the ACCOUNTING specification mean that they don't go to
operator.log?
--
Paul Sture
------------------------------
Date: Tue, 03 Jul 2007 13:24:32 +0200
From: "P. Sture" <paul.sture.nospam@hispeed.ch>
Subject: Re: TCPIP$GET_MX: getmxrr() failed
Message-ID: <paul.sture.nospam-94E186.13243203072007@mac.sture.ch>
In article <f6d791$h6q$1@online.de>,
helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to
reply) wrote:
> Of course, since the problematic address is definitely due to the
> typographical error in SMTP.CONFIG, why is STMP doing an MX lookup on
> it? If the address is in the bad-clients list, then the connection
> should just be dropped. As far as I can tell, the translation is not
> reported in OPERATOR.LOG nor in the SMTP log files, so why bother with
> the lookup at all?
>
> True, the log files do occasionally say, e.g.,
>
> Client IP address 85.103.243.252 unbacktranslatable (gethostbyaddr returned
> NULL)
>
> (I'm NOT using this as a rejection criterion at the moment.) However,
> if the address is in the bad-clients list, wouldn't it be better to just
> drop the connection then and there, without doing further processing?
> Especially considering the fact that addresses in the bad-clients list
> are probably there because of repeated attempts.
>
> Of course, it would be even better to reject stuff based on addresses
> much earlier on. This is possible, but the number of such addresses is
> limited. What is needed is something like the bad-clients list in
> SMTP.CONFIG, but for TCPIP or even TCP (i.e. including UDP).
My 4 hour attack yesterday was also doing a header enquiry on port 80.
Both SMTP and HTTP at the rate of 2 per minute.
I eventually did a TCPIP SET COMM/REJECT=NETWORKS=Ip-address
whoops - that defaults to a network mask of 255.0.0.0, so I blocked the
whole of 80.0.0.0. It stopped whatever was having a go in short order
though :-)
The IP concerned actually belongs to my ISP. If it happens again, and
I'm around at the time, I could drop the RBL check just long enough to
get more details and do a full report. With the information on hand
though, I have little to report.
--
Paul Sture
------------------------------
Date: Tue, 3 Jul 2007 13:45:13 +0000 (UTC)
From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply)
Subject: Re: TCPIP$GET_MX: getmxrr() failed
Message-ID: <f6djt9$tr$1@online.de>
In article <paul.sture.nospam-20D02F.13124003072007@mac.sture.ch>, "P.
Sture" <paul.sture.nospam@hispeed.ch> writes:
> I had 4 hours worth of RBL rejections for the same IP address yesterday.
> I have "SPAM-Action: OPCOM, ACCOUNTING" in my SMTP.CONFIG, but no RBL
> messages in operator.log (they were being broadcast to the console
> though).
Why not?
> Does the ACCOUNTING specification mean that they don't go to
> operator.log?
I have OPCOM but not ACCOUNTING. They go to the console AND to the log
file.
Are you sure you looked in the OPERATOR.LOG for the node doing the SMTP
receiving?
------------------------------
Date: Tue, 03 Jul 2007 10:40:51 -0400
From: JF Mezei <jfmezei.spamnot@vaxination.ca>
Subject: Re: TCPIP$GET_MX: getmxrr() failed
Message-ID: <291cf$468a6022$cef8887a$15227@TEKSAVVY.COM>
>> > > > getmxrr: name = 87.139.7.213])
I woudln't worry too much about the ] since it could very well be part
of the "printf" statement instead of being part of the IP value. (But
could be either way).
Have you tried to enable the receiver tracing ?
$DEFINE/SYSTEM TCPIP$SMTP_RECV_TRACE 1
This *might* give you a better idea of the situation if the incoming
call goes anywhere with the receiver before that error is issued.
Do you have a router that logs incoming calls ? If you can associate
this error with the actual IP that is calling you, you might have a
better idea.
------------------------------
Date: Tue, 3 Jul 2007 14:50:40 +0000 (UTC)
From: david20@alpha2.mdx.ac.uk
Subject: Re: TCPIP$GET_MX: getmxrr() failed
Message-ID: <f6dnnv$ehj$1@south.jnrs.ja.net>
In article <f6cp3c$s6$2@online.de>, helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply) writes:
>In article <43b64$46893609$cef8887a$14076@TEKSAVVY.COM>, JF Mezei
><jfmezei.spamnot@vaxination.ca> writes:
>
>> Phillip Helbig---remove CLOTHES to reply wrote:
>> >> > > Phillip Helbig---remove CLOTHES to reply wrote:
>> >> > > > getmxrr: name = 87.139.7.213])
>>
>> > The question is, what does the error mean? And why the funny format
>>
>> Well, it is pretty obvious: SMTP cannot obtain the mx record (DNS) for
>> ip 87.139.7.213
>
>Right. However, why the "])" at the end? Why does SMTP want to obtain
>the mx record for this IP?
>
MX records are used when sending mail messages to identify which system to
connect to.
Could it be that someone is sending mail through your system to an address of
the form
user@[87.139.7.213]
which is a perfectly valid email address using a domain-literal and that
the DEC TCPIP SMTP software is mishandling this case and is trying to lookup
a MX record for [87.139.7.213] instead of just trying to connect to the server
at address 87.139.7.213
David Webb
Security team leader
CCSS
Middlesex University
>> Is it alwasy the same IP mentioned ?
>
>Yes.
>
>> Is it always present no matter what the sender is ?
>
>Yes. It is in TCPIP$SMTP_RECV_RUN.LOG which doesn't mention the sender;
>I would have to compare timestamps of these log files with entries in
>OPERATOR.LOG, but since the error is always present, the answer is
>"yes".
>
>> Is your mail routed to some forwarding SMTP server before getting to you
>> ? Would that IP belong to that forwarding SMTP server ?
>
>No, mail comes in directly. (If there is a problem at my end, then
>there are lower priority MX servers, but they are not neded now.)
>
>Again, this started happening sometime last week and I have never seen
>it before.
>
------------------------------
Date: Tue, 03 Jul 2007 17:51:11 +0200
From: "P. Sture" <paul.sture.nospam@hispeed.ch>
Subject: Re: TCPIP$GET_MX: getmxrr() failed
Message-ID: <paul.sture.nospam-49E633.17511103072007@mac.sture.ch>
In article <f6djt9$tr$1@online.de>,
helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to
reply) wrote:
> In article <paul.sture.nospam-20D02F.13124003072007@mac.sture.ch>, "P.
> Sture" <paul.sture.nospam@hispeed.ch> writes:
>
> > I had 4 hours worth of RBL rejections for the same IP address yesterday.
> > I have "SPAM-Action: OPCOM, ACCOUNTING" in my SMTP.CONFIG, but no RBL
> > messages in operator.log (they were being broadcast to the console
> > though).
>
> Why not?
I was hoping you could answer that.
> > Does the ACCOUNTING specification mean that they don't go to
> > operator.log?
>
> I have OPCOM but not ACCOUNTING. They go to the console AND to the log
> file.
>
> Are you sure you looked in the OPERATOR.LOG for the node doing the SMTP
> receiving?
Yep. I am going to try with just "SPAM-Action: OPCOM" to see if that
makes a difference.
--
Paul Sture
------------------------------
Date: Tue, 03 Jul 2007 17:34:43 GMT
From: Alfred Falk <falk@arc.REMOVE.ab.ca>
Subject: RE: Ten years ago...
Message-ID: <Xns996275C8FD92Efalkarcabca@199.185.223.74>
"Main, Kerry" <Kerry.Main@hp.com> wrote in
news:FA60F2C4B72A584DBFC6091F6A2B8684024C08D0@tayexc19.americas.cpqcorp.n
et:
> Re: takeovers .. I still remember laughing when someone suggested to
> me that Compaq might buy Digital. "Heck, we are worth $10B - who in
> the world has that type of money?"
I had similar thoughts, $10B Wow!. Then a week later I saw an item in the
local paper about some Canadian energy company buying out another for $9B
Cdn. Not quite as much but in the same league. These were companies you
have never heard of (and I can't remember either). We think IT is big
business. Peanuts compared to energy.
