Discover the History of Common Europe. Don’t miss the Prague Congress 2023!

/in Data Center, News/by sixe

Do you work with AIX, Linux and IBM i? Are you an IBM Power user?

Common Europe, a federation of IBM technology user associations in Europe, has been at the forefront of fostering growth and knowledge in this field for several decades. As we prepare for the Prague 2023 Congress, it is an ideal time to review the history of this magnificent institution and highlight the importance of attending this event.

History of Common Europe

Common Europe began more than six decades ago, in 1955. It began its work as a federation of IBM system user associations, and over the years, has grown into an international community. Common Europe’s goal has always been to provide a platform for learning, networking and collaboration, resulting in a steady and progressive growth in the technical skills and knowledge of its members.

Throughout its history, Common Europe has demonstrated a tireless commitment to carrying out its mission. They have worked closely with IBM and other industry leaders to provide their members with the training and support they need to take full advantage of emerging technologies and industry best practices.

Why attend the Prague 2023 Congress?

If you work with AIX, Linux and IBM i on Power, the relevance and value of the Prague 2023 Congress cannot be overemphasized. At this event, you will have the opportunity to learn from the best in the field, expand your skills and knowledge, and connect with other like-minded professionals.

The Prague 2023 Congress will feature a wide variety of workshops, training sessions and presentations addressing all aspects of these technologies, from implementation and management to the latest innovations.

We are excited to announce that several members of Common Iberia, an association of IBM users in Spain and Portugal of which SIXE is a member, will participate in the congress as speakers. His presence guarantees a valuable perspective, sharing innovative ideas and experiences in the use of AIX, Linux and IBM i on Power with many other experts from Europe and America.

In addition to us, there will also be a multitude of other experts and industry leaders present, making the Prague 2023 Congress a real opportunity for any professional looking to improve their skills and knowledge in these technologies… and above all, to strengthen and expand our large community of users.

FW update required due to vulnerability in IBM PowerVM (Power9 and Power10)

/in Data Center, News/by sixe

We would like to inform all our customers (and readers) that a bug has been identified in PowerVM that could lead to a security problem in Power9 and Power10 systems. The main risk is that a malicious actor with user privileges in a logical partition can compromise the isolation between logical partitions without being detected. This could result in data loss or unauthorized code execution on other logical partitions (LPARs) on the same physical server. Technical details can be found at https://www.ibm.com/support/pages/node/6993021

Are all Power servers at risk?

No. Only some IBM Power9 or Power10 models are at risk and always depending on their FW versions. Servers prior to Power9 and those running OP9xx firmware are not exposed to this vulnerability. There is no evidence that this vulnerability has been exploited to gain unauthorized access on any IBM client but it is always better to be safe than sorry :)

When and by whom was this vulnerability found?

The vulnerability was identified by IBM internally. A solution has already been created and thoroughly tested and was launched on May 17 at Fix Central.

What is recommended to customers?

Customers should follow the instructions in Fix Central to download and install the updated firmware.

What would be the impact for productive environments?

The main concern is the possibility of data leakage or unauthorized code running on other logical partitions of the same physical server. We have found no evidence that this vulnerability has been exploited to gain unauthorized access.

Are certain environments more vulnerable than others?

IBM cannot specify which client environments might be most at risk since access to partitions is controlled by the client. However, any environment in which privileged user access has been granted to one or more partitions should be considered potentially vulnerable. In other words, environments with a high density of LPARs, where production and test systems are mixed, are more likely to suffer from this vulnerability.

Can the patch be applied without shutting down the equipment?

The firmware containing the fix can be installed concurrently and will fix this vulnerability on all systems with the exception of a Power10 system running firmware prior to FW1010.10. In this case, the solution must be applied in a disruptive manner, requiring the server to be shut down to install the update and eliminate the vulnerability.

What types of partitions may be affected?

Any IBM Power9 or Power10 server mentioned in the security bulletin that has multiple partitions could be affected. It does not matter how these partitions were created or managed.

Is IBM’s Power Virtual Server (Power VS) environment at risk?

The vulnerability also affected the Power Systems Virtual Server offering on IBM Cloud (Power VS), but the patch has already been applied to remediate it.

Need help with preventive maintenance of your IBM Power systems?

Contact us and find out about our preventive maintenance service and 24/7 support.

First steps with the QRadar XDR API using python and Alienvault OTX

/in cybersecurity, News/by sixe

IBM QRadar XDR is a security information and event management (SIEM) platform used to monitor an organization’s network security and respond to security incidents as quickly and comprehensively as possible. While QRadar is already incredibly powerful and customizable on its own, there are several reasons why we might want to enhance it with Python scripting using its comprehensive API.

Getting started with the QRadar API

Let’s see an example of how you could use the QRadar API to get different information from its database (ArielDB) using Python. The first thing we need first is a token, which is created from Admin – > Authorized Services

Generating the python code for the QRadar API

Let’s start with something very simple, connect and retrieve the last 100 events detected by the platform.

import requests
import json

# Configura las credenciales y la URL del servidor QRadar
qradar_host = 'https://<your_qradar_host>'
api_token = '<your_api_token>'

# Define la URL de la API para obtener los eventos
url = f'{qradar_host}/api/ariel/searches'

# Define los encabezados de la solicitud
headers = {
'SEC': api_token,
'Content-Type': 'application/json',
'Accept': 'application/json'
}

# Define la consulta AQL (Ariel Query Language) para obtener los últimos 100 eventos
query_data = {
'query_expression': 'SELECT * FROM events LAST 100'
}

# Realiza la solicitud a la API de QRadar
response = requests.post(url, headers=headers, data=json.dumps(query_data))

# Verifica que la solicitud fue exitosa
if response.status_code == 201:
print("Solicitud de búsqueda enviada correctamente.")
search_id = response.json()['search_id']
else:
print("Error al enviar la solicitud de búsqueda:", response.content)

In this example, replace <your_qradar_host> with the host address of your QRadar server and <your_api_token> with the API token you obtained from your QRadar instance.

This code will prompt QRadar to run a search of the last 100 events. The response to this search request will include a ‘search_id’ which you can then use to retrieve the search results once they become available. You can change this query to any of the queries available in the
guide provided by IBM to get the most out of
 to get the most out of QRadar’s Ariel Query Language

Detecting malicious IPs in QRadar using AlienVault OTX open sources

While in QRadar we have X-Force as a pre-defined module to perform malicious IP lookups and integrate them into our rules, for a multitude of reasons (including the end of the support / SWMA payment to IBM) we may want to use open sources to perform these types of functions. A fairly common example that we talk about in our courses and workshops is maintaining a series of data structures updated with “malicious” IPs obtained through open cybersecurity data sources.

Using the QRadar API, we can create python code to create a rule that constantly updates a reference_set that we will later use in different rules.

To achieve what you are asking for, you would need to break it down into two steps.

  1. First, you would need an open source security intelligence source that provides a list of malicious IPs. A commonly used example is the AlienVault Open Threat Exchange (OTX) malicious IP list just mentioned.
  2. Then, we will use the QRadar API to update a reference set with that list of IPs.

Programming it in Python is very simple:

First, download the malicious IPs from the open source security intelligence source (in this case, AlienVault OTX):

import requests
import json

otx_api_key = '<your_otx_api_key>'
otx_url = 'https://otx.alienvault.com:443/api/v1/indicators/export'

headers = {
'X-OTX-API-KEY': otx_api_key,
}

response = requests.get(otx_url, headers=headers)

if response.status_code == 200:
malicious_ips = response.json()
else:
print("Error al obtener las IPs maliciosas:", response.content)

We then use the QRadar API to update a reference set with those IPs:

qradar_host = 'https://<your_qradar_host>'
api_token = '<your_api_token>'
reference_set_name = '<your_reference_set_name>'

url = f'{qradar_host}/api/reference_data/sets/{reference_set_name}'

headers = {
'SEC': api_token,
'Content-Type': 'application/json',
'Accept': 'application/json'
}

for ip in malicious_ips:
data = {'value': ip}
response = requests.post(url, headers=headers, data=json.dumps(data))

if response.status_code != 201:
print(f"Error al agregar la IP {ip} al conjunto de referencia:", response.content)

The next and last step is to use this reference set in the rulers we need .

