FS6200 Server System Implementation Guide - Public Support ...

More documents

Recommendations

Info

Operating the Server MCP Firmware Environment Policy Unisys determined the minimum functional requirements of standard environments and created a policy that implements the needed configuration. This policy is referred to as the “MCP Firmware Environment Policy” in this guide and it protects the environment from possible attacks from external applications. The MCP Firmware Environment Policy modifies the server as follows: • Unnecessary services are disabled based on the functionality defined for the systems management engine, E-mode engine, and I/O engines. • Firewall rules are created or modified to enable only necessary connections for the MCP Environment. • Settings for LAN Manager and IPv6 are selected to support functionality required by the MCP Environment. • The audit policy is defined. Policy Services The MCP Firmware Environment Policy enables services to support the following features and options. Some other services that support server roles and features, but are not mentioned in the following list, are disabled. • Microsoft Network Client This feature is supported by two services: Workstation and TCP/IP NetBIOS Helper. Microsoft Network Client enables users to share files, print, and log on to the network by creating and maintaining network connections to remote servers using the SMB protocol, and by providing support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network. A set of firewall rules for file and printer sharing are enabled to enable the following outbound connections: - Ping requests for both IPv4 and IPv6 - NetBIOS Datagram transmission and reception (UDP 138) - NetBIOS name resolution (UDP 137) - NetBIOS Session Service connections (TCP 139) - SMB transmission and reception (TCP 445) Consequently, from the environments, you can ping a remote computer or map a drive to a share on a remote computer. Note: Inbound Internet Control Message Protocol (ICMP) requests to the host of an environment are blocked by default. This restriction affects ping commands, which are ICMP echo requests. As a result, ping commands from remote computers cannot reach the host of an environment, not even those sent from the MCP. Refer to “Enabling MCP Ping Commands through the EVLAN Connection” later in this section for information on how to add a firewall rule to enable inbound ICMP requests. 4–6 8222 3694–000
• Domain Name System (DNS) Client This feature is supported by a single service: DNS Client. DNS Client registers the Windows host name of an environment and enables you to use computer names, in addition to IP addresses, when accessing other computers in the network. A firewall rule is predefined to open UDP port 53 for outbound DNS requests. • Remote Desktop This feature is supported by three services: Remote Desktop Services, Remote Desktop Configuration, and Remote Desktop Services UserMode Port Redirector. Included in the MCP Firmware Environment Policy is a predefined Remote Desktop firewall rule for inbound connections. This rule opens TCP port 3389. However, the scope of the Remote Desktop firewall rule has been modified to restrict inbound remote connections, allowing connections only from the following range of IP addresses on the management LAN: 192.168.222.20 through 192.168.222.59 If these addresses do not match your network configuration, use the ChangeRulesForMCP.ps1 script to modify the Remote Desktop rule. For more information on how to run this script, refer to “Using the ChangeRulesForMCP.ps1 Script” later in this section. • SNMP Firewall Rules The SNMP service is enabled only on the systems management engine to allow the use of SNMP traps by the MCP Firmware. There following firewall rules that are associated with this service and are configured in support of this service: - SNMP Service (UDP In) – This firewall rule is disabled. - SNMP Trap Service (UDP In) – This firewall rule is enabled. • Local Application Installation This option is supported by one service: Windows Installer. Operating the Server Installer enables you to install supported applications on an environment. This service also enables you to remove or modify applications. Note: Do not use Installer to install unsupported applications on an environment. Doing so can jeopardize the stability and security of the system. In addition to the default core networking rules and the predefined firewall rules that are associated with a previously discussed feature, Unisys created additional firewall rules that support specific MCP functions. These rules are described in Table 4-1. 8222 3694–000 4–7
Page 1 and 2:
ClearPathFS6200Server SystemImpleme
Page 3 and 4:
Contents Section 1. Introduction Ab
Page 5 and 6:
MCP Firmware Environment Policy Uti
Page 7 and 8:
Updating Specialty Engines . . . .
Page 9 and 10:
Figures 2-1. FS6200 Server Hardware
Page 11 and 12: Tables 3-1. Physical Location of HB
Page 13 and 14: Section 1 Introduction About This G
Page 15 and 16: Section 2 System Overview This sect
Page 17 and 18: • Two Processor Memory and Module
Page 19 and 20: MCP Console s-Par Component Descrip
Page 21 and 22: ePortal Specialty Engine The ePorta
Page 23 and 24: Section 3 Customizing the Server Co
Page 25 and 26: Determining Correspondence between
Page 27 and 28: Table 3-1. Physical Location of HBA
Page 29 and 30: • The MCP is running. • The pat
Page 31 and 32: e. Log on to the environment. f. Cl
Page 33 and 34: The default IP address for the intr
Page 35 and 36: Table 3-6. Default Networking Value
Page 37 and 38: Changing the Network Services EVLAN
Page 39 and 40: IEEE 802.1Q VLANs allow a single ne
Page 41 and 42: and BIP protocols. Communications b
Page 43 and 44: 4. To modify a network processor ob
Page 45 and 46: You must replace or modify the prec
Page 47 and 48: Table 3-8. MCP Networking Values fo
Page 53 and 54: Using Sample BNA Initialization Fil
Page 55 and 56: Some of the procedures in MCP Imple
Page 57 and 58: Section 4 Operating the Server This
Page 59 and 60: Powering Off the Platform Hardware
Page 61: Controlling the MCP Environment Acc
Page 65 and 66: Table 4-1. Unisys-Defined Firewall
Page 67 and 68: Table 4-2. Firewall Rules for JProc
Page 69 and 70: The utility scripts enable you to m
Page 71 and 72: Notes: Syntax Usage • Refer to th
Page 73 and 74: Sample Commands • ChangeRulesForM
Page 75 and 76: Note: The .\ notation before the sc
Page 77 and 78: Differences from Previous MCP Syste
Page 79 and 80: If you do not receive this response
Page 81 and 82: Networking Commands and Inquiries C
Page 83 and 84: • Total processor utilization rep
Page 85 and 86: I/O Time • ACQUIRE • FREE • O
Page 87 and 88: Operating the Server PING commands
Page 89 and 90: Section 5 Setting Up and Operating
Page 91 and 92: Ensuring That the Necessary Disk Sp
Page 93 and 94: ; , REMOTEADDRESS = 000000000000 ,
Page 95 and 96: This command is optional. By defaul
Page 97 and 98: 6. Perform the following actions to
Page 99 and 100: 1. From the Component View tab, exp
Page 101 and 102: Setting Up and Operating the ePorta
Page 103 and 104: Assigning ePortal Specialty Engine
Page 105 and 106: Setting Up and Operating the ePorta
Page 107 and 108: Restoring ePortal The following act
Page 109 and 110: Section 6 Setting Up and Operating
Page 111 and 112: • Microsoft Network Client This f
Page 113 and 114:
Applying JProcessor Security Policy
Page 115 and 116:
Section 7 Backing Up MCP Firmware C
Page 117 and 118:
Section 8 Updates This section disc
Page 119 and 120:
Updating MCP Firmware MCP Firmware
Page 121 and 122:
Job (USERCODE) EPORTALNOTE ACCEPT:
Page 123 and 124:
17. Go back into update settings (s
Page 125 and 126:
Section 9 Troubleshooting and Recov
Page 127 and 128:
Accessing the Unisys Product Suppor
Page 129 and 130:
Taking a Platform Firmware Livedump
Page 131 and 132:
Hardware Failure Symptoms Criticali
Page 133 and 134:
Workaround Use the platform managem
Page 135 and 136:
• If your TCP/IP or BNA connectio
Page 137 and 138:
• Obtain a Network Services firmw
Page 139 and 140:
The response to the NW NP command
Page 141 and 142:
Restarting a JProcessor Specialty E
Page 143 and 144:
Gathering Diagnostic Information Th
Page 145 and 146:
1. Create an unprivileged MCP userc
Page 147 and 148:
The topic “I/O Configuration” i
Page 149 and 150:
cd “C:\Program Files\Unisys\MCP F
Page 151 and 152:
Restarting Platform Services Note:
Page 153 and 154:
Appendix A Building Network Initial
Page 155 and 156:
• NW TCPIP TCPIPIDENTITY NW TCPIP
Page 157 and 158:
Building Network Initialization Fil
Page 159 and 160:
Sample BNA Initialization File % On
Page 161 and 162:
Index A accessing the Unisys Suppor
Page 163 and 164:
MCP PING commands through intraplat
Page 165 and 166:
MAICP4 dump data, 9-13 Maintenance
Page 167 and 168:
elocating the MCP APPLIANCES share,
Page 170:
© 2012 Unisys Corporation. All rig
show all

FS6200 Server System Implementation Guide - Public Support ...

Create successful ePaper yourself

Delete template?

Save as template?