Automated Remote Support Security With TSM and OSM on NonStop Servers

ManualsBrandsHP ManualsServerHP Integrity NonStop Service Information

HP NonStop S-Series and NS-Series Server Automated Remote Support

Page 3 of 7

1. Actively authorize each notification

2. Automatically authorize reporting of all

IRs without user intervention

3. Choose, by IR type, which ones are to

be automatically reported and which

require pre-authorization

The notification is over a PPP (Point-to-Point

Protocol) connection. The GMCSC system

receiving the notifications is accessible only to

GMCSC personnel and is separated by a firewall

from other HP networks.

B. TSM or OSM Components

TSM or OSM is available only on NonStop™ S-

Series and NS-Series servers and is an

integrated set of client/server applications

running in a LAN environment. The applications

use various protocols and communications

methods depending upon the user access level.

• The TSM or OSM environment is made

up of four client applications:

• The Service Connection Application

(SC)

• The Low-Level Link Application (LLL)

• The Notification Director Application

(ND)

• The EMS Event Viewer Application (EV)

C. The Service Connection Application

Security

The TSM and OSM applications use TCP/IP for

monitoring and control and FTP (File Transfer

Protocol) for copying notification attachments

from the NonStop™ S-Series or NS-Series

server to the NSC Console. The TSM or OSM

applications use NSK security for both of these

functions.

1. Connection

The user is presented with a “Connect” dialog

and log in, requiring a username and password.

The username and password must have

previously been established with NSK on the

NonStop™ S-Series or NS-Series server. The

username and password are encoded and

passed along in application layer protocol

requests.

2. Access

The Service Connection (SC) application is client

software that runs on the NSC Console

workstation to provide operations control of the

NSK server. All operations access from the client

software to the NonStop™ S-Series or NS-Series

server requires NSK security. This can be

categorized into two areas; general monitoring

access (including discovery of the server

components) and actions. General monitoring

access requires NSK security, but not a SUPER

group logon. Monitoring access to the TSM or

OSM server is used for discovery and

informational access as well as for non-sensitive

actions. Discovery and information requests

gather information from the server but do not

affect any of the resources on the system. In

addition, there are some actions that do not affect

resources on the system but provide useful

information or interaction with the system.

The non-sensitive actions are “CRU Responsive

Test” actions (known colloquially as “ping”

actions), the System Session Responsive Test,

and Notification Director Actions (“Get Pending

Incident Reports” and “Generate Periodic

Incident Report”).

Actions, other than those covered above, require

a SUPER group NSK logon. This includes

powering on or powering off a disk, upping or

downing a disk, running a “Test Verify” on any

resource, resetting a CPU, resetting an SP, etc.

Controlling access to the server by providing

usernames and passwords is entirely within the

purview of the system manager. By monitoring

access, the manager can see all resources in a

system, the state of those resources, information

about those resources (serial number, part

number, tracking ID, revision level, firmware

revision, etc.). Using action access with a

SUPER group logon, the manager can control

and modify the resources of the system.

In the private service LAN environment, security

entails physical access to the NSC Console and

allocation of NSK logons. Both of these aspects

are totally within the system manager’s control.

The Low-Level Link (LLL) runs on the NSC

Console workstation to provide service control of

the NSK server, either by the GMCSC or on-site

service provider staff. All service access from the

client software to the NonStop™ S-Series server

requires Service Processor (SP) security. The

NS-Series server requires Maintenance Entity

(ME) security.

3. FTP

FTP is used to move attachments to Incident

Reports (IRs). IRs are handled by the Notification

Director (ND). If an attachment list is contained in

a notification received by the NSC Console, the

files in that attachment list are copied to the NSC

Console. The user may then view the

attachments, based on the type of the file. NSK

security is used for the FTP session.