MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » October 2012

Re: From HMC to No-HMC?



fixed

Create a VLAN that only allows the FSP and HMCs on it. No other access. That way it's still "private" and you can get after any of the systems you need to. If the switch is configured correctly that VLAN is still secure. I even did it on my little network where I have a P5, P6, and P7 box all controlled by one HMC. Seems a little like overkill since I'm the only one on that LAN, but if I tell customers they should do it....

Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On 10/29/2012 6:58 AM, rob@xxxxxxxxx wrote:
I guess if someone is going to hack into my system they can do just as
much damage getting in 'traditionally'.

I agree, it's nice that the HMC gave you this capability for those shops
that want it. But, hey, if they'd cut $1000 or so off the HMC but had to
sacrifice this capability I wouldn't be shedding any tears.

How do you do redundant HMC's in a shop that uses your connection? When
the second HMC is a primary HMC for a machine in a different city, and
resides in that city?


Rob Berendt
-- IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive Garrett, IN 46738 Ship to: Dock 108 6928N 400E Kendallville, IN 46755 http://www.dekko.com From: Jim Oberholtzer <midrangel@xxxxxxxxxxxxxxxxx> To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>, Date: 10/29/2012 07:39 AM Subject: Re: From HMC to No-HMC? Sent by: midrange-l-bounces@xxxxxxxxxxxx Rob, There are two ports on the HMC, one can be made private, one can be made public. The only real thing you accomplish by making everything public is putting ASMI and the FSP on the public network, with all the associated security risks of doing that; in exchange for easy access to the ASMI the two times a year you need to get to it. Bad trade in my view. Jim Oberholtzer Chief Technical Architect Agile Technology Architects On 10/29/2012 6:16 AM, rob@xxxxxxxxx wrote:
> ps: I never drank the kool-aid that one should put the HMC on a
dedicated
> lan that no one else can get to. Makes remote control a tad bit tricky.
>
>
> Rob Berendt
--





Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact