If only all warranty calls were like this…

A couple of years ago, I had the misfortune to require warranty support from Dell (a frustrating experience). Then, problems with my IBM ThinkPad left me stuck between a 3-year hardware warranty and a 90-day software warranty. Well, thankfully my recent experiences with HP have been considerably better.

Last year I had some warranty repairs carried out on a couple of my notebook PCs – the warranty cover was for a back-to-base repair: a courier arrived from DHL and packaged the computers, then a few days later they were returned with the faulty components replaced.

Then, yesterday, one of my hard disks failed. I checked the warranty status on the Seagate website (one of the reasons that I use Seagate drives is the 5-year warranty) but it wasn’t valid as the component was originally supplied by HP. So, I called HP, who were happy to take my word that a few whirrs and clunks from the disk, then nothing (except a system that was stuck attempting to boot from drive C: ) meant that this device was broken and needed to be replaced (even if I did have to explain to an overseas call centre operator that I work for a company with 20,000 employees and I couldn’t check every address they had on their system for that company name, but that my home address certainly wouldn’t be there). Half an hour later, HP (or one of their agents) called me to check the part number and promised me a replacement within 24 hours.

By 9:00 this morning, I had a package containing a new drive in my hand (even if the courier didn’t know anything about collecting the faulty component) and a few minutes later I had installed it in my system. By lunchtime, everything was up and running again. Then, I found the instructions that told me to package the failed drive in the box used to ship the new replacement and peel off the label, underneath which was a pre-paid returns label. All that was needed then was a call to UPS to arrange collection and a few minutes ago, the same UPS driver returned to collect the package.

Overall, it was a positive experience (as positive as a wrecked hard drive can be) – less than a day of downtime on a standard parts-only warranty. Thank you HP.

Love the PC – hate the technical support

I love my IBM ThinkPad T40 – it’s easily the most solidly built of my three notebook PCs and whilst my everyday PC is a much more highly specified Fujitsu-Siemens Lifebook S7010D the ThinkPad is my machine of choice.

Unfortunately, a few weeks back, I accidentally deleted the hidden protected area (HPA) on my ThinkPad (also known as the Access IBM pre-desktop area).

My first experience of IBM’s technical support was great – once they had confirmed that the machine was in warranty, they were happy to send me recovery CDs free of charge but since then things have not been good. Even my less-than-satisfactory experiences of Dell and CA support via e-mail from India was better than my current experience of IBM. All I could get from IBM hardware support was a statement that the restore CD should bring back the pre-desktop area (it doesn’t) and a referral to the software support line. There lies the problem (via an e-mail from an obscure e-mail address that fell foul of Outlook’s junk e-mail filters) – IBM provides free hardware support during the computer’s warranty period and free software support for the first 30 days after the purchase of the computer, after which the software support becomes chargeable. Fair enough for operating system support, but for an IBM technology accessed via a hardware function key? My last e-mail asked them to clarify whether they consider a partition provided on the hard disk to be hardware or software. No response (although I suspect I know the answer to that one).

Surely it’s not unusual for a hard disk to be replaced in an IBM PC and for the Access IBM pre-desktop area to be restored? Grrr.

The IBM archives

As I was writing my post on Microsoft Host Integration Server (HIS), I came across many unfamiliar terms and IBM technologies. In many cases, some quick googling came up with the answers to my questions but I also stumbled across the IBM archives, which provide a decade-by-decade and year-by-year view of the computing giant’s history.

A look at Microsoft Host Integration Server 2004

I began my IT career in the mainframe world. I got my first taste as a 16 year-old schoolboy on a work experience placement (changing tapes on ICL 1900 mainframes at the local hospital) and then as part of my Computer Studies degree I joined ICL, a name now consigned to the history books, where I learnt about Series 39 mainframes and VME as part of my time attached to an operating system support team. It could have been very different – I had the chance to start out with IBM, where I would have learnt about the world of OS/2, RS/6000s, AS/400s and System/390 mainframes. Nowadays I’m employed by a systems integrator, working almost exclusively with Microsoft products, so when I had the chance to attend a session about Microsoft Host Integration Server (HIS) 2004 at Microsoft’s IT Forum Highlights event, I decided to take a look at how a Microsoft infrastructure can integrate with the world of IBM zSeries mainframes and the systems network architecture (SNA) using HIS, which Microsoft claims can leverage existing host assets to integrate IBM mission-critical host applications, data sources, messaging and security systems with new solutions developed using the Microsoft Windows Server System platform.

