× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2012

Re: From HMC to No-HMC?

Create a VLAN that only allows the FSP and HMCs on it. No other access. That way it's still "private" and you can get after any of the systems you need to. If the switch is configured correctly that VLAN is still secure. I even did it on my little network where I have a P5, P6, and P7 box all controlled by one HMC. Seems a little like overkill since I'm the only one on that LAN, but if I tell customers they should do it....

Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On 10/29/2012 6:58 AM, rob@xxxxxxxxx wrote:
I guess if someone is going to hack into my system they can do just as
much damage getting in 'traditionally'.

I agree, it's nice that the HMC gave you this capability for those shops
that want it. But, hey, if they'd cut $1000 or so off the HMC but had to
sacrifice this capability I wouldn't be shedding any tears.

How do you do redundant HMC's in a shop that uses your connection? When
the second HMC is a primary HMC for a machine in a different city, and
resides in that city?


Rob Berendt
-- IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive Garrett, IN 46738 Ship to: Dock 108 6928N 400E Kendallville, IN 46755 http://www.dekko.com From: Jim Oberholtzer <midrangel@xxxxxxxxxxxxxxxxx> To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>, Date: 10/29/2012 07:39 AM Subject: Re: From HMC to No-HMC? Sent by: midrange-l-bounces@xxxxxxxxxxxx Rob, There are two ports on the HMC, one can be made private, one can be made public. The only real thing you accomplish by making everything public is putting ASMI and the FSP on the public network, with all the associated security risks of doing that; in exchange for easy access to the ASMI the two times a year you need to get to it. Bad trade in my view. Jim Oberholtzer Chief Technical Architect Agile Technology Architects On 10/29/2012 6:16 AM, rob@xxxxxxxxx wrote:
> ps: I never drank the kool-aid that one should put the HMC on a
dedicated
> lan that no one else can get to. Makes remote control a tad bit tricky.
>
>
> Rob Berendt
--

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.