FS6200 Server System Implementation Guide - Public Support ...

More documents

Recommendations

Info

Operating the Server Audits • LAN Manager Authentication Level is set to “Send LM and NTLM — use NTLMv2 session security if negotiated.” Notes: • To change this setting if necessary on the JProcessor Specialty Engine, I/O engine, E-mode engine, or systems management engine, use the Local Security Policy option available in Administrative Tools in Control Panel. • The MCP Environment is preconfigured with NTLMv2 authentication enabled. If you decide to disable NTLMv2 authentication in the MCP Environment, consult the topic “Client Access Services Authentication Changes” in the Migration Guide for Local Security Policy changes that are required in an environment to restore the ability to authenticate using MCP Client Access Services. Auditing is the process that tracks user activities and records selected types of events in the Windows security log. An audit policy defines the type of event information that should be collected. The MCP Firmware Environment Policy settings are listed in Table 4-3. Table 4–3. MCP Firmware Environment Policy Audit Policy Settings Event Name Security Log Records account logon Success, Failure account management Success directory service access Success logon/logoff Success, Failure object access Success policy change Success privilege use Not audited process tracking Success system events Success, Failure (except the ″Filtering Platform Connection″ and ″Other Object Access Events″ subcategories) To support the potentially large amount of auditing events, Security Event Log size has been increased to 2GB. You can modify the auditing policy and the Security Event Log size according to your corporate policy and specific usage characteristics. MCP Firmware Environment Policy Utility Scripts Two utility scripts are provided to manage the MCP Firmware Environment Policy. The scripts are written with PowerShell. 4–12 8222 3694–000
The utility scripts enable you to make certain firewall adjustments, and to restore the environment to a previous state in case of problems. Do not modify the content of these scripts or attempt to use a script for something other than its intended purpose. Changed or altered scripts are not supported For normal operations, use the following script to view and analyze the policy and adjust the firewall rules: • ChangeRulesForMCP.ps1 For restoring a pervious environment, use the following script: • UnisysHarden_Rollback.ps1 For re-hardening the system if you performed a rollback to an unhardened state, use the following script: • UnisysHarden.ps1 These scripts can be found under the following folder on the System Management engine, E-mode engine, and I/O engine: C:\Unisys\Installation\Firmware\Common\Security The usage and syntax of each script utility is described in the following text. Note: Do not download and execute scripts from unknown sources. Doing so might put your server at security risks. Using the ChangeRulesForMCP.ps1 Script If you change the IP addresses in your MCP Environment, use the ChangeRulesForMCP.ps1 script to change the IP addresses in the following firewall rules: • Unisys Call Home (TCP-In) • Unisys ODT (TCP-In) • Remote Desktop (TCP-In) • FTP Server (FTP Traffic-In) • FTP Server Passive (FTP Passive Traffic-In) • DFS Management (DCOM-In) • DFS Management (WMI-In) • Unisys Windows Remote Management (HTTPS-In) • Windows Remote Management (HTTP-In) • Unisys NGAgent (TCP-In) • Unisys Configure HBA (TCP-In) Operating the Server 8222 3694–000 4–13
Page 1 and 2:
ClearPathFS6200Server SystemImpleme
Page 3 and 4:
Contents Section 1. Introduction Ab
Page 5 and 6:
MCP Firmware Environment Policy Uti
Page 7 and 8:
Updating Specialty Engines . . . .
Page 9 and 10:
Figures 2-1. FS6200 Server Hardware
Page 11 and 12:
Tables 3-1. Physical Location of HB
Page 13 and 14:
Section 1 Introduction About This G
Page 15 and 16:
Section 2 System Overview This sect
Page 17 and 18: • Two Processor Memory and Module
Page 19 and 20: MCP Console s-Par Component Descrip
Page 21 and 22: ePortal Specialty Engine The ePorta
Page 23 and 24: Section 3 Customizing the Server Co
Page 25 and 26: Determining Correspondence between
Page 27 and 28: Table 3-1. Physical Location of HBA
Page 29 and 30: • The MCP is running. • The pat
Page 31 and 32: e. Log on to the environment. f. Cl
Page 33 and 34: The default IP address for the intr
Page 35 and 36: Table 3-6. Default Networking Value
Page 37 and 38: Changing the Network Services EVLAN
Page 39 and 40: IEEE 802.1Q VLANs allow a single ne
Page 41 and 42: and BIP protocols. Communications b
Page 43 and 44: 4. To modify a network processor ob
Page 45 and 46: You must replace or modify the prec
Page 47 and 48: Table 3-8. MCP Networking Values fo
Page 53 and 54: Using Sample BNA Initialization Fil
Page 55 and 56: Some of the procedures in MCP Imple
Page 57 and 58: Section 4 Operating the Server This
Page 59 and 60: Powering Off the Platform Hardware
Page 61 and 62: Controlling the MCP Environment Acc
Page 63 and 64: • Domain Name System (DNS) Client
Page 65 and 66: Table 4-1. Unisys-Defined Firewall
Page 67: Table 4-2. Firewall Rules for JProc
Page 71 and 72: Notes: Syntax Usage • Refer to th
Page 73 and 74: Sample Commands • ChangeRulesForM
Page 75 and 76: Note: The .\ notation before the sc
Page 77 and 78: Differences from Previous MCP Syste
Page 79 and 80: If you do not receive this response
Page 81 and 82: Networking Commands and Inquiries C
Page 83 and 84: • Total processor utilization rep
Page 85 and 86: I/O Time • ACQUIRE • FREE • O
Page 87 and 88: Operating the Server PING commands
Page 89 and 90: Section 5 Setting Up and Operating
Page 91 and 92: Ensuring That the Necessary Disk Sp
Page 93 and 94: ; , REMOTEADDRESS = 000000000000 ,
Page 95 and 96: This command is optional. By defaul
Page 97 and 98: 6. Perform the following actions to
Page 99 and 100: 1. From the Component View tab, exp
Page 101 and 102: Setting Up and Operating the ePorta
Page 103 and 104: Assigning ePortal Specialty Engine
Page 105 and 106: Setting Up and Operating the ePorta
Page 107 and 108: Restoring ePortal The following act
Page 109 and 110: Section 6 Setting Up and Operating
Page 111 and 112: • Microsoft Network Client This f
Page 113 and 114: Applying JProcessor Security Policy
Page 115 and 116: Section 7 Backing Up MCP Firmware C
Page 117 and 118: Section 8 Updates This section disc
Page 119 and 120:
Updating MCP Firmware MCP Firmware
Page 121 and 122:
Job (USERCODE) EPORTALNOTE ACCEPT:
Page 123 and 124:
17. Go back into update settings (s
Page 125 and 126:
Section 9 Troubleshooting and Recov
Page 127 and 128:
Accessing the Unisys Product Suppor
Page 129 and 130:
Taking a Platform Firmware Livedump
Page 131 and 132:
Hardware Failure Symptoms Criticali
Page 133 and 134:
Workaround Use the platform managem
Page 135 and 136:
• If your TCP/IP or BNA connectio
Page 137 and 138:
• Obtain a Network Services firmw
Page 139 and 140:
The response to the NW NP command
Page 141 and 142:
Restarting a JProcessor Specialty E
Page 143 and 144:
Gathering Diagnostic Information Th
Page 145 and 146:
1. Create an unprivileged MCP userc
Page 147 and 148:
The topic “I/O Configuration” i
Page 149 and 150:
cd “C:\Program Files\Unisys\MCP F
Page 151 and 152:
Restarting Platform Services Note:
Page 153 and 154:
Appendix A Building Network Initial
Page 155 and 156:
• NW TCPIP TCPIPIDENTITY NW TCPIP
Page 157 and 158:
Building Network Initialization Fil
Page 159 and 160:
Sample BNA Initialization File % On
Page 161 and 162:
Index A accessing the Unisys Suppor
Page 163 and 164:
MCP PING commands through intraplat
Page 165 and 166:
MAICP4 dump data, 9-13 Maintenance
Page 167 and 168:
elocating the MCP APPLIANCES share,
Page 170:
© 2012 Unisys Corporation. All rig
show all

FS6200 Server System Implementation Guide - Public Support ...

Create successful ePaper yourself

Delete template?

Save as template?