markwilson.it

Category: Technology

  • Using netsh to set multiple DNS server addresses in Windows

    During my recent two days of torment caused by a flaky Java application, I had to change the preferred and alternate DNS server entries for one of my network cards. Ordinarily that would be simple, but with an unresponsive Explorer interface refusing to open any network connection dialogs I needed to do it from the command line.

    Enter the network shell (netsh) – a fantastic command line utility that has sneaked into recent versions of Windows and seems to have more and more functionality added with each new release.

    After entering the netsh shell, interface ip got me to the TCP/IP interface settings; then show dns gave me the details of the current DNS servers; set dns "Local Area Connection" ipaddress allowed me to set the preferred DNS server and add dns "Local Area Connection" ipaddress index=2 set the alternate DNS server (that was the difficult one to work out – I had tried to set dns with a list of IP addresses but that does not work!); finally, exit the network shell and type ipconfig -all to check settings the normal way.

    I love the command prompt!

  • Viewer for Microsoft Project (.MPP) files

    Last week I needed to view a colleague’s project plan (in Microsoft Project) to make sure I hadn’t been stitched up ensure that all the activities had been captured in the correct sequence and within a realistic time frame. Because I didn’t have Microsoft Project installed on my PC, I had to go through the correct processes to get a licence allocated and the software installed.

    I could have just got the CD out of my drawer and installed an illegal copy, but I was “being good” and my honesty cost my Manager’s budget £223.35 – and that’s with a heavy volume licence discount.

    Literally two days after the software was installed, I attended an event where I was given a copy of Seavus Project Viewer. For anyone who’s not aware of this product’s existence (I wasn’t), it is an application which allows Microsoft Project (.MPP) files to be viewed by users who don’t have a copy of Microsoft Project installed. At only $39, this would have been substantially more cost-effective than licensing Microsoft Project so I thought I’d blog about it and save someone else from spending the money if they only need read-only access to project plans.

  • Music on the road – plug your iPod into your veedub via USB

    Readers of this blog will be aware that I am a great fan of my iPod Mini (even if I do think Apple is a touch monopolistic in the digital media market). I also like Volkswagen cars. Last year my wife and I bought a Polo; I’ve had a few Golfs (one Mk II and a couple of Mk IVs); until recently I drove a 2004 Passat Estate 1.9TDI 130PS Highline (which I really liked); and I would love to own a 1960s Microbus (or even the 21st Century Microbus if it ever makes it to market).

    My new employer’s car scheme doesn’t include Volkswagen so I have a Saab 9-3 SportWagon on order and as I mentioned in my recent post about the iPod Nano, it has a 3.5mm jack for connecting an MP3 player to the audio system which should come in very handy.

    Now Volkswagen have gone one better and soon all of their new cars will offer a stereo system with iPod connectivity. Paul Thurrott reports that this will let “users manage the music on an iPod or other portable audio player through the stereo’s controls and display. The devices will plug into the car through a standard USB [connection], which virtually all MP3 players and portable storage devices use these days. Apple’s iPod is specifically supported with a special menu, but any USB-based device will work”.

    Could this signal the death of the in-car CD-player?

  • Readvertising failed packages with Microsoft SMS

    A few weeks back, my colleague Barry Feist gave me a useful tip for when deploying software using Microsoft Systems Management Server (SMS). Barry doesn’t have his own blog, so here are the details.

    Details of commands executed on the local machine by SMS are held at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client\Software Distribution\Execution History\packageid. It is not uncommon for there to be a failure within a distribution, so to rerun a failed installation, delete the key and re-advertise the package. According to the how to re-advertise a package post on MyITForum, Microsoft knowledge base article 257271 gives an alternative solution but Barry’s solution seems simpler to me.

  • The IBM archives

    As I was writing my post on Microsoft Host Integration Server (HIS), I came across many unfamiliar terms and IBM technologies. In many cases, some quick googling came up with the answers to my questions but I also stumbled across the IBM archives, which provide a decade-by-decade and year-by-year view of the computing giant’s history.

  • A look at Microsoft Host Integration Server 2004

    I began my IT career in the mainframe world. I got my first taste as a 16 year-old schoolboy on a work experience placement (changing tapes on ICL 1900 mainframes at the local hospital) and then as part of my Computer Studies degree I joined ICL, a name now consigned to the history books, where I learnt about Series 39 mainframes and VME as part of my time attached to an operating system support team. It could have been very different – I had the chance to start out with IBM, where I would have learnt about the world of OS/2, RS/6000s, AS/400s and System/390 mainframes. Nowadays I’m employed by a systems integrator, working almost exclusively with Microsoft products, so when I had the chance to attend a session about Microsoft Host Integration Server (HIS) 2004 at Microsoft’s IT Forum Highlights event, I decided to take a look at how a Microsoft infrastructure can integrate with the world of IBM zSeries mainframes and the systems network architecture (SNA) using HIS, which Microsoft claims can leverage existing host assets to integrate IBM mission-critical host applications, data sources, messaging and security systems with new solutions developed using the Microsoft Windows Server System platform.

    Michael Platt (an IT Pro Evangelist for Microsoft UK) explained that it is surprisingly difficult to integrate mainframes with Windows systems because of the way they view the network and there are five levels of integration to consider:

    • Network.
    • Application (e.g. CICS).
    • Data (DB2 is different on a mainframe to on UNIX).
    • Security.
    • Deployment.

    Different acronyms are used by Windows and mainframe technologies and it is important to outline some terms which may help to put the rest of this post into context:

    • A PC to host gateway is concerned with translation between PCs and mainframe physical units (PUs) and logical units (LUs).
    • LUs may be 3270 or 5250 terminals, which originally used co-axial connections over which SNA was run. Then, in the 1980s, SNA 6.2 brought support for peer-to-peer networks. The old co-axial connections were replaced with token ring (and eventually Ethernet) LANs using a data communications and terminal controller (DTC) or dial-up synchronous data link control (SDLC) over X.25 for WANS.
    • Front end processors (FEPs) relieve some of the processing from the mainframe CPU and these are examples of PUs.
    • SNA gateways consolidate branch traffic for transmission across the network.

    Network integration

    Over time, TCP/IP has become all pervasive, moving from UNIX systems, to desktop PCs, across the WAN and eventually into the data centre, bringing some issues for IBM mainframes, which use a 1920Kb block size. TCP uses a 4Kb block size and so it has always been seen as inefficient to run TCP on a mainframe leading to various approaches that have been taken over the years:

    • TN3270 is a telnet-based 3270 clear-text terminal emulation session (although SSL and TLS can be used from HIS 2004 onwards); however the mainframe still spends a lot of time performing protocol conversion so this cam be offloaded as a service that then uses native SNA to communicate with the mainframe (allowing more connections).
    • The host print service was intended to resolve issues with expensive mainframe printing allowing print requirements to be offloaded to departmental printers, but mainframes use extended binary coded decimal interchange code (EBCDIC) to represent characters whilst PCs and other devices use the American standard code for information interchange (ASCII), leading to more conversion.
    • Multiprotocol transport networking (MPTN), implemented as IBM Anynet provides an SNA stack for the client, allowing full application to applications communications but because it is implemented in software, it uses significant numbers of of CPU cycles, resulting in performance issues (consequently Microsoft have never offered an MPTN service for HIS).
    • Data link switching (DLS) uses hardware to tunnel SNA, running TCP/IP across the network itself, but requires expensive routers. Some vendors added additional technology, whilst others never offered DLS. Microsoft’s answer is the distributed link service (also called DLS), which passes data between HIS servers using TCP/IP (UDP and native IP for performance), with SNA at either end.
    • Today, IBM’s stated direction for SNA over TCP/IP is IBM enterprise extender which uses high performance routing (HPR), an extension to advanced peer to peer networking (APPN). IBM is dropping support for its 374x FEPs and encourages the use of adapters in its open services architecture (OSA), running SNA, TCP/IP, etc. as appropriate. Microsoft supports the same technology, through IPDLC, and the core network integration portion of HIS enables HIS to participate in an IBM enterprise extender environment in a branch office, in a central location, or even within the data centre, directly-connected to the mainframe using gigabyte ethernet.

