Sunday, 10 February 2013

Keeping your system up to date

How many times have you been told that your system is outdated and is running poorly simply because it is too old, and just no longer up to the job? Many vendors are only interested in trying to sell you new; and often overpriced, hardware.

The truth is that in the vast majority of cases, the hardware is not the problem, and significant improvements can be made for a relatively small investment. This is especially important today as companies are looking to cut costs and get more for less.

Most businesses buy a system and then run it until it either dies completely, or becomes so uneconomical to maintain, they are forced to replace it. The reality is rather like a car, that if a system is properly maintained, it will run better, and for far longer.

The main points that are overlooked are:

1.         BIOS and firmware levels are not kept up to date.
This is a major problem because if you fail to stay within one version of release, then you are actually violating your support agreement, and the longer you leave it, the likely that the upgrade will be disruptive. In reality IBM will not punish you but they will insist that you update to the latest version before they will support you, and this can lead to massive unplanned service interruptions.
Firmware updates fix serious bugs that can cause you system to crash, or to fail to recognise new hardware, and in some cases can also improve system performance.

There are two types of update:

·    Disruptive                 The whole system has to be powered down for several hours whilst a new firmware is loaded. This also carries the risk that the firmware becomes corrupt and has to be replaced by an IBM engineer.

·    Non-disruptive       A minor update can be loaded onto the system from the HMC or AIX LPAR whilst the system is running, and no outage is required.

Note:    A firmware upgrade will only be non-disruptive if the difference between versions is small.

2.       Operating-system patching

IBM spends a lot of time and effort refining their operating-systems by fixing bugs, adding new functionality, and responding to the latest security threats.
Patches and updates can be easily downloaded free from IBM own website, and if regularly reviewed and updated, this need not be a difficult task. This not only protects you but ensures that you can take advantage of the latest functionality and enhancements.

3.       System tuning.
Many of the defaults set at install time are not necessarily the best for your system configuration, and there are potentially massive security gains, by simply changing some tunables. For example Oracle often requires more shared-memory and different mount options in order to run efficiently.

BlueFinch can help you to achieve this in the following ways:

1.       Using our AIX system survey tool to carry out more than 500 non-intrusive checks and produce a summary of all the system software configuration and security settings. ZoomSmart can be simply installed and removed, and simply generates text and HTML report files that can be copied to other systems for review, as and when required.

2.       Use IBM standard tools to produce a detailed system layout diagram and report

3.       Produce a detailed performance and security configuration report that contains a summary of our findings and recommendations.

Should you decide to implement our recommendations we can work with you to produce a detailed update and implementation plan, and regular progress reports.

Things to check or consider:

1.       Is your BIOS/ Microcode up to date
a.       HMC
b.      AIX or Linux
c.       Cards
d.      System frame

2.       Have you changed all the default passwords
a.       HMC
b.      VIOS
c.       NIM server
d.      Firewall rules in place and default passwords changed

3.       Are you logging your system messages and events and can you detect and deal with an illegal access (attempt)
4.       Have your reviewed your users and their access levels
5.       Do you have a break-glass procedure/are the password kept in a safe place
6.       Do you know which national and European rules apply to your business
7.       Have you considered the damage caused and a loss of reputation in the event of data loss
8.       Could your business survive a disaster such as a fire or flood?
9.       Is AIX/Linux patched to the latest level
10.   Have you tuned the OS and hardened your communications
11.   Do you have up to date backups of your HMC, NIM server, VIOS, etc?
12.   Are your disks mirrored and or striped and is your (SAN) storage correctly configured
13.   Have you ever tested a restore
14.   Do you know who has access to your data and do you have legal agreements in place.

No comments:

Post a Comment