Create a VLAN that only allows the FSP and HMCs on it. No other
access. That way it's still "private" and you can get after any of the
systems you need to. If the switch is configured correctly that VLAN
is still secure. I even did it on my little network where I have a P5,
P6, and P7 box all controlled by one HMC. Seems a little like overkill
since I'm the only one on that LAN, but if I tell customers they should
Chief Technical Architect
Agile Technology Architects
On 10/29/2012 6:58 AM, rob@xxxxxxxxx wrote:
I guess if someone is going to hack into my system they can do just as
much damage getting in 'traditionally'.
I agree, it's nice that the HMC gave you this capability for those shops
that want it. But, hey, if they'd cut $1000 or so off the HMC but had to
sacrifice this capability I wouldn't be shedding any tears.
How do you do redundant HMC's in a shop that uses your connection? When
the second HMC is a primary HMC for a machine in a different city, and
resides in that city?
-- IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept
1600 Mail to: 2505 Dekko Drive Garrett, IN 46738 Ship to: Dock 108
6928N 400E Kendallville, IN 46755 http://www.dekko.com From: Jim
Oberholtzer <midrangel@xxxxxxxxxxxxxxxxx> To: Midrange Systems
Technical Discussion <midrange-l@xxxxxxxxxxxx>, Date: 10/29/2012 07:39
AM Subject: Re: From HMC to No-HMC? Sent by:
midrange-l-bounces@xxxxxxxxxxxx Rob, There are two ports on the HMC,
one can be made private, one can be made public. The only real thing
you accomplish by making everything public is putting ASMI and the FSP
on the public network, with all the associated security risks of doing
that; in exchange for easy access to the ASMI the two times a year you
need to get to it. Bad trade in my view. Jim Oberholtzer Chief
Technical Architect Agile Technology Architects On 10/29/2012 6:16 AM,
> ps: I never drank the kool-aid that one should put the HMC on a
> lan that no one else can get to. Makes remote control a tad bit tricky.
> Rob Berendt