MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » October 2012

RE: From HMC to No-HMC?



fixed

That's the answer I was looking for, thanks. Thanks to Rob as well for all the other input.

Since I am the LAN/WAN guy, the rest of the concerns noted are not an issue. I'm also physically at the "remote" site with the LAN console, so all that part is "easy" (as in access at least!)
--
Sean Porterfield


-----Original Message-----
From: Jim Oberholtzer
Sent: Tuesday, October 30, 2012 14:08
To: Midrange Systems Technical Discussion
Subject: Re: From HMC to No-HMC?

The HMC can connect to the FSP with either interface, assuming the TCP/IP settings on the FSP are set up with an address that matches the LAN your trying to connect to.

So, for the sake of discussion:

On your remote system, someone plugs the port HMC1 into the local LAN and there is a DHCP server on the LAN. The FSP will ask for and get an address from the DHCP server. Trick is, what address? The DHCP server lease map can tell you that.

If your HMC can see that LAN because the LAN/WAN guys have the two networks routed together, then you should be able to use the dialog to add it to your HMC, Systems Management, check Servers, from the right carrot, connections, add managed system.

The kink in the armor here is the HMC has specific addresses it tends to look for so in the add managed systems dialog you put in the address you
found from the DHCP server lease. Hopefully it will find the FSP, and
make a connection. If there has not been a connection to that FSP before it will ask you to set a password. If it already has a password, you'll have to give it the one it expects. Now your connected.

There are a few other things that can cause the connection to not work in the scenario given, such as are all the TCP ports open between the locations, are the two networks set up with the proper routing between the networks, etc....

If you have physical access to the remote system at some point you can also use the ASMI interface to set the FSP to a static address and now you will always know the address. There are some other complications with cutting over from LAN console to HMC but once your done, clearly you will like it much better.


Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On 10/30/2012 12:21 PM, Porterfield, Sean wrote:
My HMC is connected directly to the IBM system it is managing using the "private" interface. The other system is in another state on a separate subnet. I only have connectivity from the remote subnet to the "public" interface on the HMC. Can the HMC only connect to a system using its "private" interface?
--
Sean Porterfield


-----Original Message-----
From:midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Oberholtzer
Sent: Tuesday, October 30, 2012 11:41
To: Midrange Systems Technical Discussion
Subject: Re: From HMC to No-HMC?

The short answer is: "It Depends", specifically on how it it set up.

If the HMC and the FSP are both on a network that is "public" meaning the balance of your server backbone or LAN, then yes, it will.

If the HMC is configured so one port is connected the FSP and that is either a straight cable plugged into the HMC and FSP with nothing else (not even a switch) or there is a switch but only the FSP(s) and HMC(s) are on it, then no, it is connecting from the private interface.

There are good diagrams on the developer works web site reference below that illustrate all of this. If there are two connections to the HMC it's a reasonable bet that it has a private network for the HMC/FSP(s) and a public network so you can access the HMC from anywhere in your network.

Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On 10/30/2012 10:28 AM, Porterfield, Sean wrote:
Specifically, my question was "Will the HMC connect to a system from its public Ethernet interface?"

Today is not the day for me to test and risk breaking something.:)
--
Sean Porterfield


-----Original Message-----
From:midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim
Oberholtzer
Sent: Tuesday, October 30, 2012 09:27
To: Midrange Systems Technical Discussion
Subject: Re: From HMC to No-HMC?

You can manage multiple servers with one HMC. You can have each server managed by more than one HMC, but only one HMC at a time. The only thing I don't know is if your system managed by a LAN console is HMC capable, (meaning Power 5 and higher).

See:

https://www.ibm.com/developerworks/wikis/display/virtualization/HMC
+an d+system+setup for a much more clear explanation that I can
give here.

Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On 10/29/2012 4:40 PM, Porterfield, Sean wrote:
> Clear? Perhaps.... My reason for asking was similar to Rob's.
> Currently I have a LAN console for one system and an HMC for the
> other. If the HMC could manage both, that would be nice.
If I had > a second HMC, and each could manage either system,
that would be > even better. Currently the "private" port of
the HMC is not on a > routed subnet - it's direct to the IBM
chassis, not even through a > hub/switch (I think...)
Obviously that part would have to change > for a second
> (remote) HMC to be able to manage that system, but if the HMC
> could use the "public" port to connect to the remote IBM
server, > it would be nice. Is that just as clear?:) >
> (Note: I fully comprehend subnets, routing, dhcp, and the
> security aspect involved in the question.) >
> Security versus easy access is an age old question, but this gives me something to think about in my spare time (ha).
> --
> Sean Porterfield
>
> -----Original Message-----
> From: Jim Oberholtzer
> Sent: Monday, October 29, 2012 17:30
> To: Midrange Systems Technical Discussion
> Subject: Re: From HMC to No-HMC?
>
> Sean,
>
> Maybe some clarification is in order.
>
> There are two Ethernet ports on the HMC, they are Eth0 and Eth1
> (keep in mind the base of the HMC appliance is Linux) >
> Either port can be deemed a "private" port. It is done when you configure the Ethernet on the port. When the port is "Private" the HMC expects there to be a connection to the HMC port on the back of the FSP. It sets up DHCP and firewall rules appropriately. When the HMC attempts to connect to the FSP, the FSP requests an address from the HMC, which is either a DHCP address within one of several ranges (the HMC has a DHCP server in it), or a static address, again at your choice when you set up the Ethernet connection on the HMC. The HMC password is set and the connection is made. It is "private" only because the only systems on this network are the HMCs and the FSPs.
>
> The public port is called that only because there are devices other than the FSP and HMC on that LAN. Otherwise there is very little difference between the two. I normally do not put any of the FSPs on the public network as a security precaution. As Rob has pointed out, there is some level of protection in the public network but not enough for me to bet the system on.
>
> Clear as mud?
>
> Jim Oberholtzer
> Chief Technical Architect
> Agile Technology Architects
>
>
> On 10/29/2012 3:35 PM, Porterfield, Sean wrote:
>> > Can it connect to a system from the public port, or is it always from private?
>> > --
>> > Sean Porterfield
>> >
>> >
>> > -----Original Message-----
>> > From:midrange-l-bounces@xxxxxxxxxxxx
>> > [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim
>> > Oberholtzer
>> > Sent: Monday, October 29, 2012 07:40
>> > To: Midrange Systems Technical Discussion
>> > Subject: Re: From HMC to No-HMC?
>> >
>> > Rob,
>> >
>> > There are two ports on the HMC, one can be made private, one can be made public. The only real thing you accomplish by making everything public is putting ASMI and the FSP on the public network, with all the associated security risks of doing that; in exchange for easy access to the ASMI the two times a year you need to get to it. Bad trade in my view.
>> >
>> > Jim Oberholtzer
>> > Chief Technical Architect
>> > Agile Technology Architects
>> >
>> >
>> > On 10/29/2012 6:16 AM,rob@xxxxxxxxx wrote:
>>>> >> > ps: I never drank the kool-aid that one should put the HMC on a
>>>> >> > dedicated lan that no one else can get to. Makes remote control a tad bit tricky.
>>>> >> >
>>>> >> >
>>>> >> > Rob Berendt


This email is confidential, intended only for the named recipient(s) above and may contain information that is privileged. If you have received this message in error or are not the named recipient(s), please notify the sender immediately and delete this email message from your computer as any and all unauthorized distribution or use of this message is strictly prohibited. Thank you.





Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact