FS6200 Server System Implementation Guide - Public Support ...

More documents

Recommendations

Info

Setting Up and Operating the JProcessor Specialty Engine Supported Software Notes Unisys MCPJava JVM Software is required and preinstalled. Unisys XlateEBCDIC Unisys JVM Software is separately licensed and installed by the customer. • A pre-defined Security Configuration Wizard (SCW) policy This policy further reduces the attacks on the JProcessor environment. Refer to “Understanding the JProcessor Security Policy” later in this section for more information. Understanding the JProcessor Security Policy Unisys has determined the minimum functional requirements of a standalone JProcessor environment and created an SCW policy that implements the needed configuration. This SCW policy is referred to as the “JProcessor Security Policy” in this guide. The JProcessor Security Policy is available as an XML file with the file name JProcessorPolicy.xml. This XML file is applied to the system at the factory. You can find this file in the folder below: C:\Program Files\Unisys\JPPartition The JProcessor Security Policy modifies settings in the JProcessor environment in the area of services, firewall rules, connections to the other computers, and security auditing in a similar manner as the MCP Firmware Environment Policy does for the environments. Details are provided in the following subsections. Applying the JProcessor Security Policy for Services The JProcessor Security Policy enables the following features and options. Other services that support server roles and features, but are not mentioned in the following list, are disabled. 6–2 8222 3694–000
• Microsoft Network Client This feature is supported by two services: Workstation and TCP/IP NetBIOS Helper. Microsoft Network Client enables users to share files, print, and log on to the network by creating and maintaining network connections to remote servers using the SMB protocol, and by providing support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network. A set of firewall rules for file and printer sharing are enabled to enable the following outbound connections: - Ping requests for both IPv4 and IPv6 - NetBIOS Datagram transmission and reception (UDP 138) - NetBIOS name resolution (UDP 137) - NetBIOS Session Service connections (TCP 139) - SMB transmission and reception (TCP 445) Consequently, from the JProcessor environment, you can ping a remote computer or map a drive to a share on a remote computer. Note: Inbound Internet Control Message Protocol (ICMP) requests to the host of the JProcessor environment are blocked by default. This restriction affects ping commands, which are ICMP echo requests. As a result, ping commands from remote computers cannot reach the Windows host of the JProcessor environment, not even those sent from the MCP. Refer to “Enabling MCP Ping Commands through the Intra-Platform Connection For JProcessors” in Section 4 of this guide for information on how to add a firewall rule to enable inbound ICMP requests. • Domain Name System (DNS) Client This feature is supported by a single service: DNS Client. DNS Client registers the host name of the JProcessor environment and enables you to use computer names, in addition to IP addresses, when accessing other computers in the network. A firewall rule is predefined to open UDP port 53 for outbound DNS requests. • Remote Desktop Setting Up and Operating the JProcessor Specialty Engine This feature is supported by three services: Remote Desktop Services, Remote Desktop Configuration, and Remote Desktop Services UserMode Port Redirector. You can make a Remote Desktop connection from your Operations Server to the host of the JProcessor environment and vice versa. To connect to a remote computer from the JProcessor environment, click Start, click All Programs, click Accessories, and then click Remote Desktop Connection. Included in the JProcessor Security Policy is a predefined Remote Desktop firewall rule for inbound connections. This rule opens TCP port 3389, which enables remote connection. However, the scope of the Remote Desktop firewall rule has been modified to restrict inbound remote connections, allowing connections only from the following IP addresses on the management LAN: 8222 3694–000 6–3
Page 1 and 2:
ClearPathFS6200Server SystemImpleme
Page 3 and 4:
Contents Section 1. Introduction Ab
Page 5 and 6:
MCP Firmware Environment Policy Uti
Page 7 and 8:
Updating Specialty Engines . . . .
Page 9 and 10:
Figures 2-1. FS6200 Server Hardware
Page 11 and 12:
Tables 3-1. Physical Location of HB
Page 13 and 14:
Section 1 Introduction About This G
Page 15 and 16:
Section 2 System Overview This sect
Page 17 and 18:
• Two Processor Memory and Module
Page 19 and 20:
MCP Console s-Par Component Descrip
Page 21 and 22:
ePortal Specialty Engine The ePorta
Page 23 and 24:
Section 3 Customizing the Server Co
Page 25 and 26:
Determining Correspondence between
Page 27 and 28:
Table 3-1. Physical Location of HBA
Page 29 and 30:
• The MCP is running. • The pat
Page 31 and 32:
e. Log on to the environment. f. Cl
Page 33 and 34:
The default IP address for the intr
Page 35 and 36:
Table 3-6. Default Networking Value
Page 37 and 38:
Changing the Network Services EVLAN
Page 39 and 40:
IEEE 802.1Q VLANs allow a single ne
Page 41 and 42:
and BIP protocols. Communications b
Page 43 and 44:
4. To modify a network processor ob
Page 45 and 46:
You must replace or modify the prec
Page 47 and 48:
Table 3-8. MCP Networking Values fo
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Using Sample BNA Initialization Fil
Page 55 and 56:
Some of the procedures in MCP Imple
Page 57 and 58:
Section 4 Operating the Server This
Page 59 and 60: Powering Off the Platform Hardware
Page 61 and 62: Controlling the MCP Environment Acc
Page 63 and 64: • Domain Name System (DNS) Client
Page 65 and 66: Table 4-1. Unisys-Defined Firewall
Page 67 and 68: Table 4-2. Firewall Rules for JProc
Page 69 and 70: The utility scripts enable you to m
Page 71 and 72: Notes: Syntax Usage • Refer to th
Page 73 and 74: Sample Commands • ChangeRulesForM
Page 75 and 76: Note: The .\ notation before the sc
Page 77 and 78: Differences from Previous MCP Syste
Page 79 and 80: If you do not receive this response
Page 81 and 82: Networking Commands and Inquiries C
Page 83 and 84: • Total processor utilization rep
Page 85 and 86: I/O Time • ACQUIRE • FREE • O
Page 87 and 88: Operating the Server PING commands
Page 89 and 90: Section 5 Setting Up and Operating
Page 91 and 92: Ensuring That the Necessary Disk Sp
Page 93 and 94: ; , REMOTEADDRESS = 000000000000 ,
Page 95 and 96: This command is optional. By defaul
Page 97 and 98: 6. Perform the following actions to
Page 99 and 100: 1. From the Component View tab, exp
Page 101 and 102: Setting Up and Operating the ePorta
Page 103 and 104: Assigning ePortal Specialty Engine
Page 105 and 106: Setting Up and Operating the ePorta
Page 107 and 108: Restoring ePortal The following act
Page 109: Section 6 Setting Up and Operating
Page 113 and 114: Applying JProcessor Security Policy
Page 115 and 116: Section 7 Backing Up MCP Firmware C
Page 117 and 118: Section 8 Updates This section disc
Page 119 and 120: Updating MCP Firmware MCP Firmware
Page 121 and 122: Job (USERCODE) EPORTALNOTE ACCEPT:
Page 123 and 124: 17. Go back into update settings (s
Page 125 and 126: Section 9 Troubleshooting and Recov
Page 127 and 128: Accessing the Unisys Product Suppor
Page 129 and 130: Taking a Platform Firmware Livedump
Page 131 and 132: Hardware Failure Symptoms Criticali
Page 133 and 134: Workaround Use the platform managem
Page 135 and 136: • If your TCP/IP or BNA connectio
Page 137 and 138: • Obtain a Network Services firmw
Page 139 and 140: The response to the NW NP command
Page 141 and 142: Restarting a JProcessor Specialty E
Page 143 and 144: Gathering Diagnostic Information Th
Page 145 and 146: 1. Create an unprivileged MCP userc
Page 147 and 148: The topic “I/O Configuration” i
Page 149 and 150: cd “C:\Program Files\Unisys\MCP F
Page 151 and 152: Restarting Platform Services Note:
Page 153 and 154: Appendix A Building Network Initial
Page 155 and 156: • NW TCPIP TCPIPIDENTITY NW TCPIP
Page 157 and 158: Building Network Initialization Fil
Page 159 and 160: Sample BNA Initialization File % On
Page 161 and 162:
Index A accessing the Unisys Suppor
Page 163 and 164:
MCP PING commands through intraplat
Page 165 and 166:
MAICP4 dump data, 9-13 Maintenance
Page 167 and 168:
elocating the MCP APPLIANCES share,
Page 170:
© 2012 Unisys Corporation. All rig
show all

FS6200 Server System Implementation Guide - Public Support ...

Create successful ePaper yourself

Delete template?

Save as template?