Home Page Icon
Home Page
Table of Contents for
D. Auto-Negotiation White Paper
Close
D. Auto-Negotiation White Paper
by Charles Keenan
HP-UX CSE Official Study Guide and Desk Reference
Copyright
Dedication
Hewlett-Packard® Professional Books
PREFACE
HP-UX CSE: ADVANCED ADMINISTRATION
HP-UX CSE: HIGH AVAILABILITY WITH HP-UX SERVICEGUARD
HP-UX CSE: NETWORKING AND SECURITY
Acknowledgments
ONE. Managing HP-UX Servers
ONE. An Introduction to Your Hardware
1.1. Key Server Technologies
1.2. Processor Architecture
1.3. Virtual Memory
1.4. The IO Subsystem
1.5. The Big Picture
1.6. Before We Begin…
REFERENCES
TWO. Partitioned Servers: Node Partitions
2.1. A Basic Hardware Guide to nPars
2.1.1. A cell board
2.1.2. The IO cardcage
2.1.3. The Core IO card
2.1.4. System backplane
2.1.5. How cells and IO cardcages fit into a complex
2.1.6. Considerations when creating a complex profile
2.1.7. The Utility Subsystem
2.1.8. The GSP
2.1.8.1. THE COMPLEX PROFILE AND THE GSP
2.1.8.2. INVESTIGATING THE CURRENT COMPLEX PROFILE
2.1.9. Other complex related GSP tasks
2.1.10. IO Cardcage slot numbering
2.1.10.1. HP-UX HARDWARE ADDRESSING ON A NODE PARTITION
2.2. The Genesis Partition
2.2.1. Ensure that all cells are inactive
2.2.2. Creating the Genesis Partition
2.2.2.1. BOOT ACTIONS
2.3. Cell Behavior During the Initial Boot of a Partition
2.4. Partition Manager
2.4.1. Modifying existing partitions
2.4.1.1. REMOVING AN ACTIVE CELL FROM AN ACTIVE PARTITION
2.4.1.2. REMOVING AN INACTIVE CELL FROM A PARTITION
2.4.2. Adding a cell to a partition
2.4.3. Deleting a partition
2.5. Other Boot-Related Tasks
2.5.1. Reboot/Halt a partition
2.5.2. Reboot-for-reconfig a partition
2.5.3. Reset a partition
2.5.4. Instigate a crashdump in a hung partition
2.5.5. Boot actions
2.5.6. Powering off components
Chapter Review
Test Your Knowledge
Answer to Test Your Knowledge Questions
Chapter Review Questions
Answers to Chapter Review Questions
THREE. Partitioned Servers: Virtual Partitions
3.1. An Introduction to Virtual Partitions
3.2. Obtaining the Virtual Partitions Software
3.3. Setting Up an Ignite-UX Server to Support Virtual Partitions
3.4. Planning Your Virtual Partitions
3.5. Creating the vPar Database
3.6. Booting a Newly Created vPar from an Ignite-UX Server
3.7. Managing Hardware within a Virtual Partition
3.7.1. Adding/removing cells to an nPar running vPars
3.8. Rebooting vpmon
3.9. Interfacing with the Virtual Partition Monitor: vpmon
3.10. Changing Partition Attributes
3.10.1. Changing configuration attributes
3.10.2. Changing boot-related attributes
3.11. Resetting a Virtual Partition
3.12. Removing a Virtual Partition
3.13. Turning Off Virtual Partition Functionality
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
FOUR. Advanced Peripherals Configuration
4.1. Reorganizing Your IO Tree
4.1.1. Consider making a System Recovery Tape
4.1.2. Collect IO trees from all nodes concerned
4.1.3. Decide on the format of the standardized IO tree
4.1.4. Document current device file → hardware path mapping
4.1.5. Establish which system and user applications use current device files
4.1.6. Create an ASCII file representing the new IO tree
4.1.7. Shut down the system(s) to single user mode
4.1.8. Apply the new IO tree configuration with the ioinit command
4.1.9. Reboot the system to single user mode
4.1.10. Check that all new device files are created correctly
4.1.11. Rework any user or system applications affected by the change in device file names
4.1.12. Remove all old device files
4.2. Disk Device Files in a Switched Fabric, Fibre Channel SAN
4.3. Online Addition and Replacement: OLA/R
4.3.1. Replacing a failed PCI card
1. IDENTIFY THE FAILED PCI CARD
2. PERFORM CRITICAL RESOURCE ANALYSIS ON THE AFFECTED PCI CARD
3. TURN ON THE ATTENTION LIGHT FOR THE AFFECTED PCI CARD SLOT
4. CHECK THAT THE AFFECTED PCI SLOT IS IN ITS OWN POWER DOMAIN
