Hardware Management Console Best Practices
- 12 -
3.3 Creating User IDs
Additional user IDs should be created on the HMC so that not every user is
accessing the system with the same user ID and password, and not necessarily
with the same level of authority.
Administrators with hmcsuperadmin authority, which is what hscroot has, should
have their own user IDs and passwords. This will facilitate auditing administrative
actions on the HMC. Other users may have other pre-defined roles with more
restricted authority. As will be described later, the tasks and resources that can be
accessed by users can be customized and is very granular.
A special, optional user ID hscpe can be created either initially or when needed.
This is the user ID needed to gain root access to the system. The hscpe user can
enter a password obtained from IBM that allows him to run the pesh command to
override the restricted shell and switch-user to root. This also requires that the
user know the root password. The password used to override the restricted shell
is good for one day and must be obtained by contacting IBM Support and
providing the HMC’s serial number.
3.4 Configuring Call-Home
For many years, IBM has offered a capability called “call-home” on its servers.
This describes the ability for a server to automatically notify IBM Service in the
event of a hardware problem, as well as the ability to transmit other service
related information or vital product data as required.
On p5 HMCs, the configuration of call-home functionality has been simplified.
The setup wizard automatically prompts for the necessary information. Using the
HMC menus, look for the Service Applications folder and the Remote Support
menu, and follow the prompts.
The Remote Support menu has several tasks, including configuring customer
information and customizing outbound and inbound communications. If customer
information hasn’t been configured correctly, the HMC will not be able to “call
home” for support. Note that inbound communication is optional. When
allowed, the customer has real-time control over the inbound session, and it can
be terminated by the systems administrator.
Historically, call-home support involved dialing out by modem. That option is
still available. Network support was added, if the customer was willing to
configure a Virtual Private Network from the HMC through their corporate
firewall to the Internet. In many cases, customers were not willing to allow that
because although the traffic was secured by Internet Protocol Security (IPSec) and
Komentáře k této Příručce