--
----------------------------------------------------------------
A L B E R T A Alfred Falk falk@arc.ab.ca
R E S E A R C H Information Systems Dept (780)450-5185
C O U N C I L 250 Karl Clark Road
Edmonton, Alberta, Canada
http://www.arc.ab.ca/ T6N 1E4
http://outside.arc.ab.ca/staff/falk/
------------------------------
Date: Tue, 03 Jul 2007 07:40:08 -0700
From: ultradwc@gmail.com
Subject: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris
Message-ID: <1183473608.863453.139260@n2g2000hse.googlegroups.com>
notice the virus/worm downtime ... zero for VMS, not so good for
the others ... sorry Andrew, more proof to validate CERT counts ...
http://h71028.www7.hp.com/ERC/downloads/TechWise_TCO2007.pdf
------------------------------
Date: Tue, 03 Jul 2007 10:53:11 -0400
From: JF Mezei <jfmezei.spamnot@vaxination.ca>
Subject: Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris
Message-ID: <66c1b$468a6301$cef8887a$18188@TEKSAVVY.COM>
ultradwc@gmail.com wrote:
> notice the virus/worm downtime ... zero for VMS, not so good for
> the others ... sorry Andrew, more proof to validate CERT counts ...
Boob, if the currently vulnerability in POP doesn't make it to CERT, it
means that CERT doesn't cover VMS viulnerabilities and hence, you cannot
in good conscience claim VMS is more secure because it has no CERT listings.
------------------------------
Date: Tue, 03 Jul 2007 07:59:29 -0700
From: ultradwc@gmail.com
Subject: Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris
Message-ID: <1183474769.136563.82710@k79g2000hse.googlegroups.com>
On Jul 3, 10:53 am, JF Mezei <jfmezei.spam...@vaxination.ca> wrote:
> ultra...@gmail.com wrote:
> > notice the virus/worm downtime ... zero for VMS, not so good for
> > the others ... sorry Andrew, more proof to validate CERT counts ...
>
> Boob, if the currently vulnerability in POP doesn't make it to CERT, it
> means that CERT doesn't cover VMS viulnerabilities and hence, you cannot
> in good conscience claim VMS is more secure because it has no CERT listings.
PMDF and TCPware POP have NO vulnerability ...
------------------------------
Date: Tue, 3 Jul 2007 15:46:36 +0000 (UTC)
From: david20@alpha2.mdx.ac.uk
Subject: Re: Updated TCO study has OpenVMS AGAIN over AIX, Slowaris
Message-ID: <f6dr0s$fis$1@south.jnrs.ja.net>
In article <1183474769.136563.82710@k79g2000hse.googlegroups.com>, ultradwc@gmail.com writes:
>On Jul 3, 10:53 am, JF Mezei <jfmezei.spam...@vaxination.ca> wrote:
>> ultra...@gmail.com wrote:
>> > notice the virus/worm downtime ... zero for VMS, not so good for
>> > the others ... sorry Andrew, more proof to validate CERT counts ...
>>
>> Boob, if the currently vulnerability in POP doesn't make it to CERT, it
>> means that CERT doesn't cover VMS viulnerabilities and hence, you cannot
>> in good conscience claim VMS is more secure because it has no CERT listings.
>
>PMDF and TCPware POP have NO vulnerability ...
>
And even with DEC TCPIP services implementation of POP.
The logging of IP addresses can apparently be enabled by defining
TCPIP$POP_LOG_LEVEL to THREAD
The ability to determine whether a username exists or not from the error
message can be controlled by defining
TCPIP$POP_SECURITY to SECURE
Hence, although one can argue that these should be the defaults and possibly a
setting which records the IP address but less other information than THREAD
should be provided, this part of the problem is down to incorrect
configuration.
As to Intrusion protection can someone remind me which Unix implementations of
POP servers provide this ?
David Webb
Security team leader
CCSS
Middlesex University
------------------------------
Date: Tue, 3 Jul 2007 05:59:39 +0000 (UTC)
From: helbig@astro.multiCLOTHESvax.de (Phillip Helbig---remove CLOTHES to reply)
Subject: Re: VMS security vulnerability (POP server)
Message-ID: <f6cokb$s6$1@online.de>
Note that this was posted to the ovms-lists@openvms.org by Hoff:
From: SMTP%"ovms-lists@openvms.org" 2-JUL-2007 21:50:28.68
To: "Patch and Security Alerts" <alerts@openvms.org>
Subj: [OVMS-Alert] TCP/IP Services POP3 Security Vulnerability Report in Wild
From Stephen Hoffman, Hoffman Labs:
JF Mezei has posted details of a security vulnerability in
the OpenVMS TCP/IP Services POP3 implementation (current
versions) into the comp.os.vms newsgroup, reportedly after
contacting HP with the initial report of the
vulnerability. Mr Mezei indicates a local OpenVMS Alpha
system was targeted by a POP3 dictionary attack.
Remote IP-based POP3-based dictionary attacks appear
feasible against passwords using this vulnerability, and
no breakin evasion processing is performed.
I've posted a quick review of the newsgroup report and
some suggestions at the HoffmanLabs site:
http://64.223.189.234/node/395
The original report is available here:
http://groups.google.com/group/comp.os.vms/msg/8a42e91fe1e9cd36
It is unclear if other components of TCP/IP Services are
similarly afflicted.
_______________________________________________
NOTICE: Patches/Kits may not be available for several hours. -KF
_______________________________________________
You are subscribed to: alerts@openvms.org
To subscribe: alerts-subscribe@openvms.org
To unsubscribe: alerts-unsubscribe@openvms.org
Send administrative queries to <alerts-request@openvms.org>
Please forward to friends and co-workers.
OpenVMS.org lists are not affiliated with HP.
OpenVMS is a trademark of HP.
------------------------------
Date: Tue, 3 Jul 2007 13:18:24 +0000 (UTC)
From: david20@alpha2.mdx.ac.uk
Subject: Re: VMS security vulnerability (POP server)
Message-ID: <f6diav$cif$1@south.jnrs.ja.net>
In article <op.tut97bj98vlggw@murphus.linden>, "Tom Linden" <tom-remove@kednos.com> writes:
>On Sun, 01 Jul 2007 23:00:44 -0700, JF Mezei =
>
><jfmezei.spamnot@vaxination.ca> wrote:
>
>> Michael Moroney wrote:
>>> That is a nasty one, since much of what makes VMS resistant to such =
>
>>> attacks is the ability to sense a breakin attempt and deny access fro=
>m
>>> the breakin source even when it gets the password correct.
>>> Did the attempt seem to target VMS or was it a script kiddie hacking=
> at
>>> a Windoze box or Unix box (accounts like administrator or root being =
> =
>
>>> tried)
>>
>>
>> Brute force. And VMS is even worse:
>>
>> $ telnet/port=3D110 chain
>> %TELNET-I-TRYING, Trying ... 10.0.0.11
>> %TELNET-I-SESSION, Session 01, host chain, port 110
>> +OK TCPIP POP server V5.6-9, OpenVMS V8.3 Alpha at chain.vaxination.ca=
>, =
>
>> up sinc>
>> USER canada
>> -ERR No such user "canada"
>> USER system
>> +OK Password required for "system"
>> PASS chocolate
>> -ERR password supplied for "system" is incorrect.
>> %TELNET-S-REMCLOSED, Remote connection closed
>> -TELNET-I-SESSION, Session 01, host chain, port 110
>>
>>
>> So by checking whether the USER command returns an -ERR or +OK, you ca=
>n =
>
>> narrow down which usernames are valid, and then proceed to guess their=
> =
>
>> passwords by brute force.
>>
>What happens if you disable telnet and only allow ssh?
>
Telnet in this instance is just being used to setup a connection to the POP
server port and then to pass the same commands that a pop client would send.
Telnet is often used in this manner. The telnet connection could come from
anywhere and the only way to stop telnet connections to the POP server port
would basically be to stop anyone connecting to that port eg not to run the POP
server.
David Webb
Security team leader
CCSS
Middlesex University
>
>-- =
>
>PL/I for OpenVMS
>www.kednos.com
------------------------------
Date: 3 Jul 2007 07:48:34 -0500
From: koehler@eisner.nospam.encompasserve.org (Bob Koehler)
Subject: Re: VMSclusters and data replication
Message-ID: <FsJz+JHen0Zb@eisner.encompasserve.org>
In article <1183399772.237201.114300@k29g2000hsd.googlegroups.com>, Bob Gezelter <gezelter@rlgsc.com> writes:
>
> However, long distance replication of a limited volume of data is a
> far different story. A detailed review of what must actually be
> synchronized (vs recovered in the event of a problem) must be done,
> with a full inventory.
Yes, I've done enough data transfers across the pond to agree with
this approach. I've used DECnet Phase IV for this with no problem
and I suggest DECnet over IP as the most promising solution.
Other possibilities include naked IP (if you don't mind fixing up
file attributes); or DFS (DECnet File System?), a sort of NFS
analog for DECnet.
------------------------------
Date: Tue, 03 Jul 2007 06:12:16 -0700
From: Bob Gezelter <gezelter@rlgsc.com>
Subject: Re: VMSclusters and data replication
Message-ID: <1183468336.339416.176380@m36g2000hse.googlegroups.com>
On Jul 3, 7:48 am, koeh...@eisner.nospam.encompasserve.org (Bob
Koehler) wrote:
> In article <1183399772.237201.114...@k29g2000hsd.googlegroups.com>, Bob Gezelter <gezel...@rlgsc.com> writes:
>
>
>
> > However, long distance replication of a limited volume of data is a
> > far different story. A detailed review of what must actually be
> > synchronized (vs recovered in the event of a problem) must be done,
> > with a full inventory.
>
> Yes, I've done enough data transfers across the pond to agree with
> this approach. I've used DECnet Phase IV for this with no problem
> and I suggest DECnet over IP as the most promising solution.
>
> Other possibilities include naked IP (if you don't mind fixing up
> file attributes); or DFS (DECnet File System?), a sort of NFS
> analog for DECnet.
Bob,
Yes. I should re-emphasize that while 9/11 is often cited as the
reason for concern, many do not realize the extent of the lessons
learned in the aftermath of the event.
While OpenVMS clusters is an extremely useful technology, it is not
magic nor is it the cure-all for all reasons. Speaking as an IT
professional, and not minimizing the loss of life in the Trade Center
attack, the far more disruptive event was the destruction of the AT&T
(if I recall correctly) switching center adjacent to the Trade Center,
which was a junction point for many data connections to/from
Manhattan. Many companies very far from Ground Zero was disrupted by
this event for a very extended period of time.
My concern is that trans-oceanic clusters make use of a limited set of
high speed circuits. In the event of a problem, bandwidth may be
reduced on these circuits with little warning. If these are mission
critical, then severe problems can result.
Thus my suggestion to carefully evaluate (and possibly retain a
consultant) the issues before going down this route. Archiving logs
remotely can survive with far less bandwidth than a cluster. If that
accomplishes the need, it is a better choice.
Note that transcontinental clusters do not necessarily suffer the same
problem, although verifying alternate communications paths is
important.
- Bob Gezelter, http://www.rlgsc.com
------------------------------
Date: Tue, 3 Jul 2007 09:22:04 -0400
From: "Main, Kerry" <Kerry.Main@hp.com>
Subject: RE: VMSclusters and data replication
Message-ID: <FA60F2C4B72A584DBFC6091F6A2B8684024C0B25@tayexc19.americas.cpqcorp.net>
> -----Original Message-----
> From: mb301@hotmail.com [mailto:mb301@hotmail.com]
> Sent: July 2, 2007 12:56 PM
> To: Info-VAX@Mvb.Saic.Com
> Subject: VMSclusters and data replication
>=20
> Using OpenVMS 7.3-2
>=20
> Looking for ways to replicate lots of data across from London To New
> York
> Would any sort of SAN software do the job?
> I guess having nodeA in NY and nodeB in London In a cluster just isn't
> going to work?
> What about host based raid or volume shadoing?
> Any ideas about the network pipe you can get?
Well, one option might be an active-active-passive (sync-sync-asynch)
multiple site solution. This is emerging as a good solution for large
enterprises which offers the benefits of local synch access between two
sites 25-50 miles apart while at the same time providing the ability to
go to a third site for critical business functions should some
catastrophic event take out the two local sites.
