OS/400 Alert: V5R3 Has Many New Admin and Operations Features
May 26, 2004 Shannon O'Donnell
OS/400 V5R3, or, as it is called now, i5/OS V5R3, will contain a veritable fountain of new and enhanced features for the areas of administration and operations. This week, I’ll pick three of the more interesting new functions and enhancements in the new operating system. I will highlight more in coming weeks as I get a chance to digest them. I also will go through some new PTFs related to multicast IP addresses and the problems they can cause.
V5R3: A CORNUCOPIA OF NEW FEATURES
Advanced Job Scheduler. Most of us are familiar with OS/400 Job Scheduler functions. Typically, a user can work with, add, delete, or change job schedule entries, using a few menu options, from the Work with Job Schedule Entries (WRKJOBSCDE) command. In V5R3, IBM has taken this idea to the next level, with the new Advanced Job Scheduler/400 for iSeries, which is tightly integrated with Operations Navigator. What separates this new tool from the original OS/400 Job Scheduler? For one thing, you can now more tightly control when, how, and where a scheduled job can run. With OS/400 Job Scheduler, run options were limited. You also can control how a job runs based on dependencies. (For example, does a file that a job needs already exist, or does it need to be generated?) Add to that the capability to set work calendars and individual job schedule authorities, and you have a full-featured product that meets the needs of any enterprise.
Enterprise Identity Mapping. Formerly a core component of Project Eliza, EIM finally has been made ready for prime time with the release of V5R3. EIM lets you consolidate all user profiles and passwords into a single sign-on. If, for example, your user has an OS/400 user profile and a Windows XP user profile, you can now create a single sign-on that allows users to log on only once. Finally, a product that actually reduces the amount of work that a system operator has to do!
Better Support for Kerberos Version 5. IBM started supporting Kerberos with V5R1. With V5R3, IBM appears to have worked out many of the bugs and has given OS/400 administrators better support by providing file-level support for Kerberos Version 5. Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications through secret-key cryptography. Basically, with IBM’s support of this protocol, you can increase the security of an AS/400, iSeries, or i5 server by an order of magnitude. The big news for V5R3 is that IBM now allows you to use iSeries NetClient and Submit Network Server Command (SBMNWSCMD) to perform file-level backups over your Kerberos Version 5 enabled network. However, in order to use this new feature, you must first have purchased and enabled EIM, Network Authentication Service, iSeries Navigator Security Option and Licensed Program Product 5722-AC2 (Cryptographic Access Provider).
This week’s PTF analysis focuses on multicast IP addresses. A multicast is based on the concept of a group. Say that a group of users on the Internet wanted to take part in a Web broadcast. Members of this group can be either in the same place or scattered around the globe. The one thing they have in common is that they all wish to receive the same data stream. To do so, each member “enrolls,” through some common means, to become part of the multicast group. To be part of the multicast IP group, the users must set their PCs to use a TCP/IP address in the range of 188.8.131.52 through 184.108.40.206. They can do this manually or automatically through the enrollment process. This range is not arbitrary. It has been established by the Internet Assigned Numbers Authority so that anyone interested in setting up a multicast network will know what IP numbers are valid for multicasting. Incidentally, by having a known range of IP address numbers, if you wanted to block all multicast capabilities on your Internet interface, you could block these ranges on your firewall.
A multicast over the Internet uses a known range of IP numbers. On a local area network, there is another range of numbers assigned by the Internet Assigned Numbers Authority, 244.0.0.0 through 244.0.0.255. In addition to this range, there are well-known subranges that can be used for various reasons such as connecting a local multicast network to another local multicast network via the Internet, and so on. The concept of multicasting is relatively simple and follows some well-established rules.
Recently, IBM tech support was contacted by a customer who had noticed that, every morning, just after the work day began, his iSeries performance really tanked. The only clue or pattern that could be discerned was that during this time most of the users were turning on their PCs. What’s more, this problem only started after they had upgraded from OS/400 V4R5 to V5R2.
The only solution they had to recover from this rather serious slowdown was to IPL the iSeries. Not a great solution by anyone’s standards.
After much analysis, IBM discovered that the iSeries was receiving an unusually large number of gratuitous Ethernet Address Resolution Protocol (ARP) packets, each containing seemingly random sender and receiver target IP addresses. When the sender packet contained a multicast IP address (remember the multicast address ranges discussed above), the IP address was added to the ARP cache by the ARP processing routines of OS/400. In fact, so many erroneous IP addresses were added that, at one point, the ARP table contained well over 30,000 addresses. Needless to say, all this processing caused the system to slow down to the point that the only way to recover was to IPL. IBM fixed this problem by issuing PTF MF32719 for Licensed Program Product 5722-999. If your system is experiencing unusual slow downs, and you are using OS/400 V5R2, you may want to consider applying this PTF. For more information, go to IBM’s Web site.
PTF’S AND FIXES FOR OS/400 AND RELATED PROGRAMS
IBM released the latest cumulative package for V5R2 customers on May 6.
The latest HIPER package was released May 11.
The Database Group PTF was updated March 30.
Our partner DLB Associates has been keeping track of IBM’s PTF updates to OS/400 and its related programs. Here are the latest OS/400 PTF Guides: