MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » October 2012

RE: From HMC to No-HMC?



fixed

So if my HMC can ping the remote server, it can manage it?
--
Sean Porterfield

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Tuesday, October 30, 2012 11:40
To: Midrange Systems Technical Discussion
Subject: RE: From HMC to No-HMC?

Try this:

First: Is my FSP available on my public internal network?
CALL QCMD
PING GDISYSFSP
Verifying connection to host system GDISYSFSP.dekko-1 at address
10.10.x.yyy.
PING reply 1 from 10.10.x.yyy took 1 ms. 256 bytes. TTL 59.
PING reply 2 from 10.10.x.yyy took 1 ms. 256 bytes. TTL 59.
PING reply 3 from 10.10.x.yyy took 1 ms. 256 bytes. TTL 59.
PING reply 4 from 10.10.x.yyy took 1 ms. 256 bytes. TTL 59.
PING reply 5 from 10.10.x.yyy took 1 ms. 256 bytes. TTL 59.
Round-trip (in milliseconds) min/avg/max = 1/1/1.
Connection verification statistics: 5 of 5 successful (100 %).

Second: Can my HMC try this same test?
On my HMC I open HMC Management. Under operations I select "Test Network Connectivity". On the Ping tab I select "TCP/IP Address or Name to Ping"
and enter GDISYSFSP. I get "An invalid value was specified. [GDISYSFSP]".
So I enter the IP address instead. That works fine.

Is that a start for you?


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Porterfield, Sean" <SPorterfield@xxxxxxxxxxxxxxxxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>,
Date: 10/30/2012 11:29 AM
Subject: RE: From HMC to No-HMC?
Sent by: midrange-l-bounces@xxxxxxxxxxxx



Specifically, my question was "Will the HMC connect to a system from its
public Ethernet interface?"

Today is not the day for me to test and risk breaking something. :)
--
Sean Porterfield


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [
mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Oberholtzer
Sent: Tuesday, October 30, 2012 09:27
To: Midrange Systems Technical Discussion
Subject: Re: From HMC to No-HMC?

You can manage multiple servers with one HMC. You can have each server
managed by more than one HMC, but only one HMC at a time. The only thing
I don't know is if your system managed by a LAN console is HMC capable,
(meaning Power 5 and higher).

See:
https://www.ibm.com/developerworks/wikis/display/virtualization/HMC+and+system+setup

for a much more clear explanation that I can give here.

Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On 10/29/2012 4:40 PM, Porterfield, Sean wrote:
Clear? Perhaps.... My reason for asking was similar to Rob's.
Currently I have a LAN console for one system and an HMC for the
other. If the HMC could manage both, that would be nice. If I had a
second HMC, and each could manage either system, that would be even
better. Currently the "private" port of the HMC is not on a routed
subnet - it's direct to the IBM chassis, not even through a hub/switch
(I think...) Obviously that part would have to change for a second
(remote) HMC to be able to manage that system, but if the HMC could
use the "public" port to connect to the remote IBM server, it would be
nice. Is that just as clear?:)

(Note: I fully comprehend subnets, routing, dhcp, and the security
aspect involved in the question.)

Security versus easy access is an age old question, but this gives me
something to think about in my spare time (ha).
--
Sean Porterfield

-----Original Message-----
From: Jim Oberholtzer
Sent: Monday, October 29, 2012 17:30
To: Midrange Systems Technical Discussion
Subject: Re: From HMC to No-HMC?

Sean,

Maybe some clarification is in order.

There are two Ethernet ports on the HMC, they are Eth0 and Eth1
(keep in mind the base of the HMC appliance is Linux)

Either port can be deemed a "private" port. It is done when you
configure the Ethernet on the port. When the port is "Private" the HMC
expects there to be a connection to the HMC port on the back of the FSP.
It sets up DHCP and firewall rules appropriately. When the HMC attempts
to connect to the FSP, the FSP requests an address from the HMC, which is
either a DHCP address within one of several ranges (the HMC has a DHCP
server in it), or a static address, again at your choice when you set up
the Ethernet connection on the HMC. The HMC password is set and the
connection is made. It is "private" only because the only systems on this
network are the HMCs and the FSPs.

The public port is called that only because there are devices other than
the FSP and HMC on that LAN. Otherwise there is very little difference
between the two. I normally do not put any of the FSPs on the public
network as a security precaution. As Rob has pointed out, there is some
level of protection in the public network but not enough for me to bet the
system on.

Clear as mud?

Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On 10/29/2012 3:35 PM, Porterfield, Sean wrote:
Can it connect to a system from the public port, or is it always
from private?
--
Sean Porterfield


-----Original Message-----
From:midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim
Oberholtzer
Sent: Monday, October 29, 2012 07:40
To: Midrange Systems Technical Discussion
Subject: Re: From HMC to No-HMC?

Rob,

There are two ports on the HMC, one can be made private, one can be
made public. The only real thing you accomplish by making everything
public is putting ASMI and the FSP on the public network, with all the
associated security risks of doing that; in exchange for easy access to
the ASMI the two times a year you need to get to it. Bad trade in my
view.

Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On 10/29/2012 6:16 AM,rob@xxxxxxxxx wrote:
> ps: I never drank the kool-aid that one should put the HMC
on a
> dedicated lan that no one else can get to. Makes remote
control a tad bit tricky.
>
>
> Rob Berendt


This email is confidential, intended only for the named recipient(s) above and may contain information that is privileged. If you have received this message in error or are not the named recipient(s), please notify the sender immediately and delete this email message from your computer as any and all unauthorized distribution or use of this message is strictly prohibited. Thank you.





Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact