IBM TotalStorage DR550 SMB | Version 1.0 | 27 May 2005 | Page 23 |
Configuring the P5 520 Server
The P5 520 server within the IBM TotalStorage DR550 SMB is shipped with particular AIX security settings. These settings will not allow remote administration tasks initiated via commands like telnet, remote shell (rsh), file transfer protocol (ftp) or similar. Therefore, you should use the integrated console for management activities. (You can use an ASCII (tty) terminal if needed – a connection must be established using the Serial Port 1 of each P5 520 server to administer (configure) the P5 520 server. Note that one ASCII terminal may be used by connecting to one server at a time. The procedure for physically attaching the ASCII (tty) terminal was addressed in the Installation and Activation section. The ASCII terminal, when attached to Serial Port 1, will be known in AIX as tty0.)
User Accounts
To provide a greater level of security, DR550 SMB is setup with limited access. These restrictions are built into the DR550 SMB as follows:
•Limited user definitions
•Limited access to commands from certain accounts
•No remote access with authority to make changes
Login
Login with secure shell (ssh) is required for the AIX accounts (dr550, dr550adm, ibmce and root).
User Accounts
The following user accounts have been created. Each has a specific role when using the DR550 SMB. Passwords should be changed in accordance with company policy and guidelines. To enhance security, certain user accounts do not have any change authority and other accounts can only be accessed from the integrated console. The following user accounts have been created, with the following roles and restrictions specified:
AIX
| Account |
|
| Roles | Password set at Factory |
|
| dr550 |
| Access via integrated console to P5 520 servers | dr550 |
| |
|
|
| (LFT 0) or via the serial port on the front of the P5 |
|
| |
|
|
| 520 server (tty 0) – It is recommended that you use |
|
| |
|
|
| the integrated console |
|
| |
|
|
| no remote access |
|
| |
|
|
| Only user who can ‘su’ to root |
|
| |
|
|
| Home directory | /home/dr550 |
|
|
|
|
| Shell /bin/ksh |
|
|
|
| dr550adm |
| Access via integrated console or from remote ASCII | dr550adm |
| |
|
|
| terminal |
|
|
|
|
|
| Home directory | /home/dr550adm |
|
|
|
|
| Shell |
|
|
|
|
|
| Ability to view log files and perform SM Client tasks |
|
| |
| ibmce |
| console access and remote access | ibmce |
| |
|
|
| home directory | /home/ibmce |
|
|
|
|
| shell |
|
|
|
|
|
| ability to view log files and perform SM Client tasks |
|
| |
| root |
| no direct login |
| d3rv1sh – this password |
|
|
|
| su allowed only from dr550 account | will need to be changed |
| |
|
|
|
|
| during the initial installation. |
|
|
|
|
|
| It is initially setup to require |
|
|
|
|
|
| a change at the initial login. |
|
| Tivoli Storage Manager |
|
|
| ||
|
|
|
|
|
|
|
| IBM Storage Systems |
| Copyright © 2005 by International Business Machines Corporation |
|