IBM System Storage DR550 | Version 3.0 | 17 March 2006 | Page 49 |
|
|
|
|
Configuring the P5 520 Servers
The P5 520 servers within the IBM TotalStorage Data Retention are shipped with particular AIX security settings. These settings will not allow remote administration tasks initiated via commands like telnet, remote shell (rsh), file transfer protocol (ftp) or similar. Therefore, you should use the integrated console for management activities. (You can use an ASCII (tty) terminal if needed – a connection must be established using the Serial Port 1 of each P5 520 server to administer (configure) the P5 520 server. Note that one ASCII terminal may be used by connecting to one server at a time. The procedure for physically attaching the ASCII (tty) terminal was addressed in the Installation and Activation section. The ASCII terminal, when attached to Serial Port 1, will be known in AIX as tty0.)
User Accounts
To provide a greater level of security, DR550 is setup with limited access. These restrictions are built into the DR550 as follows:
•Limited user definitions
•Limited access to commands from certain accounts
•No remote access with authority to make changes
Login
Login with secure shell (ssh) is required for the AIX accounts (dr550, dr550adm, ibmce and root).
User Accounts
The following user accounts have been created. Each has a specific role when using the DR550. Passwords should be changed in accordance with company policy and guidelines. To enhance security, certain user accounts do not have any change authority and other accounts can only be accessed from the integrated console. The following user accounts have been created, with the following roles and restrictions specified:
AIX
| Account |
| Roles | Password set at Factory |
|
| dr550 |
| Access via integrated console to P5 520 servers | dr550 |
|
|
|
| (VTY 0) or via the serial port on the front of the P5 |
|
|
|
|
| 520 server (tty 0) – It is recommended that you use |
|
|
|
|
| the integrated console |
|
|
|
|
| no remote access |
|
|
|
|
| Only user who can ‘su’ to root |
|
|
|
|
| Home directory /home/dr550 |
|
|
|
|
| Shell /bin/ksh |
|
|
| dr550adm |
| Access via integrated console or from remote ASCII | dr550adm |
|
|
|
| terminal |
|
|
|
|
| Home directory /home/dr550adm |
|
|
|
|
| Shell |
|
|
| ibmce |
| console access and remote access | ibmce |
|
|
|
| home directory /home/ibmce |
|
|
|
|
| shell |
|
|
| root |
| no direct login | d3rv1sh – this password |
|
|
|
| su allowed only from dr550 account | will need to be changed |
|
|
|
| Ability to view log files and perform SM Client tasks | during the initial |
|
|
|
|
| installation. It is initially |
|
|
|
|
| setup to require a change |
|
|
|
|
| at the initial login. |
|
|
|
|
|
|
|
| IBM Storage Systems | Copyright © 2006 by International Business Machines Corporation |
| ||
|
|
|
|
|
|