5. CHECK THAT THE AFFECTED PCI CARD IS NOT A MULTI-FUNCTION CARD
6. RUN ANY ASSOCIATED DRIVER SCRIPTS BEFORE SUSPENDING THE DRIVER
7. SUSPEND THE KERNEL DRIVER FOR THE AFFECTED PCI SLOT
8. TURN OFF THE POWER TO THE AFFECTED PCI SLOT
9. REPLACE THE PCI CARD
10. TURN ON THE POWER TO THE PCI SLOT
11. RUN ANY ASSOCIATED DRIVER SCRIPTS BEFORE RESUMING THE DRIVER
12. RESUME THE DRIVER FOR THE PCI SLOT
13. CHECK FUNCTIONALITY OF THE NEWLY REPLACED PCI CARD
14. TURN OFF THE ATTENTION LIGHT FOR THE AFFECTED PCI SLOT
4.3.2. Adding a new PCI card
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
FIVE. Disks and Volumes: RAID Levels and RAID Parity Data
5.1. RAID Levels
5.2. RAID Parity Data
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
SIX. Disks and Volumes: LVM
6.1. LVM Striping (RAID 0)
6.2. LVM Mirroring (RAID 1)
6.2.1. PVG-strict
6.2.2. Mirroring vg00
6.2.3. Lose a disk online, but have it replaced while the system is still running
6.2.4. Lose a disk, and sustain a reboot before the disk can be replaced
6.2.5. Spare volumes
6.2.6. Conclusions on mirroring
6.3. Alternate PV Links
6.4. Exporting and Importing Volume Groups
6.5. Forward Compatibility with Newer, Larger Capacity Disk Drives
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
SEVEN. Disks and Volumes: Veritas Volume Manager
7.1. Introducing Veritas Volume Manager
7.2. VxVM Striping (RAID 0)
7.3. VxVM Mirroring (RAID 1)
7.4. VxVM Striping and Mirroring (RAID 0/1 and 1/0)
7.5. Faster Mirror Resynchronization after a System Crash
7.6. VxVM RAID 5
7.7. Recovering from a Failed Disk
7.8. Using Spare Disks
7.9. VxVM Snapshots
7.10. VxVM Rootability
7.11. Other VxVM Tasks
7.11.1. Deport and import of a disk group
7.11.2. Dynamic relayout
7.11.3. LVM to VxVM conversion
7.11.4. Dynamic Multipathing (DMP)
7.11.5. VxVM diagnostic commands
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
EIGHT. Filesystems: HFS, VxFS, and the VFS Layer
8.1. Basic Filesystem Characteristics
8.1.1. Large files
8.2. HFS Internal Structure
8.3. Tuning an HFS Filesystem
8.3.1. Filesystems containing only a few large files
8.3.2. Resizing an HFS filesystem
8.3.3. Symbolic and hard links
8.4. HFS Access Control Lists
8.5. VxFS Internal Structures
8.6. Online JFS Features
8.6.1. Upgrading an older VxFS filesystem
8.6.2. Converting an exiting HFS filesystem to VxFS
8.6.3. Online resizing of a filesystem
8.6.4. Online de-fragmentation of a filesystem
8.6.5. Logging levels used by the intent log
8.6.6. Setting extent attributes for individual files
8.7. Tuning a VxFS Filesystem
8.7.1. Additional mount options to affect IO performance
8.7.2. Buffer cache related options (mincache=)
8.7.3. Controlling synchronous IO (convosync=)
8.7.4. Updating the /etc/fstab file
8.8. VxFS Snapshots
8.9. Navigating through Filesystems via the VFS Layer
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
REFERENCES
NINE. Swap and Dump Space
9.1. Swap Space, Paging, and Virtual Memory Management
9.1.1. The virtual memory system
9.2. How Much Swap Space Do I Need?
9.2.1. Reserving swap space
9.2.2. When to throw pages out
9.2.3. So how much swap space should I configure?
9.3. Configuring Additional Swap Devices
Chapter Review on Swap Space
9.4. When Dump Space Is Used
9.5. Including Page Classes in the Crashdump Configuration
9.6. Configuring Additional Dump Space
9.7. The savecrash Process
9.8. Dump and Swap Space in the Same Volume
Chapter Review on Dump Space
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
REFERENCES
TEN. Monitoring System Resources
10.1. Dynamic Kernel Configuration and Monitoring
10.1.1. Dynamically Loadable Kernel Modules (DLKM)
10.1.1.1. STATIC OR DYNAMIC
10.1.2. Dynamically Tunable Kernel Parameters (DTKP)
10.1.3. Monitoring kernel resource with kcweb
10.2. Monitoring General System Activity and Events
10.2.1. syslogd
10.2.1.1. MANAGING SYSLOG LOGFILES