Michael Platt (an IT Pro Evangelist for Microsoft UK) explained that it is surprisingly difficult to integrate mainframes with Windows systems because of the way they view the network and there are five levels of integration to consider:

  • Network.
  • Application (e.g. CICS).
  • Data (DB2 is different on a mainframe to on UNIX).
  • Security.
  • Deployment.

Different acronyms are used by Windows and mainframe technologies and it is important to outline some terms which may help to put the rest of this post into context:

  • A PC to host gateway is concerned with translation between PCs and mainframe physical units (PUs) and logical units (LUs).
  • LUs may be 3270 or 5250 terminals, which originally used co-axial connections over which SNA was run. Then, in the 1980s, SNA 6.2 brought support for peer-to-peer networks. The old co-axial connections were replaced with token ring (and eventually Ethernet) LANs using a data communications and terminal controller (DTC) or dial-up synchronous data link control (SDLC) over X.25 for WANS.
  • Front end processors (FEPs) relieve some of the processing from the mainframe CPU and these are examples of PUs.
  • SNA gateways consolidate branch traffic for transmission across the network.

Network integration

Over time, TCP/IP has become all pervasive, moving from UNIX systems, to desktop PCs, across the WAN and eventually into the data centre, bringing some issues for IBM mainframes, which use a 1920Kb block size. TCP uses a 4Kb block size and so it has always been seen as inefficient to run TCP on a mainframe leading to various approaches that have been taken over the years:

  • TN3270 is a telnet-based 3270 clear-text terminal emulation session (although SSL and TLS can be used from HIS 2004 onwards); however the mainframe still spends a lot of time performing protocol conversion so this cam be offloaded as a service that then uses native SNA to communicate with the mainframe (allowing more connections).
  • The host print service was intended to resolve issues with expensive mainframe printing allowing print requirements to be offloaded to departmental printers, but mainframes use extended binary coded decimal interchange code (EBCDIC) to represent characters whilst PCs and other devices use the American standard code for information interchange (ASCII), leading to more conversion.
  • Multiprotocol transport networking (MPTN), implemented as IBM Anynet provides an SNA stack for the client, allowing full application to applications communications but because it is implemented in software, it uses significant numbers of of CPU cycles, resulting in performance issues (consequently Microsoft have never offered an MPTN service for HIS).
  • Data link switching (DLS) uses hardware to tunnel SNA, running TCP/IP across the network itself, but requires expensive routers. Some vendors added additional technology, whilst others never offered DLS. Microsoft’s answer is the distributed link service (also called DLS), which passes data between HIS servers using TCP/IP (UDP and native IP for performance), with SNA at either end.
  • Today, IBM’s stated direction for SNA over TCP/IP is IBM enterprise extender which uses high performance routing (HPR), an extension to advanced peer to peer networking (APPN). IBM is dropping support for its 374x FEPs and encourages the use of adapters in its open services architecture (OSA), running SNA, TCP/IP, etc. as appropriate. Microsoft supports the same technology, through IPDLC, and the core network integration portion of HIS enables HIS to participate in an IBM enterprise extender environment in a branch office, in a central location, or even within the data centre, directly-connected to the mainframe using gigabyte ethernet.

Application integration

The HIS transaction integrator (TI) (formerly know as COM transaction integrator for CICS and IMS), has been enhanced to offer support for applications providing web services integration so that developers can pragmatically access the mainframe from a Microsoft .NET application. With TI, Windows developers can use the Windows-initiated processing (WIP) technology to wrap existing line-of-business processes found in IBM AS/400 systems, mainframe CICS and IMS applications, as XML web services or .NET server components. In addition to WIP, TI offers a reverse path through host-initiated processing (HIP), allowing developers to produce bidirectional and asynchronous enterprise integration solutions without using IBM MQSeries.