For anyone looking at cross Atlantic data replication, I suspect the HW
costs will not be the major concern as an hour or two of application
unavailability in prime time would likely pay for it all.
In view of recent events, I suspect more and more companies will be
looking at solutions like this. It certainly does come up a lot during
the discussions I have around DC consolidation.
And as someone else mentioned, the bandwidth costs have dropped
significantly across the pond. A number of providers beefed up cross
ocean delivery capabilities significantly during the Internet dot com
days - only to have the bottom drop out of that market. Get a number of
quotes, but also take into consideration the providers long term
stability as well.
Challenges in this area are that you typically have to get a long term
contract (2-3 years), so you need to do some sizing work before
contracting anything.=20
In some of the DC consolidation engagements like this, I would typically
recommend a local network simulator pilot project be implemented to test
all of the various bandwidth, latency, error rates, fail over scenarios.
Network simulators range from freeware to $30k+ appliances, so YMMV -
likely something in between is what you would need.
Regards
Kerry Main
Senior Consultant
HP Services Canada
Voice: 613-592-4660
Fax: 613-591-4477
kerryDOTmainAThpDOTcom
(remove the DOT's and AT)=20
OpenVMS - the secure, multi-site OS that just works.
------------------------------
Date: 3 Jul 2007 12:45:56 -0500
From: koehler@eisner.nospam.encompasserve.org (Bob Koehler)
Subject: Re: VMSclusters and data replication
Message-ID: <UWebBlMt56AZ@eisner.encompasserve.org>
In article <1183468336.339416.176380@m36g2000hse.googlegroups.com>, Bob Gezelter <gezelter@rlgsc.com> writes:
>
> My concern is that trans-oceanic clusters make use of a limited set of
> high speed circuits. In the event of a problem, bandwidth may be
> reduced on these circuits with little warning. If these are mission
> critical, then severe problems can result.
I didn't say anything about clusters and I would not use VMScluster
in across-the-pond configurations.
------------------------------
Date: Tue, 03 Jul 2007 07:40:17 -0700
From: Galen <gltackett@gmail.com>
Subject: Re: What is a CT-ADP80-AA?
Message-ID: <1183473617.178664.135590@g4g2000hsf.googlegroups.com>
> > So it looks like it really could be a DS10L in a AS800 box. What does
> > ADP stand for here?
When I have a chance to shut one of these three systems down perhaps I
can take a look at the motherboard. That would reveal all.
------------------------------
Date: Tue, 3 Jul 2007 07:53:26 -0700
From: DeanW <dean.woodward@gmail.com>
Subject: Re: What is a CT-ADP80-AA?
Message-ID: <3f119ada0707030753q18a8bcc4td9996ca74c2fbd25@mail.gmail.com>
On 7/2/07, Galen <gltackett@gmail.com> wrote:
> > > VMS V7.3 SHOW CPU calls it a DS10L but it is in a cabinet that's a lot
> > > like an AlphaServer 800. It has several internal disk drives and an
> > > external SCSI connection as well.
>
> Thanks, Dave. I'm not surprised to see you answer this.
>
> So it looks like it really could be a DS10L in a AS800 box. What does
> ADP stand for here?
ADP writes (amongst other things) a package for car dealers; it does
everything from print out loan doc paperwork to run the service
department and inventory.
But I'm surprised; they haven't used DEC stuff in ages. I'll ask a
friend who works there if he might remember anything about those.
--
Dean Woodward =o&o
dean.woodward@gmail.com
------------------------------
Date: Tue, 03 Jul 2007 08:06:04 -0700
From: Galen <gltackett@gmail.com>
Subject: Re: What is a CT-ADP80-AA?
Message-ID: <1183475164.478405.98310@k79g2000hse.googlegroups.com>
> ADP writes (amongst other things) a package for car dealers; it does
> everything from print out loan doc paperwork to run the service
> department and inventory.
>
> But I'm surprised; they haven't used DEC stuff in ages. I'll ask a
> friend who works there if he might remember anything about those.
>
These three servers have been running for several years in our lab,
since before I began working here. We no doubt bought them used--
sorry, Dave T., it wasn't from Islandco.
:-|
------------------------------
End of INFO-VAX 2007.360
************************