    Application integration

    The HIS transaction integrator (TI) (formerly know as COM transaction integrator for CICS and IMS), has been enhanced to offer support for applications providing web services integration so that developers can pragmatically access the mainframe from a Microsoft .NET application. With TI, Windows developers can use the Windows-initiated processing (WIP) technology to wrap existing line-of-business processes found in IBM AS/400 systems, mainframe CICS and IMS applications, as XML web services or .NET server components. In addition to WIP, TI offers a reverse path through host-initiated processing (HIP), allowing developers to produce bidirectional and asynchronous enterprise integration solutions without using IBM MQSeries.

    Data integration

    HIS offers a number of data integration technologies, including:

    • Industry-standard ODBC Driver for DB2.
    • Component object model (COM) OLE database providers for DB2 and host file systems (mainframe and AS/400).
    • .NET framework-enabled managed provider for DB2.

    New to HIS 2004 is the DB2 network protocol client (DRDA AR) over which the ODBC, OLE DB and Managed Provider communicate with remote DB2 database servers, allowing these data providers to offer expanded functionality such as two-phase commit for DB2 distributed transactions over TCP/IP and connection pooling when using enterprise single sign-on.

    HIS 2004 also supports asynchronous messaging through its MSMQ-to-MQSeries bridge, allowing administrators to link applications that use inter-platform message queueing, with support for MSMQ 2.0 and MQSeries (Websphere MQ) 5.1.

    Security

    The administration and runtime components in HIS 2004 support a new secure product configuration (with an associated configuration wizard) and are “secure by default” when installed. Only HIS administrators need administrative permissions (whereas in previous versions HIS runtime users were also required to be administrators). although there are some security considerations when upgrading from previous versions. Access request levels can be set as read, read/write, manage, or full control and control methods can be read/write or manage.

    Support for enterprise single sign-on (SSO) enables seamless integration of security credentials across Windows Active Directory and IBM host systems for both users and applications, including 1:1 and Group: 1 association, with all the main IBM security systems supported. The HIS enterprise SSO provides the base infrastructure that, along with third-party software products, provides for a secure password management solution including Windows-initiated and host-initiated password synchronisation.

    As mentioned previously, with HIS 2004, the telnet 3270 service has been enhanced to offer secure sockets layer (SSL) and transport-level services (TLS) support. Administrators can now increase the overall security of the network when accessing mainframe terminal and printer resources over TCP/IP, including authentication of access to mainframe sessions and encryption of host data between client and server.

    Deployment

    HIS 2004 runs on Windows 2000, Windows XP or Windows Server 2003 and support for clustering is provided in order to scale up and out to address the volumes required by large enterprises. HIS uses its own internal domain structure as part of the SNA integration and includes SNA Manager – a Microsoft management console (MMC) snap-in provided for managing key components of HIS, which has been improved to offer better usability through refined wizards and prompts (there is also a command line interface). A centralised SNA diagnostics tool is also provided, allowing administrators to test and troubleshoot network connections and resources.

    Setting up a link involves:

    • Generating a new link service.
    • Creating an SNA Service connection.
    • Creating a new display LU.
    • Assigning LUs to a configured user.
    • Starting the SNA service.

    It is then possible to connect to the mainframe using a 3270 client.

    Establishing an advanced program-to-program communications (APPC) application connection involves:

    • Creating a new APPC connection.
    • Setting up the local APPC LU.
    • Setting up a remote APPC LU.
    • Starting the SNA Service.

    HIS diagnostics can then be used to carry out an APPC test.

    The future for HIS

    So what about the future for HIS? As a product which started life as running on OS/2 as SNA Server, it may not be the most exciting offering in the Windows Server System, but it is functional, and organisations still buy it! On that basis, as long as there is a market, I can see Microsoft continuing to develop HIS with further support to extend the web services platform to the mainframe.

    Links

    HIS on the Microsoft website
    IBM SNA protocols (Cisco)
    Microsoft HIS whitepapers

  • New e-mail message continuity services

    I’ve just read about a new message continuity service from FrontBridge, designed to provide always on e-mail in today’s environment where e-mail outage is seen as a major business continuity issue.

    Complementing the other e-mail managed services offered by FrontBridge, Active Message Continuity provides:

    • Always on e-mail continuity and disaster recovery with no need to “flip a switch”.
    • Interception-based archiving to capture messages “in stream” after filtering for spam, viruses and other unwanted content.
    • Continuous access via a web interface.
    • A fully managed service, starting from $1/month/user.

    FrontBridge is already well established in the e-mail application service provider (ASP) market, but this new product is a key differentiator allowing FrontBridge to offer message compliance, message security and message continuity at a time when competitors such as MessageLabs are concentrating on just one area – that of message security (anti-virus, anti-spam and content control).

  • 10,000 feet view of Microsoft Systems Management Server 2003

    Until I started to look at the Microsoft Solution Accelerator for Business Desktop Deployment (Enterprise Edition), which makes use of the Microsoft Systems Management Server (SMS) 2003 Operating System Deployment Feature Pack, I had no experience of using SMS. At my BDD training, Thomas Lee gave a brief overview of SMS, which I have reproduced here for the benefit of anyone else who may find it useful.

    SMS OverviewSMS relies on the presence of Microsoft SQL Server (not MSDE, or any other SQL server product, e.g. MySQL).

    Each client has an agent installed (the SMS Advanced Client). This allows an administrator to view workstation activity and perform remote takeover operations. It also returns inventory information to the management server which SMS uses to creates collections (e.g. All Windows XP SP2 Workstations), which are stored in the SQL Server database.

    Software to be distributed via SMS is packaged and placed on a distribution server. In order to distribute a package, an SMS administrator creates an advertisement, which is pushed to the SMS Advanced client, which in turn will pull the package from the distribution server for installation.

    That’s SMS, in a nutshell.

  • Getting Tivoli to work on a Windows XP computer with a personal firewall enabled

    I’m working with a client on a Windows XP standard operating environment (SOE) that includes service pack 2 (with Windows Firewall enabled). They use IBM Tivoli for remote control, inventory and software distribution but IBM do not currently support the Tivoli client on SP2 machines and some work was needed to get it working across the firewall. For reference, here are the firewall exceptions that were needed:

    • IBM Tivoli Inventory Collector (C:\Program Files\Tivoli\lcf\inv\SCAN\wepmcoll.exe);
    • IBM Tivoli JRE (C:\Program Files\Tivoli\lcf\bin\w32-ix86\tools\jre\1.3.0\bin\java.exe);
    • IBM Tivoli Management Agent (C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfd.exe);
    • IBM Tivoli Mobile Console (C:\Program Files\Tivoli\lcf\dat\1\mobile\mobile.exe);
    • IBM Tivoli Mobile Console Distribution (C:\Program Files\Tivoli\lcf\dat\1\cache\bin\w32-ix86\TME\mobile\epnewdist.exe);
    • IBM Tivoli Remote Control Target (C:\Program Files\Tivoli\lcf\PCREMOTE\w32-ix86\tgt\eqnrcmai.exe);
    • IBM Tivoli Software Distribution Engine (C:\Program Files\Tivoli\lcf\dat\1\cache\bin\w32-ix86\TME\swdis\spde\spd_eng.exe).

    Theoretically these would be the same whatever the personal firewall product in use; however all of the above should be configured as application exceptions (Tivoli uses randomly generated ports under certain circumstances and so simple packet filtering exceptions would be inappropriate). If the firewall in use only handles packet filtering, then you may have more difficultly getting this working (you may need to open big holes in the firewall to cover a range of possible ports – in this case I would suggest using the Windows Firewall instead as it does offer application filtering – see my earlier post about choosing whether to run the Windows Firewall, a third party firewall, or both).

    Obviously installations of Tivoli (as for most enterprise management products) vary according to the features in use and if the exceptions above do not completely resolve the issue, James Dawson gave me the following advice:

    1. Run netstat -ano | find "LISTENING". This will give a list of TCP ports that are listening for connections and the last column of the output is the ProcessID (PID) of the process actually listening. You can then use the PID to find what ports the Tivoli process(es) are running on, and then add these ports to the exceptions.
    2. Use the PIDs from the output of step 1 to check whether Tivoli is using any UDP ports: netstat -ano | find "PID" (repeat for each Tivoli PID).

  • Tracking down IBM BIOS updates

    The IBM website is not always the easiest to navigate and I spent ages today tracking down the latest BIOS for a number of servers. To save someone else the same issues in future, I recommend that to quickly find the latest BIOS for a PC or server, search for +flash +BIOS +update +modelnumber.

    More search tips are available from the IBM website.