How many times have you been told that your system is
outdated and is running poorly simply because it is too old, and just no longer
up to the job? Many vendors are only interested in trying to sell you new; and
often overpriced, hardware.
The truth is that in the vast majority of cases, the
hardware is not the problem, and significant improvements can be made for a
relatively small investment. This is especially important today as companies
are looking to cut costs and get more for less.
Most businesses buy a system and then run it until it
either dies completely, or becomes so uneconomical to maintain, they are forced
to replace it. The reality is rather like a car, that if a system is properly
maintained, it will run better, and for far longer.
The main points that are overlooked are:
1.
BIOS and firmware levels are not kept up to
date.
This is a major problem
because if you fail to stay within one version of release, then you are
actually violating your support agreement, and the longer you leave it, the
likely that the upgrade will be disruptive. In reality IBM will not punish you
but they will insist that you update to the latest version before they will
support you, and this can lead to massive unplanned service interruptions.
Firmware updates fix serious
bugs that can cause you system to crash, or to fail to recognise new hardware,
and in some cases can also improve system performance.
There are two types of update:
·
Disruptive The
whole system has to be powered down for several hours whilst a new firmware is
loaded. This also carries the risk that the firmware becomes corrupt and has to
be replaced by an IBM engineer.
·
Non-disruptive A
minor update can be loaded onto the system from the HMC or AIX LPAR whilst the
system is running, and no outage is required.
Note: A firmware
upgrade will only be non-disruptive if the difference between versions is
small.
2. Operating-system
patching
IBM spends a lot of time and
effort refining their operating-systems by fixing bugs, adding new functionality,
and responding to the latest security threats.
Patches and updates can be
easily downloaded free from IBM own website, and if regularly reviewed and
updated, this need not be a difficult task. This not only protects you but
ensures that you can take advantage of the latest functionality and
enhancements.
3. System
tuning.
Many of the defaults set at
install time are not necessarily the best for your system configuration, and
there are potentially massive security gains, by simply changing some tunables.
For example Oracle often requires more shared-memory and different mount
options in order to run efficiently.
BlueFinch can help you to achieve this in the following
ways:
1. Using
our AIX system survey tool to carry out more than 500 non-intrusive checks and
produce a summary of all the system software configuration and security
settings. ZoomSmart can be simply installed and removed, and simply generates
text and HTML report files that can be copied to other systems for review, as
and when required.
2. Use
IBM standard tools to produce a detailed system layout diagram and report
3. Produce
a detailed performance and security configuration report that contains a
summary of our findings and recommendations.
Should you decide to implement our recommendations we can
work with you to produce a detailed update and implementation plan, and regular
progress reports.
Things to check or consider:
1. Is
your BIOS/ Microcode up to date
a. HMC
b. AIX
or Linux
c. Cards
d. System
frame
2. Have
you changed all the default passwords
a. HMC
b. VIOS
c. NIM
server
d. Firewall
rules in place and default passwords changed
3. Are
you logging your system messages and events and can you detect and deal with an
illegal access (attempt)
4. Have
your reviewed your users and their access levels
5. Do
you have a break-glass procedure/are the password kept in a safe place
6. Do
you know which national and European rules apply to your business
7. Have
you considered the damage caused and a loss of reputation in the event of data
loss
8. Could
your business survive a disaster such as a fire or flood?
9. Is
AIX/Linux patched to the latest level
10. Have
you tuned the OS and hardened your communications
11. Do
you have up to date backups of your HMC, NIM server, VIOS, etc?
12. Are
your disks mirrored and or striped and is your (SAN) storage correctly configured
13. Have
you ever tested a restore
14. Do
you know who has access to your data and do you have legal agreements in place.
No comments:
Post a Comment