Vendor Patches VTLs So You Don’t Have To
July 1, 2015 Alex Woodie
IBM i shops that don’t have the time to properly patch and update their virtual tape libraries (VTLs) may be interested in a new service unveiled by Dynamic Solutions International (DSI). For a small fee, the Colorado company will patch and update its Linux-based VTLs in customer accounts, leaving IBM i admins to focus on other things.
IBM i shops may not be doing all they can to secure their environments, but they’re usually pretty good about applying integrity PTFs from IBM and loading them onto their Power Systems servers. But when it comes to applying security updates and patches for secondary systems–such as the Linux- and Windows-based appliances that are used to back up production databases, for example–they’re not nearly as consistent.
“What we found is that customers never seem to get around to doing these things,” says Chris Bremer, the CTO for DSI. “It doesn’t seem to matter if they’re a very large customer account or the smallest bank. Some are better than others, but a lot of them seem to put off doing it. ‘Oh that’s a low-priority thing.’ And then it becomes a security issue, and then it becomes a high-priority thing.”
DSI–which is growing its IBM i business since it began actively targeting the midrange about a year ago–has been actively managing its customers’ VTLs in specific accounts, including several in the Department of Defense and large banks.
Last week, DSI announced that it’s expanding that patch service to its entire 2,000-customer installed base. As part of the service, the company will track the release of software updates and security patches for the Linux operating system, and work with customers to apply those at a suitable time.
“We spend more time coordinating the patch than actually patching the system,” Bremer tells IT Jungle. “It’s more the manpower than the technical prowess to do this. Most customers have Linux or Windows, but they don’t really know the core pieces of how all that works. They just know they have an application running on it. That’s where my guys excel. They know the OS and they know the security vulnerabilities. It’s something we keep track of.”
Bremer has noticed that, in many larger organizations, the IT department is split between two camps. One group of IT pros focus on the mainframe, IBM i, or Unisys server, and the other group focuses on “open systems” like Windows and Linux. If the VTL were managed by the open systems side of the house, they’d be fully capable of keeping it patched and secured. But these VTLs are the responsibility of the mainframe side of the house, so it often falls through the cracks.
Keeping data from production IBM i, mainframe, and Unisys servers safe and secure should be a priority. After all, those servers are renowned for their bullet-proof security. But when the backups are housed on an open system server that is not fully patched, then that opens the door to problems.
“The IBM i is solid. The Unisys boxes are very secure. The core OS was built before the days of Intel chips, which, I’ll be blunt, don’t have an awful lot of built-in security,” Bremer says. “The underlying operating system in IBM i doesn’t allow for us to do memory breaches that seem to be the core of an awful lot of issues in a Windows or Linux environments. They’re just not there. But when you start taking data off your IBM i and moving it to other devices, now it’s a concern.”
Englewood, Colorado-based DSI sells three VTL product lines that range in capacity from 4 TB to 160 TB and back up IBM i servers via LTO emulation. All of the devices include enterprise features like hot standby disks, replication, encryption, and compression. For more info see the company’s website at www.dynamicsolutions.com.