Data integration

HIS offers a number of data integration technologies, including:

  • Industry-standard ODBC Driver for DB2.
  • Component object model (COM) OLE database providers for DB2 and host file systems (mainframe and AS/400).
  • .NET framework-enabled managed provider for DB2.

New to HIS 2004 is the DB2 network protocol client (DRDA AR) over which the ODBC, OLE DB and Managed Provider communicate with remote DB2 database servers, allowing these data providers to offer expanded functionality such as two-phase commit for DB2 distributed transactions over TCP/IP and connection pooling when using enterprise single sign-on.

HIS 2004 also supports asynchronous messaging through its MSMQ-to-MQSeries bridge, allowing administrators to link applications that use inter-platform message queueing, with support for MSMQ 2.0 and MQSeries (Websphere MQ) 5.1.

Security

The administration and runtime components in HIS 2004 support a new secure product configuration (with an associated configuration wizard) and are “secure by default” when installed. Only HIS administrators need administrative permissions (whereas in previous versions HIS runtime users were also required to be administrators). although there are some security considerations when upgrading from previous versions. Access request levels can be set as read, read/write, manage, or full control and control methods can be read/write or manage.

Support for enterprise single sign-on (SSO) enables seamless integration of security credentials across Windows Active Directory and IBM host systems for both users and applications, including 1:1 and Group: 1 association, with all the main IBM security systems supported. The HIS enterprise SSO provides the base infrastructure that, along with third-party software products, provides for a secure password management solution including Windows-initiated and host-initiated password synchronisation.

As mentioned previously, with HIS 2004, the telnet 3270 service has been enhanced to offer secure sockets layer (SSL) and transport-level services (TLS) support. Administrators can now increase the overall security of the network when accessing mainframe terminal and printer resources over TCP/IP, including authentication of access to mainframe sessions and encryption of host data between client and server.

Deployment

HIS 2004 runs on Windows 2000, Windows XP or Windows Server 2003 and support for clustering is provided in order to scale up and out to address the volumes required by large enterprises. HIS uses its own internal domain structure as part of the SNA integration and includes SNA Manager – a Microsoft management console (MMC) snap-in provided for managing key components of HIS, which has been improved to offer better usability through refined wizards and prompts (there is also a command line interface). A centralised SNA diagnostics tool is also provided, allowing administrators to test and troubleshoot network connections and resources.

Setting up a link involves:

  • Generating a new link service.
  • Creating an SNA Service connection.
  • Creating a new display LU.
  • Assigning LUs to a configured user.
  • Starting the SNA service.

It is then possible to connect to the mainframe using a 3270 client.

Establishing an advanced program-to-program communications (APPC) application connection involves:

  • Creating a new APPC connection.
  • Setting up the local APPC LU.
  • Setting up a remote APPC LU.
  • Starting the SNA Service.

HIS diagnostics can then be used to carry out an APPC test.

The future for HIS

So what about the future for HIS? As a product which started life as running on OS/2 as SNA Server, it may not be the most exciting offering in the Windows Server System, but it is functional, and organisations still buy it! On that basis, as long as there is a market, I can see Microsoft continuing to develop HIS with further support to extend the web services platform to the mainframe.

Links

HIS on the Microsoft website
IBM SNA protocols (Cisco)
Microsoft HIS whitepapers

IBM Rescue and Recovery with Rapid Restore

One of the technologies that I’ve been working with recently is IBM’s Rescue and Recovery with Rapid Restore. Another of IBM’s ThinkVantage technologies, this is provided free of charge with an IBM PC (and can be licensed for other OEM’s PC models).

In essence, Rescue and Recovery writes a backup of the entire PC hard disk to either a hidden partition on the local hard drive, a second hard disk, recordable media, network drive, or to a USB device. The first backup is a base image, then subsequent backups are differential. Backups can be scheduled and up to 31 backups can be stored before overwriting. In a recovery scenario, the process is simply booting from a rescue CD, which is easily generated and is not machine specific, or pressing the Access IBM button on selected IBM PCs, then selecting the backup to use and the file(s) to be recovered. Individual files, or the entire system, may be recovered, even preserving selected data and logon credentials written since the last backup.

