Newswire Classics

Poll shows sites slow to leave 3000

Reprinted from December 2002

Slim majority of customers choose to homestead or study

First of two parts

One year after HP announced its plans to leave the HP 3000, a little more than half of its customers are either still studying their response to the news or choosing to homestead on the platform, according to a 3000 NewsWire poll.

The survey, conducted on the one-year anniversary of HP’s November 2001 announcement that it’s exiting the 3000 marketplace by 2007, showed one-third of companies responding have already chosen to homestead some or all of their 3000 operations beyond the December, 2006 HP end of support date. Nearly one in five companies are still studying their options in response to HP’s 2001 announcement.

The poll was conducted via e-mail messages broadcast to 500 HP 3000 customers selected randomly on November 13. Companies responding totaled 116, for a 23 percent response rate. Customers identified their firms by name, and no anonymous, Web-based replies were used in the poll’s results.

The margin was close between those sites staying with the platform and still studying options, versus companies choosing to leave the 3000 at some point over the next four years. While 52 percent of firms aren’t deciding to leave this year, 48 percent of companies responding to the NewsWire poll report they have begun plans to rewrite programs, replace applications, or follow their packaged app providers onto other platforms.

Homesteaders — those customers sticking with the 3000 beyond 2006 — came in at 34 percent of companies responding to the poll. Of the companies reporting they are planning to leave the 3000 through migration or replacement, 23 percent are following their packaged application vendors. Amisys healthcare customers led the list of those planning to make a move away from the 3000, followed by educational organizations using various applications.

Companies responded over the two-week period following the Nov. 14 anniversary of the HP announcement. Even among those choosing to leave the platform, sentiment about the move ran to regret and disappointment. A few responding firms had already committed to leaving their 3000s before HP’s advice was announced last year.

The poll’s results showed a stark contrast to the HP claims of April, when the vendor said that more than 80 percent of customers would be leaving the platform. HP has recently begun to recognize that a significant part of its customer base cannot justify the expense of migrating from the HP 3000, even in the face of an end to HP’s support. (See our Q&A in this issue with HP's Dave Wilde for statements on HP’s plans to accommodate its homesteading customers.)

Undecided customers on the fence about their plans reported timelines to decide ranging from weeks to years. John Pickering, a consultant serving a North American firm manufacturing wood products, said a recent migration from IBM SAP mainframes to a PowerHouse application on a 3000 has left his client with little budget or time to do anything about its 3000 during 2003.

“We have no real need to do anything yet,” Pickering said, “as we’ve still got several years and [the 3000] is currently meeting our needs just fine.”

Others still looking over their options say HP won’t be winning any new business if they decide to leave the 3000. “If we do migrate it will quite possibly be to a totally non-HP platform,” said Frank Nikoletti of Argyle Diamonds in Australia. “I think that this is where HP got it horribly wrong, because they expected to retain many customers by moving them to other HP platforms — and I don’t think that is what customers will end up doing.”

Nikoletti and others looking at migration are aware that new options are surfacing steadily, however. The company’s diamond sales and sorting application “is our competitive advantage over all other diamond producers, and there is no other comparable product,” he explained, making a sound business transition option difficult. New migration suppliers offer some hope.

“Just in the last three months there have been a number of offerings in the migration market,” he said. “It will be interesting to see who is still there in a year’s time, and also what other new ones arise.”

IBM is getting attention from both companies electing to migrate and those still considering a plan. One such poll respondent said HP’s announcement disrupted IT operations that were running smoothly.

“We may migrate to the IBM iSeries,” said Bob Bonnaci of Leader Services, a school district IT service supplier. “For what it’s worth, we are very disappointed in HP’s decision to do this, and had absolutely no plans to migrate from the platform prior to the announcement.”

Others still deciding have ruled out homesteading as an option. At the Maryland Higher Education Commission, Charles Benil said the organization will follow its application provider off the 3000 as well as rewrite in-house MPE surround apps to migrate its programs.

A stalled economy has many companies predicting a long timeline for making a decision or moving away from the 3000. “We will follow our application provider to an NT environment when it’s cost-justifiable,” said Debra Gauger of the City of Oskosh, Wisc., which is still studying a plan for its internal apps.

Few respondents asked for anonymity with their replies. But one who did said his health organization has already been disappointed by the capabilities of a replacement package.

“We had decided to migrate the business on the HP 3000, as well as on our IBM mainframe systems, to a new vendor purchased product,” said the IT manager. “This plan appears to be in serious trouble, due to system capabilities of that vendor’s product.."


Moving the 3000 Into HP’s Gray Areas

Reprinted from December 2002


Dave Wilde is leading HP through fresh territory in its final year of selling HP 3000s. The business manager for HP’s 3000 operations is overseeing the details of establishing a homesteading practice for customers who choose not to migrate. It’s work that serves as a counterpoint for HP’s assurances that all the pieces are in place for customers who must move their applications onto other HP systems.

After this year’s HP World, customers left Wilde and HP with a host of questions about what else HP can do to assist 3000 owners in staying on the platform. Emotion hadn’t cooled, as HP reported to some publications, but a practical dialogue began between the vendor and its customers about how homesteaders will manage in a world without HP’s resources.

One persistent question began to surface, too: why HP wants to remain a force in a computer community where it will cease sales in 11 months, and end support in four years. It was just one of several queries we wanted to follow up on after the conference, during the months when HP is planning its next set of homesteading announcements. We spoke with Wilde in the weeks after HP World by phone, where he explained HP’s objectives in the 3000 homesteading market and what he’s willing to consider.

Why does HP want to force its customers to use HP hardware while running new MPE licenses on Intel-based systems? Why can’t HP let go of MPE?
The decisions are guided by a couple of factors. One factor is that we clearly want to retain a relationship with customers, to keep them as satisfied HP customers. Clearly as we move forward, we want to structure things in ways that are good for our customers, and continuing to play a part in our customers’ long-term satisfaction is important.

I recognize some of the concerns that people might have — on one hand, walking away from the platform, coupled with this may feel a little bit odd to people. But there’s a fundamental philosophy at play here. It’s important to HP that we continue to play a role in understanding the customers’ needs and in addressing those.

As an example, this licensing question that came up about the emulators: we feel strongly that going forward we’re going to have a market-leading offering in the server space. We would like customers who want to move forward with MPE to do that with HP hardware.

We said HP hardware. In the shorter run that could be HP PA-RISC hardware. It’s not only Intel-based solutions.

What’s going to make the HP solution a better deal for the customers, as well as better for HP’s sake?
We’re going to have a market-leading offering. Where customers are staying with HP-based solutions, it’s in the interest of the customers to have access to market-leading hardware.


Does HP still want these customers?
Yes. For customers who have a need to run things beyond HP’s end of support date, we’re trying to address things so they’re retained as HP customers. The things we announced which HP would try to enable after HP’s end of support date are really targeted at those customers who have more stable environments and smaller environments, and it’s more practical for them to run things beyond HP’s end of support date. It’s not our belief that’s going to be beneficial to or attractive to customers with large organizations, large applications and dynamic environments.


I understand HP’s beliefs haven’t changed. But is it true that you recognize some portion of your customer base won’t be moving away from the system?
Some of our customers have told us that they need more time to plan their transitions, and others have told us they do not intend to transition. They want HP to work on solutions, and work on solutions with our partners, to make that sort of environment more available to them.


Are you willing to recognize there’s a subset of your customer base that can’t afford to do this transition?
Yes. Their drivers are that it’s may not financially the right move for them, either because they can’t afford that transition or they’re deciding it’s not worth it for them to make the investment [in a transition]. We’re trying to have a set of solutions for them to help them address that, without going so far as to say we think that’s the right answer for the majority of the customers. We recognize there’s a significant segment, and we’re trying to be responsive to that.


Nobody has heard from a large enough segment of the customers to have a number that's representative, right?
Yes. I’ve heard different numbers, and I’d rather not get into guessing what the size of that segment is. I’d believe that it’s far from the majority, but it’s a very significant segment.


How soon can HP have a proposed MPE license fee in place, so the companies which are considering building a hardware emulator can gauge their market?
One of the things we said at HP World was that I prefer not to trickle information out one-off. It has a tendency to confuse the message and also tends to be inefficient in terms of getting substantive announcements to our customers. We were able to announce a solid bundling of new information, as well as consolidating that with existing information, and I like that model much better.

The model that seemed to resonate with the folks at HP World was roughly quarterly announcements, while providing updates when available. That would indicate around the end of this calendar year.

I will state, and I think this is important, that with this licensing HP is not looking towards structuring the MPE license to make the emulator financially unattractive to customers. We don’t want to state anything about particulars until we’ve thought the costs through and what some of the customer needs are.

Gavin Scott of Allegro said he thought it would be a lot more attractive to any company offering a hardware emulator if they could ship off a demonstration version of the emulator with enough MPE for a test. This involves someone shipping off MPE other than HP. Is that prospect possible?
I’m very open to different alternatives and approaches within the boundaries we announced at HP World.

The objective is to help make this solution work, right?
Yes. Another objective is to make sure that expectations are clear, so we don’t oversell and overset expectations for customers.


Are you willing to get into a position where HP’s just collecting royalties for MPE?
I’m open to lots of alternatives. There are many issues from a customer and partner perspective: legal issues and constraints in the future that we want to make sure don’t result in an untenable position for anybody. That’s one of the reasons we want to be, not vague, but non-specific at this point. We’re in a gray area we haven’t been in before.


What’s HP’s position on third parties taking over portions of the delivery chain beyond the end of sales date next Oct. 31?
We’re working on partners with different elements of the value chain. That’s something we’re definitely doing in the transition space. Another area is remarketed systems, and we have a very strong relationship with Client Systems’ subsidiary Phoenix Systems. We’re definitely interested in working with them. We’re open to documenting what we’re doing so customers' and partners’ interests are also protected, along with HP’s interest.


Documenting what?
Suppose the emulator runs on HP solutions. We want to make sure partners aren’t left in a bad position in case HP makes future decisions that are inconsistent with that announcement. We’re very open to different arrangements, subject to representing reasonable business needs from HP’s perspective.

The point is that I’m very open to needs not just from HP’s perspective, but also from a customer and partner perspective. We’ll be working with the OpenMPE group and with partners and customers who are expressing concerns.

What’s the thinking behind maintaining the current pricing model for current A-Class performance?
Doing things like releasing all the horsepower that’s available in one chassis has a ripple effect that’s not acceptable for the pricing model. But we’ve heard that customers who have bought into an A-Class chassis may have some needs for more upgradability. One of the questions we asked was if there was a price associated with an additional upgrade within an A-Class chassis, would they be interested? That’s a price consistent with our overall pricing model. There seemed to be some interest in that which we’ll continue to look into.


Is this a way for a customer to avoid having to find an N-Class system to upgrade to after HP’s sales of N-Class systems stop?
Yes. If there’s enough interest and demand, and we can structure it in a way that it fits in well with our established pricing model, it’s something I’d be open to trying to structure.


Why so much attraction to a pricing model that was conceived before HP decided to leave the 3000 market?
It just isn’t practical for us to restructure the pricing model. We feel we structured it in a way that there’s appropriate value in the system for what we’re delivering. It’s a reference to purchases that have already been made.


You recently made a healthy reduction in that cost to customers with the new pricing. Why not continue in that with the A-Class?
Within limits we’ve obviously tried to offer strong value while recognizing the customers’ expenses they’ll be incurring through these transitions.


Is simplifying HP’s support through such an upgrade — which would give the 6.5 customers something to upgrade to in December 2004 — a factor in creating an A-Class upgrade?
There might be some impact there. But there are enough customers in different segments that some customers incrementally going to upgrade probably doesn’t fundamentally change the support picture from HP’s perspective. What’s more meaningful to me is if it gives customers more degrees of freedom.


How long do you think CSY will continue to operate as a virtual entity with HP after 2003?
CSY is the value chain that delivers 3000s to our customers. In that respect, it exists though 2006. How it’s managed internally is a subject that nobody can predict. From a customer perspective, for me the goal is that customers would see a 3000 business orientation through HP’s end of support date.


What’s the contact for that virtual CSY beyond end of sales? It’s looking like the reseller channel will be folding its tents next year.
From a channel perspective, what’s the contact point? We’re working closely with Client Systems in the Americas to identify different ways they can support customers. We’ll be continuing to work with all our partners. We’ll need to stay tuned as things move forward.

From an HP perspective, I’m the business manager, and I’m the go-to guy. We’d like to make sure the virtual CSY value chain is also represented cleanly and consistently to our customers. Exactly how that’s implemented over time may change. It works best where our customers would be able to work with HP in a centralized fashion.

Having said that, I continue to feel like I have an important role in adding value.

What about you? How long do you want to be the 3000 go-to guy?
I basically want to do this as long as two things are true. One is that I feel like I’m continuing to add value, and that HP wants me to continue doing that. Whether that’s months or years, nobody can predict. There’s no timeline for the end of that right now.

I didn’t expect a few years ago to be in the business, let alone in this particular role. Things have worked out in a way that I’m pleased to be in this role, and feeling like I have an opportunity to add value. It’s hard to tell these days what the future holds. Things are changing very quickly, both inside and outside the company.


Graduate to more HP 3000 performance

A commencement address to those ready to matriculate to faster HP 3000 systems

By Mike Hornsby

Speed costs money. How fast do you want to go? You want to get all of the speed out of your current HP 3000 configuration. There are ways of trimming existing costs and applying the savings to improved performance. This article provides insights and methodologies for saving on ongoing costs and improving interactive response times and batch throughput.

Speed traps

If you’re using DTCs, are the terminals running at 19.2 kbaud? Do you have more than four disks per HP-IB or single ended SCSI interface? Do you have a single LANIC for all network traffic? Have you switched to Jetdirect or LPD-based printing sharing?

Hardware options

Maximize your memory configuration/interleave. Switch to Web or socket interfaces to reduce ‘hpusercount,’ allowing a faster server with a smaller ‘hpuserlimit’. Add disc drives in user volumes to spread transaction management. Add or upgrade tape devices to speed up backup operations. Split your fourth-generation language and reporting licenses into developers and runtime licenses, and put the developers on a separate, limited-user system.

Database management

Make sure that datasets are blocked efficiently to save disk space and maximize serial prefetching. If you’re performing chained reads, repack on a periodic basis. Place your heaviest accessed files on Fast/Wide SCSI disks. Use HWMPUT or a serial repack to avoid a deleted entry chain. Split your automatic master for small detail from those associated with large details. Watch for master capacities that cause clustering. Avoid the use of master dynamic expansion except for emergency overflows.

Process management

Tune your CQ=152,200,200,2000 if you’re using VPlus. Otherwise, tune CQ=152,200,100,2000. Watch for socket applications such as ODBC always running at 152. Use NSCONTROL SERVER=MIN,MAX to pre allocate server processes.

Logging

If you’re using mirroring or RAID 5, reevaluate the requirement for logging. If you are logging, make sure that proper procedures are followed after system aborts.

OCTCOMP/Allocate

Object Code Translate and allocate Compatibility Mode programs such as FCOPY and any other user CM programs. Install the Native Mode versions of QUERY and QUAD if you use them.

Lot-o-spoolfiles

If you’re using spooling utilities, minimize the number of spoolfiles on the system. Use set stdlist=delete in trivial batch jobs. If a program produces a large stdlist, send it to a circular file. At reboot, the system must recover any spoolfiles that were opened at the time of a crash. This used to be done prior to SYSSTART, but now is a background process — but it still can hog the system for a while. Also, doing a print ;start=-20 on a large spoolfile causes all records to be read, because spoolfiles have variable records.

Backups

The backup is usually the single longest, most intensive job. Many times, slow response during the day can be attributed to an online restore. Use the store listing or BIGFILES to identify the largest files. It is a shame to waste time backing up memory dumps or month-end work files in each full back up. It is a crime to wait for these files to roll in during a re-install!

Free tools

Some tools that are available for free: At www.beechglen.com: BIGFILES, a utility to list the files on the system in descending order by size w/cutoff. QPLUS, a command file script that approximates GLANCE or SOS.

At www.allegro.com: FILERPT, a utility that summarizes file usage from system log files. SYSLOG, a utility that allows dynamic switching of system log file events. RAMUSAGE, a utility that describes memory content better than GLANCE. DBLOADNG, a utility to report on database efficiencies

Application tips

Don’t use PIC 9 fields in COBOL for arithmetic operations. The overhead for ASCII-to-binary is substantial. Do use VPlus forms caching. This is easy to implement in the COM area, and most terminals and emulators support it.

Use DBUPDATE in place of delete/put; this CIUPDATE feature can dramatically reduce the overhead to modify a search or sort item. Do use mode 6 DBGET w/date cut off. Many programs read down the chain selecting for date >, until end of chain. It is usually much faster to read up the chain stopping at date <.

IMAGE does not prefetch for either mode 5 or 6 DBGETS.

Do use Robelle’s Suprtool to extract/sort work files. Many systems have one or two ‘killer’ batch reports. These usually sequentially read a master and chain to a detail producing a work file that is then sorted and passed to a report or output section. Suprtool can usually produce the same work file in one-tenth of the time.

Do use IMAGE b-trees to replace KSAM look up files. IMAGE now has the capability to incorporate b-tree lookups. It is very easy to implement and very transparent to the application code.

Other cost-saving options

Have leased-line and ISP agreements re-quoted annually. Just by asking you can usually save 10-15 percent. Review hardware and software maintenance agreements annually. Look for items that you already have spares for — terminals, DTCs, and tape drives, or thosethat can be replaced inexpensively.

Eliminate OpenView. Many sites have this product to allow DTC switching. This was bundled into MPE/iX 5.5 as host-based DTC control, along with host based Telnet. Look to grow operations and user staff into programmers. Which would you rather have: a great programmer that doesn’t know the business, or a fair programmer that already knows the business and people well?

Mike Hornsby’s company Beechglen Consulting (513.922.0509) provides contract administration, contract programming, and customized system and application software support, specializing in HP 3000s and promoting an “Anyone can call about anything” philosophy. A former HP senior systems engineer, he co-founded Beechglen in 1988.


Understanding how to use Mirrored Disk on HP 3000s

HP’s add-on product provides vital disaster recovery, but you’ll need advice on set-up, disk errors and split-volumes

By Andreas Schmidt

Mirrored Disk/iX is an optional subsystem for HP 3000 mission critical systems, and it’s vital to guaranteeing high availability of your company’s data. This article explains the fundamentals of HP’s Mirrored Disk/iX: how to set up volume sets, how to deal with disk errors and how to establish a split-volume backup.

The complete resource on this subject is, of course, the HP manual for Mirrored Disk/iX (User’s Guide, HP Part No. 30349-90003.) Some of what follows is based on this. But we all know that a summary sometimes will help better than reading through a complete HP manual — especially if you are under pressure in a delicate situation.

What are mirrored disks?

Mirrored Disk/iX is a subsystem for HP 3000s which needs to be ordered separately. The installation follows the normal subsystem Installation Process as documented in the Installation Manual. Mirrored Disk/iX is designed to work only with non-system volumes. To make it very clear: Mirrored Disk/iX does not support mirroring the HP 3000’s system volumes.

It supports disk drives that use HP-FL cards or NIO SCSI cards. But mirrored partners must be the same model of fiber-link drive or NIO SCSI drive, and mirrored partners must be connected to different HP-FL cards or NIO SCSI. Otherwise a single point of failure would still exist.

Mirrored disks are designed to provide high data availability by automatically maintaining identical information on two partner disks. When an application writes to a disk, disk mirroring causes the information to be written to both drive partners. When an application reads from a disk, there are two places to access the requested data. This may give performance benefits on large systems which do a lot of reads for queries but only a few writes to the same data. Applications running on the system are unaware that disk mirroring is present.

Once disk mirrors have been established using the VOLUTIL utility, a mirrored disk acts just like any other disk connected to the system, until a disk failure occurs. If either disk of any pair fails, normal system operation continues. When the partner is ready to resume operation, the system copies data from the good disk, bringing the pair to a consistent state, and normal mirroring resumes.

Once mirrored disks have been installed, you can use them like any other disks connected to the system. Additionally, you can perform split-volume backup of mirrored disk data while still accessing the data.

So, Mirrored Disk/iX supports the following features:

High data availability: System automatically maintains identical information on two partner disks. Users continue to access data if either disk of any pair is disabled or under repair.

Reduced downtime: Users continue to access data while system performs file backup.

Disk failure recovery: System detects failed drive, continues to run application, and discontinues mirroring until drive is repaired.

Resume mirroring: System allows for the removal of the failed drive from pair, the mounting of another drive in its place while the system is running, then copies data to the new drive, and resumes disk mirroring.

Data consistency: System writes data to both partners of a mirrored pair, so data is always consistent, even during the repair process.

The installation of Mirrored Disk/iX is easy:

• Use the SYSGEN utility to configure the disks into the system.

• Install the disk hardware.

• Boot the system with the new configuration.

• Use the AUTOINST utility to install the mirrored disk software.

• Use the VOLUTIL utility to create a mirrored volume set.

• Move files, if necessary.

• Set up accounts and groups.

The subsystem installation of Mirrored Disk/iX enhances the HP 3000’s VOLUTIL commands. HP provides both commands VOLUTIL and MIRVUTIL to make life easier for the System Manager. The functionality is the same when Mirrored Disk/iX has been installed.

Please be careful: The Create Volumes (CV) capability is required to use VOLUTIL to initialize mirrored volumes. You also need it to input system commands from the system console to perform split-volume backups.

How to set up volume sets

Assuming that the subsystem has been installed and the hardware as been plugged in and is configured, the new volumes will be in state SCRATCH or UNKNOWN. Verify this via :DTSTAT ALL

LDEV-TYPE          STATUS         VOLUME (VOLUME SET - GEN)
30-079370          SCRATCH
31-079370          SCRATCH
32-079370          SCRATCH
33-079370          SCRATCH


Now invoke :VOLUTIL or :MIRVUTIL and create the new set’s master disk as mirrored pair:

volutil: NEWMIRRSET PROD_SET:MEMBER1 (30,31)

and verify via DSTAT:


volutil: :DSTAT ALL

LDEV-TYPE          STATUS         VOLUME (VOLUME SET - GEN)
30-079370          MASTER-MD      MEMBER1 (PROD_SET-0)
31-079370          MASTER-MD      MEMBER1 (PROD_SET-0)
32-079370          SCRATCH
33-079370          SCRATCH

Now add volumes in this mirrored set. These volumes must be in state SCRATCH or UNKNOWN.

volutil: NEWMIRRVOL PROD_SET:MEMBER2 (32,33)

and check via DSTAT again:

volutil: :DSTAT ALL

LDEV-TYPE          STATUS         VOLUME (VOLUME SET - GEN)
30-079370          MASTER-MD      MEMBER1 (PROD_SET-0)
31-079370          MASTER-MD      MEMBER1 (PROD_SET-0)
32-079370          MEMBER-MD      MEMBER2 (PROD_SET-0)
33-079370          MEMBER-MD      MEMBER2 (PROD_SET-0)

In VOLUTIL, the command SHOWSET with the MIRROR option (this option has been installed via the added subsystem) will show the state of the mirrored set:

volutil: SHOWSET PROD_SET MIRROR

Volume Name   Vol Status     Mirr Status          Ldev      Mirr Ldev
MEMBER1       MASTER        NORMAL                  30       31
MEMBER1       MASTER        NORMAL                  31       30
MEMBER2       MEMBER        NORMAL                  32       33
MEMBER2       MEMBER        NORMAL                  33       32

How to deal with Disk Errors

There are two types of disk errors: Disk errors after mount (in normal operation) and a disk cannot be mounted (already defective in booting the box)

Disk Error after Mount: If a disk has a problem after the mount, the system will continue to work automatically with only one disk of the affected pair.

Possibilities for Disk Errors are:

Disk reports ERRORS — Disk will immediately become DISABLED and the System will continue to work without a mirroring for the affected volume set without any interruption.

Disk does not answer any longer — The system waits about two minutes for an answer by the disk. During this period, all I/O processes are suspended. If the disk will answer in this interval, the system will continue to work with mirroring for this pair. If the disk will not answer the disk will become DISABLED. The system will continue without mirroring for the affected volume.

Here’s an example: During normal operation LDEV 32 fails. The following message will appear on the Console:

?09:09/12/MIRRORED VOLUME DISABLED ON LDEV#32
?09:09/22/ACKNOWLEDGE MIRRORED VOLUME DISABLED ON LDEV#32 (Y/N)?

:REPLY 22 ,Y

The system will continue to run. The problem may be that this message and the reply will be overlooked on big systems. It’s recommended to have a monitor in place. HP’s OpenView Operations Center (a.k.a. IT/O OpC) may be one option.

A check using DSTAT and VOLUTIL will show the following:

:DSTAT ALL

LDEV-TYPE    STATUS              VOLUME (VOLUME SET - GEN)
30-079370     MASTER-MD          MEMBER1 (PROD_SET-0)
31-079370     MASTER-MD          MEMBER1 (PROD_SET-0)
32-079370     *DISABLED-MD       MEMBER2 (PROD_SET-0)
33-079370     MEMBER-MD          MEMBER2 (PROD_SET-0)

volutil: SHOWSET PROD_SET MIRROR

Volume Name     Vol Status           Mirr Status       Ldev      Mirr Ldev
MEMBER1            MASTER             NORMAL           30           31
MEMBER1            MASTER             NORMAL           31           30
MEMBER2            MEMBER             DISABLED         32           33
MEMBER2            MEMBER             NON-MIRROR       33           32

Having repaired or exchanged the disk, you must continue by issuing the command: volutil: REPLACEMIRRVOL PROD_SET:MEMBER2 32 and re-establish the mirroring. Check it via

volutil: SHOWSET PROD_SET MIRROR

Volume Name Vol Status    Mirr Status              Ldev  Mirr Ldev
MEMBER1         MASTER     NORMAL                  30      31
MEMBER1         MASTER     NORMAL                  31      30
MEMBER2         MEMBER     REPAIR-DEST             32      33
MEMBER2         MEMBER     REPAIR-SRCE             33      32

The repair will happen automatically. No further intervention will be needed. This process is fully transparent for applications and users of the data on the affected volume set.

Disk Error before Mount: Here’s another example: LDEV 33 cannot be mounted during the system’s startup. Following message will appear on the console:

?09:09/12/MIRRORED PARTNER MISSING FOR LDEV# 32

The system sets the “good” mirrored disk LDEV 32 on PENDING and waits for SUSPENDMIRRVOL to allow LDEV 32 to work without the mirrored partner:

?09:09/22/ACKNOWLEDGE MIRRORRED PARTNER MISSING FOR LDEV# 32(Y/N)?


:REPLY 22 ,Y

This volume (here: MEMBER2) will stay unavailable until either the mirrored pair (here: LDEV 33) will become available again, or the mirror will become suspended via SUSPENDMIRRVOL command. DSTAT will show the following:

:DSTAT ALL

LDEV-TYPE STATUS VOLUME (VOLUME SET - GEN)
30-079370 MASTER-MD MEMBER1 (PROD_SET-0)
31-079370 MASTER-MD MEMBER1 (PROD_SET-0)
32-079370 *PENDING-MD MEMBER2 (PROD_SET-0)

By using SUSPENDMIRRVOL the mirror will become suspended, and the disk will work without a mirror for it. Now, this disk should not become faulty — it’s a single point of failure now! SUSPENDMIRRVOL will work only for disks in state PENDING!

volutil: SUSPENDMIRRVOL PROD_SET:MEMBER2 32

MEMBER2 is now available again, but without a mirror:

volutil: SHOWSET PROD_SET MIRROR

Volume Name Vol Status Mirr Status Ldev Mirr Ldev
MEMBER1 MASTER NORMAL 30 31
MEMBER1 MASTER NORMAL 31 30
MEMBER2 MEMBER SUSPEND-MIRR 32 33

Having repaired the disk (LDEV 33), the mirror must become active again:
:DSTAT ALL

LDEV-TYPE STATUS VOLUME (VOLUME SET - GEN)
30-079370 MASTER-MD MEMBER1 (PROD_SET-0)
31-079370 MASTER-MD MEMBER1 (PROD_SET-0)
32-079370 *PENDING-MD MEMBER2 (PROD_SET-0)
33-079370 SCRATCH

By using REPLACEMIRRVOL, the repaired LDEV 33 will be initialized as mirror for LDEV 32 :

volutil: REPLACEMIRRVOL PROD_SET:MEMBER2 33

You can verify this with SHOWSET

volutil: SHOWSET PROD_SET MIRROR

Volume Name Vol Status Mirr Status Ldev Mirr Ldev
MEMBER1 MASTER NORMAL 30 31
MEMBER1 MASTER NORMAL 31 30
MEMBER2 MEMBER REPAIR-SRCE 32 33
MEMBER2 MEMBER REPAIR-DEST 33 32

Split-Volume Backup

Another feature of Mirrored Disk/iX is the way it can make backups. It is only necessary to take (physically spoken) one disk’s content out of a mirrored pair. This is possible via the split-volume backup. To split a volume set, no user is allowed to stay logged on for this volume set: You can use the command :TELL @ LOGOFF FOR BACKUP. The volume set will become unavailable now for one half:

:VSCLOSE PROD_SET; SPLIT
:DSTAT ALL

LDEV-TYPE STATUS VOLUME (VOLUME SET - GEN)
30-079370 LONER-SU MEMBER1 (PROD_SET-0)
31-079370 LONER-SB MEMBER1 (PROD_SET-0)
32-079370 LONER-SU MEMBER2 (PROD_SET-0)
33-079370 LONER-SB MEMBER2 (PROD_SET-0)

Now make via VSOPEN both SETS (USER and BACKUP) available: :VSOPEN PROD_SET

PROD_SET SPLITT USER VOLUME MOUNTED ON LDEV 32 (AVR23)
PROD_SET SPLITT BACKUP VOLUME MOUNTED ON LDEV 33 (AVR24)

Now the PROD_SET is available for production but without the mirroring:

:TELL @ SYSTEM IS AVAILABLE NOW
:DSTAT ALL

LDEV-TYPE STATUS VOLUME (VOLUME SET - GEN)
30-079370 MASTER-SU MEMBER1 (PROD_SET-0)
31-079370 MASTER-SB MEMBER1 (PROD_SET-0)
32-079370 MEMBER-SU MEMBER2 (PROD_SET-0)
33-079370 MEMBER-SB MEMBER2 (PROD_SET-0)

Start the backup with the command: :FILE T;DEV=TAPE :STORE /; *T; SPLITVS=PROD_SET; SHOW. This backup is compatible to the “normal” STORE.

Having finished the backup, the split can be canceled:

volutil: JOINMIRRSET PROD_SET SOURCE=USER

SOURCE=USER tells the system that during the JOIN and the following REPAIR to synchronize the BACKUP with the USER split, so the on-line users are allowed to continue to work. The status in VOLUTIL during the synchronization will look like:

volutil: SHOWSET PROD_SET MIRROR

Volume Name Vol Status Mirr Status Ldev Mirr Ldev
MEMBER1 MASTER REPAIR-SRCE 30 31
MEMBER1 MASTER REPAIR-DEST 31 30
MEMBER2 MEMBER REPAIR-SRCE 32 33
MEMBER2 MEMBER REPAIR-DEST 33 32

At most, six mirrored pairs will become synchronized in the same period for performance reasons. That means as soon as one of the six pairs is finished the next waiting pair will be processed.

This is an optional way to make a backup — as I said earlier, Mirrored Disk/iX is fully transparent to all applications. We’re still using TurboStore/iX online to back up our mirrored volume sets, and didn’t encounter any problem because of Mirrored Disk/iX.

Summary

Mirrored Disk/iX is a MUST for mission critical systems to guarantee high availability of the data. In case of problems because of the physical disks, the data stays available. The automatic repair processes in Mirrored Disk/iX are transparent to the users. The procedures are quite easy — but you must know them! This article will help all HP 3000 System Managers to have this handy.


3000 Network Hardware: Routers and Switches and Hubs, Oh My!

HP 3000 hardware networking can be like a trip down a Yellow Brick Road

By Curtis Larsen

Auntie MAU! Auntie MAU! A Twisted Pair! A Twisted Pair!

Once upon a time, networks were as flat as the Kansas prairie, and computers on them were a lot like early prairie farmsteads: few and far between, pretty much speaking to each other only when they had to. (“Business looks good again this year.” “Yep.”) Most systems still used dumb terminals, and when speaking to anything outside the LAN, system-to-system modem connections were the way to do it.

A tornado named the Internet appeared in this landscape. It uprooted established standards and practices, swept aside protocols and speed limitations, and took us into a Technicolor networking landscape very different than what was there before.

Toto, I get the feeling our packets aren’t in Kansas anymore

Smaller companies were tossed before the tornado to eventually land and quickly begin growing again in the new environment. Large companies like IBM, HP, Digital, and Microsoft, who were rooted and established in their own proprietary standards (it sounds like an oxymoron, but it’s true) survived by generally ignoring the howling winds. Eventually, munchkin-like, they all came out to see what the general fuss was about, and found that a house-sized chunk of change (pun intended) had landed.

Networking, and the TCP/IP protocol had truly arrived in style, bringing strange new applications and markets. Serial connections and proprietary networking (“What do you mean we don’t need SNA to connect to the Wichita office anymore?”) gave way to a new kid on the block. And her little dog, too.

Follow the Yellow-Colored-Cable-and-Labeled-at-Both-Ends Road!

So here we are, sitting in a strange new networking land of strange new networking things. And for some of us, trying to understand the whole of it all — especially in relation to “legacy” system like the HP e3000 — is a little daunting. What are all these networking black boxes we plug the system into, and what do they all do? How can they make life better? (How can they make life worse?) If you’re not sure (or just plain curious) read on.

We’re off to see the wizard — this wonderful wizard of ours!

The networking wizard of your HP e3000 system is a program named “NMMGR.” It allows you to define networking hardware and tells you how to create connections with them. But what things can you define? Before we talk about connecting to things, we should probably take a crash-course in the things you’re connecting to.

Which path do I take? Well, you could take this one, that one, or both...

The basic networking boxes you’ll connect to are hubs, routers, switches, bridges, and gateways. Oh My. Let’s take them one at a time.

Since life is like an analogy, I’ll stretch one for the hub to go like this: If your network traffic is like water through a hose, then a hub is like a splitter, allowing multiple exits. Generally speaking, a hub simply splits the traffic from the “incoming” line into each connected port “out.” This is cheap and simple to set up if you don’t have a lot of connections, but like too many divisions on any hose, too many hubs will make the end connections anemic. The fewer connections the better, so most hubs have no more than 24 ports total.

Obviously, to make things better for all connections in larger networks, more “water pressure” was needed — and the switch was born.

Pay no attention to that man behind the curtain!

No, I’m not talking about the System Administrator. A switch looks very similar to a hub, but the appearance ends there. Again, if your network is like a stream of water in a hose, then your garden-variety switch is like a water tank, adding pressure to the line. Huge water tanks are placed at the heart of a city’s water system, while small tanks are placed on buildings. At the heart of most networks — tended by a cooing Network Administrator — is a core switch (the main tank).

Additional “work group” switches (building-sized tanks) can be used in wiring closets for special-need areas of the network. So, although a hub and a switch both offer multiple connections, the resulting “streams” have vastly different origin and force. Now that we’re one big speedy networking family, no one minds if it all fails, right? No? Well love can build a bridge, and so can electronics.

My Network’s crashing… What a world! What a world…

Having all your network connections on one physical segment isn’t too grand — especially when it fails. By segregating physical networks and then “bridging” them together, you ensure that in the face of adversity, some people can still laugh at the ones who can’t work. Aquariously speaking, a simple bridge is like a valved pipe between two water systems, passing water in both directions, and shutting one side’s valve if that system “loses pressure” (goes down). You say you want to route water based on content? Well then.

This here’s the ‘Packet of a Different Header’ you’ve heard about

Simply put, a basic router is an intelligent (logically) one-way bridge, examining network data information and very quickly sending data packets down one line or another. In our epic analogy, a router could be a thermal valve, forcing only cold water to flow this way, and hot water that way, preserving us from the heartbreak of tepidity. Since the router has to work quickly, it usually works at a lower level than other equipment does, caring less about content and more about destination. You say you’d like to exchange hot water with someone else? You’d like the gate to swing both ways?

There’s no place like the home network! No place like the home network…

A router is excellent at sending packets from Here to There (and not necessarily Back Again), but nothing beats the gateway for two-way communication. A gateway takes data from one network and sends it to another, even re-creating the data packet on the other side, if need be. To stretch our analogy to its limits, we could say that two different water systems exist, having the same characteristics, including temperature. One system is chlorinated, while the other is not, and so simply allowing the water to pass unmolested would be an issue — one system would become diluted, and the other exposed. What we need is a filtration pump that allows the water to be pumped in either direction, adding chlorine one way, and taking it out in the other direction.

Connecting to the Internet requires a gateway, since your home network doesn’t “know” how to reach something out there. What it does know is how to hand off a data packet destined for “Not Here” to a gateway for processing. The gateway in turns checks the packet’s address and sends it to the best possible network closer to the packet’s Ultimate Destination, re-labeling the packet as it does so, and putting its own address in the packet’s “return address.” If the packet’s Ultimate Destination isn’t on the new network either, then the gateway there does the same thing until the packet finally hits the Emerald City.

On its way back home, because of all the “return addresses” it picked up, the packet passes back through each gateway that it came from until, clicking its little ruby slippers, the packet realizes it is in no place but home.

Because of its intensive examination work, a gateway is almost always dedicated to its task, especially on larger networks. It was the gateway’s filtering abilities that led to using them as a firewall to protect networks by purposefully filtering and/or denying different types of connections and data. But the firewall is a topic all its own — just make sure you use one!

And you were there, and you, and you.
Oh Auntie Carly, there’s no place like HP!

So there you have it — Networking Devices 101. Now that you know what you can connect your e3000 to, you can come up with some ideas on how to use them, and answer questions about what to connect to. Should an e3000 be connected to a hub, or to a switch? (Switch!) Does a printer need to be connected to a hub or a switch? (A hub will usually be fine.) Should I use my e3000 as a gateway? (I think not.) Should the physical part of my network the e3000 is on be bridged? (Yes.) Can I configure a gateway and connect my e3000 to the Internet? (Certainly. But make sure you have a firewall first!) Can I use other protocols or connections besides TCP/IP and Ethernet? (Absolutely! X.25, SNA, FDDI, and a number of other connections are available, but they change a lot, so check with your favorite sales rep first.)

So long as HP continues to expand and extend the capabilities of their workhorse system, the e3000 will continue to be the perfect business computer choice. As everyone who uses and loves it knows – stick with it and your business just keeps flowing along, leaving your competitors all wet.


Enabling 2FA authentication on the HP 3000

State-of-the-art security is possible using tokens, agents and RSA secure servers with MPE/iX

By Andreas Schmidt

This article describes a way to build a security barrier around your HP e3000. It is based on material offered by Security Dynamics (www.rsasecurity.com), and on my own HP 3000 experiences in a project to roll out a Two-Factor Token Authentication to all platforms for a big company in the chemical industry, one which chose NT and HP 3000 systems as pilots.

Background

Today it’s a risk to trust only static passwords. Some studies have shown that approximately 60 percent of big companies have detected a security violation in the last two years, and more than 80 percent still use static passwords, especially to connect to the network. So it’s a good approach not only to rely on static MPE security, or third-party security solution passwords, but also to introduce a Two-Factor Token Authentication.

Two-Factor Token Authentication

Authentication is the process to verify the identity of users. On the Internet, cookies can provide automatic authentication for user names and passwords having been registered at a site, especially with SSL (Secure Socket Layer) encryption for things like credit card information.

On intranets, the authentication could happen with simple passwords, along with tokens or smart cards, or with biometrics that utilize the individual’s physical characteristics such as finger-print or retina.

Because passwords can become cracked or sniffed on the WAN/LAN, all methods using static authentication are not secure. The Two-Factor Authentication requires two factors before an user will gain access to a network or system:

• The person needs to have something: a token which produces a tokencode. Such a tokencode will change about every minute.

• The person has to know a PIN. This Personal Identification Number is unique and only valid for the physical token the person possess.

If an individual needs access to a server or a network component, they must log on to an Authentication Server or Agent and enter the PIN and the actual tokencode. As soon as the token has been recognized by the logon name and the Authentication Server has accepted the code combination, it cannot be used a second time. A sniffer has no chance to use the same combination of PIN plus tokencode.

The vendors of such authentication environments (server, agents, and tokens) ensure that each authentication token is unique and it is impossible to predict the value of a future tokencode by recording prior tokencodes. Thus when a correct tokencode is supplied, there is a high degree of certainty that the person is the valid user in possession of the physical authentication token and the remembered PIN.

One environment provider is RSA Security Dynamics, offering a SecurID Server, Agent, and Tokens.The heart is the RSA ACE/Server, the authentication engine on the network. It runs on different Unix flavors and Windows NT or 2000. This server is the management component of the RSA SecurID product family, used to verify authentication requests and to administer policies for enterprise networks.

All network components which should become authenticated must be defined on this server and become RSA ACE/Agents. When a person attempts to access a protected system, this software agent initiates an RSA ACE/Server authentication session instead of a basic password session. (This is true for Unix and NT, but not in this case for MPE, as we will see later.)

The user is required to enter the user name and instead of a static password, the current tokencode from the authentication device (the token) plus the PIN. The agent software hashes the information supplied by the user with additional data known only by the protected device (agent platform). It then transmits portions of the hashed information to the RSA ACE/Server, which approves access when the information is validated. The user is granted access, and this is logged onto the Server as well.

The last component is the physical device the user possesses, the authenticator or token. Many forms are offered. The one most used is a key fob: a device with a built-in chip and an LCD window to display the tokencode, small enough to be attached to a key ring. Others are credit card look-alike devices. The latest edition is software for palmtops generating the actual tokencode. Using any one of these devices, a person must possess them to authenticate, employing the same patented algorithm for encrypting and hashing the tokencode.

Authentication Advantages

Having installed such a system on all devices before access for an individual is granted, the security of a company’s network will be drastically improved. The four primary benefits are:

• Enterprise Authentication: Only those persons can access the devices when they are authorized to possess and use a token and PIN.

• Access Control: This is essential to protect against outsider attacks or malicious employees.

• Evasion of Attack: Hackers will try to unexpectedly gain access to a network. The Server identifies threat conditions, which are reported to the logs and alert the system manager.

• User Accountability: Damage may be done using an employee’s password without the knowledge of that employee. However, by logging the authentication process which requires PIN and tokencode, it provides more assurance of employee involvement in any unauthorized activities. The knowledge of this and of the comprehensive logging helps employees recognize their accountability for information security, so that their behavior is more secure.

The HP e3000 Agent Solution

The chemical company, which CSC is providing with IT services, decided to roll out Two-Factor Token Authentication over all platforms within one year. NT and MPE were selected as pilots: NT because of the large number of servers running that environment; and MPE because of the thinking that this platform might be different from all others and more difficult to implement. However, the company also recognized the importance of running its 3000-based Order Fulfillment Process with a lot of different outside partners.

RSA’s first attempt to develop an agent for MPE was very simple: A token had to become configured for a combination of MPE-USER-ID.MPE ACCOUNT. This combination could not be reused on another token. It was not possible to use wildcards or to add SESSION-IDs or MPE-GROUP to have a complete logon string. Because of the MPE characteristic to share logons (on all levels of capabilities) this version of the agent was not what we were looking for. (More drastically: This agent could not function for the MPE platform).

The second attempt was much better: everything was changed to the chemical company’s already-existing Security/3000 setup. Now Security/3000 invokes the RSA Agent to contact the RSA Server. It transmits either the SESSION-ID or the MPE-USER-ID as the name of the token. If the token is known and allowed to access the HP 3000, the agent asks the user for the current tokencode plus PIN.

This agent also functions without Security/3000 by adding some lines to the System’s Logon UDC. This drops some additional functions in combination with Security/3000, like verifying a user profile in any case (SESSION-ID,MPE-USER-ID.MPE-ACCOUNT is defined as allowed logon in Security/3000, all others will be refused before starting anything), but it will work.

One thing is essential: The RSA Agent for MPE does not replace the MPE password process like it does for Unix or NT! It is activated first when the HELLO string has been entered and the MPE password hurdle has been passed (Account, User, and/or Group Password) and (as an option) the basic check within Security/3000 for profile existence is passed. Now any other logon UDC functions are invoked, and this activates the RSA Agent.

Having Security/3000 in place is a good idea to replace the session passwords (if any) by supplying the tokencode.

Not having session names in place, the RSA Agent will add an additional password. I do not recommend eliminating the MPE password — it’s still a fence around your system and is needed for batch security (depending on the streaming security you have in place).

Having activated the RSA Agent, a logon sequence will look like Figure 1. The setup within Security/3000’s SECURCON.DATA.VESOFT file is shown in Figure 2.

Figure 1

SYSTEMA:hello paul,manager.sys
ENTER USER (MANAGER) PASSWORD: xxxxxxxxxxx

HP3000  Release: C.55.00   User Version: C.55.00   FRI, JUN  9, 2000,  7:34 PM
MPE/iX  HP31900 C.05.08  Copyright Hewlett-Packard 1987.  All rights reserved.
*************************************************************
                  This is a private computer facility.
      Access to it for any reason must be specifically authorized.
      Unauthorized access to this computer facility will expose you
      to criminal and/or civil proceedings.

      All information contained in this computer system,
      including messages, is the property of the company.
      The company reserves the right to access and disclose
      all information sent through or stored in this computer
      for any purpose.

************************************************************
               ********************************************
               You are at: Bad Homburg   SYSTEMA Series 960
               ********************************************

Enter PASSCODE:
PASSCODE Accepted
Welcome!  You are now signed on.
END OF PROGRAM
SYSTEMA: 

Figure 2

(* Setup for the RSA ACE SecurID Agent on HP3000    *)
(* =============================================    *)
(* Usersets if needed and wanted for later use      *)
$DEFINE-USERSET MPESEC &
            @[email protected]
(* SEC/3000 Session Names to identify individuals   *)
(* 1st line: all Online Logons                      *)
(* 2nd line: Accounts secured with MPE Methode      *)
(* 3rd line: general Exceptions                    *)
(* 4th line: AM user of MPE Methode (2nd Userset)   *)
$FORBID
"MPE('/var/ace/sdshell ![DWNS(HPJOBNAME)]') <> 0"
"SDI ACE Failed"
@.@&ONLINE-LDEV=20-LDEV=21-&
!MPESEC-&
@.TELESUP-SYSTEMB,XEALRMON.XFER-M,@.XFER-S,@.XFER
!MPESEC&ONLINE&CAP=AM

(* MPE UserIDs to identify individuals              *)
$FORBID
"MPE('/var/ace/sdshell ![DWNS(HPUSER)]') <> 0"
"SDI ACE Failed"
!MPESEC&ONLINE&CAP<>AM

(* Needed for both Methods                          *)
(* Exception Line: general Exceptions              *)
$FORBID
"IVAR(';SECURID',1) = 1"
"Invalid SecurID PASSCODE"
@.@&ONLINE-LDEV=20-LDEV=21-&
@.TELESUP-SYSTEMB,XEALRMON.XEXFER-M,@.XFER-S,@.XFER 

Here are our detailed notes on the Security/3000 configuration.

$DEFINE-USERSET: If in your current setup you identify individuals by their session name or their MPE-USER-ID, it’s a good idea to define a userset for later use.

$FORBID: in this section for all accounts, where the session name is used to identify an individual, the sessionname is downshifted (convention in defining the token on the ACE Server), and the program /var/ace/sdshell, the RSA MPE agent, is executed. If the program’s error code is not equal to 0 the logon is rejected. This will happen if the tokenname the ACE Server received is not allowed to get access to this HP 3000 Server, or is not known at all.

This $FORBID process must be executed for all sessions (but not for batch logons) except console and remote console. (If the network is down, the agent cannot authenticate with the ACE Server) The exception is for all accounts identifying the individual by the MPE-USER-ID, and some special accounts like TELESUP or EDI accounts (here:XFER).

The second userset within this $FORBID statement includes all Account Managers using the MPE-USER-ID as identifier. Here it’s assumed that individuals share one AM logon like MANAGER or MGR and are distinguishable by the SESSION-ID. The next $FORBID defines the same setup for accounts where the MPE-USER-ID is used to identify an individual. The MPE-USER-ID is used for the ACE Server Authentication process. This is needed for all session logons in these accounts except the AM logons.

The third $FORBID checks a variable named SECURID. The ACE Agent sets this variable. If the tokenname is known and allowed for this server, but the code transmitted is wrong (PIN and current tokencode for the token identified by !HPJOBNAME or !HPUSER), the logon is rejected with the error message “Invalid SecurID PASSCODE” (variable SECURID is 1). Otherwise, the logon is accepted (and logged as successful on the ACE Server like all unsuccessful attempts as well), and the individual gains access to the HP 3000. This check must take place for all sessions except those on the two consoles and the general exceptions.

This setup is proven and stable. Because of Security/3000’s flexibility, it’s almost possible to build up any other existing security concept, as long as the current setup already distinguishes between individuals. If this is not the case for any reason, it’s obvious that this must be changed first because of the characteristic of all authentication processes.

A similar setup is possible within a System’s Logon UDC if Security/3000 is not in place. It will become more complicated (some IF clauses, etc.) and will require more effort in changing the setup. But it is possible because of the simple logic of the ACE Agent and ACE Server:

Do I know the name of the token transmitted ?

NO: “SDI ACE failed.”

Is this token allowed for that network component ?

NO: “SDI ACE failed.”

YES: “Enter PASSCODE:”

Is the right PIN and tokencode transmitted ?

NO: “Invalid SecurID PASSCODE.”

YES: “PASSCODE accepted”

Access granted!

What if the ACE Server and/or the network is not available for any reason, so that no authentication could take place? In this case, a system manager must use the specific parameter to bypass the system’s logon UDCs and disable this authentication security. Because of this, it’s highly recommended to switch off the ENFORCE LOGON UDCS setup in SYSGEN (enforcelogonudcs OFF), but to have a hard-to-guess password on all MPE-USER-IDs with SM (only one, I hope).

Also, it’s obvious that in this case the only password remains the MPE-USER-ID password (and/or ACCOUNT password). It’s probably a good idea to prepare a new SECURCON.DATA.VESOFT configuration file in advance, which will be needed in this case.

For our chemical customer it’s not probable that this will happen: A second ACE server is in place with an automatic switchover if the first is not available, and the network topology is redundant. Nevertheless, for smaller companies this may become an issue. It’s not expected that RSA will port its ACE Server software to MPE to avoid such problems, if only MPE is in use.

Rollout to an HP e3000 platform

Assuming that your company wants to have such an authentication for MPE, it’s important to plan this in great detail. There are some dependencies which need to be observed.

Depending on whether you want to keep existing naming conventions to distinguish between individuals (a convention like six letters of surname plus first letter of first name) which is used for SESSION-IDs or MPE-USER IDs, or if you want to create a new one for naming the tokens (like randomized names out of a name generator), you need to make changes more or less within the HP 3000 security setup. Remember, such an authentication may be used on a company-wide level serving all platforms in place (Mainframe, Midrange, PC, Network components) and that one individual possesses only one token for all platforms. This token name is unique and usable on all platforms.

In any case, you’ll need a complete inventory of individuals accessing the HP 3000, including all their individual logons. This list could be created out of Security/3000 itself. It needs to be consolidated and expanded with the individual’s token name. If a new naming convention will be used, all MPE logon profiles (SESSION-ID,MPE-USER-ID.MPE-ACCOUNT) must be changed accordingly.

It may also be the case that the existing logon characteristics (!HPUSER, !HPJOBNAME) are used within application configuration and setup. In this case this must be changed in parallel. And first the Authentication Process on MPE system level itself must be activated.

Lastly, everybody will cry if they used automatic logon scripts: They no longer work! Whether such scripts were allowed in the past (containing passwords) depends on your setup. If so, you have to convince the users that this behavior was never secure. If not, you can be sure that nobody will continue to use such scripts — at least no longer to supply the tokencode (but probably the PIN, which is not recommended)!

You may work on an application-per-application basis, but this will negatively affect individuals who work in more that one application. (For example, in Application A the SecurID token is already needed, but in Application B it still uses the old method.)

Don’t underestimate this effort! It’s very easy to understand the process, but it is hard to roll this out in a living production environment, possibly serving many different user locations. It’s possible, but it needs a dedicated and experienced project management team to deal with all the different groups involved: techies, network people, security admin people, HR, the token vendor, application support, user help desks, user supervisors, end-users and more. People management may become more important than technology management!

Summary

Two-Factor Token Authentication is a state-of-the-art process to avoid static passwords. RSA Security Dynamics provides an MPE Agent for this purpose which worked perfectly for us with Security/3000, but also with basic MPE security. The technical approach is not simple, but manageable. The main problems may arise during the rollout because of human behavior in keeping known procedures and avoiding changes, especially for security. But to stay on HP 3000 into the future, the effort is worth it, especially for better security.


HP knew nothing of November during October

Sgt. Schultz

He saw nothing, nothing

From October, 2001

Just weeks before HP started to brief its vendor partners about the 3000 futures cut-off, customers asked about it. In a public forum of a webinar, the 3000's vendor relations manager, its product planning manager, as well as its customer spokesman said they knew nothing about the 3000 leaving HP's fold.

The questions surfaced in an October, 2001 broadcast. On November 14, the company released public statements. I was briefed on Nov. 9, and vendors leaked their notifications during the first week of November.

If nobody on that October Webinar knew about ending the 3000 business line, HP was certainly keeping its decision held as closely as a riverboat gambler's hand. Or perhaps a certain German sergeant on TV was the template for the answers.

After a few minutes of questions about support for disk mirroring, boot drives greater than 4Gb and other chestnuts often asked, HP began to address a number of questions about the impact of the merger on the 3000 product line. Customers asked about a published report in Network World magazine, wondering if the system was likely to survive the merger.

“I sure wish I knew the answer to that,” said Kriss Rant, CSY’s manager in charge of developer relations and a division veteran. “I don’t know any more than you do.”

“Whenever there’s a large merger like this, the press has a field day,” host Stachnik added, “speculating on exactly what it’s going to mean. I can tell you that nobody in the 3000 business has received any marching orders from Compaq or upper HP management that OpenVMS, MPE or any other operating system is supposed to survive or not. There’s been no decisions made on that. Don’t give too much credence to it.”

Platform Planning Manager Dave Snow noted that HP did a “total roll of our product line in February, and we’re delivering multiple processor support. I certainly think you can expect there will be support of MPE for many years to come.”

Other questions on the merger got a broad brush answer from Stachnik. “The correct answer at this point is, ‘We really don’t know,’ ” he said. “There are lots of open questions about whether that merger is even going to happen. The SEC needs to look at it, and there’s been all sorts of speculation in the press.

"How it’s going to impact the 3000 — we simply don’t know at this point. We’ve gotten no marching orders one way or the other, and I’m not anticipating we’re getting them anytime in the near future.”


Your Guide to Image Logging

Pexels-kaboompics-com-6076
By Bob Green

The system is down – the hard drive is toast – and you may have to restore your IMAGE database from yesterday’s backup. In the past, this is the scenario that typically got HP 3000 system managers interested in the transaction-logging feature of the TurboIMAGE database.

But now, as a result of the Sarbanes-Oxley law (SOX), IMAGE Logging is also being used to create audits for data changes. Managers who have never used transaction logging before are now enabling it to create an evidence trail for their SOX auditors.

Here is an example from Judy Zilka, posting to the 3000-L newsgroup:

“As a requirement of Sarbanes-Oxley we are in need of an HP 3000 MPE system program that will automatically log changes to IMAGE data sets, KSAM and MPE files with a user ID and time/date stamp. We often use QUERY to change values when a processing error occurs and the user is unable to correct the problem on their own. The external auditors want a log file to be able to print who is changing what and when.

George Willis and Art Bahrs suggested IMAGE Transaction Logging:

Judy, we have enabled Transaction Logging for our TurboIMAGE databases coupled with a reporting tool known as DBAUDIT offered by Bradmark. For your other files, consider enabling a System Level logging #105 and #160. The LISTLOG utility that comes with the system can extract these records and provide you with detail or summary level reporting.

Hi George & Judy:

Yep, Transaction Logging will meet the requirements for Sarbanes-Oxley and HIPAA for requirements relating to tracking “touching” data.

Also, remember you must have a corporate policy relating to this tracking and either a SOP or a formal procedure for reviewing the logs. The SOP or procedure needs to address what constitutes normal and abnormal activity with regards to reviewing the logs and what action to take when abnormal activity is noted.

— Art “Putting on the InfoSec Hat “ Bahrs

P.S. The fines for not being able to show who did what and who has access to what can be very, very eye-opening! Of course these comments only apply to the US and businesses linked into the US.

So what is IMAGE logging?

First of all, it is not the same as “system logging” or system “logfiles.” These record MPE system activities such as logon and file open, and have their own set of commands to control them. You can see in George’s answer above that he suggests system logging to track KSAM and file changes.

IMAGE logging is a variety of “user logging” and is a part of the TurboIMAGE database application. Once enabled, it writes a log record for each change to a database. There are three programs that can be used to report on those database log records:

LOGLIST (a contributed program written by Dennis Heidner; I am not certain what the current status of this program is).

DBAUDIT (a product of Bradmark; in the spirit of SOX disclosure, I must admit that I wrote this program and it was a Robelle product before we sold it to Bradmark!)

AuditTool 3000, from Summit Solutions (www.sumsystems.com), created for ERP system logging and expanded to work with any 3000 application.

Setting Up IMAGE Logging

A number of MPE Commands are used to manage IMAGE logging; see the MPE manual at docs.hp.com/en/32650-90877/

index.html

:altacct green; cap=lg,am,al,gl,nd,sf,ia,ba

:comment altacct/altuser add the needed LG capability

:altuser mgr.green; cap=lg,am,al,gl,nd,sf,ia,ba

:build testlog; disc=999999; code=log

:getlog SOX; log=testlog,disc ;password=bob

:comment Getlog creates a new logid

:run dbutil.pub.sys

>>set dbname logid=SOX

>>enable dbname for logging

>>exit

:log SOX, start

:log SOX, stop

You can use the same Logid for several databases. For a more detailed description, see Chapter 7 of the TurboIMAGE manual, under the topic “Logging Preparation.”

IMAGE Logging Gotchas

Although the basics of user logging are pretty straightforward, there are still plenty of small gotchas. For example, Tracy Johnson asks about backup on 3000-L

“If when backing up IMAGE Databases that have logging turned on and you’re not using PARTIALDB, shouldn’t the log file get stored also if you store the root file? This question also applies to third-party products that have a DBSTORE option.”

He continued, “One problem I’ve been having is that since a log file’s modify date doesn’t change until it is stopped, restarted, or switched over, one might as well abort any current users anyway, so any log files will get picked up on a @.@ “Partial” backup, because DBSTORE and “online” (working together) features won’t do the trick. Because even though a root file’s modify date gets picked up on a Partial backup, the associated log file’s isn’t.

Then Bruce Hobbs pointed out that there is the Changelog command to close the current logfile before backup (which ensures that its mod-date is current and that it will be included on the backup) and start a new logfile.

Later Tracy ran into another interesting gotcha regarding logging and the CSLT tape

“If you use IMAGE logging, always make your CSLT the same day you need to use it! (Or make sure no CHANGELOG occurred since the CSLT was made. Thanks be to SOX...which forced IMAGE logging.)

“We added so many log files identifiers for each of our production databases it reached the ULog limit in sysgen of 64 logging identifiers. So, per recommendations of this listserv (and elsewhere,) I had to update the tables in sysgen and do a CONFIG UPDATE this weekend to bring it to the maximum HP ULog limit of 128. Not a problem. Stop the logging identifiers with “LOG logid,STOP” Shut down the system and BOOT ALT from tape. System came up just fine — UNTIL it was time to restart logging! Every logging identifier reappeared with old log file numbers a few days old. (We do a CHANGELOG every night and move the old log file to a different group.) I scratched my head on this one for half of Sunday.

<Epiphany Begin> Then it occurred to me, the Log file numbers the system wanted were from the day the CSLT was created. I had made it before the weekend, thinking it would save me some time before the shutdown! </Epiphany End>

Therefore:

a. Logging Identifiers retain the copy number on the CLST tape in the case of an UPDATE or UPDATE CONFIG.

b. Logging Identifiers on the system retain the NEXT log file they need to CHANGELOG to.

So if one needs to use a CLST to load and you’re using Image Logging, remember to use it just after you create it, or make sure no CHANGELOGs occurred since it was made.

This may effect some sites as they may believe their CPU is a static configuration and only do a CSLT once a month or once a week. In the case of an emergency tape load, to save some heartache rebuilding image log files, they may need to do a CSLT every day.


Carly's exit sparked new hopes for 3000

Newswire Classic

March 2005

After board demands CEO’s resignation, 3000 sites ponder new future

The CEO who hawked change as HP’s new mission — and so sparked the 3000’s exit from the company’s lineup — has left HP in a resignation that made some customers hope for a change in HP to alter the 3000’s fate.

But HP’s board of directors, after demanding Carly Fiorina’s resignation on Feb. 9, have shown no signs of changing the company’s commodity and consumer-driven strategy, one which hurried the 3000’s HP exit.

Interim CEO Bob Wayman told stock analysts the next CEO will need to march to the tune Fiorina composed during the five-plus years she headed the company.

The company won’t change because its board hasn’t changed much. Venture capitalist Thomas Perkins came on board in early February, but the list of directors includes a group of officers who have approved Fiorina’s plans to grow HP. The board said it removed its CEO and chairman because she did not execute HP’s strategy well enough. The company’s earnings growth has disappointed analysts in recent quarters.

Wayman said during an analyst briefing that the board is looking for a CEO to work with the current strategy: Offering a broad portfolio of products while operating a printer business integrated with the rest of HP.

“While they won’t preclude any open discussion on a new CEO’s view of what the future strategy should be,” Wayman said, “we are looking for a CEO who also embraces that strategy, in all probability.”

Fiorina, who earned $44 million in signing bonuses to join HP in 1999, left the company with a $21.1 million payout. Her contract also provides $50,000 in job counseling services, a point of irony that didn’t escape HP 3000 customers who have seen careers ended or altered after the 3000’s cancellation.

“She was the executioner,” said John Dunlop of 3000links.com “She chopped and pruned product lines and employees. Unfortunately for the HP 3000 community, the HP 3000 was one of the early casualties. Thus she became the name synonymous with the death of the HP 3000.”

Another customer said Fiorina represented a strategy of judging a customer by what they’ve bought lately. The 3000 customer has been expected to buy what HP produces after it said it won’t offer the HP 3000.

“Carly was viewed by many to be of the mindset that our value as customers was limited to our wanting to buy what HP had to sell,” said Russ Smith of credit union Cal State 9. “It was not that our value was inherent as customers, period — and that HP should produce what we need.”

The majority of customers were realistic about how much change would filter down to the HP 3000 issues that remain at the company. “HP now has bigger problems such that this issue won’t even be on the radar,” said John Wolff, the CIO at LAACO, Ltd and vice-chair of OpenMPE. “Not only did they break the HP 3000 product line, but Carly broke the whole company — 60 years to build it, six years to wreck it.”

Fiorina was the first CEO ousted from HP in such a public manner: Stories of the forced resignation aired on all major US TV networks; HP called a press conference to explain on the day it removed Fiorina. She was not the first to leave involuntarily, though. Another HP CEO, John Young, “was politely retired when Dave Packard came back out of retirement to put the company back onto the right path in October, 1992,” Wolff said. “Young was paid $1 million for ‘unused vacation time.’”

An enterprise change?

Some 3000 customers said they were hopeful a better enterprise server strategy would emerge under a new CEO. The majority of customers responding to a spot poll by the NewsWire reported they were migrating away from the server, a position that has them considering HP’s server alternatives. For many, the damage has already been done.

“We lost all faith in HP’s strategy some time ago,” said Don Baird, president of EnCore Systems. “We do not rely on anything HP except our 3000s, which we are replacing with non-HP solutions.”

HP’s change of heart is having an impact on a choice of vendor for migration sources. At the Anchorage, Alaska light and power utility, systems analyst Wayne Johnson is moving to Windows — but HP’s moves with the 3000 make the utility wary.

“Part of my company’s fear has been the HP 3000 is going away, so let’s steer clear of any other HP product,” he said. “Could the change mean that the HP 3000 will be resurrected and not meet its demise in 2006? Our Windows platform is not HP.”

Some drew a direct link to Fiorina’s strategy and the slide of HP’s enterprise business. “HP lost its personality under Carly. Their niche was solid, reliable computing platforms, not PCs and not iPods,” said John Lee of reseller Vaske Computer Solutions. “Hopefully, the new CEO will re-focus the company on its core strengths, one of which used to be enterprise computing.”

Even those moving to HP’s Unix systems want to believe more change in management is on the way. “I really hope the shakeup continues down the line,” said a long-term HP 3000 manager who wanted his name withheld. At his firm, HP 9000s are replacing HP 3000s. “Maybe we can get back to a point were the customer and our needs come first, and the profits and sales will follow,” he said. “Since the Compaq-HP merger, the quality of our service programs and sales support have dropped.”

The CEO’s departure won’t change much for Pivital Solutions, a company that signed on for the last year of HP’s authorized 3000 sales and now offers third-party support for the server and MPE. “The only hope I still loosely hold is that they will sell off the enterprise systems group before they run it into the ground,” said president Steve Suraci.

Operator seeks operations whiz

HP’s executives say the company now needs a CEO with better operational skills. Its top sales officer Mike Winkler, quoted in a published report from the recent Goldman Sachs Technology Investment Forum, said HP’s fortunes would rise with a CEO like Lou Gerstner, the IBM leader who came in to turn around that company in 1992. In that same year, HP’s founders Bill Hewlett and Dave Packard asked LaserJet czar Dick Hackborn to take the CEO reins from John Young. Hackborn wouldn’t leave his home in Boise, Idaho to take the job and retired a year later.

But Hackborn, an operator behind the scenes in most of HP’s business choices since his retirement, played the lead role in bringing Fiorina to HP after the company felt it missed out on the Internet boom during CEO Lew Platt’s watch. Another report, published in the wake of the Fiorina ouster by BusinessWeek editor Peter Burrows, says Hackborn acted as the catalyst to spark the board’s removal of Fiorina.

Now Hackborn and the rest of the HP board will try to find an operational, COO style of CEO. HP will change CEOs because of Fiorina’s inability to execute, not over her direction. “She had a strategic vision and put in place a plan that has given HP the capabilities to compete and win,” HP’s press release assured investors.

The strategy which Hackborn has pulled HP into — commodity sales like printers, with less direct customer contact — relies on resellers and outside distributors to stay in touch with all but the largest customers. Typical HP 3000 shops, working for small and medium-sized businesses, say they have not felt much contact with any HP operation except its support group.

“Working for a small company, I don’t feel that I or my company has ever been part of an ‘enterprise systems strategy,’” said John Bawden of health insurance provider QualChoice, an HP 3000 shop. “Generally we are ignored unless we have the energy and the need to go to HP for something.”

Continue reading "Carly's exit sparked new hopes for 3000" »


HP 3000s and the time to end Daylight Saving

Pexels-darwis-alwan-1454769
During the 1990s, Shawn Gordon wrote a column for the NewsWire on VeSOFT products and reviewed software for us. He also left the 3000 world for the novel pastures of Linux, long before that OS was a commonplace IT choice. His departure was an example of thinking ahead. Along those lines, Gordon's got a classy article from his website about Daylight Saving Time. DST is a failed experiment that costs everyone more money. California, where the HP 3000 was born, is on the path to eliminating DST. Arizona and Hawaii are already non-DST states.

DST became a thorn in the side of 3000 shops because it had to be accommodated with customized code. The cutover days, into Saving and then out of Saving, were different every year. A handful of clever jobstream hacks lurched systems into and out of time zones that were working perfectly until the law said every zone had to shift forward. Or back.

Here's Shawn's article, as polished as all of his offerings have been in both software and writing. You can write your US Representative to get this clock switching put away for good. The US Senate already is hearing a bill about this, although it's the misguided solution to make DST permanent. The alleged Saving has only been going on since HP first made 3000s. Since HP's given up on that, maybe the US can give up on Daylight Saving.

By Shawn Gordon

One might think that the societal contributions from New Zealand mostly consist of the band Crowded House and sheep-based products, but it is New Zealand entomologist George Vernon Hudson that we have to thank or curse for modern Daylight Saving Time (DST). Benjamin Franklin is often credited with the idea, but it is based on a satire he wrote in 1784 about Parisians rising late in the day. Hudson authored and presented a paper in 1895 to the Philosophical Society proposing a 2-hour shift. This was entirely due to him working a “shift schedule” and not having enough daylight left after work during certain times of the year to collect bugs. His proposal was entirely self-serving. If he couldn’t get the time off, he’d force society to change.

Shortly after, and totally independently, the prominent English builder and outdoorsman William Willett noted in 1905 how many Londoners slept through the beautiful summer days, and as an avid golfer, he also didn’t like playing at dusk. Willett is often wrongly credited as the man who came up with DST. Again, totally self-serving and a desire to control other people's behavior. Willett was able to get Parliament to take up the proposal but it was rejected, he continued to lobby for it until his death in 1915.

DST wasn’t formally adopted by anyone until WWI in 1916 as a way to conserve coal, but again, this only controlled behavior, it didn’t change time. The same results could have been had by just starting everything an hour earlier. After the war, DST was abandoned and only brought sporadically, notably during WWII, but did not become widely adopted until the 1970s energy crisis.

In 1973, President Nixon changed the US to year-round DST, which of course was silly, everyone could just start earlier. The act was repealed when it resulted in a marked increase in school bus accidents. A study done by Stanley Coren of the University of British Columbia in 1991 and 1992 showed an 8 percent jump in traffic accidents on the Monday following the “spring forward” time change. After some jumbling around for a couple of years, it was finally settled in 1975 to the last Sunday in April through the last Sunday in October. Making changes to computer clocks in those days was not trivial and this was an enormous burden in the budding technology sector.

In the mid-1980s, the Sporting Goods lobby and associated lobbyists were able to convince Congress to extend DST to the first Sunday in April, which increased DST from six to seven months of the year in 1986. Computers were now far more prevalent and the change had an even larger impact and cost that everyone just had to eat. Simply having to change the clock twice a year was an enormous burden.

The systems I worked on at the time required the computer systems be restarted to change the clocks, which meant making sure all batch processing was completed so you could have a quiet 20 minutes or so to restart the systems in the middle of the night, which required a human being be sitting there.

In 2007, as part of the Energy Policy Act of 2005, DST was extended another 4 weeks so that the United States and Canada are now on it almost two-thirds of the year. The claim was that this additional 4 weeks would save 0.5% electricity per day for the country, enough to power 100,000 homes. There is a provision in the act to revert to standard time if those savings didn’t materialize. A 2008 study examined billing data in the state of Indiana before and after the 2006 change to DST and showed an increase of 1-4 percent due to the extra afternoon cooling and increased morning lighting costs.

All public safety claims made in the 1970s by the US DOT have been discounted by later empirical studies by the NBS. Similar claims by Law Enforcement of reduced crimes were also discounted as the sample set was too small (two cities) and did not allow for any mitigating factors.

In November 2018, California passed Proposition 7 which repealed the Daylight Saving Time Act of 1949 that approved the clocks in California to stay in sync with changes made at the federal level. This is the first step in allowing California to either (sensibly) cancel DST altogether like Arizona and Hawaii, or (foolishly) staying on DST year-round. If a state as large and influential as California were to abandon DST altogether, you would likely see a lot of adoption across the US and possibly the end of this silly practice altogether. The people that think year-round DST is a great idea, don’t remember when we did it before.

Arbitrarily changing something like the clock has huge effects and costs across society, as previously noted. Major systems can go down from bad date calculations. There was an outage in Microsoft Azure on leap day 2012 because of a simple date math bug. Politicians and lobbyists are oblivious to these costs and concerns and blithely change the clocks around as though they are some Olympian Gods that command time itself.

Ultimately, it is the arrogance of politicians that seem to think they are creating or giving you an extra hour of daylight, when in fact they are just controlling everyone’s behavior. There is no energy savings, quite the contrary. It doesn’t improve public safety, it does none of what it is purported to do. What it does have is a deleterious effect on public health and safety. A negative impact on kids performance in school, as many studies show that kids do better in school by starting later in the day and DST is contrary to that.

DST mandates massive hidden costs and dangers in adjusting delicate computer software systems. Modern life does not require DST. Our lighting energy costs are trivial compared to our other usages like computers and TV. Flexible work arrangements and a global economy makeshift work mostly a thing of the past. It’s time to move to the 21st Century and drop this anachronistic legislative holdover that was developed by arrogant and self-serving men. Write your Senators and your Representatives and let them know what you think.

Photo by Darwis Alwan from Pexels


In Your History: Strobe emulator project rolls up sleeves

December 2004

Editor's note: Strobe abandoned its emulator project before Stromasys released its Charon emulator for PA-RISC in 2012. Strobe was the first to announce officially, though.

Strobe commits engineering time to design HP 3000 replacement

3000 support now stands by for the next seven years and beyond. Applications continue to work on HP 3000s. The base of MPE experience is adequate, with IT pros ready to pass on 3000 skills and employ what they know. The only thing missing for the HP 3000 afterlife is new hardware — and if a Pacific Northwest company succeeds on its mission, new 3000 systems won’t be missing for long.

Strobe Data, a company with almost 20 years of experience building hardware emulators, has revealed that it has started design on an HP 3000 emulator. Mike Penk, the engineer who just completed Strobe’s software-only product that emulates Digital’s venerable PDP-11 systems, is leading Strobe’s efforts. The end result will let PC hardware act as if it’s a system with HP’s PA-RISC CPU at its heart, the processor that drives both HP 3000s as well as HP’s older Unix systems.

The newest Strobe project will take several years to deliver its first version. Strobe’s president and founder Willard West said his company’s business experience in emulator lifecycles tells him there’s no rush to complete a product before HP leaves the 3000 support arena. In fact, the lack of vendor support for discontinued systems has been a part of the Strobe business model.

Used HP 3000s will still be in the market by 2007, but West says his company has never considered used systems as competition for Strobe emulators. Price won’t help used systems compete, he believes, even if they sell for a fraction of an emulator.

“If a customer’s going to buy used product, he can probably buy it for 10 percent of what our product will sell for,” West said. “But it’s used, and who’s going to support it? I just don’t see that the used market will be viable two years from now.”

After gathering data on the 3000 market last year, Strobe seemed poised to start design of a product they’ve built for other platforms. The company waited until the summer of 2004 had passed before tossing its hat into the homesteading ring.

“The need [for an emulator] has developed, and nobody has stepped in to address that need,” West said. “We have a solution that we have been working on, in various flavors, since 1985.”

No HP dependency

Design and testing of an HP 3000 emulator stood at the heart of early plans by advocacy group OpenMPE. Prior board members reasoned that without replacement hardware available to the market, the 3000 platform couldn’t maintain a mission-critical profile. Emulation — where a software suite or a hardware-software combination transforms a PC processor into accepting HP 3000 instructions — dominated OpenMPE and homesteading discussions until late 2003.

OpenMPE even worked to get HP to declare its intent to offer an emulator-level license for MPE/iX, available beyond 2006. HP managers from the HP 3000 division offered a letter of intent to demonstrate their commitment to support an emulator with such a license.

But OpenMPE activity during the past year has focused on getting a limited license from HP to use the MPE source code in development outside HP. In the group’s latest strategy, 3000 hardware would be plentiful, while MPE/iX will need continued care after HP shut down its MPE/iX labs. HP has said it won’t decide on such third-party licensing of MPE source until the second half of 2005.

Stobe’s project doesn’t depend on anything that HP might decide. West said keeping MPE/iX static, with no further development beyond HP’s efforts, works for a marketplace accustomed to reliability.

“I kind of see OpenMPE going in the wrong direction,” West said. “People are homesteading because they have a reliable piece of software and reliable hardware. When people start talking about changing either one of those, they get nervous. What assurance do they have that the OpenMPE group has the resources to do this?”

Understanding software

Although Strobe’s aim is to create a product that processes MPE/iX commands exactly like an HP 3000, Strobe’s efforts could require more intimate knowledge of MPE’s internals than the company has on its staff today. The emulator itself is likely to be a software product at first, running on an Intel Pentium chip and using Linux to manage system operations. This design follows the model Strobe used in its most recent emulator, a software suite called Osprey/MP that mimics the Digital PDP-11 hardware.

Performance challenges might push Strobe to incorporate custom-designed hardware in its emulator, West said. “We may build a PA-RISC hardware platform eventually,” he said. “If the customers need more speed than say, a 4Ghz dual Pentium-4 can give them, we’ll have to turn to the hardware implementation.”

Strobe sells hardware products which emulate the HP 1000 servers, used for real-time applications, as well the Data General Eclipse servers and those PDP-11s. Strobe recommends its customers use server-class PCs with top-grade memory and storage when emulating these business-class servers.

HP’s letter of intent for licensing MPE/iX on an emulator requires customers to use HP computers, although engineers at HP say there’s no way for MPE/iX to check what kind of PC is executing the 3000 applications’ instructions.

In the meantime, HP has said that it will transform HP 9000s into HP 3000s on a limited basis, which would keep even more sites on HP-built hardware. West is unconcerned about HP’s latest offer, one that might be available only to the largest of HP 3000 users.

“Can I kiss them for doing that?” he asked. “They’re keeping those customers in stasis for me when they do that.” Staff at HP’s own IT operations have been asking about how to compare HP 9000 models to 3000 counterparts, so HP’s IT shops could continue to use transformed 9000s for business-critical MPE/iX applications.

Those software applications extend the lifespan for an emulator product, West said. “There’s lots of things that can happen to software,” he said, “like it’s not documented, or the people who wrote it aren’t around anymore. There’s lots of reasons to homestead.”

Bootstrapping work

Strobe says it has several customers who have offered it seed money to start work on an HP 3000 emulator. Rather than raising capital to start development, Strobe can use profits from its emulator business to begin work. “I have a company, a foundation of an income stream,” West said. “I can make the commitment and then have the money flow in.”

Some of the most extensive work on the project will involve managing IO streams between storage and the emulated processors. West said enlarging the volume size an operating system can handle is the problem his company has most frequently encountered.

Strobe will build an execution engine for the PA-RISC instruction set, an effort that “will take no more than 30 percent of the effort” on the project, West said. Most of the challenge of making software stand in for a computer lies in virtualization: the redirection of peripheral data into and out of the core processor. IO instructions are trapped and passed to the host, so disc drive models are emulated in software under Windows or Linux.

Strobe’s emulator will only be aimed at supporting the 32-bit mode of the HP 3000 and HP 9000. A version that runs Linux will come first, to prove the PA-RISC emulation concept, West said. Unix is likely to follow, and then the Strobe emulator will have to mimic the “BIOS switch,” as West called it in shorthand, which tells MPE/iX that it can continue booting on the hardware.

The MPE nuances that make HP’s PA-RISC computers become HP 3000s lie closer to the end of Strobe’s emulator project. West believes his company will have access to 3000 experience by then.

“When we get to the point where we want to run MPE as a test, I have great confidence that HP, with that [MPE/iX] license, will tell us how to implement that switch,” West said. “We’ll certainly have experience in the operating system by the time the product is up and running.”


For your older 3000: JBOD, RAID enclosures

From our archives of 2003, a report on devices to house and attach storage to a 3000. These arrays are still in the wild, available from resellers. And they're quite a bit less expensive than nearly $55,000.

HP brings new RAID array, JBOD enclosure online

HP 3000 to get access to systems using Ultra320 disks

HP 3000 customers looking for RAID disk storage and newer enclosures for Just a Bunch of Disk (JBOD) configurations have two new products to consider. HP is introducing an upgraded VA7110 virtual array for the HP 3000, a 45-disk configuration, up from the 15-disk 7100 arrays. Like its 7100 predecessor, the 7110 supports RAID 1+0 and RAID 5DP (double parity).

HP’s 3000 hardware manager Kriss Rant said the device leverages performance improvements from HP’s VA7410 virtual array into a lower-cost unit, at a price point “which is the sweet spot of the older 7100 arrays, the low-end of the midrange,” according to Rant.

Pricing before discounts shows the VA7110 coming in at slightly higher prices than the 7100, $54,984 for a 7110 with four 36Gb disks and a 512Mb cache, versus $48,354 for the same configuration in a 7100. Prices drop slightly per Mb of storage when comparing the 7100 fully loaded versus a 15-disk 7110.

The 7110 operates with both MPE/iX 7.0 and 7.5, using an SCSI to Fiber Channel router on 7.0 and native Fiber Channel in 7.5 implementations. The new array supports the 146Gb 10,000 RPM drives from HP, and the vendor says in some cases this array can double the performance of the 7100. The total capacity of the 7110 can run as high as 6 terabytes, and the unit accepts 15,000 RPM drives of 36Gb and 73Gb, and 10,000 RPM drives of 36Gb and 73Gb, in addition to those 146Gb drives.

HP 3000 JBOD choices will be expanding to the DS2110. It’s a fully compatible replacement for the DS2100, the current JBOD enclosure supported under MPE/iX. The older 2100 is coming off the HP price list on July 15. While the 2110 supports the newer Ultra320 SCSI disk mechanisms, those drives are also limited to the 80Mb/second support constraints of MPE/iX. But the device will let HP 3000 customers use a wide range of disk devices from HP, including HP’s Ultra160 SCSI disks.

The 2110 supports mixed disk capacities, and HP 3000 sites can load it up with as much as 584 Gb of capacity in a 1U enclosure. It can be used with a PCI disk array controller as a low-cost RAID solution.

HP’s introducing the DS2110 to ensure a steady stream of disk mechanisms for the enclosures, since it’s discontinuing its Ultra160 disks. The newer Ultra320 disks can negotiate down to Ultra160 IO cards.

While HP 3000 customers can’t use more than 80Mb/second of this bandwidth today, Rant said the project to upgrade MPE/iX drivers to accept all of the Ultra320’s 320Mb/second of bandwidth “hasn’t dropped off the engineering prioritization list yet.”


How to schedule on MPE/iX using MPEX

Onscreen report
Newswire Classic

By Shawn M. Gordon

Inside VESOFT covers tips and techniques you can use with VESOFT’s products, especially MPEX. 

Some pretty sophisticated job scheduling abilities are inside MPEX/Streamx. They don’t get talked about often, but they are really very cool to use if you don’t already have a scheduler. Since this does rely on Streamx, it will be necessary for you to own Security/3000 for it to work. The SHOWJOB was enhanced to support this, a new command (SHOWSCHED) was added to give direct support, and a new parameter was added to STREAMX, ::SETSCHEDULE, that does some basic interfacing.

First let’s take a look at the SHOWJOB command below.:

Syntax:   %SHOWJOB [mpe showjob parameters]
                    [;JOB=@A]
                    [;NOSEC]

Examples: %SHOWJOB JOB=@A
           %SHOWJOB SCHED;NOSEC
           %SHOWJOB [email protected];*LP

%SHOWJOB

JOBNUM  STATE IPRI JIN  JLIST    INTRODUCED  JOB NAME

#S2     EXEC        20  20       WED  7:41A  SHAWN,MANAGER.SYS
#J3     EXEC        10R LP       WED  7:43A  BACKG,MANAGER.VESOFT
#S3     EXEC         2  2        WED  8:05A  SHAWN,MGR.SMGA
3 JOBS:
     0 INTRO
     0 WAIT; INCL 0 DEFERRED
     3 EXEC; INCL 2 SESSIONS
     0 SUSP
JOBFENCE= 6; JLIMIT= 2; SLIMIT= 40

JOBNUM  STATE R SCHED-CONDITION  SCHEDULED-INTRO   JOB NAME

#A1     SCHED +                   SMTWRFA  0:10    FYIMAIL8,MGR.SMGA
#A2     SCHED +                   -MTWRF-  0:15    DAILY,MANAGER.SYS
#A3     SCHED +                   S-----A  0:35    DISCLEAN,MANAGER.SYS
#A4     SCHED +                   -MTWRF-  1:30    BACKUP,MANAGER.SYS
#A5     SCHED + WHENEVER BETWEEN(HPDAY,2,6) AND...  DBTREND2,MANAGER.SYS

#A6     SCHED + WHENEVER (HPDATE=1)                REPORT,MANAGER.SYS
#A7     SCHED                FRI  9/16/94 10:00    TESTSCHD,MANAGER.SYS

7 STREAMX SCHEDULED JOBS.

The MPE :SHOWJOB command has been enhanced to display STREAMX scheduling information as well as MPE :SHOWJOB information. When appropriate, STREAMX scheduling information is automatically displayed after the status section of the MPE :SHOWJOB command. In addition, VESOFT has created a new %SHOWJOB userset of @A to represent all STREAMX scheduled jobs.

The SCHED-CONDITION/SCHEDULED-INTRO columns display different information depending upon whether or not the job repeats on specific days, is scheduled to submit on a particular day and time or if the job should be launched when a particular condition occurs. Repeating jobs are indicated by a “+” character after the word “SCHED”. For jobs that are scheduled for a particular day and time, that information is displayed much the same as MPE scheduled jobs. For conditional jobs, as much of the condition that can be displayed on one line will be printed, followed by “...” if the conditional expression is longer.

This is essentially the same format as the %SHOWJOB command, and shows the same information as the %SEC SHOWSCHED command. %SEC SHOWSCHED, however, will display the entire condition under which a job will be submitted, as you can see here:

Last -Days-
                                        #A Job Name Submitted By Job
# SMTWRFA-Time-

                                        6 REPORT,MANAGER.SYS
SMG,MANAGER.SYS J1032
                                        WHENEVER (HPDATE=1)
                                        CHECKEVERY DAY

Since the default is to display both jobs and sessions, simply typing %SHOWJOB alone will display MPE jobs and sessions, MPE scheduled jobs, the MPE status block, and STREAMX scheduled jobs in that order. To display only STREAMX scheduling information, type %SHOWJOB JOB=@A. To suppress STREAMX scheduling information, include ;NOSEC as part of the command.

With the ::SETSCHEDULE command, the job stream can specify its own scheduling parameters, e.g.

!JOB DELSPOOL,MANAGER.SYS; OUTCLASS=,1
::SETSCHEDULE AT=02:00
or
::SETSCHEDULE AT=?When would you like to schedule this job for?

What follows the ::SETSCHEDULE must be the :STREAM command scheduling parameters, exactly as they’d be specified after the “;” in the :STREAM command (e.g. “::SETSCHEDULE AT=02:00;DAY=MONDAY”).

Note that if the user explicitly specifies scheduling parameters when he runs STREAMX (e.g. in the STREAMX UDC), those parameters will be used and any ::SETSCHEDULE command in the file will be ignored. This lets a user override the ::SETSCHEDULE settings in the file.

Also note that if you specify several ::SETSCHEDULE commands in one job stream, the FIRST one will take precedence. It’s important to note that the new parameters can be specified at submission or with the ::SETSCHEDULE. So the STREAM command through STREAMX now supports the following syntax:

:STREAM filename
[;REPEAT= [DAILY|WEEKDAYS|day of week[, ...] ] [;WHENEVER=
condition]
[;WHEN= condition]
[;CHECKEVERY= minutes| DAILY ]
[;MPE SCHED PARMS]

It’s the “condition” that is so flexible in this new format. Check out some of these examples:

• ...stream a job at a scheduled time each day:
:STREAM MAINJOB ;REPEAT=DAILY ;AT=01:00
• ...stream a job several times each day (once each hour):
:STREAM XPMAIL.MAILJOB.SYS;&WHENEVER=
(BETWEEN(HPHOUR,6,17) and (HPMINUTE=0))
• ...stream a job once a month:
:STREAM REPORT.JOB.SYS;WHENEVER=(hpdate=1);
CHECKEVERY=DAILY
• ...stream a job if another job fails (aborts):
:STREAM RECOVER.JOB.SYS;
WHEN=JSCOUNT(‘POST,MGR.PAYROLL’)=0

The hard part really is just in making sure that your syntax and parameters are exactly what you want. Some trickier stuff you might try to do would be when you want to stream job A when job C finishes with no errors, but stream job B if it fails for some reason. All of this can be done, it just takes a little think time.

Photo by Brett Sayles from Pexels


November is a month for 3000 owners and nonstop regrets

NonStop News

NewsWire Classic

We've marked the end of HP's passions for the 3000 many ways and many times over the last 19 years. The month of November is upon us again, and once again filled with changes. From 10 years ago, the story of the 3000's could-have-been fate, reflected in NonStop and its then-current division leader, rubbed some salt into an old wound.

November is a month filled with memory for many a 3000 owner and user. Some of the sting of watching HP stop its futures for the 3000 is sparked by the enthusiasm offered by HP's NonStop general manager, Winston Prather. NonStop enjoyed its first exclusive conference this fall, while Prather is finishing up his fourth year as GM of the server's Enterprise Division.

Prather held the very last post of General Manager for the 3000, a job where he said it was his decision alone to announce the "end of life" (as HP loves to call it) of the server still running more than a few  major firms. You can pretty much see the retread from his 3000 talks in his message in the NonStop bimonthly magazine, The Connection, from his intro for this Fall's issue (pictured above; click for details).

With all the changes we've made... we've stayed true to the what NonStop has always done best: delivering the scalability, availability and integrity you rely on to run your business. It's a NonStop, not a Tandem. The difference is real, the fundamentals remain.

Fundamentals remain on duty at many HP 3000 shops which Prather predicted would be long ago migrated. But the struggle continues to eliminate an IT asset as quickly as he eliminated 3000 futures. One customer wrote us -- and didn't want their name used, for fear of risking a severance package -- about a second attempt to replace a custom-built application. "The packages that we’ve been sold, complete with rosy allegations of full asset management functionality, simply don’t have it," he said.

Some kinds of applications are custom-written all over the world, the manager added, and "whole concepts of our line of business are obviously brand new to the programmers."

This manager retired a few weeks after the organization's “conversion staff was only now asking for descriptions of the old database. They’re obviously not converting anything; they’re just going to archive the data and hope they can refer to it later."

In the meantime, the company's management dropped all support for the HP 3000s, even though one lost a disk drive and failed to boot from it. Other than a daily full backup, there's not even a shadow of support for the systems. Without a tool like Adager to rely upon, "the database will overfill (work order lines keep on coming!) in about four weeks." Of such high-level organization's decisions -- running a 3000 until it careens into a ditch -- are a system manager's nightmares conjured.

"I’ll return to the fray seeking work," said this 3000 pro. "But what I’ll do is in the air -- obviously not much 3000 development going on, but I may be just the ticket for maintenance projects, or I can probably be valuable in a conversion. I know I’m employable and there are a few 3000 community residents who know I’m reasonably smart; I’ll be okay."

HP's hubris hovered on the dream that any 3000 app could be moved or replaced. NonStop made it to the other side of the 2002 merger with Compaq, and the 3000 didn't. Along the road, the scalability, availability and integrity relied upon by some businesses fell into in the hands of the migration and conversion companies assigned to muck out the mess.

Perhaps the product name of the NonStop line will keep its customers from looking backward at the last business decision which HP put in Prather's hands alone. That's his story of your November history, even to this day. The buck stops at his GM's desk, right up to when he decides to dismantle the furniture that might still have a future.


3000 emulator marks 10-year run

Zelus logo 2010
One decade ago this week, the Stromasys PA-RISC emulator made its debut in the market and on our webpages. The founders of the project were Dr. Robert Boers and the company's CEO in 2010, John Pritchart. Their interview with us remains useful. The talk, published a couple of years in advance of the release of what Stromasys called Zelus at first, shows the path for replacing HP 3000 hardware remains sound.

Newswire Classic

A long-awaited 3000 hardware emulator appears to be on its way to market, as Stromasys this summer announced a development, test and shipping timeline for Zelus. The product is described as a “cross-platform virtualization system” by the company that was founded as a spin-off from the Digital Computer European Migration Center in 1998. Stromasys, which called itself Software Research International until last year, has thrived on an emulator for DEC customers, those who need to keep using Vax, Alpha and PDP-11 hardware to support legacy applications. HP put the 3000 effort at Stromasys on ice for more than a year while it cleared the transfer of MPE boot technology for the emulator.

The software has more to offer than making companies able to use 3000s indefinitely. Stromasys says Zelus will buy time for the sites which are migrating and need more connectivity and power for their interim 3000s during a migration.

Robert Boers headed up the company during 2009, but this year brought on John Pritchard as CEO so Boers could focus on the tasks of being the firm’s CTO. In the wake of the company’s announcement about Zelus at the recent HP Technology Forum, we interviewed the pair via Skype, bridging the gap between Texas and their Swiss headquarters -- even as the company works out details to bridge what will be an 8-year gap in 3000 manufacture when Zelus goes on the market next year.

Your press statement on Zelus says the product “ensures continuity after the phase-out program of the HP 3000 hardware.” Do you believe that’s how your customers will view the situation: phasing out the 3000?

Pritchard: For people who have mission-critical legacy systems, they believe all of their hardware are on life support. What we’re offering is to shift their focus away from worrying about hardware maintenance to giving them a software platform life that is independent of a hardware platform.

When it ships next year, will this product bridge the gap between 3000 hardware last built in 2003 and the newer technologies such as iSCSI?

Boers: Things like iSCSI will work out of the box. We do that for our VAX and Alpha emulation routinely, because iSCSI is elegant and useful. You tell Windows to create a virtual disk which is an iSCSI disk. You can tell the emulator that this virtual device is your SCSI drive. You can map to new hardware, so if you have serial ports, for example, you can map them to an Ethernet-based remote serial multiplexer. Most of this stuff is mapped standards.

So does that mean that the controlling environment for the emulator will be Windows?

Boers: It can be anything. For the time being, we typically develop under Windows 64 bits. But we provide these products under Linux as well. The customer only sees MPE. Basically, these things behave as virtual clients. From a usage point of view, you don’t have to know where they run. In Linux, we remove what we want, so you have something that runs on the footprint of VMWare. But for all of these choices, we need to know more about what the customer is looking for.

Pritchard: One of the purposes of this announcement to start to invite a dialog with the community. We want to select a few sponsor companies who’ll say, “Here’s my application, I want to be one of the first to migrate. Here’s my configuration, and here’s what I need.” We want to focus our development team on just a few specific customer applications.

We’ve gotten far enough in our prototyping to know that it really works, and what we need is a lot more market feedback and a couple of sponsor customers to work with, to get a few successes under our belts.

What is being a sponsor customer going to look like?

Pritchard: We’ll select a couple of companies that will give us complete access to their environment for their 3000 application. The customers we’re looking for in early adopters should be lower-risk environments.

Boers: Let me give you a couple of examples. In dealing with Hewlett-Packard, the issue they had the most difficulty with was the whole physical licensing process, their hardware-enforced licensing mechanism. They have given us two device ID strings which we can use in out emulators, a low- and a high-end machine.

The other issue is something that HP is washing it’s hands of: Unlike physical hardware, you can run this emulator on a number of different platforms with different performances. A lot of the third party licensing is based on performance. If we don’t do anything, then there’s no performance information there. I want to know from the third party software providers if that’s okay, or what we can do technically with ease, provide information about relative system performance [of the emulator.]

We can emulate a system ID string as a standard. Every time you install an emulator you buy another license key.  Whether to some extent software vendors want to link to that.

We addressed this a couple years ago, when we did our first attempt. I didn’t really get information in that area — except for comments that it should really be HP, as part of their software transfer licenses [of MPE/iX] who should take care of that. But obviously, HP is pretty much out of the game by now.


25 Years: 3000 Poster Project Kicks Butt

Largest Poster Project
August 5, 1996

It was a simple Monday assignment. Fill more most of a football field with 2,809 sheets of paper, each printed from an HP 3000 in four colors, to make a pattern of football players. "MPE Users Kick Butt" was tacked down with gutter-sized roofing nails to show HP's top executives the system could still do great things. The point was to make sure HP knew its 3000 could be connected to Postcript printers to print an enormous job, and that its customers were devoted to the product.

This was the World's Largest Poster Project, a brainchild of Wirt Atmar. The owner of AICS International made his bones in the word processor application field before shifting to reporting tools. QueryCalc was a ultra-spreadsheet for 3000 applications, giving its users a way to view and organize reports as easily as any Excel sheet set could. The volunteers wrapped the poster design around the name of the 3000's OS, which probably baffled some HP execs of the day.

This was also an important day for the still-new 3000 NewsWire. The poster was assembled at the Loara High School Football field in Anaheim, the town where we put up our first exhibit stand at the HP World conference. Interex had licensed the rights to the new conference name from HP. The NewsWire would be showing off its July, 1996 issue the next morning at the conference. We were also catering the volunteer effort with an array of Subway sandwiches and Domino's pizzas.

The poster was much splashier than anything we could order from fast food places. We engaged the high school's booster club to man the feeding tables, cementing the new relationship between school and 3000 community. Winds pick up by midday in Southern California in summer, so the dozens of poster builders getting a suntan from the bright sunlight glaring off the paper were racing the clock. Just after the stunt was completed, a helicopter was chartered to take a photo that Adager paid for, and then pitched to the Orange County Register.

Nothing is perfect, of course, so the panels of paper peeling up in the wind led to some hard feelings that a few volunteers took out on the catering menu. A typical 3000 tech expert — the Register called them nerds — can be picayune and exacting. "What do you mean you don't have a vegetarian kosher option for pizzas?" Domino's was unaware of how to make a pizza that fit both of those bills. Of such gripes were our debut day made in that sun. All were fed, and the newspaper smacked the photo and a story onto the front of its Local section.

We chronicled the record with an article in the August issue, the first-ever NewsWire edition to make its way in full to the World Wide Web.

ANAHEIM, Calif. -- More than 100 HP 3000 customers and channel partners succeeded in assembling the world's largest printed poster here, building a document of about 36,000 square feet on a high school football field. The poster was generated by an HP 3000 driving an HP DesignJet plotter, producing 2,650 3x4-foot sheets joined with tape and roofing nails.

In conjunction with this year's HP World '96 Conference and Expo at the Anaheim Convention Center, intensely loyal users of HP 3000 high-performance minicomputers bettered an existing world record by more than 35 percent. The HP 3000 mega-poster covered a 159 by 238 foot layout on the Loara High School football field just a few miles from the site of the HP conference. The completed poster weighed more than 670 pounds, and completely covered the area of the field between the 10-yard lines.

It was an accomplishment crafted from extraordinary cooperation. Born of Internet discussion and pushed along by a broad supporting cast of customers, the World's Largest Poster Project succeeded in attracting attention to the loyalty and satisfaction of HP 3000 customers, with only the support of a few channel partners to fund its material needs. And in the last hours of the record breaking effort, the poster was held together by the combined energies of a few dozen avid volunteers and thousands of two-inch roofing nails.

Fewer than three dozen volunteers were at work within a few hours of the start, rolling out strips of three-foot wide printer paper along the grass of the Loara High School football field. Fastening the paper to the field took more nails than the team had brought to the site, and soon several volunteers were dispatched to supply more of the most critical element in the project.

Meanwhile, the winds continued to climb, testing the resolve of a growing number of volunteers. Panels would spring up in the breeze, which seemed to appear from every possible direction. Project organizer Wirt Atmar (above, pointing out details to a volunteer's son) had printed the thousands of panels over a six week period and the driven the rolls of paper in a U-Haul truck from New Mexico. He stood alongside the poster's edge and gave instruction on holding it in place.

By 11AM, no more nails were on hand, and the question was on everyone's lips -- where are they? The winds climbed with the sun in the sky, and volunteers were forced to use shoes and poster tubes to hold the panels in place. As a section would rise up, dedicated customers would call out "It's coming up!" and race to tack it in place, an organic version of a fault tolerant system.

In succeeding to break the existing poster record, the HP 3000 customers started with virtual relationships. Unlike the previous record, which was done as a product promotion for HP and Disney, this poster was put together by a collection of individual HP 3000 users. There was no single corporate entity behind the poster -- the idea to put it together was born on the Internet. The group which grew to 100-plus volunteers assembling the poster each thought the event was an ideal and enjoyable way to make a gentle, irreverent statement about their belief in their chosen operating system.

Continue reading "25 Years: 3000 Poster Project Kicks Butt" »


On This Day: Sailing toward new reunions

DougMechamBoat-05Aug
Interex founding director Doug Meacham

Fifteen years ago today, the 3000 community was on a quest. Where a conference was supposed to take place, San Francisco, there was nothing but unpaid bills for exhibit halls and meeting rooms. No HP World 2005 would start up, gathering the MPE/iX community for the annual North American meeting as it had for 30 years. 

A luncheon was arranged, though, to serve community members who had nonrefundable tickets to the canceled conference. The Interex user group didn't host it, of course. The group was belly-up dead. The effort emerged from the minds of Alan Yeo and Mike Marxmeier, software vendors who faced the prospect of time in the Bay Area and a hunger to meet 3000 folk.

I wrote about how reunions are a part of family life. The 3000 still has a family, even while many of its members are retired. The gatherings are all virtual now in our lives. Such a thing was nearly impossible 15 years ago. My mom is just as departed as Interex by today, gone but well remembered. We love things that leave us, which is a good reason to grasp onto one another until the departures.

NewsWire Editorial

Even though we work with machines to compute, we crave the spark of personal contact. I felt that contact this month in the heat of Las Vegas with my brothers and sister. We met in Mom’s hometown to move her. She went down Jones Boulevard just one mile, a significant journey when your next birthday, like Mom’s, will be Number 80.

Our days were filled with strapping tape, corrugated cardboard, and sweat in the desert heat. But the nights and the early mornings carried our laughter and the looks that passed between three adult children remembering the bumpy roads of our youth together. It was a summer reunion, a rich consolation for me in this first season without an HP World after 20 years of meeting old HP friends at Interex shows across North America.

I sat in the airport with my brother Bob and told him the story of the Interex demise, then rattled off the array of cities that have been my summertime stops. Most often, we met in San Francisco. And yes, even Las Vegas once. The Interex show never visited Texas during my summertimes in the market, just like my brother John never has visited me here. That’s why we Seybolds needed a reunion, to fill our cups with the memory of the looks on family faces.

Face time, we call it in business, something to savor and prepare for. The longer we all have stayed in the 3000 community, the better each summer’s reunion became. We could tell stories, gaze into eyes under brows growing gray, recall and dismiss. I would come back from the summer trip full of flint to strike for stories, leads I could track and then transform into news you could use.

So in a summer where I now feel adrift without an HP World reunion, I also give thanks — for the fortune that turned Mom’s apartment complex into condos, forcing a move that rounded up the Seybold kids for the first time in five years. We kids are well connected, here in the early bit of the new century. I don’t mean that we’re movers and shakers, but that we use e-mail, websites, cell phones, and blogs to keep up with our family news. All those links pale compared to that contact, the feel of the firm grip of a handshake or grasp of a heartfelt hug.

We Seybolds have another reunion on our horizon, and there will be one more on the HP 3000 community’s calendar, too. I’m not talking about the meeting next month when HP will host its first Technical Forum, the New Orleans show that contributed to the Interex demise. That won’t have the feel of mom’s 80th birthday this December. We’ll plan and anticipate that event with as much ardor as 3000 veterans, the folks who helped Interex grow for more than a decade.

Instead of New Orleans-bound meetings, the news broke early this month that the 3000 family will have a luncheon as its 2005 reunion. Mike Marxmeier and Alan Yeo made the best of non-refundable tickets to San Francisco and hosted a lunch gathering. A few days later the OpenMPE user group — just about the only one left, now — held a meeting at an HP facility. We’re all wondering how large that OpenMPE family might grow up to be, now that Interex has passed away.

The meeting at the HP campus reminded me of the gentle tug between vendor mother-ship and user tender-craft. Before Interex began to called itself by that name, the group was the HP 3000 Users Group, operated with an eye toward collaboration with the vendor rather than combat. Maybe it’s time to remember, during this month of the Interex flame-out, how that relationship operates when it serves both vendor and user.

My friend Duane Percox at QSS explained it well. The HP 3000 members of Interex — those who founded the group — got more radical and active through the 1990s as their HP options grew slim. The scuffles were fun for a while, but also something a vendor won’t brook endlessly. When HP got the nerve to squash Interex with a competing show, the market's more nimble marketers didn’t hesitate.

Percox said that give-and-take between vendor and users lets both sides save face. Marketing wants a great spin on customer experiences, while the customers want the truth. You must claim to be independent from your very first day — if you want the truth to be your main mission.

“You can’t begrudge marketing for wanting the best spin on things,” he said, “just like you can’t begrudge the users for wanting the truth.” The long-term formula to mix these elements has always been collaboration, something Interex’s founder Doug Mecham recalls in his Q&A interview.

At that 3000 luncheon we got a few hours of face-time with one another — so the 3000 customers and partners might feel like I did right after my family reunion in Las Vegas. All of us went home in the afterglow from a handful of days of hard work, marinated in laughter and yes, some sadness over days past. Toss in that OpenMPE meet, and mid-August felt a bit like the typical Interex week. In Vegas and in the Bay Area, I was getting to know a town better and a hotel or two — like the way we Seybold kids learned the short cuts around the sprawl of Las Vegas Boulevard, or finding the back steps up to the room at the Tropicana.

Because I’ve had my stand-in reunion as well as my family gathering, I’ll miss the Interex show a little less this month. I could count on the family of brilliant, funny, and fulsome people like the 3000’s founders and fans to engineer a replacement reunion.

Face time can give you a chance to hear significant answers. In our last hour together in Vegas, Mom read us questions off a newsletter from her new apartment — good ones like “What event in history would you like to have experienced?” or “If you wrote your autobiography, what would its title be?”

We kids shared many lessons learned in spite of ourselves, something I wish for any group of people who consider themselves family. I hope for other reunions in my future among 3000 folk. You’re a group that can teach lessons about collaborating.


User groups stay afloat with collaboration

Doug.mecham.interex_intervi
Newswire Classic

The first Interex board chairman, Doug Mecham, served for the initial five years of the user group’s existence. In 1974 he first gathered the group at Ricky’s Hyatt House hotel in Palo Alto. When the 31-year-old group failed to host its annual lifeline conference and slammed its doors shut suddenly in July 2005, we wanted to talk to the founder of that feast, to hear his views on what makes a good user group serve both vendor and customer at once. Now retired to the Oregon coast, Mecham made himself available by phone within a few days of the Interex announcement.

How do you feel this week, now that Interex has closed its doors?

I knew there was contention for a while. I’m not necessarily surprised. I think it’s highly unfortunate that HP chose to be competitive; obviously Interex chose to terminate right before a major conference. Obviously they didn’t have the money. It’s very disappointing. I could handle it intellectually, but it’s like a child you’ve created. You see the child and then the death. It takes its toll, deep down in your psyche.

An era has really passed. People have changed, the situation’s changed, the world has moved on in many ways. Interex ran for so long that a lot of people marveled that it had done so well. It was a high tech company, and it had a long life with a lot of people passionately involved.

How essential was the HP 3000 to the existence of Interex?

It began with the 3000. That was the genesis. The 3000 had a couple of problems when it came out. It was a real new adventure for HP. They thought it was going into the engineering world. It had FORTRAN, no COBOL, and a 16-bit integer. You know how long that lasted in the engineering world? About two nanoseconds. The one small hitch was when it first came out it had some bugs and was crashing a lot. I sort of initiated communicating with a bunch of people around the world, saying, “Look, we’ve gotta talk, because we’ve got to find solutions to these problems.” So we developed a users group and called it the HP 3000 Users Group.

Was a computer user group a novel idea when Interex was first created?

There was SHARE, GUIDE and DECUS. They were all there already, but DECUS was company-owned, and SHARE and GUIDE were IBM captured. Our approach was going to be entirely different. We wanted to be very collaborative. We knew the relationship had to be A, independent, and B, very collaborative. We never beat up HP like DECUS, GUIDE and SHARE did with DEC and IBM and waste a lot of energy. In fact, our technical group headed by Ross Scroggs actually met with the HP lab quarterly over two or three years to sit down and work out the issues. Boy, did that make a difference to the HP 3000. HP pulled it off the market, redid some things and brought it back out as the Series I.

So do you mean the user group played a key role in the 3000 becoming a usable system?

I would like to think that’s true. But certainly there was a lot of technical expertise and software put into it. The users group grew users, and it grew vendors. There were a lot of contributions made in support of the users, who needed tools and software. I feel that over the 31 years that a great deal has been contributed. We got HP to perform the miracles that make the HP 3000 probably the most stable business machine on the face of the earth.

Do you believe the machine’s stability will allow it to outlast HP’s interest in it, or the lifespan of this user group?

Absolutely. The HP 3000 lasted a long time, because it kept getting upgraded, and it’s still a fine machine today.

Do you think the Interex shutdown is something that will reflect on HP and on the HP 3000?

Probably. It’s an older computer, so when the user group goes away, who’s going to get out there and support each other and swap stories? The 3000 users may form their own group. Remember, Interex expanded into Unix and all of the other HP computing platforms.

How will it affect HP? If you were a customer out there and they suddenly pulled the user group from you, and then the next day they said they were going to lay off more than 14,000 employees, what would you tend to think? It probably broaches the concept of trust in a vendor. It certainly doesn’t help it.

What’s at the heart of running a successful users group, well past 31 years?

Interex has never had the propensity to challenge the vendor, at least in terms of the old user groups. Collaborate with the vendor, yes. To confront them? Not in an adversarial way. They were advocates for HP, and probably facilitated billions of dollars of sales. In the early days, the salesmen used to bring customers by. Those customers saw the user group’s customers having great successes, and that was a great motivator for sales.

The essence of the user group was a collaborative process. One reason Interex was running so long was that the user group grew its members. People were programmers, then they became vendors. Many users helped other users. They pushed them up the ladder. That was essential to the success of Interex.

Do you think the HP 3000 needs a user group to replace Interex?

I think someone will step in and do something, and there will be some sort of meeting. There’s still a bunch of 3000 vendors out there. They may want to get together and discuss the 3000 because they want to make their investment last longer. That’s happened with other groups, like HP’s calculator group that kept on with a small cadre of interested users.

Should we have another users group like Interex? It would certainly take a different format, because it’s no longer super-technical, because the technical problems for the most part have been solved. You’re interested in applications now. The issues are how can you use the 3000 better and what software can I run on it.

Do you believe the Internet stepped in to do the work that the user group did for HP customers?

That’s pretty simplistic. There’s still a need for face-to-face meetings. Look at how big the conferences became. Some of them have topped 8,000, and they came from all around the world. They came for face-to-face integration with other users, as well as with the vendor.

I’m sure that over time the technical aspects began to diminish, because the systems became very stable. The application software became far more important. The 3000 had a lot of technical issues to begin with, but they were resolved, and it grew into a technically stable platform. There were some problems, but not like the early days, when it crashed every half hour.

So do in-person meetings still deliver special results?

They always have and they always will. With the advent of the Internet, it’s provided a wonderful means for communication. But it still does not take the place of the face-to-face, one-on-one, seeing the other person. There’s something about people meeting people. You don’t run a marriage 10,000 miles apart by the Internet. You can do a lot, but when it comes right down to it, then it’s much better to have your wife right next to you, right?

What kind of a substitute do you think HP’s Technical Forum will be for what Interex did with its conference?

It’s obviously going to be a vendor-driven affair, right? The downside is that the vendor is going to drive his own agenda. How open are they going to be? If they’re truly open and collaborative, then it may work out fine. But if you look at the core competencies, what’s HP’s? Engineering. Can they run a users group? Maybe if they get the right people. The core competencies of Interex were user groups and user advocacy and vendor advocacy.

We’ll be able to see, once HP’s conference is over, what things result from it. It will be interesting to see, that’s for sure.

Since collaboration remained popular at Interex right up to the end, do you think collaboration with user groups has become unpopular at HP?

HP’s changed a lot in the last five years, haven’t they? The HP Way is no more. I think Interex ran very much along the lines of the HP Way. When I met with David Packard, he assured me they supported our group. HP went for many years with lots of ups and downs, and they got through every one of them. You have to ask why.

So you think HP’s competing conference contributed to the Interex shutdown?

They tried to split the pot, and pot just wasn’t big enough to support both. What surprises me is that HP didn’t come to Interex and say, “We want to accomplish this — will you help us do it?” They always had before, but this time they wanted to do their own thing. That’s their call, and they have to accept the consequences.

The support of Interex depended on the Interex conference. Why didn’t HP throw in with Interex, when user conferences are not part of HP’s expertise?


Tips on Using FTP on MPE/iX Systems

By Bob Green

Newswire Classic

Starting with MPE/iX 6.0, it has been very easy to enable the File Transfer Protocol server on your HP 3000. Once enabled, the FTP server makes it possible for you to deliver output to your own PCs, Linux servers, MPE boxes or Unix boxes, even to servers across the world. These can be your servers in other parts of your company, or of your suppliers, or of your customers.

MPE File Attributes

When transferring files from one HP 3000 to another there is no need to specify the attributes of the file, such as ;rec=-80,1,f,ascii

MPE keeps track of that for you. When transferring a file to an MPE system from a non-MPE system, or transferring through a non-MPE system, you will need to specify the file attributes on the target MPE system as in:

put mympefile myfile;rec=-80,1,f,ascii;disc=3000

The default file attributes can be specified for a file transferred to your MPE system by changing the corresponding line in the file BLDPARMS.ARPA.SYS which is shown below:

;REC=-80,,F,ASCII;DISC=204800
;REC=-256,,V,BINARY;DISC=204800
;REC=,,B;DISC=16384000

Only the first three lines are read; everything after is ignored.

You may modify the first three lines as long as you keep the same syntax, i.e., you may change the numbers, or F to V, but don’t add anything bizarre. Anything after a space is ignored, so don’t insert any spaces. If the file is missing (or any line in it), the old hard-coded defaults will be used as a backup. These are:

;REC=-80,,F,ASCII;DISC=204800 for ASCII mode,
;REC=-256,,V,BINARY;DISC=204800 for binary mode.
;REC=,,B;DISC=16384000 for byte stream mode.

Also, if either the REC= part or the DISC= part of either line has bad syntax, the default for that part will be reverted to.

Users may make local copies of this file and set their own defaults via a file equation:

:file bldparms.arpa.sys=myfile

Host Commands

You can execute commands on your local 3000 by putting a colon in front of your command such as:

ftp> :listf ,2

You can find out what commands you can do remotely with the remotehelp command:

Typically we just stream jobs on the remote system with FTP’s site command by doing the following in the FTP client:

ftp> site stream robelle.job.robelle

200 STREAM command ok.

Site is a standard FTP command, but what host commands the FTP server at the other end supports varies from server to server.

In fact the Qedit for Window Server installation has its own FTP client which FTPs the server and streams the “robelle” job to set the attributes of the Robelle account.

Filenames

On MPE the default namespace for a given file is typically the MPE namespace. For example if you put a file to your MPE system with the following FTP command:

put myfile mympefile

The file will go to the group you are currently logged into.

If you want to put files into the HFS namespace then you can just specify using the typical Posix notation:

put myfile /MYACCOUNT/MYGROUP/mydirectory/myhfsfile


Using RAID5 on an HP 3000

Hard-Drive
By Gilles Schipper
Homesteading Editor

RAID storage, including a low-cost MOD20 array, can improve a 3000's performance. Here are a few things to consider if you will be acquiring a MOD20.

Although possible, I would not recommend utilizing RAID5 LUNs in an HP 3000 environment — unless your greatest priority is to maximize disk space availability at the expense of performance.

RAID5 offers fail-safe functionality over a group of disks (minimum of three) by means of one disk of the RAID5 disk being allocated as a parity disc. The benefit of RAID5 over RAID1 is that it results in a greater amount of overall usable disk space than RAID1. However, it performs poorly in an HP 3000 environment, and cannot be booted from if specified as the system disk (LDEV 1).

Although the supported maximum memory configuration of each Storage Processor (SP) unit is 64MB, 128MB works best (although not all of it can be used).

Each SP has 4 memory slots. You can maximize the performance of the MOD20 by populating each SP with four 32MB memory SIMMs, 72-pin, FPM with parity, 60ns.

The NIKE MOD20 is a very capable and useful solution to the fragile environment afforded by a JBOD environment — particularly because most 3000 JBOD disk systems tend to be very mature and consequently relatively unreliable and prone to failure.

And, although the MOD20 disk system itself is also quite long in the tooth, it’s got built-in fail-safe mechanisms. Also, the MOD20 would appeal to those with very limited budgets, since the devices are quite inexpensive in the used-equipment market.

There are other, more advanced RAID systems that also support the HP 3000 environment. These include the HP Autoraid12H system, various VA7400 systems, some of the HP XP-family members, as well as EMC systems. This list is in order of increasing cost, for the most part.

The bottom line: if you are not already utilizing RAID technology for your 3000, now would be a good time to consider it seriously.


MPE/iX Command File Scripts Explained

Code on screenBy Ken Robertson

The MPE/iX command interpreter has a generous command set, pushing the shell into the realm of a true programming tool. Its ability to evaluate expressions and to perform I/O on files allows the end-user to perform simple data-processing functions. The CI can be used to solve complex problems. Its code, however, is interpreted, which may cause a CI solution to execute too slowly for practical purposes.

Command files are a collection of commands in flat files, of either variable or fixed length record structure, that reside in the MPE or POSIX file space. Basically, command files are what you could call MPE Macros. Anything that you can do in the CI interactively, you can do with command files, and then some. You can use command files in situations that call for repetitive functions, such as re-compiling source code, special spooler commands, etc. Command files are also great when you want to hide details from the end-user.

A command file is executed when its name is typed in the CI, or invoked from a command file or programming shell. Just as in program execution, the user’s HPPATH variable is searched to determine the location of the command file.

MPE Scripts Versus Unix Scripts

For the average task, the MPE scripting language is easier to read and understand than most Unix scripts. For example, command line parameters in MPE have names, just like in regular programming languages.

Of course, there are several script languages on Unix and only one on MPE! On Unix you can write shell scripts for any of the many shells provided (C shell, Bourne shell, ksh, bash, etc). Although there is also now a Posix shell on MPE, most scripts are written for the CI. Several third-party tools, such as Qedit and MPEX, emulate HP scripting and integrate it with their own commands.

A command file can be as simple as a single command, such as a Showjob command with the option to only show interactive sessions (and ignore batch jobs):

:qedit
/add
1      showjob job=@s
2      //
/keep ss
/e
:

You have created a command file called SS — when you type SS you will execute showjob job=@s

On MPE, the user needs read (r) or execute access (x) to SS. On Unix you normally must have x access, not just r access, so you do a chmod +x on the script. This is not necessary in MPE, although, if don’t want users to be see the script, you may remove read access and enable execute access.

Structure of a Command File (aka CI script)

A script is an ASCII file with maximum 511 byte records. Unlike Unix, the records may contain an ASCII sequence number in the last 8 columns of each line. The command file consists of 3 optional parts:

1. Parameter line with a maximum of 255 arguments:
parm sessionnumber
parm filename, length=”80”

2. Option lines:
option nohelp,nobreak
option list

3. The body (i.e., the actual commands)”
showjob job=!sessionnumber
build !filename;rec=-!length,,ascii
In MPE scripts, there is no inline data, unlike Unix ‘hereis’ files.

Parameters

Notice in the example above that parameters are used with an exclamation (!), as opposed to the $ in Unix. The same is true for variables. Parameters are separated by a space, comma or semicolon. All parameter values are un-typed, regardless of quoting.

In a typical Unix script, the parameters are referenced by position only ($1, $2, $3, …). In an MPE script, the parameters have names, as in the function of a regular programming language, and can also have default values. In Unix you use $@ for all of the parameters as a single string; in MPE you use an ANYPARM parameter to reference the remainder of the command line (it must be the last parameter).

Here is a script to translate “subsys” and “err” numbers from MPE intrinsics into error messages. The subsys and error numbers are passed in as parameters:

parm p_subsys=108,p_error=63
setvar subsys hex(!p_subsys)
setvar error hex(!p_error)
comment the hex conversion allows for negative numbers
comment the #32765 is magic according to Stan!
setvar cmd “wl errmsg(#32765,!subsys);wl errmsg(!error,!subsys);exit”
debug !cmd

As you can see above, the Setvar command assigns a value to parameter or to a new variable. But there are also system pre-defined variables. To see them all do Showvar @;hp. To get information on variables, do help variable and to get help on a specific variable, say hpcmdtrace, do help hpcmdtrace (set TRUE for some debugging help).
In most MPE commands, you must use an explicit exclam ! to identify a variable: build !filename

However, some MPE commands expect variables, and thus do not require the explicit !. For example, Setvar, If, ElseIf, Calc, While, and for all function arguments, and inside ![expressions].

Warning: variables are “session global” in MPE. This means that if a child process, or scripts, changes a variable, it remains changed when that child process terminates. In Unix you are used to the idea that the child can do whatever it likes with its copy of the variables and not worry about any external consequences.

Of course having global variables also means that it is much easier to pass back results from a script! And this is quite common in MPE scripts.

Options

Options allow you to list the commands as they are execute (option list), disable the Break key (option nobreak), enable recursion (option recursion), and disable help about the script (option nohelp).

The script body below shows active process information. This example shows many of the commands commonly used in scripts: If, While, Pause, Setvar, Input and Run. Other commands you will see are Echo, Deletevar, Showvar, Errclear.

WHILE HPCONNSECS > 0
    IF FINFO("SQMSG",0)
       PURGE SQMSG,TEMP
    ENDIF
    BUILD SQMSG;REC=-79,,F,ASCII;TEMP;MSG
    FILE SQMSG=SQMSG,OLDTEMP
    SHOWQ;ACTIVE >*SQMSG
    SETVAR PINLIST ""
    WHILE FINFO("SQMSG",19) <> 0
         INPUT SQLINE < SQMSG
         IF POS("#",SQLINE) <> 0 THEN
           SETVAR PIN RTRIM(STR(SQLINE,47,5))
           SETVAR PINLIST "!PINLIST" + "," + "!PIN"
         ENDIF
    ENDWHILE
    IF FINFO("SPMSG",0)
       PURGE SPMSG,TEMP
    ENDIF
    BUILD SPMSG;REC=-79,,F,ASCII;TEMP;MSG
    FILE SPMSG=SPMSG,OLDTEMP
    SETVAR PROC "SHOWPROC PIN="+"!PINLIST"+";SYSTEM >*SPMSG"
    !PROC
    WHILE FINFO("SPMSG",19) <> 0
         INPUT SPLINE < SPMSG
         IF POS(":",SPLINE) <> 0 THEN
           ECHO !SPLINE
         ENDIF
    ENDWHILE
    PAUSE 30
ENDWHILE

Handling Errors

In most Unix scripts, if a step fails, you check for an error with an If-conditional and then take some action, one of which is ending the script. Without an If, the script continues on, ignoring the error.

In MPE, the default action when a step fails is to abort the script and pass back an error. To override this default, you insert a Continue command before the step that may fail. You then add If logic after the step to print an error message and perhaps Return (back 1 level) or Escape (all the way back to the CI).

     continue
      build newdata
      if cierror<>100 then
         print "unable to build newdata file"
         print !hpcierrmsg
         return
      else
         comment - duplicate file, okay
      endif

You can set HPAUTOCONT to TRUE to continue automatically in case of errors, but this can be dangerous. The default behavior at least lets you know if an unexpected problem occurs.

User Defined Commands (UDC)

UDCs are like Command File scripts, except that several are combined in a single “catalog” file. They are an older feature of MPE, so you may see them in older applications even when scripts seem like a better solution. The primary reason that they are still useful is that they support Option Logon, which invokes the command when a user logs onto the system.

More Information

Tim Ericson’s collection of UDCs and Command files has recently been resurrected and re-published in the public domain at www.3kassociates.com/index_cmd.html

Image by fancycrave1 from Pixabay


How to Encrypt 3000 Log-on Passwords

Padlock
NewsWire Classic

Is there a way to encrypt MPE logon passwords to keep auditors satisfied that the HP 3000 is secure? We need to show that they cannot be easily read with the ;pass parameter (i.e. listuser xxx.yyy;pass)

The replies generated one of the longest threads of the month on the 3000-L.

Tracy Johnson offered an opinion that “the answer to your auditors is not in encrypting passwords. The answer lies in restricting AM and SM capability to only those key personnel who can use the the “;pass” parameter within established policy. AM and SM capability also presumes the same capability to change another user’s password, and therefore also the ability to look it up.”

Chris Boggs reported in a virtual testimonial that “Our auditors were not satisfied by even limiting SM and AM capabilities to only two individuals (both in our department). Since we had Vesoft's Security/3000 already, I changed our regular logon ID’s to use the Vesoft password which is encrypted.

"There are other features in Vesoft security which are handy when dealing with auditors such as password obsolescence, password “history,” minimum password standards, inactivity logouts, day/time restrictions, automatic deactivation of logonID’s after a certain number of failed logon attempts, and probably a few others.”

Bradmark’s Jerry Fochtman said some Interex Contributed Software Library routines can help. “I developed a routine to return the passwords for user/group/account (based upon caller’s capabilities) during this time. It also signaled if the password was encrypted, simply returning blanks in this case. There was another routine which given a password, would encrypt it based upon HP’s approach and tell the caller if the entered password matched the one in the system directory.”

Fochtman also took note of the Vesoft abilities and added his humble opinion on the security solution from Monterrey Software, “SAFE/3000. It also utilizes one-way encryption for its passwords. And in terms of strictly security, it is a better tool in several areas, such as network security.”

Michael Gueterman, whose company Easy Does It Technologies does pre-audits for 3000 sites, added notes on using only session-level passwords.

“That’s fine for some things, but I still recommend keeping at least MPE Account passwords in place for all but the most “open” areas. For accounts with SM or PM, I also recommend MPE User passwords as well. Also, when at all possible, explicitly define what people are ALLOWED to access, instead of using generic wildcards. Wildcards make auditors unhappy, and an unhappy auditor is dangerous!”

Image by meineresterampe from Pixabay


Fine-Tune: Creating Store to Disc from tape

NewsWire Classic

I still have some 3000 information on a tape. I’d like to create a Store to Disc file with it — how do I do that?

Jack Connor replies:

There are several solutions. The first and easiest is to simply restore the info to a system (RESTORE *T;/;SHOW;CREATE;ACCOUNT=WORKSTOR) where WORKSTOR is an account you create to pull the data in.

Then a simple FILE D=REGSFILE;DEV=DISC and STORE /WORKSTOR/;*D; with whatever else should create the disc store.

The second method is to use FCOPY. You'll have to research the STORE format, but I believe it's FILE TAPEIN;DEV=TAPE;REC=8192,,U,BINARY.

The third (also easy, but you need the software) is to use Allegro's tool TAPECOPY, which moves from tape store to disc store and back.

John Pitman adds:

Do you mean copy it off tape to a disk store file? I’m not sure if that can be done, as in my experience of tapes, there is a file mark between files, and EOT is signified by multiple file marks in a row... but anything may be possible. If you do a file equate and FCOPY as shown below, you should be able to look at the raw data, and it should show separate files, after a file list at the front.

FILE TX;DEV=TAPE;REC=32767
FCOPY
FROM=*TX;TO=;CHAR;FILES=ALL

Here is our current store command, and the message it provokes. MAXTAPEBUF speeds it up somewhat

STORE  !INSTOREX.NEW.STOCK2K;*DDS777;
FILES=100000;DIRECTORY;MAXTAPEBUF


Making LDAP Do Directory Duty

DAP
Explore a 3000 feature to see how a little LDAP’ll do ya

NewsWire Classic

By Curtis Larsen

When you think of LDAP, what do you think of? You’ve probably heard about it — something to do with directories, right? — but you’re not quite sure. You’ve heard some industry buzz about it here and there, read a paper or two, but perhaps you still don’t quite know what it can do for you, or how it could work with an HP 3000. Hopefully this article will de-mystify it a bit for you, and spark some ways you could use it in your own organization.

MPE currently has limited support for LDAP, but the support is growing. Aside from the OpenLDAP source ported by Lars Appel, HP offers an LDAP “C” Software Development Kit for writing MPE/iX code to access directories, er, directly.

LDAP stands for “Lightweight Directory Access Protocol.” In a nutshell, it allows you to create directories of information similar to what you would see in a telephone book. Any information you want to store for later quick retrieval: names, telephone numbers, conference room capacities, addresses, directions — even picture or sound files. Using directories such as these is an incredible time-saver (can’t you think of company applications for one already?), but LDAP can do so much more. The directories you create are wholly up to you, so the sky’s the limit.

At this point you might be saying “Great, but why not use a database for this stuff?” That’s an excellent question, and in truth, there is some overlap in what you might want stored in a database versus being stored in a directory. The first and foremost difference between them is that a directory is designed for high-speed reading (and searching) — not writing.

The idea is that, generally speaking, a directory doesn’t change much, but quickly reading its information is a must. Understand that this doesn’t mean that directory writes are at all bad — they’re just not structurally designed to be as fast as reads are.

Databases also require more in the way of overhead: high-powered servers and disks, (usually) high-priced Database Management Systems — which one will be best for you? — and highly-skilled, highly-paid DBAs to keep it all happy. (Our DBA said I had to mention that part.)

LDAP directories are generally simpler and faster to set up and manage. LDAP is (also) a common client-server access standard across many different systems. You don’t have to deal with the outrageous slings of one DBMS, or the delightful syntax variations in SQL or ODBC implementations. LDAP directories can even be replicated. Copies of directories, or just sections of larger directories, can be stored on different servers and updated (or cross-updated) periodically. This can be done for security (“mirrored directories” — one here, one elsewhere), performance (all queries against local entries on a local server), or both.

Continue reading "Making LDAP Do Directory Duty" »


There's more of this all the time, so dust

Vacuum-cleaner
Newswire Classic

By John Burke

As equipment gets older and as we neglect the maintenance habits we learned, we will see more messages like this.

Upon arrival this morning the console had locked up. I re-started the unit, but the SCSI drives do not seem to be powering up. The green lights flash on for a second after the power is applied, but that is it. The cooling fan does not turn either. I am able to boot, but get the following messages: LDEVS 5, 8, 4, 3, 2 are not available and FILE SYSTEM ERROR READING $STDIN (CIERR 1807).

When I try to log on as manager.sys, I must do so HIPRI, and get the following: Couldn’t open UDC directory file, COMMAND.PUB.SYS. (CIERR 1910) If I had to guess, I would say the SCSI drives are not working. Is there a quick fix, or are all the files lost? I should add that I just inherited this system. It has been neglected, but running, for close to two years. Is it time to pull the plug?

Tom Emerson responded

This sounds very familiar. I’d say the power supply on the drive cabinet is either going or gone [does the fan ‘not spin’ due to being gunked up with dust and grease, or just ‘no power’?] I’m thinking that the power supply is detecting a problem and shutting down moments after powering up [hence why you see a ‘momentary flicker’].

Tim Atwood added

"I concur. The power supply on the drive cabinet has probably gone bad. If this is an HP6000 series SCSI disc enclosure for two and four GB SCSI drives, move very quickly. Third-party hardware suppliers are having trouble getting these power supplies. I know the 4GB drives are near impossible to find. So, if it is an HP6000 series you may want to stock up on power supplies if you find them. Or take this opportunity to convert to another drive type that is supported.”

The person posting the original question replied, “Your post gave me the courage to open the box and the design is pretty straight forward. It appears to be the power supply. As I recall now, the cooling fan that is built into the supply was making noise last week. I will shop around for a replacement. I can’t believe the amount of dust inside!”

Which prompted Denys Beauchemin to respond

The dust inside the power supply probably contributed to its early demise. It is a good idea to get a couple of cans of compressed air and clean out the fans and power supplies every once in a while. That goes for PCs, desktops, servers, and other electronic equipment. The electrical current is a magnet for dust bunnies and other such putrid creatures.

Wayne Boyer of Cal-Logic had this to say; useful because supplies may be hard to locate

Fixing these power supplies should run around $75 to $100. Any modular power supply like these is relatively easy to service. I never understand reports of common and fairly recent equipment being in short supply. It is good advice to stock up on spares for older equipment. Just because it’s available somewhere and not too expensive doesn’t mean that you can afford to be down while fussing around with getting a spare shipped in.

The compressed air cans work, but to really do a good job on blowing out computer equipment, you need to use an air compressor and strip the covers off of the equipment. We run our air compressor at 100 PSI. Note that you want to do this blasting outside! Otherwise you will get the dust all over whereever you are working. This is especially important with printers, as you get paper dust, excess toner, etc. building up inside the equipment. I try and give our office equipment a blow out once a year or so. Good to do that if a system is powered down for some other reason.

Bob J. of Ideal Computer Services added

The truth sucks. There are support companies that don’t stock spare parts. The convenient excuse when a part is needed is to claim that ‘parts are tough to get.’ Next they start looking for a source for that part. One of my former employers always pulled that crap.

Unfortunately, quality companies get grouped with the bad apples. I always suggest system managers ask to visit the support supplier's local parts warehouse. The parts in their warehouse should resemble the units on support. No reason to assume the OEM has the most complete local stock either. Remember HP's snow job suggesting that 9x7 parts would become scarce and expensive? Different motive, but still nonsense.


Fine Tune: Optimized Disaster Recovery

Disasters
By Gilles Schipper

While working with a customer on the design and implementation of disaster recovery (DR) plan for a large HP 3000 system, it became apparent the implementation had room for improvement.

In this specific example, the customer had a production N-Class HP 3000 and a backup HP 3000 Series 969 system in a location several hundred miles from the primary.

The process of implementing the DR was completed entirely from a remote location — thanks to VPNs and an HP Secure Web Console on the 969. One of the most labor-intensive aspects of the DR exercise was to rebuild the IO configuration of the DR machine (the 969) from the full backup tape of the production N-Class machine, which included an integrated system load tape (SLT) as part of the backup.

The ability to integrate the SLT on the same tape as the full backup is very convenient. It results in a simplified recovery procedure as well as the assurance that the SLT to be used will be as current as possible.

When rebuilding a system from scratch from a SLT/Backup tape, if the target system differs in architecture from the source system, it is usually necessary to modify all the device paths and device configuration specifications with SYSGEN and then rebooting the system in order to even be able to utilize the tape drive of the target system to restore any files at all.

(This would be apart from the files restored during the INSTALL process — which does not require proper configuration of any IO component at all).

Some would argue that this system re-configuration needs to be completed only once, since any future system rebuilds would require only a “data refresh” rather than a complete system re-INSTALL.

I say that this would be true only in very stable system environments where IO configurations — including network printer configurations — are static and where TurboIMAGE transaction logging is not utilized. Otherwise there could be unpleasant results and complications from using stale configurations in a real disaster recovery situation. In any case, there really is no reason to take any chances,

Continue reading "Fine Tune: Optimized Disaster Recovery" »


Gifts given, 11 years after a Christmas

Gifts-under-tree
Eleven years ago we wished for nine things that would help 3000 users in the years to come. At the close of 2007 there was no virtual HP 3000 product like Charon. We didn't even allow ourselves to wish for such a thing.

But here on the last office day before Christmas, it's fun to review our holiday wish list. Let's see what we got and what HP withheld until it was too late for the vendor to supply what the community requested.

We've heard these desires from HP 3000 customers, consultants and vendors. Some of the wishes might be like the Red Ryder BB-Gun that's at the center of the holiday epic A Christmas Story. As in, "You don't want that, you'll put your eye out." If you're unfamiliar with the movie, the line means "I don't want you to have that, because I worry what you will hurt once you get it."

1. Unleashing the full horsepower of A-Class and N-Class 3000 hardware
2. Just unleashing the power of the A-Class 3000s (since every one of the models operates at a quarter of its possible speed)
3. Well, then at least unleash the N-Class systems' full clock speeds
4. HP's requirements to license a company for MPE/iX source code use
5. A way to use more than 16GB of memory on a 3000
6. A 3000 network link just one-tenth as fast as the new 10Gbit Ethernet
7. A water-cooled HP 3000 cluster, just like IBM used to make
8. A guaranteed ending date of HP's 3000 support for MPE/iX
9. Freedom to re-license your own copy of MPE/iX during a sale of an 3000

HP finally supplied Numbers 4 and 8. The first created the Source Code Seven, vendors who hold licenses that let them create workarounds and custom patches for MPE/iX issues. Number 8 arrived during the following year. It can be argued HP didn't end all of its MPE/iX support for several years beyond that official Dec. 31, 2010 date.

Some of the more inventive indie support companies have devised ways to use 32 GB of memory for 3000s, too. Ask yours about Number 5.

The last two items seem like real BB-Guns. But they have a chance of helping the community see the 3000 future more clearly, instead of putting its eye out.

A guaranteed ending date for HP's 3000 support is something both homesteaders and migration experts desire. By moving the finish line twice already, HP has kept customers from finishing migrations, or even starting them, according to migration partners.

What's more, the "we're not sure when support is really done" message keeps the 3000's service and support aftermarket in limbo. Customers tell us that they will be using their HP 3000 systems until their business demands they migrate away. HP plans to change its business practices someday for the HP 3000. But nobody knows for certain what day that will be.

That brings us to No. 9, the freedom to re-license your own MPE/iX. HP development on this software ends in one year. That's the end of changes to the operating environment, a genuine Freeze Line for MPE/iX. HP should be able to compete on a level field with the rest of the community. HP Services seems to need those special 3000 licenses.

Number 10? A wish for a long life and continued interest in MPE/iX from the HP 3000 gurus of the community. Someone can bring some these gifts after there's no one inside HP to cares about the 3000 community.


Routers and switches and hubs, oh my!

Lions-and-tigers-and-bears
Editor's Note: Initial HP 3000 hardware networking can be like a trip down a Yellow Brick Road. Here's a primer for the administrator who's wondering if that HP 3000 can link to a network

By Curtis Larsen

Auntie MAU! Auntie MAU! A Twisted Pair! A Twisted Pair!

Once upon a time networks were as flat as the Kansas prairie, and computers on them were a lot like early prairie farmsteads: few and far between, pretty much speaking to each other only when they had to. (“Business looks good again this year.” “Yep.”) Most systems still used dumb terminals, and when speaking to anything outside the LAN, system-to-system modem connections were the way to do it.

A tornado named the Internet suddenly appeared in this landscape. It uprooted established standards and practices, swept aside protocols and speed limitations, and took us into a Technicolor networking landscape very different than what was there before.

Toto, I get the feeling our packets aren’t in Kansas anymore

Smaller companies were tossed before the tornado to eventually land and quickly begin growing again in the new environment. Large companies like IBM, HP, Digital, and Microsoft, who were rooted and established in their own proprietary standards (it sounds like an oxymoron, but it’s true) survived by generally ignoring the howling winds. Eventually, munchkin-like, they all came out to see what the general fuss was about, and found that a house-sized chunk of change (pun intended) had landed.

Networking, and the TCP/IP protocol had truly arrived in style, bringing strange new applications and markets. Serial connections and proprietary networking (“What do you mean we don’t need SNA to connect to the Wichita office anymore?”) gave way to a new kid on the block. And her little dog, too.

Follow the Yellow-Colored-Cable-and-Labeled-at-Both-Ends Road!

So then the HP 3000 managers found themselves sitting in a strange new networking land of strange new networking things. And for some of us, trying to understand the whole of it all — especially in relation to “legacy” system like the HP e3000 — was a little daunting. What are all these networking black boxes we plug the system into, and what do they all do? How can they make life better? (How can they make life worse?) If you’re not sure (or just plain curious) read on.

Continue reading "Routers and switches and hubs, oh my!" »


Pondering a 3000 Reboot at HP

Newswire Classic

February, 2005

Few dismissals in the world of business were as public as the ouster of HP CEO Carly Fiorina, just one week before the company would report its first 2005 quarterly numbers and days before HP’s 2005 Americas sales meeting. Fiorina’s forced resignation earned mention on all major TV news broadcasts the day it was announced; HP 3000 customers weighed in with emotional comments on how Fiorina’s departure might change things. Or might not, according to a majority of customers filling the Internet with messages.

The most powerful woman in business for the last five years in one magazine survey, Fiorina departed HP to the relief of many employees. Among analysts, her ouster was only decried by advocates of women as corporate leaders. The HP 3000 community could identify few supporters of the woman whose mission of HP business change included the demise of HP’s 3000 business. HP employees in the enterprise computer group said they felt shareholders and customers always came in front of employees for Fiorina, an outsider who never could assume a role that made her one with the company’s rank and file. Many quoted the line from the Wizard of Oz: “Ding, dong, the witch is dead!”

HP held a press conference with stock analysts to explain its reasons for Fiorina’s resignation, a move which the HP board of directors demanded. But statements from the board showed HP’s leaders have not committed to a different strategy. The company’s CFO Bob Wayman is now acting as CEO, in addition to his financial leadership duties, while HP searches for a replacement. Patricia Dunn, an HP director on the board since 1998, assumes the title of non-executive chairman for the corporation.

That board’s view of Fiorina changed quickly during 2004. At the start of the year the board paid the CEO a $1.5 million performance bonus. By the end of the 2004 a special group of directors was demanding that Fiorina share her executive responsibilities. On her exit, the CEO took a $21.1 million golden parachute, 50 percent more than former Compaq CEO Michael Cappelas grabbed when he left HP after the HP-Compaq merger. The board has voted not to retain the services of the same search firm that delivered Fiorina for the board’s approval more than five years ago.

HP 3000 fortunes fell sharply in that Fiorina era, but hopes for the product’s rebound were rising when she first took office in July 1999. A sales executive with no technical credentials, Fiorina focused on a corporate image makeover for stodgy HP, pushing its history of invention and then imaging products in high-profile ads. The resulting lurch toward consumer markets and commodity products left the 3000 standing to the side of HP’s new corporate path. Although the axe on Fiorina fell far from the 3000’s line of management at HP, some customers saw the ouster as another way to hope for a revival for the server.

“After all, Coca-Cola brought back the original Classic Coke,” said system manager Connie Sellito of the US purebred registry Cat Fanciers Association. Even migrating customers took a moment to consider a second HP act for the 3000 after the ouster.

“The ‘change’ did make me wonder if the HP 3000 decision might be revisited,” said Dave Seale, IT Director at Virginia International Terminals, HP’s earliest case study on migration practices. VIT is ready to turn over its migration project to Speedware in March after business growth slowed VIT’s projected timetable to leave the platform. “It would be very interesting to me if HP decides to reconsider their decision,” Seale said. “Logically, I never could understand it.”

But two-thirds of customers contacted after the ouster said their companies were already moving on, or they held little hope of a change in HP’s 3000 plans. Wirt Atmar, founder of application provider AICS Research and a 3000 advocate of many years, said HP can’t change its reputation about the server with a shift in CEO.

“Given HP’s untrustworthiness with the platform, HP can never again seriously attempt to sell it to anyone,” he said. “But HP could do wonders to improve both its image and its standing among its former users by actively and aggressively cooperating with the OpenMPE project.” After the news of Fiorina’s departure, Ray Meyers of Vera Water & Power looked back on the timing of his migration project with regret. “If this only could have happened six months ago!” he said. “I would have put a hold on the project until we found out what the new CEO’s intentions are.”

But even among homesteading companies such as Cannex Financial Services in Toronto, the change at the top didn’t change the outlook for much of the 3000 market. “Too much money has been spent by the customer base either migrating or planning to migrate,” said Cannex systems VP Steven Waters. “A reversal would not go over too well in those companies.”

Even if Fiorina’s failure to grow HP business won’t bring the 3000 back into HP’s product line, some customers believe her ouster can do some good for the MPE community. These customers think a change in HP management could present OpenMPE’s volunteer advocates with an opportunity they might not have had before.

“Is there better impetus for turning MPE over?” asked OpenMPE board member Donna Garverick. “I strongly believe so. I think we’re going to see a major attitude change. And with it will finally come the permission to release MPE’s source code.”
Outside those volunteers who are still working for a release of the MPE source, other customers could see OpenMPE potential. “The closest thing we can hope for now is the success of the OpenMPE project,” said Stevin Almes of Practice Management, “and HP making some progress on releasing the code to them.”

Steve Suraci, president of 3000 third-party support provider Pivital Solutions, said the idea of Fiorina’s firing impacting the 3000’s term at HP was a “silly notion. If anything, this should expedite the endgame. Why would anyone who wants to keep their job at HP stick their neck on the line for the HP 3000? It’s way too late for them to turn back, and everyone inside and outside HP should know that. Anyone who thinks otherwise better not be risking their own future on it!”

Some customers pointed out that the 3000’s fate was set long before Fiorina assumed her job. But many said they were ready to invest more faith in the company’s remaining enterprise solutions after the CEO’s departure. The Adaptive Enterprise, a fuzzy strategy often derided in the trade press, emerged at the center of enterprise solutions after HP pulled its 3000s off price lists.

Those solutions looked unlikely to change in the days after the dismissal, an ouster that HP performed because of Fiorina’s inability to execute — not over her direction. “She had a strategic vision and put in place a plan that has given HP the capabilities to compete and win,” HP’s press release assured investors. A successor will be picked by HP’s board, which still includes HP printer kingpin Dick Hackborn, who promoted Fiorina in 1999 as a outsider to shake up the HP Way. Remarks from other board members Dunn and Wayman indicated the prospects are remote for a change from the strategy of the last five years. The next CEO may have to march to a tune which Carly composed and the HP board sang in near unison

“The Board believes this is the right strategy,” Wayman said of HP’s decision to buy Compaq, delve into consumer markets and step up to battle Dell and IBM in servers. “While they won’t preclude any open discussion on a new CEO’s view of what the future strategy should be, we are looking for a CEO who also embraces that strategy in all probability.”