HP-UX vPars and Integrity VM V6.3 Administrator Guide
NOTE: Because Integrity VM disables the TSO and CKO capabilities on the IP address of the
LAN interface (resulting in poorer than expected VM Host data-transfer performance), HP
recommends that you dedicate a LAN interface solely for OVMM data transfer to improve data
transfer time. That is, to receive the best performance on host-to-remote data transfers on a LAN
interface, do not configure a vswitch over it.
12.3.2.3 Conventions for using target-hpvm-migr names for private networks
If the name specified for the hpvmmigrate -h option is a simple basename, the hpvmmigrate
command concatenates its conventional private network suffix -hpvm-migr to the basename and
first verifies whether that name can be resolved. A simple basename is a reasonably short string
with no specified domain hierarchy (for example, period (.) in the name). The simple basename
cannot contain the conventional suffix —hpvm-migr either. You must add the alias
target-hpvm-migr to /etc/hosts that maps to the private IP network address for VSP target
and modify /etc/nsswitch.conf, so lookups reference /etc/host before using DNS. (The
resolution check is done by looking up the modified name with the gethostbyname function, so
DNS is used if there is no alias in /etc/hosts.)
Because this is a convention implemented locally on each host, administrators can or cannot use
it. If this convention is configured correctly, both target and target-hpvm-migr resolve to
the proper address. For example:
• hpvmmigrate -h host39 — Look up host39-hpvm-migr first, and if not found, look
up host39.
• hpvmmigrate -h host39-hpvm-migr — Look up host39–hpvm-migr.
• hpvmmigrate -h host39.atl — Look up host39.atl.
The target.fully.qualified.domain-name will not be modified.
By following this convention, defining an alias with suffix —hpvm-migr for the private network
connections, you block the site network for online migrations in case someone accidentally specifies
the hostname of the target VSP for the hpvmmigrate -h option.
12.3.2.4 Using NTP on VSPs
HP strongly recommends using NTP to synchronize clocks for OVMM environments. In addition to
a typical NTP configuration, all the potential VSPs must use each other as mutual peer NTP servers
to help maintain time consistency between hosts.
For more information about NTP, see Section 12.3.1 (page 206).
12.3.3 SSH setup between the VSPs
Only superusers can run the hpvmmigrate command. The migration of a guest is controlled by
a set of secure remote operations that must be enabled on both systems. The hpvmmigrate
command requires HP-UX SSH to be set up on both the source and target host systems, to provide
a secure communication path between VSPs. SSH is installed on HP-UX systems by default. The
passwords-based and host-based authentication are not supported. SSH security must be set up
so that superusers can use ssh commands between the source and target VSPs without interactive
passwords.
The hpvmmigrate command uses SSH public-key based authentication between the source and
destination hosts. To enable secure communication between the source and target hosts, you must
generate SSH keys on both systems. You must have root privileges to generate and set up the SSH
keys required for guest migration. You can do this by using the secsetup script provided by
Integrity VM.
Run the following command on both the source and target hosts:
# /opt/hpvm/bin/secsetup -r other hostname
210 Migrating VMs and vPars