HP-UX vPars and Integrity VM V6.3 Administrator Guide
100 * guest memory size / available host memory + 2 (if the guest resources can fit into available
CLM of the cell and processors)
A rough estimate of the processor weight calculation is:
(minimum guest cpu entitlement * number of virtual processors) / (100 * number of host processors)
Guests are expected to start in order of highest weight to lowest. You can adjust the order by
setting the sched_preference attribute. If a guest fails to start for any reason, the sequence
continues with the next guest. For memory placement on a non cell-based system or cell-based
system with all ILM configured, the boot order has little affect.
In general, on these configurations, the largest guests boot first. On cell-based systems with CLM
configured, expected memory placement depends on the calculated weights, the
sched_preference setting, and the VSP memory configuration:
• If sched_preference is not set, or set to “cell” and the guest resources fit into one cell,
CLM is used.
• If there is not enough CLM and there is enough ILM, ILM is used.
• If sched_preference is set to “ilm” and there is enough ILM, ILM is used.
• If there is not enough ILM, the memory is allocated from all cells (striped).
• If there is insufficient ILM but the guest resources fit into one cell, CLM is used. Otherwise, the
memory is striped.
13.10 Creating guest administrators and operators
vPars and Integrity VM provides secure access to guest machine consoles. When you create a
VM, you can specify groups and user accounts to have administration or operator privileges on
that guest. These users are allowed to log in to the VSP using their own user accounts, and to use
the hpvmconsole command to perform system administration tasks on the guest VM.
A captive virtual console account is a special-purpose user account created on the VSP for each
guest administrator or operator. These types of user accounts use the /opt/hpvm/bin/
hpvmconsole directory for a shell, and the desired per-guest directory of the guest for a home
directory. For virtual console access, the account also requires a password, and access to its
associated guest.
Before you create a VM, use the useradd command to create user accounts for virtual console
access. For example, the following command adds the user account testme1:
# useradd -r no -g users -s /opt/hpvm/bin/hpvmconsole \
-c "Console access to guest 'testme'" \
-d /var/opt/hpvm/guests/testme \
testme1
Do not use the hpvmsys group for user accounts. This group is used for security isolation between
components of Integrity VM.
These types of console users are specified as either admin (guest administrators) or oper (guest
operators). Guest operators can access the VM console, shut down and reboot the guest, view
system status, transfer control to another guest operator or administrator, and set system
identification. The guest administrator has all these capabilities and the ability to use the virtual
console say commands (restricted to use by HP field support specialists).
To specify guest administrators and operators, use the hpvmcreate, hpvmmodify, hpvmmigrate,
and hpvmclone commands. To assign administrator and operator privileges to a user group,
include the -g option. To assign administrator and operator privileges to a specific user, use the
-u option.
NOTE: Console users cannot use the su command to change from one privilege level to another.
Per-user checks are based on login account identifiers, not on UUIDs.
13.10 Creating guest administrators and operators 225