Want to know more about IBM QRadar XDR?

Consult our services of sales, deployment, consultingandofficial training.

IBM QRadar SIEM/XDR courses updated to version 7.5.2! Including SOAR, NDR and EDR features of QRadar Suite

/in cybersecurity, News/by sixe

We are pleased to announce that all of our IBM QRadar SIEM / XDR courses have been upgraded to version 7.5.2. In this new release, powerful SOAR, NDR and EDR features have been incorporated within the QRadar Suite, providing our students with an even more comprehensive and up-to-date learning experience with a mid-term view of the technology through CloudPak for Security IBM’s new disruptive cybersecurity products that are on the way.

IBM QRadar XDR is the market-leading information security solution that enables real-time security event management and analysis. With its ability to collect, correlate and analyze data from multiple sources, QRadar SIEM provides organizations with a comprehensive view of their security posture and helps them effectively detect and respond to threats.

In QRadar SIEM / XDR version 7.5.2, three key features have been introduced that further extend the capabilities of the platform:

  1. SOAR (Security Orchestration, Automation and Response): This feature enables the automation of security tasks and response orchestration, which streamlines and optimizes incident detection and response processes. With SOAR, organizations can automate workflows, investigate incidents more efficiently and take quick and accurate action to contain and mitigate threats.
  2. NDR (Network Detection and Response): With the NDR feature, QRadar SIEM / XDR expands its ability to detect network threats. This feature uses advanced network traffic analysis algorithms to identify suspicious behavior and malicious activity. By combining network threat detection with event correlation and security logs, QRadar SIEM / XDR provides comprehensive visibility into threat activity across the entire infrastructure.
  3. EDR (Endpoint Detection and Response): The EDR feature enables threat detection and response on endpoint devices, such as desktops, laptops and servers. With EDR, QRadar SIEM / XDR continuously monitors endpoints for indicators of compromise, malicious activity and anomalous behavior. This helps to quickly identify and contain threats that might go undetected by traditional security solutions.

At Sixe, we are committed to providing our students with the most up-to-date and relevant knowledge in the field of cybersecurity. The upgrade of our IBM QRadar SIEM / XDR courses to version 7.5.2, along with the addition of SOAR, NDR and EDR features from QRadar Suite, allows us to provide a comprehensive learning experience that reflects the latest trends and developments in the field of information security.

If you are interested in learning about QRadar SIEM / XDR and taking advantage of all these new features, we invite you to explore our updated courses:

You can also ask us for customized training or consulting, as well as technical support and support with your QRadar projects.

Sealpath IRM: we discuss native integrations and its on-premises and SaaS (cloud) options.

/in cybersecurity, News/by sixe

Over the past few years, Sealpath has worked hard to provide native integrations with several popular and widely used tools in enterprise environments to facilitate adoption and improve efficiency in data protection and intellectual property. Some of these tools are mentioned below. Below is an updated list of the products 100% compatible with Sealpath IRM that we at Sixe have tested and which are already enjoyed by many customers around the world.

Sealpath main integrations through optional modules

All these modules are available in on-premises (local installation) or cloud (SaaS) format.

  1. Sealpath for RDS: This module allows working in remote desktop or Citrix environments that require a single installer per terminal server.
  2. Sealpath for File Servers and SharePoint: Allows the automatic protection of folders in file servers, SharePoint, OneDrive, Alfresco and other documentation repositories.
  3. Automatic Protection for Exchange: Provides automatic protection of message bodies and attachments in Microsoft Exchange according to specific rules.
  4. AD/LDAP Connector: Enables integration with Active Directory or LDAP in a SaaS system.
  5. SealPath for Mobile Devices: Provides access to protected documentation through the SealPath Document Viewer app or Microsoft Office Mobile on iOS, Android or Mac OSX mobile devices.
  6. Platform customization: Includes the ability to customize the appearance of email invitations, user and administrator portals.
  7. Multi-organization: Offers the possibility of having more than one “host” or sub-organization linked to the same company. Ideal for large corporate groups or government offices with different types of hierarchies or very complex organizational charts.
  8. DLP Connectors: Enables automatic protection of information based on rules configured in Symantec, McAfee and ForcePoint DLP, which are the solutions we like the most in this sector.
  9. SealPath Sync Connector: Facilitates offline access to a large number of files stored in certain folders on a user’s device.
  10. Protection Based Classification Connector: Enables automatic protection of documents classified by an information classification solution that includes tags in the file metadata.
  11. SealPath Secure Browser: Enables viewing and editing of protected documents in the web browser.
  12. SealPath SDK (.Net, REST, command-line): Allows the use of SealPath SDK in REST, .Net or command-line format for the integration of protection with certain corporate applications.

As you can see, there is no shortage of modules and add-ons that extend the capabilities of the main Sealpath IRM solution, allowing organizations to adapt protection and access control to their specific needs… and above all, without having to change the way they work or the products they already use.

Do we deploy it or use SaaS mode)?

This is the second major customer question. Sealpath IRM offers two deployment modes: Software as a Service (SaaS) and On-Premises. Both options offer the same functionality and data protection, but differ in the way they are hosted and managed. The main differences between the two modalities are presented below:

  1. Hosting and infrastructure management:

  • Sealpath SaaS: In the SaaS mode, the infrastructure and servers are hosted and managed by Sealpath in the cloud. This means that customers do not need to worry about server maintenance, upgrades and security, as these aspects are Sealpath’s responsibility.
  • Sealpath On-Premises: In the On-Premises option, the infrastructure and servers are deployed and managed within the client’s facilities or in its own private cloud environment. This gives customers greater control over the location and access to their data, but also means they must manage and maintain the servers themselves.

  1. Integration with Active Directory and LDAP:

  • Sealpath SaaS: In the SaaS version, customers can integrate Sealpath with their Active Directory or LDAP systems using the AD/LDAP connector. This connector allows synchronizing users and groups with the Sealpath system and facilitates the administration of permissions and access policies.
  • Sealpath On-Premises: In the On-Premises version, integration with Active Directory or LDAP is integrated by default and it is not necessary to purchase an additional connector.

  1. Licensing of additional modules:

  • Sealpath SaaS: Some modules, such as SealPath for Mobile Devices, are included in the SaaS version at no additional cost.
  • Sealpath On-Premises: In the On-Premises option, these modules must be purchased separately according to the organization’s needs.

  1. Platform customization:

  • Sealpath SaaS: Customization of the look and feel of the platform (colors, logos, etc.) may be limited compared to the On-Premises option, since it is based on a shared environment in the cloud.
  • Sealpath On-Premises: The On-Premises option allows for greater customization of the platform, since it is hosted in a dedicated environment controlled by the client.

The choice between Sealpath SaaS and On-Premises depends on the organization’s needs and preferences in terms of control over infrastructure, costs and ease of administration. Both options provide robust protection and the same functionality for controlling access to confidential information and intellectual property. Unlike Microsoft and other competitors, customers are not forced to use one model or another, because only they know what is best for them.

Interested in Sealpath IRM?

Request a no-obligation demonstration

Sealpath IRM in the industrial design sector: Strengthening project management and protecting intellectual property

/in cybersecurity, News/by sixe

Industrial design is a highly competitive sector in which intellectual property plays a crucial role. Project managers in industrial design companies face challenges in managing sensitive information and protecting intellectual property. Sealpath’ s Information Rights Management (IRM) solution can be of great help in these cases and ensure the protection of critical information and successful project management.

The following are some of the ways in which Sealpath IRM can help companies engaged in industrial design and whose value depends on the proper protection of their intellectual property.

Intellectual property protection in CAD files and other documents

Computer Aided Design (CAD) files and other technical documents contain valuable information about a company’s products and designs. Sealpath IRM allows you to protect this sensitive data through encryption and access control, ensuring that only authorized users can access, edit and share files.

Secure collaboration with suppliers and customers

In the industrial design sector, collaboration between suppliers, customers and other stakeholders is essential for the success of projects. Sealpath IRM allows you to securely share files and control access to information, even after documents have been shared outside the organization. This ensures that intellectual property is protected throughout the collaboration process.

File usage tracking and auditing

Sealpath IRM provides a detailed log of file usage, including who accessed the files, when and from where. This allows project managers to monitor the use of confidential information and detect possible security breaches or misuse of intellectual property.

Facilitating regulatory compliance

The industrial design sector may be subject to various regulations and standards related to intellectual property protection and data privacy. Sealpath IRM facilitates compliance with these regulations by ensuring that confidential information is protected and accessible only to authorized users.

Integration with project management tools and CAD software

Sealpath IRM can be easily integrated with existing project management tools and CAD software, allowing project managers to protect intellectual property without disrupting existing workflows. This facilitates solution adoption and improves project management efficiency.

Integration with other business tools

In conclusion, Sealpath IRM is a valuable tool for companies dedicated to industrial design. By protecting intellectual property and facilitating secure collaboration, the solution can improve project management efficiency and ensure success in a highly competitive industry. These include:

  1. Microsoft Office: Sealpath offers native integration with Microsoft Office applications such as Word, Excel, PowerPoint and Outlook. This allows users to easily protect their documents, spreadsheets and presentations, as well as control access and share them securely via e-mail.
  2. Microsoft SharePoint and OneDrive: Integration with Microsoft SharePoint and OneDrive makes it easy to protect and control access to files stored in these cloud storage and collaboration platforms.
  3. Microsoft Teams: Sealpath integrates with Microsoft Teams to guarantee the protection of information shared in chats and collaboration channels. This integration allows users to apply protection policies directly from Teams and control access to shared documents.
  4. Google Workspace (formerly G Suite): Sealpath integrates with Google Workspace to protect documents, spreadsheets and presentations created and stored in Google Drive. Users can apply protection policies and control access to their files directly from Google Workspace applications.
  5. Alfresco: Sealpath offers native integration with the Alfresco enterprise content management system. This allows users to protect and control access to documents and files stored in the Alfresco repository.
  6. Box: Sealpath’s integration with Box allows users to protect and control access to files stored in this cloud storage platform. Users can apply protection and monitoring policies directly from the Box interface.
  7. Salesforce: Sealpath integrates with Salesforce to protect confidential information stored in the CRM platform. Users can apply protection policies and control access to data directly from Salesforce, ensuring the security of customer information and intellectual property.

Interested in the solution?

Contact us and request
request a demonstration right now

The most common mistakes when refurbishing or acquiring storage

/in Data Center, News/by sixe

Five years have passed and it is time to renew the storage. What are the most common errors?

The renewal of enterprise storage systems is a critical, complex and costly decision that should be approached with great care. It is common for mistakes to be made when planning and carrying out this type of project and in this article, we will discuss those that we encounter most frequently in our new clients.
in our new clients
.

1. Incorrect sizing

One of the most common mistakes when renewing enterprise storage is to underestimate or overestimate the capacity (in TB, throughput and response time) of storage needed. Incorrect sizing can result in underinvestment or overinvestment in enterprise storage. We all know that an NVMe solution is faster than an SSD solution, but do we need it? And for 100% of the data? At what price? Are the servers capable of reaching the bandwidth allowed by the cabin? (hint: in 95% of the cases no). But of course, in order to know this, it is advisable to carry out a previous sizing or audit, which has a very small cost in comparison with the acquisition of the cabins and what we can save. Hurries and offers for tomorrow are not good traveling companions in this type of projects.

Failure to forecast the cost for at least 5 years.

One of our customers purchased cabins from one of our favorite manufacturers years ago. It was extremely powerful and the price was very attractive. Two years later, they wanted to add records (they bought it with the bare minimum) and the list price of the records exceeded one million euros. Moreover, all the exercises showed that it was more economical to buy a new, lower-end cabin with more than enough performance and storage than to expand the existing one. Absurd? No, a very common commercial malpractice among companies without their own technical staff. Just as we get printers for free, similar things happen with many other HW components. Switches that are licensed per activated port, firewalls whose price varies according to the users that connect and thousands of other tricks to hide the costs in the medium and long term, as well as the dependencies generated and the obligation to buy additional servers and cabins every few years. Although all manufacturers do it, with the right advice it is often possible to turn it around and at the time of purchase to get at a very interesting price everything we need while the machine works.

3. Not knowing the life cycle of the machines (how long they will be maintained).

Another common mistake is not understanding the life cycle of the machines and not knowing how long maintenance services will be available. It is essential to take into account the useful life of the disk cabins and the availability of technical support and maintenance services in the medium and long term. Many times systems at the end of their marketing cycle are heavily discounted… but also during their launch. The latter allows us to use them for a much longer period of time, significantly reducing the annual cost. If we buy a booth that is going to be withdrawn from marketing soon, it may be that when we have put it into operation it will only have the minimum years of support left and after 5 years the only alternative is to support it ourselves, order the failed parts from international brokers or buy a new one. If we have purchased a system that has been on the market for a short time (but long enough for others to have tested it and experienced its first failures) it will be easy to extend the maintenance for 6, 7 or even 10 years, which is usually the top of its usual life cycle. Sales people from non-technical companies will tell you “you couldn’t tell” or that “it’s IBM / HP / Dell / Hitachi’s fault” but it’s not true. We have to know what we are selling and inform our customers in an honest way about the pros and cons of each new infrastructure we propose to acquire.

4. Not knowing the compatibility matrices with the operating systems.

Another common mistake is not considering the compatibility of enterprise storage with existing operating systems. It is essential to ensure that the storage is compatible with existing operating systems and that if we must upgrade, we do so prior to the implementation of the new storage. This is especially relevant when operating systems are out of support due to lack of preventive maintenance service. Maybe the new booth supports Red Hat or Windows, but not the production version because all new hardware requires drivers that would rarely exist before. Time travel doesn’t exist for operating systems either, and a 2008 Windows is likely to have compatibility issues with a 2023 cockpit.

5. Failure to anticipate the impact of migrations from existing production environments.

Finally, another common mistake is not anticipating the impact of migrations of existing systems on the storage we have renovated. It is important to carefully evaluate the existing systems to be migrated and understand how they will be integrated into the new storage solution, who will handle these professional services and what impact they will have on our organization or business.

6. Not having a trained technical team or L2-L3 support to call upon.

Many customers buy storage systems but do not have the time to be trained on them and do not have external technical support services to turn to, thinking that in case of any problem they can turn to the manufacturer because they already pay for support for these systems, when this is not always the case, especially if the system is working properly and the problem, although closely related, is something else.

7. Relying on companies that do not have technical teams and whose business is based on high margins on SW and HW sales.

Unlike our competitors, at Sixe Ingeniería we will always be on the side of our customers, because we live mainly from training, consulting and technical support. Services that we complement with the sale of HW that we normally help to maintain, so we are the main interested parties in ensuring that the solutions are ideal in the medium and long term. In addition, as a reference partner of IBM and Lenovo, we can offer you significant discounts, we know most types of critical environments very well and we are technology agnostic, although we have our preferences based on our experience. Contact us!

sap ha

IBM Power10 servers for SAP HANA at unbeatable prices

/in Data Center, News/by sixe

IBM has released its latest offering on high-performance Power10 servers for SAP HANA, which is based on its range of single and dual-socket servers with between 2TB and 6TB of RAM at discounts of nearly 50%.

SAP HANA works thanks to a design where the real-time processing and analysis of large volumes of data is performed entirely in memory, guaranteeing a much improved performance compared to classic SAP environments. HANA helps companies around the world manage critical data and make business decisions based on accurate, real-time information.

What does IBM Power10 bring to the table?

IBM Power10 is the first server to offer native support for SAP HANA, making it an attractive option for companies looking to deploy this platform. With its ability to handle large volumes of data and perform real-time analysis, the Power10 can significantly improve the efficiency and effectiveness of business operations.

Read more

“The salesperson tricked me” or why you need a Technology Radar service.

/in cybersecurity, News/by sixe

The title of this article, “The salesperson tricked me,” is one of the most common beginnings of our conversations with new customers. Large projects with little return, if not omitting key information that if known would have changed the course of strategic technology decisions. Incredible specifications where someone forgets about the professional services necessary for the solution to be implemented, or the correct training of the personnel who will operate it in the coming years. Read more

Alma & CentOS Linux on IBM Power servers

/in News/by sixe

Over the past two years, the CentOS project, a community Linux distribution based on and binary compatible with Red Hat, has undergone continuous changes. As with other free software projects, this popular (and stable) distribution, used by companies and organizations around the world, became a “development version” of Red Hat Enterprise Linux. The same goes for oVirt vs RHEV or Foreman + Katello vs Satellite. In return, Red Hat offers free licenses for small deployments and has expanded educational subscription options.

What happens with CentOS Stream?

It is not that CentOS Stream is no longer stable, or that its users unwittingly become beta-testers . of Red Hat Enterprise, but fundamental aspects were changed. Until now, when Red Hat released version X, a few months later, the same versions of the same packages were compiled, creating a “clone” with the same functionality for those who did not need enterprise-level support. This is no longer the case (updates and changes become more frequent) and, all over the world, users are wondering what to do. CERN in Switzerland, for example, has decided to stay with CentOS Stream for the time being. Perhaps because it is better the devil you know than the devil you don’t… but that’s another story.

In parallel, Ubuntu, Red Hat and SUSE offer all their repositories for x86 but also for ARM and ppc64le (Linux on IBM Power), so we were very interested in testing if these new CentOS heir distributions were being compiled for these architectures and if we could migrate to them from CentOS Stream. If so, we believe it could be a good incentive for customers who have (or are considering acquiring) IBM Power servers to give this technology a chance, which, if deployed successfully, not only achieves much better performance per core, but also greatly reduces licensing costs and the hours required for technical maintenance.

Alma vs CentOS, Rocky and Oracle Linux

In this table we have the distributions based on Red Hat that we can (or will) install on IBM Power, and their fundamental characteristics.

Benchmarking against RHEL AlmaLinux Oracle Linux Rocky Linux CentOS Stream CentOS Linux
Available from March 2021 2006 June 2021 2019 2004
1:1 binary compatibility with RHEL Yes Nearly *
(changes in glibc, openssl…)		 Yes ACG limits apply. Yes
Updates every Daily Daily Daily RHEL Upstream Daily
Life Cycle 10 Years 10 Years 10 Years 5 Years EOL on 2021-12-31
Commercial support Third parties Oracle, third parties Third parties Third parties Third parties
PowerPC support Yes Yes Not yet Yes Yes
Support for s390x Not yet To be decided To be decided Yes Yes
Property of: AlmaLinux OS Foundation Oracle Inc Rocky Enterprise Software Foundation Red Hat Inc Red Hat Inc
Type of owner’s organization Non-Profit 501(c)6 For Profit C-Corp For Profit, Public Benefit Corp For Profit C-Corp For Profit C-Corp

As you can see, if we are looking for an alternative to CentOS Linux for Power, AlmaLinux seems to be the most interesting option and with 10 years of updates in each version.

Testing AlmaLinux (ppc64le)

In order to write this article we have done two types of tests. The first one was to install AlmaLinux from the AlmaLinux DVD on a Power8 server. As you can see, beyond booting from the LPAR SMS, the installation is the same as on an x86 system.

What if we want to migrate from CentOS Stream to AlmaLinux?

There is a script that you can download here, which we downloaded in a second environment with a freshly updated CentOS Stream.

$ wget https://raw.githubusercontent.com/AlmaLinux/almalinux-deploy/master/almalinux-deploy.sh

It is necessary to edit this script before executing it

$ vi almalinux-deploy.sh

And modify the next line, where it verifies the architecture because ppc64le IS SUPPORTED and we have all the software packages available (we are going to check it).

Next we run the script, which you will probably need to launch with the -d option to downgrade from the current version of CentOS Stream to AlmaLinux 8.X (it will always be somewhat older than the latest CentOS Stream).

 

And then you can install epel-release and the rest of the repositories with additional software as you would in any x86 environment.

Being an IBM Power environment, it is advisable to install the software packages that add functionality (based on AIX commands) to be able to correctly manage all the HW, access the HMC console and be able to make configuration changes without rebooting the systems.

$ yum install wget
$ wget ftp://public.dhe.ibm.com/software/server/POWER/Linux/yum/download/ibm-power-repo-latest.noarch.rpm
$ rpm -ivh –nodeps ibm-power-repo-latest.noarch.rpm

Here, once again, you have to edit the configuration script to make it work in AlmaLinux. You will see that there is an exit 1 if it is not centos/suse/redhat that we are going to modify to look like this

$ vi /opt/ibm/lop/configure

$ chmod +x /opt/ibm/lop/configure

$ /opt/ibm/lop/configure

Install the epel repository (contains a lot of additional software)

$ yum install epel-release

And we can see how the new repositories are already active

$ yum repolist

migra

We download the PowerVM utilities for the Linux LPAR to be managed from the HMC.

$ yum install src ksh rsct.core devices.chrp.base.ServiceRM DynamicRM

And restart the RMC services (which are used to add or remove memory and cpu dynamically).

$ /usr/bin/rmcctrl -z
$ /usr/bin/rmcctrl -A
$ /usr/bin/rmcctrl -p

The final test

We are going to use a script of several lines to deploy a web server, database and a WordPress site.

$ wget https://github.com/UncleDan/linux-scripts/blob/master/wordpress-centos8.sh

$ bash wordpress-centos8.sh

We entered our IP with the browser and Wodpress worked! This is something that two years ago we could not say would work with this security. We are happy to see that a lot of progress has been made and that ppc64le application support is becoming more extensive and complete. We encourage you to try it out without the need to invest in new licenses.

What other applications and services can we deploy on Linux on IBM Power?

To finish this article we leave you a list of applications available in OpenShift for Power and that are therefore fully supported in any Red Hat based distribution, such as AlmaLinux and CentOS. What are you waiting for to try it?

Operating systems under containers (docker / runC)

+ Red Hat
+ CentOS
+ SUSE
+ BusyBox
+ AlpineLinux
+ Ubuntu
+ Debian

Middleware

+ WebSphere Liberty
+ Open Liberty
+ Apache Tomcat
+ ActiveMQ
+ JBoss
+ WildFly
+ RabbitM
+ WordPress

Languages

+ Jenkins
+ Ansible
+ Kubernetes
+ Red Hat OpenShift
+ Gradle
+ Maven
+ Terraform
+ Travis CI
+ Python
+ Java
+ PHP
+ GoLang
+ OpenJDK
+ NodeJS
+ R
+ Ruby

 

Databases

+ MongoDB
+ Redis
+ MySQL
+ Cassandra
+ MariaDB
+ PostgreSQL
+ Memcached
+ IBM Db2

Analytics & AI

+ Grafana
+ Kibana
+ Elasticsearch
+ Logstash
+ Fluentd
+ Kafka
+ IBM Watson Studio
+ IBM Watson ML

Storage

+ Container Storage Interface
+ IBM Spectrum Virtualize
+ IBM PowerVC CSI Driver
+ NFS

Communications

+ Prometheus
+ Nginx
+ Apache HTTP Server
+ ZooKeeper
+ HAP oxy
+ etcd

 

SIXE
×