Order to the SystemUtilities that enhance system management |
|
From "VS Workshop", Access to Wang, July 1988 |
|
[ Prior Article ] [ Return to the Catalog of articles ] [ Next Article ] |
Concluding this discussion on system management, I'll cover some utilities for reviewing performance considerations of new systems, access control, configuration management and some miscellaneous concerns. As before, I'm stressing programs available for little or no cost, and I'll point out when commercial software might be a better choice. (See the end of this article for availability of utilities mentioned.)
Performance and new Systems. Good system performance begins with well-designed, efficient applications. Since most of us use packaged software to some extent, the amount of control over system design is minimal. Because system performance and application design could fill several columns, I'll save most of this discussion for the future. But there are two items of interest for the in-house software developer.
DBUGHOOK: If you develop systems in COBOL, investigate this gem. It allows you to see the operation of your program - paragraph by paragraph - by automatically inserting statements in the source code to capture system statistics. DBUGHOOK also produces two reports: a summary of paragraph usage; and a line-byline listing of the source code with CPU time and the percentage of time overall. DBUGHOOK provides a valuable lesson on the internal effects of various coding approaches.
SPECIO: If you rely on shared access for your files and don't always need to update (WRITE, REWRITE or DELETE) those files, look into SPECIAL INPUT mode (see "Controlling File Access," ACCESS April 1988, page 14). Sustained shared access will drag your system to its knees; SPECIAL INPUT defrays some of that overhead by fooling the Sharer into ignoring its control responsibilities for that file and program. Remember, though, that SPECIAL modes depend on primary key access only and may require you to read the records sequentially.
I use the term access control to cover the related items of security, user administration and usage monitoring. This broad category includes application control of user rights, the process of administering security and any need to monitor and perhaps bill users for the resources they use.
The primary goal of the security portion is to ensure that access to data and system resources is limited to those that truly need it. Other goals might include scheduled access control changes (e.g., passwords), routine review of security profiles and logon information and review of changes to these parameters. User administration is the mechanical means of maintaining the security system. Finally, usage monitoring is a means of gathering usage information for billing and configuration purposes.
Some of the utilities and systems that can be used to design an access control system include the following.
ACCESSCK: shows the user's own security profile. A procedure featured in an earlier column (see "The ACCESSCK Procedure," ACCESS, July 1986, page ~6).
CHECKSAP: a utility that produces a listing of programs on a given volume that have additional program security rights. Particularly useful in monitoring program rights for security systems that depend on the programs having the access, not the people. (To review system security, see the five-part series in the August through December 1987 issues of ACCESS.)
ERASE: erases data from previously used tapes. Unlike Wang's TAPEINIT - which merely creates a new tape label, but leaves the data intact-this utility actually writes null information over the entire tape area. The tape equivalent of the ERASE option of DISKINIT.
MENUGEN: generates a COBOL menu program from a screen layout created by EZFORMAT. Of interest only because it has an option to use System Management Functions (SMF) to log all programs run by that menu program.
System Management Functions: an application that logs system resource usage by program. Statistics saved include the amount of CPU time, disk I/Os and elapsed (clock) time. Could be used as the foundation of a user billing system, provided your needs are minimal; may not work with newer operating systems.
PASSWORD, PASSWRD2, NEWPASS: utilities that allow users to change their own passwords.
SCRAMBLE, UNSCRAM: complementary utilities that provide a means for the programmer or system administrator to scramble selected areas of files. Both use a table file created by the CRYPTAB utility. Note that neither utility uses GETPARMs, so the files must be handled manually (i.e., no procedures).
SECURE: a series of programs that allows the administrator to create, monitor and maintain an application control system. Can be used to temporarily block access to an application, as when exclusive access is needed for repairs or batch updates. Somewhat cumbersome to use and set up.
SECLIST: a revised USERLIST report that shows the user ID, name, HELP key status and segment 2 space. Useful when the user's security profile must be kept confidential. COBOL source is available, so other reports might be spun off from the original.
Security logging: the newest operating systems (7.13 and 7.14) sport an option to log various system events. These events include file OPENs, logons, password violations and changes to the USERLIST (the security system's primary file). While this facility provides much-needed observation and control over many aspects of the system, it's much too cumbersome to use for billing and creates enormous files if not regularly purged. I recommend that only a few security logging options be selected and that the file be printed and purged weekly.
VOLPRINT: a file listing utility that clearly shows special program access rights.
Short of using the Security Logging facility, there are few methods of routinely monitoring changes to the security system (the USERLIST file). One approach I've used is to run a listing from the SECURITY utility and compare it to last week's listing using the COMPAREF (COMPARE File) utility. The split-screen format of COMPAREF is particularly handy for this purpose, and any changes to the file are readily apparent.
While these and other utilities exist to fill access control needs, the best software must be purchased. Usage control and security systems are often incorporated into packaged software (financial software, payroll systems, etc.) or within menu-generating software. If you're involved in a high-security environment or wish to bill users for their resource usage, I recommend investigating some of the commercial offerings in this field.
I define configuration management as a method of tying the physical elements of a system (offices, users, workstations, cables, ports) to the logical elements of a system (device numbers). This process is often not as simple as it appears; there are many subtleties to the specifics of a peripheral connection and these elements change constantly.
The ideal configuration management system would allow access along several paths (device number, user location, NETMUX manufacturing ID, VS controller, device type, etc.), providing information of use for troubleshooting and changes to the configuration. In response to these needs, I'm aware of two utilities.
CONFIG: a confusing but well-intended attempt to put most of a system's devices into a single location to be more easily reviewed and modified. Like SECURE, somewhat cumbersome and limited.
GENESIS: is intended to list system configuration data in a readable form. It does not work properly with recent operating systems (6.43 and above). Obviously, more work needs to be done in this area. We who must maintain large systems rely on primitive manual accounting or create our own automated management system. I have pursued the latter approach, using a program to extract data from the listing produced by GENEDIT and to update a data base; I'll cover the results of this experiment in a later column.
Other items related to system management I have targeted for further analysis include:
Problem resolution: I envision a program to track system difficulties, calls to the Wang Regional Support Center and other indications of maintenance and service activity. Properly designed, such a system could provide the data for analysis of component failures, amount of system downtime and workload distribution.
Program version control: A means of definitively identifying the origin and history of object code. When they used it, Wang's own method of inserting version history into the object file (e.g., the information extracted by the VERSIONS utility) could have been the start of better control of program versions for all users. Unfortunately, this approach wasn't retained in the new object format (Format One), and was never used consistently even in Wang's own programs.
Performance: To date, the premier offering for performance analysis has been Wang's System Activity Monitor (SAM). SAM has power, to be sure, but few users have the background to use it properly. Wang's beginning to realize this, and recent versions have added features, such as data reduction, automatic background job release and hints like the normal limits of acceptability for each measurement SAM makes. At least one commercial vendor offers a reporting subsystem that presents SAM data in a more concise, readable form.
For more information on the products mentioned in this column, look into the following:
CONFIG, DBUGHOOK, ERASE, GENESIS, MENUGEN, NEWPASS, SCRAMBLE, SECLIST, SECURE, SMF, UNSCRAM, VOLPRINT are available from the International Society of Wang Users (ISWU). ISWU Software Library; Wang Labs
SAM III is a purchased utility available from Wang. WangDirect; Wang Labs
GENEDIT, DISKINIT, TAPEINIT, VERSIONS are Wang utilities bundled with the operating system. SPECIO is a special Assembler subroutine released in source form with the 7.13 05. CHECKSAP, COMPAREF, PASSWORD and PASSWRD2 were originally found in the USERAID or USERAIDS library.
Copyright © 1988 Dennis S. Barnes
Reprints of this article are permitted without notification
if the source of the information is clearly identified