100 IBM CSM to IBM Systems Director Transformation Guide
Table 4-2 General security comparison
Security Topics Cluster System Management IBM Systems Director
User IDs and passwords HMCs, console servers, and
RSAs all require users to
authenticate before executing
any commands. This includes
the CSM management server.
User IDs and passwords for
each console server, RSA, and
HMC in the cluster are stored in
the CSM database.
Similar to CSM but the
authorization mechanism
compares the user account, or
the group to which the user
belongs, to the role-based
access control (RBAC).The
agent manager then interacts
with the user registry, where
user- and group-related
information is stored usign SSL.
Resource Monitoring and
Control access control lists
Commands, such as rpower
(which can power on or off
nodes and get their power
status) and lshwinfo (which
reports on the hardware in a
node), use the security
functions of RMC to determine
who is allowed to run them.
Access to the hardware control
classes, and to actions on these
classes, is controlled by
stanzas in the
/var/ct/cfg/ctrmc.acls file.
rpower in IBM Systems Director
works similar to the CSM
counterpart. However, due to
the security differences it is
necessary that the HMC
managing the resource is
discovered and the user
requesting this command is
properly authenticatied. The
agent manager is then
responsible for authentication
and authorization services
between the management
server, HMC, and common
agents.
Console server security The rconsole command opens
a console window for a node. It
uses the Conserver open
source package to provide
support for multiple read-only
consoles on a single node.
The dconsole command works
similar to the rconsole
command, and the security
authentication path is the same
as for rpower.
Group Service and Topology
Services
Group services and topology
services, although being part of
RSCT, are not used in the
management domain structure
of CSM. These two
components are used in peer
domain clusters for applications
and are often referred to as
hats, hags, high availability
Group Services daemon
(hagsd) and high availability
Topology Service daemon
(hatsd).
Not used by IBM Systems
Director.