10.2.2. The Event Monitoring System (EMS)
10.2.3. Support Tools Manager (STM)
10.3. Was It a PANIC, a TOC, or an HPMC?
10.3.1. An HPMC
10.3.2. A TOC
10.3.3. A PANIC
10.3.4. Storing a crashdump to tape
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
ELEVEN. Processes, Threads, and Bottlenecks
11.1. Defining Processes and Threads
11.1.1. Tools to monitor processes
11.1.2. Processes and threads
11.1.3. Managing threads
11.1.4. Viewing threads
11.2. Process Life Cycle
11.3. Context Switches and Timeslices
11.4. Process/Thread Priorities and Run Queues
11.4.1. Scheduling policies and run queues
11.5. Multiprocessor Environments and Processor Affinity
11.5.1. cc-NUMA and other deviants
11.5.2. The mpctl() system call and processor affinity
11.5.3. Processor Sets
11.5.4. Concurrency in multiprocessor environments
11.6. Memory Requirements for Processes/Threads
11.6.1. Locating private and shared data
11.7. Memory Limitations for 32-bit Operating Systems, magic Numbers, and Memory Windows
11.7.1. Program magic numbers
11.7.2. Memory windows
11.8. Performance Optimized Page Sizes (POPS)
11.8.1. POPS using vps_ceiling and vps_pagesize
11.8.2. POPS using chatr
11.8.3. Conclusions on POPS
Chapter Review on a Process Life Cycle
11.9. Common Bottlenecks for Processes and Threads
11.9.1. Common CPU bottlenecks
11.9.1.1. RESOLVING CPU BOTTLENECKS
11.9.2. Common memory bottlenecks
11.9.2.1. RESOLVING MEMORY BOTTLENECKS
11.9.3. Common disk bottlenecks
11.9.3.1. RESOLVING DISK BOTTLENECKS
Chapter Review on Common Bottlenecks
11.10. Prioritizing Workloads with PRM and WLM
11.10.1. A simple PRM configuration to manage CPU shares
11.10.1.1. PRM APPLICATION RECORDS
11.10.1.2. THREAD SCHEDULING AND PRM
11.10.1.3. PRM PROCESSOR SETS
11.10.2. Using PRM to prioritize memory shares
Chapter Review on PRM
11.10.3. WorkLoad Manager (WLM)
11.10.3.1. THE WLM CONFIGURATION FILE
11.10.3.2. SPECIFYING A GOAL
11.10.3.3. HELP IS AT HAND: WLM TOOLKITS
Chapter Review on WLM
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
REFERENCES
TWO. Install, Update, and Recovery
TWELVE. HP-UX Patches
12.1. What Is a Patch?
12.2. When Should I Patch My Server(s)?
12.3. Understanding the Risks Involved When Applying Patches
12.4. Obtaining Patches
12.4.1. ITRC
12.4.1.1. ITRC: CUSTOM PATCH MANAGER
12.4.2. Support Plus Media
12.4.2.1. THE BUNDLE MATRIX
12.4.3. Support Plus CD-ROM Layout
12.4.4. HP online Software Depot
12.4.4.1. SECURITY PATCH CHECK
12.4.5. Local Response Center
12.4.6. HP-assigned Support Representative
12.5. Patch Naming Convention
12.6. Patch Ratings
12.6.1. Patches with warnings
12.6.2. Patch rating update
12.7. The Patch shar File
12.8. Patch Attributes
12.8.1. Is a patch applied or configured?
12.8.2. Patch ancestry
12.9. Setting Up a Patch Depot
12.9.1. A patch-only depot
12.9.2. A depot of software and associated patches
12.9.3. The process of setting up the patch depot
12.10. Installing Patches
12.10.1. Installing patches from a patch-only depot
12.10.2. Installing patches from a software-and-patches depot
12.11. Removing Patches and Committing Patches
12.11.1. Committing patches
12.12. Managing a Patch Depot
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
THIRTEEN. Installing Software with Software Distributor and Ignite-UX
13.1. Using swinstall to Push Software across the Network
13.1.1. Set up a software-and-patches depot on the depot server
13.1.2. Make Service Control Manager depot available on the depot server
13.1.3. Set up Remote Operations Agent software on each client machine
13.1.3.1. REMOTE OPERATIONS AND SOFTWARE DISTRIBUTOR ACLS
13.1.4. On the depot server, set up Remote Operations GUI (optional)
13.1.5. Push software to remote clients
13.2. Installing a Complete Operating System Using Ignite-UX
13.2.1. Set up an Ignite-UX server to utilize an existing Core OS depot
13.2.1.1. INSTALL THE IGNITE-UX SOFTWARE
13.2.1.2. SET UP TEMPORARY IP ADDRESSES FOR BOOT CLIENTS
13.2.1.3. SET UP TFTP AND INSTL_BOOTD SERVICE IN /ETC/INETD.CONF.
13.2.1.4. SET UP /ETC/EXPORTS TO GIVE NFS ACCESS TO THE /VAR/OPT/IGNITE/CLIENTS DIRECTORY
13.2.1.5. SET UP IGNITE-UX PARAMETERS TO BE USED DURING THE INSTALLATION OF THE OPERATING SYSTEM
13.2.1.6. SET UP A DHCP SERVER (OPTIONAL)
13.2.1.7. SET UP SOFTWARE DEPOT(S)
13.2.1.8. CREATE AN IGNITE-UX CONFIGURATION FILE THAT REPRESENTS THE CONTENTS OF THE SOFTWARE DEPOT(S)
13.2.1.9. UPDATE THE IGNITE-UX INDEX FILE TO REFLECT THE NEW CONFIGURATIONS THAT ARE NOW AVAILABLE
13.2.1.10. ENSURE THAT THE IGNITE-UX SERVER RECOGNIZES ALL CLIENTS
13.2.2. Adding additional software to a Core OS configuration
13.2.2.1. SET UP SOFTWARE DEPOT(S)
13.2.2.2. CREATE AN IGNITE-U UX CONFIGURATION FILE THAT REPRESENTS THE CONTENTS OF THE SOFTWARE DEPOT(S)
13.2.2.3. UPDATE THE IGNITE-UX INDEX FILE TO REFLECT THE NEW CONFIGURATIONS THAT ARE NOW AVAILABLE
13.2.2.4. USE THE NEW CONFIGURATION TO INSTALL A CLIENT
13.3. Setting Up a Golden Image
13.3.1. Use make_sys_image to create the Golden Image
13.3.2. Create an Ignite-UX configuration file that represents the contents of the Golden Image
13.3.2.1. POST-CONFIGURE AND POST-LOAD SCRIPTS
13.3.3. Update the Ignite-UX INDEX file to reflect the new configurations that are now available
13.3.4. Test the Golden Image configuration
13.4. Making a Recovery Archive
13.4.1. Allowing clients access to the configuration files
13.4.2. Ensure that the clients have the most up-to-date recovery commands
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
FOURTEEN. Emergency Recovery Using the HP-UX Installation Media
14.1. Recovering a Corrupt Boot Header Including a Missing ISL
14.2. Recovering from Having No Bootable Kernel
14.3. Recovering from a Missing Critical Boot File: /stand/rootconf
14.3.1. A magic label of 0xdeadbeef
14.3.2. Start block address of the root LV
14.3.3. Size of the root LV
14.3.4. Creating the /stand/rootconf file by hand
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
THREE. Networking
FIFTEEN. Basic IP Configuration
15.1. Basic Networking Kernel Parameters
15.2. Data-Link Level Testing
15.3. Changing Your MAC Address
15.4. Link Speed and Auto-Negotiation
15.4.1. The truth about auto-negotiation
15.5. What's in an IP Address?
15.6. Subnetting
15.7. Static Routes
15.8. The netconf File
15.8.1. Proxy ARP
15.9. Dynamic IP Allocation: RARP and DHCP
15.9.1. Reverse Address Resolution Protocol: RARP
15.9.1.1. RARP LIMITATIONS
15.9.2. Dynamic Host Configuration Protocol: DHCP
15.9.2.1. DHCP SERVER CONFIGURATION
15.9.2.2. DHCP: AN INDIVIDUAL NODE CONFIGURATION
15.9.2.3. DHCP: A POOL GROUP
15.9.2.4. DHCP: A DEVICE GROUP
15.9.2.5. BOOTING A DHCP CLIENT
15.10. Performing a Basic Network Trace
15.11. Modifying Network Parameters with ndd
15.11.1. Obtaining a list of network-related parameters
15.11.2. Changing a network parameter with ndd
15.11.3. Making an ndd change survive a reboot
15.12. IP Multiplexing
15.13. The 128-Bit IP Address: IPv6
15.14. Automatic Port Aggregation (APA)
15.14.1. Manually configuring hp_apaconf
15.14.2. A high-availability network configuration
15.14.2.1. HOT STANDBY CONFIGURATION
15.14.2.2. LAN MONITOR CONFIGURATION
15.14.2.3. USING EXISTING AGGREGATES IN A FAILOVER GROUP
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
REFERENCES
SIXTEEN. Dynamic Routing
16.1. The gated.conf Configuration File
16.2. Router Discovery Protocol (RDP)
16.2.1. Router discovery: Server mode
16.2.2. Router Discovery Protocol: Client mode
16.2.3. Conclusions on Router Discovery Protocol
16.3. Routing Information Protocol (RIP)
16.3.1. Conclusions on RIP
16.4. Open Shortest Path First (OSPF)
16.4.1. OSPF Areas and Autonomous Systems
16.4.2. OSPF example using a single Area
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
REFERENCES
SEVENTEEN. Domain Name System (DNS)