All configuration settings are stored in an easily edited text file with full product documentation including customisation available in PDF format.

PCs with airbags – no joke!

IBM’s ThinkPad range of notebook PCs have always had some useful (and unusual) features in the detail (collectively dubbed as ThinkVantage technologies). For example, the ThinkPad T40 which I was using a few days back had a reading light built into the top of the screen to illuminate the keyboard whilst working in the dark.

We’re all used to cars with airbags to protect the occupants in an impact, but IBM have added an airbag to selected notebook PC models (I kid you not!). Known as active protection system, the feature adds an integrated motion sensor that continuously monitors movement of the notebook to temporarily stop the hard disk if necessary, helping to avoid data loss.

Like an airbag’s sensor, the active protection system can detect sudden changes in motion and park the disk read/write heads within 500ms – helping to prevent head or disk damage (as hard disks are most susceptible to damage whilst active). Once stabilised, the heads return to the normal position and continue working as usual. The technology is even adjustable for environments where vibrations are normal (e.g. on a train).

Getting Tivoli to work on a Windows XP computer with a personal firewall enabled

I’m working with a client on a Windows XP standard operating environment (SOE) that includes service pack 2 (with Windows Firewall enabled). They use IBM Tivoli for remote control, inventory and software distribution but IBM do not currently support the Tivoli client on SP2 machines and some work was needed to get it working across the firewall. For reference, here are the firewall exceptions that were needed:

  • IBM Tivoli Inventory Collector (C:\Program Files\Tivoli\lcf\inv\SCAN\wepmcoll.exe);
  • IBM Tivoli JRE (C:\Program Files\Tivoli\lcf\bin\w32-ix86\tools\jre\1.3.0\bin\java.exe);
  • IBM Tivoli Management Agent (C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe);
  • IBM Tivoli Mobile Console (C:\Program Files\Tivoli\lcf\dat\1\mobile\mobile.exe);
  • IBM Tivoli Mobile Console Distribution (C:\Program Files\Tivoli\lcf\dat\1\cache\bin\w32-ix86\TME\mobile\epnewdist.exe);
  • IBM Tivoli Remote Control Target (C:\Program Files\Tivoli\lcf\PCREMOTE\w32-ix86\tgt\eqnrcmai.exe);
  • IBM Tivoli Software Distribution Engine (C:\Program Files\Tivoli\lcf\dat\1\cache\bin\w32-ix86\TME\swdis\spde\spd_eng.exe).

Theoretically these would be the same whatever the personal firewall product in use; however all of the above should be configured as application exceptions (Tivoli uses randomly generated ports under certain circumstances and so simple packet filtering exceptions would be inappropriate). If the firewall in use only handles packet filtering, then you may have more difficultly getting this working (you may need to open big holes in the firewall to cover a range of possible ports – in this case I would suggest using the Windows Firewall instead as it does offer application filtering – see my earlier post about choosing whether to run the Windows Firewall, a third party firewall, or both).

Obviously installations of Tivoli (as for most enterprise management products) vary according to the features in use and if the exceptions above do not completely resolve the issue, James Dawson gave me the following advice:

  1. Run netstat -ano | find "LISTENING". This will give a list of TCP ports that are listening for connections and the last column of the output is the ProcessID (PID) of the process actually listening. You can then use the PID to find what ports the Tivoli process(es) are running on, and then add these ports to the exceptions.
  2. Use the PIDs from the output of step 1 to check whether Tivoli is using any UDP ports: netstat -ano | find "PID" (repeat for each Tivoli PID).

Tracking down IBM BIOS updates

The IBM website is not always the easiest to navigate and I spent ages today tracking down the latest BIOS for a number of servers. To save someone else the same issues in future, I recommend that to quickly find the latest BIOS for a PC or server, search for +flash +BIOS +update +modelnumber.

More search tips are available from the IBM website.