Table of Contents
Advertisement
including the remote control panel and virtual control panel. When using Operations Console local
console on a network, device and user authentication are controlled through the service tools device and
service tools user IDs.
Important: Consider the following when administering Operations Console local console over a network:
v For more information about service tools user IDs, see Service tools.
v For the remote control panel, mode selections require security authorization for the user that
authenticates the connection, such as that provided by QSECOFR. Mode selections include: Manual,
Normal, Auto, Secure. Auto and Secure are only available on servers with a keystick. Also, when
connecting the remote control panel using a network, the service tools device ID must have authority
to the control panel data on the system or the partition the remote control panel connects to.
v When a mismatch occurs in the service tools device password between the iSeries server and the
Operations Console PC, you need to resynchronize the password on both the PC and the server. To do
this, see Resynchronize the PC and service tools device ID password. A mismatch will occur if, for
example, your PC fails, if you decide to exchange the PC for a different one or if you upgrade it.
v Since QCONSOLE is a default service tools device ID, if you elect not to use this device ID it is highly
recommended that you temporarily configure a connection using this ID and successfully connect.
Then, delete the configuration but do not reset the device ID on the server. This will prevent an
unauthorized access from someone using the known default service tools device ID. Should you have a
need to use this device ID later, it can be reset at that time using the control panel.
v If you implement a network security tool that probes ports for intrusion protection be aware that
Operations Console uses ports 449, 2300, 2301, 2323, 3001, and 3002 for normal operations. In addition,
port 2301, which is used for the console on a partition running Linux is also vulnerable to probes. If
your tool were to probe any of these ports it may cause loss of the console which might result in an
IPL to recover. These ports should be excluded from intrusion protection tests.
Protection tips
When using Operations Console local console on a network, IBM recommends the following items:
1. Create an additional service tools device ID for each PC that will be used as a console with console
and control panel attributes.
2. Install Cryptographic Access Provider program number 5722-AC3, on the iSeries server and install
Client Encryption, 5722-CE3, on the Operations Console PC.
3. Choose a nontrivial access password.
4. Protect the Operations Console PC in the same manner you would protect a twinaxial console or an
Operations Console with direct connectivity.
5. Change your password for the following DST user IDs: QSECOFR, 22222222, and QSRV.
6. Add backup service tools user IDs with enough authority to enable or disable user and service tools
device IDs.
Prepare for your Operations Console and iSeries Navigator configuration
Both iSeries Navigator and Operations Console can be run on a single PC. Depending on how you have
Operations Console connected to your iSeries server, there are two possible network configuration
options available.
iSeries Navigator is the graphical user interface for managing and administering your iSeries server from
your Windows desktop. iSeries Navigator makes operation and administration of iSeries servers easier
and more productive.
Operations Console allows you to use a local or remote PC to access and control an iSeries console, a
control panel, or both. Operations Console has been enhanced to enable connections or console activities
across a local area network (LAN), besides enabling directly cabled connections. A single PC can have
multiple connections to multiple iSeries servers and can be the console for multiple iSeries servers. An
example is having a logically partitioned server using the same PC as the console for all partitions. Since
15
Operations Console
Advertisement
Table of Contents