17.1. Configuring a Master Name Server
17.1.1. Decide on and register (if necessary) a DNS domain name
17.1.2. Update your/etc/hosts file
17.1.3. Create a working directory for the DNS database files
17.1.4. Create the DNS database files using the hosts_to_named utility
17.1.5. Set up the rndc configuration file
17.1.6. Start the named daemon
17.1.7. Set up the resolver configuration files
17.1.8. Test DNS functionality
17.2. Configuring Additional Backup Slave and Caching-Only Name Servers
17.2.1. Setting up a slave server
17.2.1.1. EFFECTS A SLAVE CAN HAVE ON THE MASTER SERVER
17.2.2. Setting up a caching only slave
17.3. Delegating Authority to a Subdomain Including DNS Forwarders
17.3.1. Help the new master name server set up an appropriate hosts file
17.3.2. Set up the delegated master name server
17.3.3. Set up the delegated slave server
17.3.4. Configure delegated clients to reference delegated name servers
17.3.5. Make alias (CNAME) names for all delegated hostnames (Optional)
17.3.6. Reference the delegated name server(s) in the name server database file
17.3.6.1. DELEGATING NETWORK NUMBERS
17.3.7. Consider setting up a forwarders entry in the delegated domains /etc/named.conf file
17.4. Configuring DNS to Accept Automatic Updates from a DHCP Server
17.4.1. Updating the DHCP Server
17.4.2. Updating the DNS master server
17.5. Dynamic DNS Server Updates and TSIG Authentication
17.5.1. TSIG authentication for zone transfers
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
REFERENCES
EIGHTEEN. Network Time Protocol
18.1. What Time Is It?
18.2. Choosing a Time Source
18.3. Stratum Levels and Timeservers
18.4. The Role of the NTP Software
18.5. Analyzing Different Time Sources
18.6. Setting Up the NTP Daemons
18.7. NTP Server Relationships
18.7.1. Setting up a peer server
18.7.2. Setting up NTP authentication
18.8. An Unlikely Server: A Local Clock Impersonator
18.9. An NTP Polling Client
18.10. An NTP Broadcast Client
18.11. Other Points Relating to NTP
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
NINETEEN. An Introduction to sendmail
19.1. Basic Checks to Ensure That sendmail Is Installed and Working
19.2. Using sendmail without Using DNS
19.3. Mail Aliases
19.4. Masquerading or Site Hiding and Possible DNS Implications
19.5. A Simple Mail Cluster Configuration
19.5.1. Set up the mail hub as the host to accept local delivery of all email for all mail clients
19.5.2. Ensure that all usernames are configured on the mail server
19.5.3. Ensure that all client machines have access to the /var/mail directory
19.5.4. Configure clients to forward all mail to our mail server (hub)
19.5.5. Configure clients to mount the /var/mail directory from the mail server
19.5.6. Test sending an email to another user
19.5.7. Conclusions on a simple mail cluster configuration
19.6. Building Your Own sendmail.cf File
19.7. Monitoring the Mail Queue
19.7.1. Files in the mail queue
19.7.2. Monitor sendmail's logfile
19.7. 3 Mail statistics
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
REFERENCES
TWENTY. Common Internet Filesystem (CIFS/9000)
20.1. CIFS, SMB, and SAMBA
20.2. CIFS Client or Server: You Need the Software
20.3. CIFS Server Configuration
20.3.1. Windows NT LanManager authentication
20.3.1.1. USING A LOCAL SMB/CIFS PASSWORD FILE
20.3.1.1.1. Installing CIFS-server software
20.3.1.1.2. Enable CIFS server functionality in /etc/rc.config.d/samba
20.3.1.1.3. Configure /etc/opt/samba/smb.conf
20.3.1.1.4. Verify your smb.conf configuration with the testparm utility
20.3.1.1.5. Create an SMB password file
20.3.1.1.6. Start the CIFS daemon
20.3.1.1.7. Verify the configuration with the smbclient utility
20.4. CIFS Client Configuration
20.4.1. Install the CIFS/9000 Client product
20.4.2. Configure /etc/opt/cifsclient/cifsclient.cfg
20.4.3. Run the CIFS client start script
20.4.4. Create a mount point directory
20.4.5. Add the CIFS filesystems to the /etc/fstab file
20.4.6. Mount the CIFS filesystems
20.4.7. Execute the /opt/cifsclient/bin/cifslogin program
20.4.8. Verify that your cifslogin succeeded
20.4.8.1. AN ALTERNATIVE TO CIFSLOGIN
20.5. NTLM: Using a Windows Server to Perform Authentication and Pluggable Authentication Modules (PAM)
20.5.1. Configure /etc/pam.conf to utilize NTLM as an authentication protocol
20.5.2. Configure smb.conf to reference the NTLM server
20.5.3. Configure a user map to specifically reference individual UNIX users to be authenticated by the NTLM server
20.5.4. Restart CIFS client daemon to pick up changes in smb.conf
20.5.5. Test the functionality of NTLM authentication
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
TWENTY ONE. An Introduction to LDAP
21.1. Introducing the Lightweight Directory Access Protocol (LDAP)
21.2. LDAP-UX Integration Products
21.2.1. The NIS/LDAP Gateway
21.2.2. LDAP-UX Client Services
21.3. Step-by-Step Guide to LDAP-UX Client Services
21.3.1. Install Netscape Directory Services and LDAP-UX Integrations products
21.3.2. Run Netscape setup program
21.3.3. Ensure that the SHLIB_PATH environment variable is set up
21.3.4. Decide where in our Directory we will store our name service data
21.3.5. Decide where you will store client profiles
21.3.6. Restrict write access to user attributes
21.3.7. Allow users to read all attributes of the POSIX schema
21.3.8. Configure a proxy user to read name service data (optional)
21.3.9. Allow read access for the proxy user to user attributes
21.3.10. Customize /etc/passwd, /etc/group, etc
21.3.11. Import name service data into the directory
21.3.12. Configure the LDAP-UX Client Services software to enable it to locate the Directory
21.3.13. Configure /etc/pam.conf to use LDAP
21.3.14. Configure/etc/nsswitch.conf
21.3.15. Test user functionality
21.3.16. Add another client
21.4. Next Steps
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
TWENTY TWO. Web Servers to Manage HP-UX
22.1. HP ObAM-Apache Web Server
22.2. The Apache Web Server
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
TWENTY THREE. Other Network Technologies
23.1. WAN Solutions: Frame Relay and ATM
23.1.1. Frame Relay
23.1.2. Asynchronous Transfer Mode (ATM)
23.1.2.1. SERIAL LINK SPEEDS
23.2. An Introduction to Fibre Channel, DWDM, and Extended Fabrics
23.2.1. Physical medium
23.2.2. HBA and WWNs
23.2.3. Topology
23.2.4. FC-AL expansion limitations
23.2.5. FC-AL distance limitations
23.2.6. FC-AL shared transport limitations
23.2.7. Loop Initialization Protocol (LIP)
23.2.8. Switched Fabric
23.2.8. SWITCH FABRIC: N_PORT ID
23.2.9. SANs and port types
23.2.10. Zoning and security
23.2.11. Extended Fabrics—more switches
23.2.12. Extended Fabrics – long distances
23.2.13. Installing your own fibre: dark fibre, DWDM, and others
23.2.14. Fibre Channel bridges
23.2.15. Data replication over long distances
23.2.16. Mutual recovery
23.3. Virtual LAN (VLAN)
23.4. Virtual Private Network (VPN)
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
REFERENCES
FOUR. High-Availability Clustering
TWENTY FOUR. Understanding “High Availability”
24.1. Why We Are Interested in High Availability?
24.2. How Much Availability? The Elusive “Five 9s”
24.3. A High Availability Cluster
24.4. Serviceguard and High Availability Clusters
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
REFERENCES
TWENTY FIVE. Setting Up a Serviceguard Cluster
25.1. The Cookbook for Setting Up a Serviceguard Package-less Cluster
25.2. The Basics of a Failure
25.3. The Basics of a Cluster
25.4. The “Split-Brain” Syndrome
25.5. Hardware and Software Considerations for Setting Up a Cluster
25.6. Testing Critical Hardware before Setting Up a Cluster
25.7. Setting Up a Serviceguard Package-less Cluster
25.7.1. Understand the hardware and software implications of setting up a cluster
25.7.2. Set up NTP between all cluster members
25.7.3. Ensure that any shared volume groups are not activated at boot time
25.7.4. Install Serviceguard and any related Serviceguard patches
25.7.5. Installing a Quorum Server (optional in a basic cluster)
25.7.6. Enable remote access to all nodes in the cluster
25.7.7. Create a default ASCII cluster configuration file
25.7.8. Update the ASCII cluster configuration file
25.7.9. Check the updated ASCII cluster configuration file
25.7.10. Compile and distribute binary cluster configuration file
25.7.11. Back up LVM structures of any cluster lock volume groups
25.7.12. Start cluster services
25.7.13. Test cluster functionality
25.8. Constant Monitoring
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
TWENTY SIX. Configuring Packages in a Serviceguard Cluster
26.1. The Cookbook for Setting Up Packages in a Serviceguard Cluster
26.2. Setting Up and Testing a Serviceguard Package-less Cluster
26.3. Understanding How a Serviceguard Package Works
26.4. Establishing Whether You Can Utilize a Serviceguard Toolkit
26.4.1. A “typical” application
26.5. Understanding the Workings of Any In-house Applications
26.6. Creating Package Monitoring Scripts, If Necessary
26.7. Distributing the Application Monitoring Scripts to All Relevant Nodes in the Cluster
26.8. Creating and Updating an ASCII Application Configuration File (cmmakepkg –p)
26.9. Creating and Updating an ASCII Package Control Script (cmmakepkg –s)
26.10. Manually Distributing to All Relevant Nodes the ASCII Package Control Script
26.11. Checking the ASCII Package Control File (cmcheckconf)
26.12. Distributing the Updated Binary Cluster Configuration File (cmapplyconf)
26.13. Ensuring That Any Data Files and Programs That Are to Be Shared Are Loaded onto Shared Disk Drives
26.14. Starting the Package
26.15. Ensuring That Package Switching Is Enabled
26.16. Testing Package Failover Functionality
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
TWENTY SEVEN. Managing a Serviceguard Cluster
27.1. Typical Cluster Management Tasks
Cluster Modifications
Package Modifications
27.2. Adding a Node to the Cluster
27.3. Adding a Node to a Package
27.4. Adding a New Package to the Cluster Utilizing a Serviceguard Toolkit
27.4.1. A Serviceguard Toolkit
27.4.1.1. CREATE PACKAGE MONITORING SCRIPTS, IF NECESSARY
27.4.1.2. DISTRIBUTE THE APPLICATION MONITORING SCRIPT(S) TO ALL RELEVANT NODES IN THE CLUSTER
27.4.1.3. CREATE AND UPDATE AND ASCII PACKAGE CONFIGURATION FILE (cmmakepkg -p)
27.4.1.4. CREATE AND UPDATE AN ASCII PACKAGE CONTROL SCRIPT (cmmakepkg –s)
27.4.1.5. DISTRIBUTE MANUALLY TO ALL NODES THE ASCII PACKAGE CONTROL SCRIPT
27.4.1.6. CHECK THE ASCII PACKAGE CONTROL FILE (cmcheckconf)
27.4.1.7. DISTRIBUTE THE UPDATED BINARY CLUSTER CONFIGURATION FILE (cmapplyconf)
27.4.1.8. ENSURE THAT ANY DATA FILES AND PROGRAMS THAT ARE TO BE SHARED ARE LOADED ONTO SHARED DISK DRIVES
27.4.1.9. START THE PACKAGE (cmrunpkg OR cmmodpkg)
27.4.1.10. ENSURE THAT PACKAGE SWITCHING IS ENABLED
27.4.1.11. TEST PACKAGE FAILOVER FUNCTIONALITY
27.5. Modifying an Existing Package to Use EMS Resources
27.6. Deleting a Package from the Cluster
27.6.1. Halt the package (cmhaltpkg)
27.6.2. Remove the package definition from the binary cluster configuration file (cmdeleteconf)
27.6.3. Ensure that the package was removed successfully (syslog.log)
27.6.4. Review remaining cluster activity (cmviewcl)
27.7. Deleting a Node from the Cluster
27.7.1. Ensure that no packages are running on the node (cmviewcl)
27.7.2. Remove the node as an adoptive node from any configured packages
27.7.2.1. GET THE MOST UP-TO-DATE ASCII PACKAGE CONFIGURATION FILE (cmgetconf)
27.7.2.2. UPDATE THE ASCII PACKAGE CONFIGURATION FILE
27.7.2.3. CHECK THE UPDATED ASCII PACKAGE CONFIGURATION FILE
27.7.2.4. COMPILE AND DISTRIBUTE THE BINARY PACKAGE CONFIGURATION FILE (cmapplyconf)
27.7.2.5. CHECK THAT THE UPDATES HAVE BEEN APPLIED SUCCESSFULLY (cmviewcl)
27.7.2.6. STOP CLUSTER SERVICE ON THE NODE TO BE REMOVED (cmhaltnode)
27.7.3. Get the most up-to-date version of the ASCII cluster configuration file (cmgetconf)
27.7.4. Update the ASCII cluster configuration file to remove the entry for the node to be deleted
27.7.5. Check the updated ASCII cluster configuration file (cmcheckconf)
27.7.6. Compile and distribute the binary cluster configuration file (cmapplyconf)
27.7.7. Check that the updates were applied successfully (cmviewcl)
27.8. Discussing the Process of Rolling Upgrades within a Cluster
27.9. If It Breaks, Fix It!
27.10. Installing and Using the Serviceguard Manager GUI
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
TWENTY EIGHT. Additional Cluster Solutions
28.1. Extended Serviceguard Cluster
28.1.1. At least two separate data centers
28.1.1.1. TWO DATA CENTERS DESIGN LIMITATIONS
28.1.1.2. THREE DATA CENTERS DESIGN LIMITATIONS
28.1.2. Data replication in an Extended Serviceguard cluster
28.1.3. Networking in an Extended Serviceguard cluster
28.2. Metrocluster
28.3. Continentalclusters
28.3.1. Setting up Continentalclusters
28.3.2. Install Serviceguard and Continentalclusters software
28.3.3. Configure data replication
28.3.4. Configure the primary cluster
28.3.5. Configure the recovery cluster
28.3.6. Prepare the Continentalclusters security files
28.3.7. Edit and apply the Continentalclusters monitor package
28.3.8. Edit and apply the Continentalclusters configuration file
28.3.9. Ensure all primary packages are operating as normal
28.3.10. Start the Continentalclusters monitor package
28.3.11. Validate and test the Continentalclusters configuration
28.3.12. Other Continentalclusters tasks
28.4. Additional Cluster Solutions
28.5. Other Cluster Considerations
Chapter Review
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
FIVE. HP-UX Security Administration
TWENTY NINE. Dealing with Immediate Security Threats
29.1. A Review of User-Level Security Settings
29.1.1. File and directory permissions
29.1.1.1. VXFS ACCESS CONTROL LISTS
29.1.1.2. HFS ACCESS CONTROL LISTS
29.2. HP-UX Trusted Systems
29.2.1. Features of HP-UX Trusted Systems
29.2.2. Enabling and disabling HP-UX Trusted System functionality
29.2.3. The structure of the TCB
29.2.3.1. FORMAT OF A TCB FILE
29.2.3.2. THE TTYS, DEVASSIGN, AND OTHER TCB FILES
29.2.4. Password policies, aging and password history database
29.2.5. Time- and location-based access controls
29.2.6. Auditing users, events, and system calls
29.2.6.1. SETTING UP AUDIT LOG FILES
29.2.7. Boot authentication
29.3. The /etc/default/security Configuration File
29.3.1. Allows a user to log in when his home directory is missing
29.3.2. Provides minimum length of a user password in a Trusted and non-Trusted System
29.3.3. The ability to disable/enable all non-root logins
29.3.4. Sets the number of logins allowed per user ID
29.3.5. Determines the password history depth (need to configure Trusted Systems)
29.3.6. Controls which users are allowed to use the su command to change their effective UID to root based on their group membership
29.3.7. Defines default PATH environment variable when using the su command
29.3.8. Provides minimum requirements for password structure (needs patch PHCO_24839 or later)
29.4. Common Security Administration Tasks
29.4.1. Make sure that root has a secure home directory
29.4.2. Regularly check the content and structure of the /etc/passwd file
29.4.3. Ensure that login sessions have either an automatic lock or logout facility enabled
29.4.4. Disable the use of the write command
29.4.5. Use restricted shells for non-root users wherever possible
29.4.6. Enforce a policy whereby inactive accounts are disabled
29.4.7. Regularly monitor logfiles associated with login activities
29.4.8. Enforce password aging, even on non-Trusted Systems
29.4.9. Maintain a paper copy of critical system logfiles and configuration details
29.4.10. Periodically verify the integrity of all installed software components
29.4.11. Monitor the system for SUID/SGID programs
29.4.12. Disable/enable HP-UX privileges
29.4.13. Avoid “buffer overflow” problems
29.4.14. Keep up to date with security bulletins
29.4.15. Consider running your own penetration tests
29.4.16. Review /etc/inetd.conf regularly and use the /var/adm/inetd.sec file extensively
29.4.17. Consider populating your ARP cache with permanent entries
29.4.18. Review who is using user-level equivalence for common network services
29.4.19. Review whether you really need to support other network services
29.4.20. Scrub data disks and tapes when disposing of them
29.4.21. Review who has access to your computer rooms
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
Answers to “File and Directory Permissions” Questions
REFERENCES
THIRTY. A New Breed of Security Tools
30.1. The Basics of Cryptography, Including Symmetric and Asymmetric Key Cryptography
30.2. Secure Shell (SSH)
30.3. Host Intrusion Detection System (HIDS)
30.3.1. Install HIDS on the HIDS Server and all HIDS Clients
30.3.2. Create the private/public keys on the HIDS Server
30.3.2.1. A MULTI-HOMED HIDS SERVER
30.3.2.2. A MULTI-HOMED HIDS CLIENT
30.3.3. Import the public keys on the HIDS Clients
30.3.4. Start the HIDS Agent software
30.3.5. Create a Surveillance Schedule that will reference at least one Surveillance Group
30.3.6. Create a Surveillance Group containing the relevant Detection Templates
30.3.7. Select the hosts (HIDS Client) to be monitored
30.3.8. Download and activate a Surveillance Schedule to the relevant HIDS Clients
30.3.9. Monitor alerts on the HIDS Server
30.3.10. Create Response Programs on the HIDS Clients to react to alerts locally (optional)
30.3.11. Conclusions on HIDS
30.4. IPSec, Diffie-Hellman, and Modular Arithmetic
30.4.1. The basics of Diffie-Hellman
30.4.2. The problem with Diffie-Helman
30.4.3. Setting up IPSec
30.4.3.1. INSTALL IPSEC
30.4.3.2. CONFIGURE THE IPSEC POLICIES INCLUDING THE ENCRYPTING AND AUTHENTICATION OF IP PACKETS
30.4.3.2.1. IPSec Authentication Headers
30.4.3.2.2. IPSec Encapsulated Security Payload Headers
30.4.3.2.3. Authenticated or Nested ESP
30.4.3.2.4. Nested ESP
30.4.3.2.5. Tunneling Mode for AH and ESP headers
30.4.3.2.6. Using the GUI to configure IPSec policies
30.4.3.3. CONFIGURE THE ISAKMP MAIN MODE POLICIES
30.4.4. Import/Request certificates or configure preshared keys
30.4.5. Set up boot-time configuration
30.4.6. Start the IPSec daemons
30.4.7. Test a connection to a remote machine to ensure that Main Mode and Quick Mode SAs are established
30.4.8. Warnings regarding ICMP packets
30.4.8.1. CONCLUSIONS ON IPSEC
30.5. IPFilter and Bastille
30.5.1. Installing IPFilter
30.5.2. Basic IPFilter rules
30.5.2.1. POINTS TO CONSIDER WHEN SETTING UP IPFILTER
30.5.3. Installing HP-UX Bastille
30.5.4. Conclusions on IPFilter and Bastille
30.6. Other Security-Related Terms
Test Your Knowledge
Answers to Test Your Knowledge
Chapter Review Questions
Answers to Chapter Review Questions
REFERENCES
A. Getting to Know Your Hardware: A Bit of Background
A.1. Processor Architecture
A.1.1. The basic processor
A.1.2. More complex architectures
A.1.3. A bag of tricks
A.1.3.1. SUPERSCALAR PROCESSORS
A.1.3.2. PIPELINED PROCESSORS
A.1.3.3. Instruction size: “How big is yours?”
A.1.3.4. ADDRESSING MODES
A.2. Common processor families
A.2.1. CISC: Complex Instruction Set Computing
A.2.2. RISC: Reduced Instruction Set Computing
A.2.2.1. HEWLETT-PACKARD'S PA-RISC 2.0
A.2.2.2. 64-BIT EXTENSIONS
A.2.2.3. SUPPORT FOR LARGE HIGH-END APPLICATIONS
A.2.2.4. BINARY COMPATIBILITY
A.2.2.5. MIXED-MODE EXECUTION
A.2.2.6. PERFORMANCE ENHANCEMENTS
A.2.2.7. CACHE PRE-FETCHING
A.2.2.8. BRANCH PREDICTION
A.2.2.9. MEMORY ORDERING
A.2.2.10. COHERENT I/O
A.2.2.11. MULTIMEDIA EXTENSIONS
A.2.3. VLIW: Very Long Instruction Word
A.2.4. Conclusions: Which architecture is best?
A.3. Memory Hierarchy
A.3.1. Cache memory mapping functions
A.3.1.1. DIRECT MAPPING
A.3.1.2. FULLY ASSOCIATIVE MAPPING
A.3.1.3. SET ASSOCIATIVE MAPPING
A.3.1.4. REPLACEMENT STRATEGIES
A.3.1.5. MULTIPLE LEVELS OF CACHE
A.3.1.6. WHEN WE WRITE FROM CACHE TO MEMORY
A.4. Main Memory
A.5. A Quick Word on Virtual Memory
A.6. Concurrency: Getting Someone Else to Help You
A.6.1. Flynn's Classification
A.6.1.1. SISD: SINGLE INSTRUCTION SINGLE DATA
A.6.1.2. SIMD: SINGLE INSTRUCTION MULTIPLE DATA
A.6.1.3. MISD: MULTIPLE INSTRUCTION SINGLE DATA
A.6.1.4. MIMD: MULTIPLE INSTRUCTIONS MULTIPLE DATA
A.6.1.4.1. Symmetrical Multi-Processor (SMP)
A.6.1.4.2. Cache coherency protocols
A.6.1.4.3. Snoop bus
A.6.1.4.4. Directory-based cache coherency
A.6.1.5. NON-UNIFORM MEMORY ACCESS
A.6.1.6. OTHER NUMA VARIANTS
A.6.1.7. MASSIVELY PARALLEL PROCESSORS (MPP)
A.6.2. SPMD: Single Program Multiple Data
A.7. IO Bus Architecture and IO Devices
A.8. Disk Drives: Storage or Speed
A.9. Getting to Know Your Hardware
A.10. Conclusions
PROBLEMS
ANSWERS
REFERENCES
B. Source Code
B.1. infocache32
B.2. infocache64.c
B.3. dump_ioconfig.c
B.4. numCPU.c
B.5. setCPU.c
B.6. clockwatch.c
C. Patching Usage Models White Paper
D. Auto-Negotiation White Paper
E. Building a Bastion Host White Paper
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
C. Patching Usage Models White Paper
Next
Next Chapter
E. Building a Bastion Host White Paper
Appendix D. Auto-Negotiation White Paper
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset