FS6200 Server System Implementation Guide - Public Support ...
FS6200 Server System Implementation Guide - Public Support ...
FS6200 Server System Implementation Guide - Public Support ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Operating the <strong>Server</strong><br />
MCP Firmware Environment Policy<br />
Unisys determined the minimum functional requirements of standard environments and<br />
created a policy that implements the needed configuration. This policy is referred to as the<br />
“MCP Firmware Environment Policy” in this guide and it protects the environment from<br />
possible attacks from external applications.<br />
The MCP Firmware Environment Policy modifies the server as follows:<br />
• Unnecessary services are disabled based on the functionality defined for the systems<br />
management engine, E-mode engine, and I/O engines.<br />
• Firewall rules are created or modified to enable only necessary connections for the<br />
MCP Environment.<br />
• Settings for LAN Manager and IPv6 are selected to support functionality required by<br />
the MCP Environment.<br />
• The audit policy is defined.<br />
Policy Services<br />
The MCP Firmware Environment Policy enables services to support the following features<br />
and options. Some other services that support server roles and features, but are not<br />
mentioned in the following list, are disabled.<br />
• Microsoft Network Client<br />
This feature is supported by two services: Workstation and TCP/IP NetBIOS Helper.<br />
Microsoft Network Client enables users to share files, print, and log on to the network<br />
by creating and maintaining network connections to remote servers using the SMB<br />
protocol, and by providing support for the NetBIOS over TCP/IP (NetBT) service and<br />
NetBIOS name resolution for clients on the network.<br />
A set of firewall rules for file and printer sharing are enabled to enable the following<br />
outbound connections:<br />
- Ping requests for both IPv4 and IPv6<br />
- NetBIOS Datagram transmission and reception (UDP 138)<br />
- NetBIOS name resolution (UDP 137)<br />
- NetBIOS Session Service connections (TCP 139)<br />
- SMB transmission and reception (TCP 445)<br />
Consequently, from the environments, you can ping a remote computer or map a drive<br />
to a share on a remote computer.<br />
Note: Inbound Internet Control Message Protocol (ICMP) requests to the host of an<br />
environment are blocked by default. This restriction affects ping commands, which are<br />
ICMP echo requests. As a result, ping commands from remote computers cannot<br />
reach the host of an environment, not even those sent from the MCP. Refer to<br />
“Enabling MCP Ping Commands through the EVLAN Connection” later in this section<br />
for information on how to add a firewall rule to enable inbound ICMP requests.<br />
4–6 8222 3694–000