Table of Contents
Advertisement
Network security
|
|
IBM recommends treating the console over a LAN connection with the same physical security
considerations and controls as a local console directly attached to the server or a twinaxial console. For
|
instance, consider configuring a local console on a network in a network separate from the main network
|
|
(or the company intranet) and strictly control access to the machine acting as the console.
BOOTstrap Protocol
|
|
An Operations Console local console on a network uses the BOOTstrap Protocol (BOOTP) to configure
the iSeries service IP communications stack. The IP stack configuration plus iSeries serial number is
|
requested in the Operations Console configuration wizard. The iSeries broadcasts a BOOTP request. The
|
|
Operations Console PC replies with the information submitted during the configuration wizard. The
iSeries then stores and uses the configuration information for the service IP communications stack.
|
Notes:
|
1. The Operations Console PC must be placed on a network that is accessible by the iSeries. This can be
|
|
the same physical network or a network that permits broadcast packets to flow. This is a one-time
setup requirement; normal console operation does not require this. It is recommended that this setup
|
occur on the same physical network.
|
|
2. The BOOTP request carries the iSeries serial number. The iSeries serial number is used to assign the
IP configuration information. If you are having problems configuring the service IP communications
|
stack, check that the Operations Console PC is on the same physical network and the iSeries serial
|
|
number is correct in the configuration.
|
3. Operations Console local console on a network uses ports 2323, 3001, and 3002. To use Operations
Console in a different physical network the router and firewall must allow IP traffic on these ports.
|
4. The success of BOOTP is dependent on the network hardware used to connect the iSeries and the PC.
|
|
In some cases you may need an alternate console device to configure the connection in DST. To use
BOOTP the network hardware used must be capable of AutoNegotiation of Speed and Duplex if
|
using the 2838 Ethernet Adapter for the console connection.
|
Secure your Operations Console configuration
Operations Console security consists of service device authentication, user authentication, data privacy,
and data integrity. Operations Console local console directly attached to the server has implicit device
authentication, data privacy, and data integrity due to its point-to-point connection. User authentication
security is required to sign on to the console display.
The following figure is intended to give you an overview of your Operations Console LAN security. The
access password (1), if correct, induces Operations Console to send (2) the service tools device ID
(QCONSOLE) and its encrypted password to the server. The server checks the two values (3), and if they
match, updates both the device and DST with a new encrypted password. The connection process then
validates the service tools user ID and password before sending the system console display to the PC (4).
12
iSeries: iSeries Access for Windows Operations Console
Advertisement
Table of Contents
