Manualshelf

System information

ManualsBrandsYOGGIE ManualsComputersYOGGIE MANAGEMENT SERVER
251252253254255256257258259260
236 Logical Partitions on System i5
7.1 System Manager Security
System Manager Security ensures that the HMC can operate securely in the client-server
mode. The managed machines are servers and the managed users are clients. Servers and
clients communicate over the Secure Sockets Layer (SSL) protocol, which provides server
authentication, data encryption, and data integrity. Each HMC System Manager server has its
own private key and a certificate of its public key signed by a Certificate Authority (CA) that is
trusted by the System Manager clients. The private key and the server certificate are stored in
the server’s private key ring file. Each client must have a public key ring file that contains the
certificate of the trusted CA.
You define one HMC as a Certificate Authority. You use this HMC to generate keys and
certificates for your HMC servers and client systems. The servers are the HMCs you want to
manage remotely. A unique key must be generated and installed on each server. You can
generate the keys for all your servers in one action on the CA and then copy them to diskette,
install them at the servers, and configure the servers for secure operation.
The client systems are the systems from which you want to do remote management. Client
systems can be HMCs, AIX, or PC clients. Each client system must have a copy of the CA’s
public key ring file in its System Manager codebase directory. You can copy the CA public
key ring file to the diskette on the CA and copy it from the diskette to each client.
To use the System Manager Security application, you must be a member of the System
Administrator role. To ensure security during configuration, users of this application must be
logged in to the HMC locally.
Figure 7-1 shows the functions available from the System Manager Security.
Figure 7-1 System Manager Security available functions
The following sections describe the System Manager Security functions that are available.
Note: To configure an AIX client correctly, you must install a security fileset. For more
information, see your AIX documentation.