Clear? Perhaps.... My reason for asking was similar to Rob's. Currently I have a LAN console for one system and an HMC for the other. If the HMC could manage both, that would be nice. If I had a second HMC, and each could manage either system, that would be even better. Currently the "private" port of the HMC is not on a routed subnet - it's direct to the IBM chassis, not even through a hub/switch (I think...) Obviously that part would have to change for a second (remote) HMC to be able to manage that system, but if the HMC could use the "public" port to connect to the remote IBM server, it would be nice. Is that just as clear?:)
(Note: I fully comprehend subnets, routing, dhcp, and the security aspect involved in the question.)
Security versus easy access is an age old question, but this gives me something to think about in my spare time (ha).
From: Jim Oberholtzer
Sent: Monday, October 29, 2012 17:30
To: Midrange Systems Technical Discussion
Subject: Re: From HMC to No-HMC?
Maybe some clarification is in order.
There are two Ethernet ports on the HMC, they are Eth0 and Eth1 (keep in mind the base of the HMC appliance is Linux)
Either port can be deemed a "private" port. It is done when you configure the Ethernet on the port. When the port is "Private" the HMC expects there to be a connection to the HMC port on the back of the FSP. It sets up DHCP and firewall rules appropriately. When the HMC attempts to connect to the FSP, the FSP requests an address from the HMC, which is either a DHCP address within one of several ranges (the HMC has a DHCP server in it), or a static address, again at your choice when you set up the Ethernet connection on the HMC. The HMC password is set and the connection is made. It is "private" only because the only systems on this network are the HMCs and the FSPs.
The public port is called that only because there are devices other than the FSP and HMC on that LAN. Otherwise there is very little difference between the two. I normally do not put any of the FSPs on the public network as a security precaution. As Rob has pointed out, there is some level of protection in the public network but not enough for me to bet the system on.
Clear as mud?
Chief Technical Architect
Agile Technology Architects
On 10/29/2012 3:35 PM, Porterfield, Sean wrote:
> Can it connect to a system from the public port, or is it always from private?
> Sean Porterfield
> -----Original Message-----
> [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Oberholtzer
> Sent: Monday, October 29, 2012 07:40
> To: Midrange Systems Technical Discussion
> Subject: Re: From HMC to No-HMC?
> There are two ports on the HMC, one can be made private, one can be made public. The only real thing you accomplish by making everything public is putting ASMI and the FSP on the public network, with all the associated security risks of doing that; in exchange for easy access to the ASMI the two times a year you need to get to it. Bad trade in my view.
> Jim Oberholtzer
> Chief Technical Architect
> Agile Technology Architects
> On 10/29/2012 6:16 AM,rob@xxxxxxxxx wrote:
>> > ps: I never drank the kool-aid that one should put the HMC on a
>> > dedicated lan that no one else can get to. Makes remote control a tad bit tricky.
>> > Rob Berendt
This mailing list archive is Copyright 1997-2015 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact