Not Good Enough

We have an IBM Blade Center with two Management Modules, two Nortel Ethernet switches and two Brocade Fibre Channel switches.

The Management modules are used to provide the I/O Modules (the Ethernet and Fibre Channel switches) with basic network configuration (IP address, etc.). The rest of the configuration of the I/O Modules is done directly on the modules themselves (i.e. via telnet or a web browser and Java).

We have had an issue with the Blade Center where after an outage the external ports on the I/O Modules come up disabled. I had to connect to each of the modules and enable to external ports. Now, the first time this happened I assumed that some twit (me) had forgotten to save the configuration of the I/O Modules. So, of course I made extra sure that I saved the configuration.

The next outage we had the same thing happened. The external ports where disabled. However, it was obvious that the configuration had been saved because all the other settings (VLANs, etc.) were correct.

Later I discovered by accident that there’s a setting in the Management Module that overrides the I/O Modules. This setting is tucked away in the Admin/Power/Restart screen when all other configuration is access via the Configuration screen (or by connecting to the modules directly). And it seems that this setting defaults to disabled (although I can’t confirm that):

I/O Modules Advanced Setup

Now, I can perhaps think of a reason for allowing the Management Module to override the I/O Modules (maybe – if you want to disable all external I/O to a particular module, although we can do that by connecting to the modules themselves, the place where we would normally configure them). But why default to disabled? And if we enable the ports on the I/O modules themselves, shouldn’t the above setting also change to enabled?

It’s just not good enough!

Ah IBM. Their Remote Supervisor Adapter II allows for the creation of up to 12 login ids. The problem is, when you create a password it doesn’t tell you if the password is too long. From trial and error, it seems that the maximum password length is 15 characters. I’ve looked at the source code of the page and I can see that the password field is restricted to that many characters (perhaps I should have saved myself a lot of trail and error testing by looking at the source first):

RSA II Password Length - HTML Code

Now 15 characters isn’t that bad (plenty of systems allow only 8 and it seems one UK bank only allows six). The problem is that it lets you think you have created a password with more than 15 characters – but it only stores the first 15 characters. So, if you set your password to a123456789012345 you can’t login using that password (however, you can login using a12345678901234). Imagine the consequences if this is the only log in account, and you don’t realise the 15 character limit.

Surely it couldn’t have been that hard for the programmer creating the page to have done a basic check and popped up an error message if the password is too long. After all a message does appear if the password doesn’t contain both alphabetic and non alphabetic characters:

RSA II Password Error

So, if they can pop up an error when the password isn’t complex then why can’t they pop up an error when the password is too long.

It’s just not good enough!