Manualshelf

HP-UX Workload Manager A.03.05.xx Release Notes for HP-UX 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX 11i Workload Management (gWLM/WLM) Software
28293031323334353637
Rely—only to the extent that you trust your intranet—on the monitoring information from wlmgui
to decide on a course of action.
The WLM GUI sends data to wlmcomd over the network without verifying the recipient.
Each connection to wlmcomd represents a separate process on the system. As such, each
connection consumes resources, such as open file descriptors, a process ID, memory, and so
forth. A large number of connections could result in denial of service. You can restrict
connections by deploying wlmcomd on systems behind a firewall that blocks access to the
port being used.
Partitions
WLM manages virtual partitions and nPartitions through a global arbiter. WLM’s global arbitration
uses non-secured communications. A rogue user could manipulate the communications, resulting
in one or more partitions being granted an incorrect number of cores. Use global arbitration only
on trusted local area networks.
By default, wlmpard communicates to the partitions on a system through port 9691.
If the partitions use a firewall or if you are using the HP-UX Bastille product on the partitions, it is
likely that communications on this port are being blocked. To use wlmpard in your environment,
specifically allow port 9691 or another port to be open to incoming connections. If you use a port
other than 9691, be sure to restart wlmpard to communicate on the new port.
If you use Bastille or the Install-Time-Security Levels to configure the IPFilter firewall, you may want
to put the rules regarding which port to leave open in the following file:
/etc/opt/sec_mgmt/bastille/ipf.customrules
After that, run bastille -b to load the rules and make sure that Bastille does not remove them
later during subsequent runs/lockdowns.
Partitions 33