Date: June 8, 2007 and
October 18, 2007 and April 18, 2008
and October 14, 2008
(C) Copyright International Business Machines
Corp., 2005 All rights reserved.
V7R3.1.0 V7R3.2.0 V7R3.3.0 V7R3.4.0
Hints
and Tips for using the new web-based user interface
This user interface is
comprised of several major components: the Banner, the Task bar, the Navigation
pane, the Work pane, and the Status bar. The Banner, across the top of
the workplace window, identifies the product and logo. It is optionally
displayed and is set by using the Change User Interface Settings task.
The Task bar, located below the Banner, displays the name(s) of any
tasks that are running, the user ID you are logged in as, online help
information, and the ability to logoff or disconnect from the console. The Navigation
pane, in the left portion of the window, contains the primary navigation
links for managing your system resources and the Hardware Management Console.
The items are referred to as nodes. The Work pane, in the right portion
of the window, displays information based on the current selection from the
Navigation pane. For example, when Welcome is selected in the Navigation
pane, the Welcome window content is displayed in the Work pane. The Status
bar, in the bottom left portion of the window, provides visual indicators
of current overall system status. It also contains a status overview icon which
may be selected to display more detailed status information in the Work pane.
The System p Operations Guide for the Hardware Management Console and Managed Systems can be accessed online on the HMC. Select Welcome in the Navigation pane. The Welcome window content is displayed in the Work pane. Select HMC Operations Guide to view it.
Additional
education, support, tutorial and technical information can also be accessed
online on the
To log on the HMC from a
remote browser, the HMC must first be configured for web browser access.
See appendix C of the System p Operations Guide for
the Hardware Management Console and Managed Systems for
instructions on how to configure the HMC for remote web browser access.
After the HMC has been properly configured, from your web browser enter the URL
of the HMC using the format https://xxx.xxx.xxx.xxx. Also in Appendix C, it is important to
read the “Logging on the
Upgrade Hints
Certificates and
keyring files generated by the System Manager Security application (on HMC
Version 6) will not be migrated to HMC Version 7. Applications such as remote
5250, which import the public key ring file to establish a secure connection
with HMC, will need to import a new public key ring file. The new file, SM.pubkr,
will be generated and stored on HMC V7 under /opt/ccfw/data directory. User can
copy this file, using the scp or sendfile command.
For further
information on how to setup remote 5250 using SSL, see support document located
on the System i Technical Support website at the URL
http://www-03.ibm.com/servers/eserver/support/iseries/index.html.
This document and many others can be found by selecting the "Technical
databases" link.
Server and
Partition Management
· New Virtual Fibre Channel adapter
capability has been added. NPIV capable Fibre Channel adapters assigned to a
VIOS partition can be shared between multiple client partitions by allocating a
virtual sever fibre channel adapter on a VIOS and a virtual client fibre
channel adapter on a client partition.
· Enhanced partition mobility to include
support for migrating (AIX and Linux) partitions with virtual fibre channel
adapters (POWER6 servers only).
· Enhanced partition mobility to enable
migrating a partition (AIX or Linux) to a destination managed system which is
managed by a different HMC than the source managed system (POWER6 servers
only).
· Internet Protocol Version 6 (IPv6) is now
supported over HMC to FSP connections and also over RMC connections.
· Managed system performance improvements.
· Addition of new Processor Compatibility
Modes to support the POWER6+ Systems. Enabling GUI to change Processor
Compatibility Modes for Profiles.
Platform
Management
· Provided support for IPv6 in the Hardware Management
Console (HMC) and associated pSeries servers. In particular, RSCT is enhanced
to support the configuration of IPv6 addresses in the Management Domain. The
Management Domain is automatically created on the HMC and the LPARs it
manages.
· Corrected a problem with HMC tasks that
often appear to be interrupted and lost after a reboot of the HMC.
· Corrected a behavioral issue within the
Serviceable Events GUI.
· Corrected the OK button to properly
disable the Redundant FSP feature after the procedure has been
initiated.
· Corrected a problem in the View Network
Topology task to never attempt to ping 0.0.0.0 during Network Topology mapping
of remote HMCs.
· Enhanced the Format Media task to give the
option to choose which memory stick to format when multiple memory keys are
installed.
· Corrected a web browser problem that now
allows SRC E355104B (Extension 0000810F) to be logged as informational
only.
· Corrected the Edit MTMS task to only allow
this option when systems are in the "Operating" state.
· Corrected a GUI table issue to prevent SRC
E355104C from being logged.
· Updated the Save Upgrade task to preserve
LDAP configuration during the save.
· Corrected
a problem where Internet Explorer memory usage steadily increases if a session
is left open on a frequently updated workarea for a long period of
time.
· Corrected
a problem where SRC E3321032 is logged and possibly a delay in getting problem
updates out to a secondary HMC.
· Corrected
a problem where an upgrade from 3.2 to 3.3 changes the eth identifiers and as a
result the user cannot change the configuration of an interface that has
switched from public to private.
· Corrected
a problem where certain PEL events were not being captured in multi-HMC
environments.
· Corrected
a column filtering problem on the Manage Serviceable Events panel where a user
would be unable to Select All rows without the task terminating with an
error.
· Corrected
a problem where the HMC Ethernet adapters’ MTU size is restored at 1500 at each
reboot.
Licensed
Internal Code (LIC) update
· Provided
support for disruptive power firmware updates which require powering off all
managed systems in the managed frame.
· Changed the handling of several error
codes that can occur during the survey phase of code update to be logged as
informational and not be called home.
· Corrected a problem where the Unactivated Deferred Fix level was
displayed incorrectly if the user did not exit the Advanced Features panel
after activation.
· Corrected a problem where the HMC attempted to initiate Service
Processor failover when redundancy is enabled but hardware or firmware cannot
support failover.
· Corrected a problem where error status is not shown for all
components on the progress panel and the operation appears to run forever when
an error occurs while firmware is being retrieved.
· Enhanced firmware activation logic to enable failover before
powering on managed system to prevent error B181601E from being logged.
· Corrected a problem where the I/O microcode update command was
built incorrectly, resulting in error code E302F8AC.
· Enhanced firmware activation logic to retry operations to a
secondary FSP on P5 systems to prevent error E302F841.
· Corrected a problem in the updlic command to issue the correct
error message when a readiness check error occurred and the -q option was
specified.
· Enhanced the I/O device table panel so that partition rows cannot
be selected.
· Corrected a problem where Service Processor reboot was successful
but error E302F844 was reported.
Problem
Analysis
· Improved the call home design by placing
the IQYYPELL log in the zip file and transmitted on all call homes.
· Corrected a problem where some error logs
appear on ASM but not in SFP as expected. This is believed to be triggered when
a primary analyzing HMC is disconnected for a short period and logs are cleared
from the FSP or BPC.
· Corrected a distributed problem replicator
error that caused serviceable event E3321032 to be logged.
Service Agent
· Added additional tracing for Service Agent Connection
Manager failure.
RSF
· Updated
the error message when connectivity is lost due to a VPN issue.
· Fixed
a remote service problem that allows an HMC to receive remote service should
the HMCs not have any external connections other than the modem.
Help
· Enhancements and updates were made to the
help documentation.
Repair and
Verify
· Provided Concurrent Node Add function that
offers the ability to concurrently add a new CEC node as an upgrade to increase
the system hardware capacity. The Concurrent Cold Node Repair
function is the ability to concurrently replace a defective CEC node or
defective processor, memory, planar FRU(s) within the node.
· Provided support for clearing adapter information from the HMC and
PHYP LPAR config data when an adapter is concurrently removed.
· Provided base functionality support for
Hardware Concurrent Maintenance in the following areas:
- Node Hot Remove (Firmware support for concurrently
removing a processor/memory book from an SMP. This requires capabilities to
evacuate memory, transparently
move memory resources across nodes and also adjust workloads by using eWLM
provided functions for workload shedding together with HMC partition management
functions.
- I/O Hub Hot Remove (Firmware support for
concurrently removing an I/O-hub card. This requires to gracefully shutdown an
I/O-hub by moving the
I/O traffic to an alternate path provided by another hub-chip.)
- Alternate
Path and Redundancy (The eCLipz
system design provides optional redundancies depending on the configuration
(ULE, LE, ... HE). Firmware supports the concurrent
transparent switchover and maintains the selection across Power-On-Off. The
alternate paths or idle redundant units are periodically checked to report a
failure timely and not when the redundancy is needed.) (Line Item FFY)
· Enhancements and updates were made to the
Repair and Verify Fill and Drain Tool procedures.
· Corrected a problem in the HMC Add
Enclosure GUI where the Add button now properly enables and
disables.
· Updated the BPC communication cable
replacement on systems 9119-FHA and 9125-F2A to list locations on both sides of
the system, which eliminated asking the user to “trace” the cable to the other
side.
· Enhanced the isolation procedure for the
Bulk Power Fan cable to verify the bulk power fan cable is plugged in prior to
exchanging the fan as part of a service procedure.
· Updated the Add Node procedure with
correct plugging rules.
· Updated the IB and RIO 5791 Drawers to
list all PCI card slots during Repair and Verify Exchange.
· Corrected a graphic inconsistency during
Fan Remove, Exchange and Install procedures for the 9117 system.
· Updated the MCM Exchange tool Part Number
for the 9119-FHA system.
· Corrected a problem during Concurrent
Repair of AMDs that eliminated the possibility of SRCs 11007611 and 11007621
being logged. The verification process now completes successfully.
· Updated the Tape Drive Exchange graphics
and text for the 8204-E8A and 8203-E4A systems.
· Enhanced the Node Add graphics and
instructions for the 9119-FHA system.
Command Line
· The following commands have been added to
manage the logged on users and the tasks they are running on the HMC:
- lslogon
- lists the logged on users or the tasks they are running on the HMC
- termtask
- terminates a user's task that is running on the HMC
· The following commands have been added to
manage encryption support for the HMC Web user interface:
- chhmcencr
- changes which encryptions can be used by the HMC Web user interface
- lshmcencr
- lists the encryptions which are available and those which can
currently be used by the HMC Web user interface
· A new option has been added to the chhwres
command to clear a physical I/O slot (POWER6 servers only). This
command can be used to clear stale physical I/O slot information after a
physical I/O adapter has been concurrently removed but not replaced.
· The following commands have been
enhanced to support virtual fibre channel adapters (POWER6 servers only):
- chsyscfg,
lssyscfg, mksyscfg,
chhwres, lshwres, lslparmigr,
and migrlpar.
· The following commands have been
enhanced to support migrating a partition to a destination managed system which
is managed by a different HMC than the source managed system (POWER6 servers
only):
- lslparmigr,
mkauthkeys, and migrlpar.
· A new option has been added to the bkconsdata
command to allow critical HMC data to be backed up to a USB flash memory
device.
· A new option has been added to the saveupgdata
command to allow HMC upgrade data to be saved to a USB flash memory device.
· A new option has been added to the lslic
and updlic commands to allow a USB flash memory device to be used as
the Licensed Internal Code (LIC) repository.
· A new option has been added to the updlic
command to allow the HMC to power off all managed systems in the same
managed frame during a disruptive update of the power subsystem, if
necessary. Use this option carefully. It allows the HMC to power off
managed systems which were not explicitly targeted by the command.
· The chhmc and lshmc commands
have been enhanced to support changing and displaying the speed and duplex settings
for a network interface.
· The lshmc command has been enhanced
to display the syslog server configured for the HMC.
· The lsusrtca command, which was
deprecated in HMC V7.3.1, has been redone. Now the lsusrtca command
displays the Web user interface welcome text or the SSH banner text that is
shown before users log onto the HMC.
· A new option has been added to the mksysplan
command to perform additional inventory probes for active partitions,
perform hardware discovery for inactive partitions or unallocated hardware, but
to not gather additional information from VIOS partitions when creating a
system plan.
Security Fixes
in
|
Name |
Description |
|
CVE-2007-5116 |
perl regular expression buffer overflow |
|
CVE-2005-4872 CVE-2006-7227 CVE-2006-7228 CVE-2006-7230 CVE-2007-1659 CVE-2007-1660 CVE-2007-1661 CVE-2007-4766 CVE-2007-4767 |
pcre remote code execution |
|
CVE-2997-4995 |
openssl DTLS problem |
|
CVE-2008-0960 |
net-snmp SNMPv3 HMAC
authentication bypass |
|
CVE-2007-5497 |
e2fsprogs overflows in libext2fs |
|
CVE-2008-1379 CVE-2008-1377 CVE-2008-2360 CVE-2008-2361 CVE-2008-2362 |
xorg-x11 many security fixes |
|
CVE-2008-1483 CVE-2008-1657 |
Openssh X access leakage |
|
CVE-2007-4770 CVE-2007-4771 |
Icu regular expression problems |
|
CVE-2008-0595 |
dbus-1 policy application problem |
|
CVE-2008-0888 |
unzip crash due to uninitialized memory |
|
CVE-2008-1372 |
bzip2 decoder denial of service |
|
CVE 2008-1806 CVE 2008-1807 CVE 2008-1808 |
freetype2 various integer overflows |
|
CVE-2008-1447 CVE-2008-0122 |
bind DNS cache poisoning |
Known Issues
in
· Only one instance of IBM Director 5.2 or
IBM Systems Director 6.1 to discover and manage a HMC is supported. NOTE:
If one is running HMC V7R3.3.0 and wants to use IBM Director 5.2 or IBM Systems
Director 6.1 then order PTF MH01146.
·
One cannot launch the ASM
panel via the asmmenu command with an IPv6 addresses. It will work via the GUI.
This will be fixed in a future PTF.
·
Upgrading from 320 HMCs using
the Save Upgrade procedure will cause custom password expiration values to
appear to be "forgotten" in the GUI. Users with custom password
expiration times will appear, in the Manage User Profiles task, to have default
expiration times (the field will be blank and the checkbox will be unchecked).
The correct expiration times are preserved and can be viewed via the CLI.
If the password expiration value for an affected user needs to be changed, the
GUI can be used to make this change and the changed value will be handled
correctly
·
Backup of critical console
data to USB key will fail if the data file exceeds 4GB in size.
·
Cross HMC inactive LPAR
migration can only be aborted before the source HMC sends the migrate request
to the target HMC. This will be fixed in a future PTF.
·
While creating or modifying a
logical partition profile with dedicated processors using the GUI, the maximum
number of processors value is limited by the number of installed processors in
the managed system. This limits the ability to dynamically add new
processors to the partition via DLPAR after a Node addition. Modify the
maximum number of processors value using the CLI ('chsyscfg'). This will be
corrected in a future PTF.
·
During the activation phase
of Cold Node Add or HOT Node repair operation HMC will vary on the resources it
found to the corresponding owning Partition. If the resources are not
associated with any Partition HMC will return this information to display with
the return code as 21. User can neglect RC=21 being displayed on the RV
panel. This will be corrected in a future PTF.
·
The processor utilization
numbers shown on the Utilization Data - Utilization Sample screens for
partitions, the physical processor pool, and shared processor pools are
wrong. The processor utilization percentages shown are correct
however. Also, the processing units shown on the Utilization Data -
Utilization Sample screen for shared processor pools are also wrong. This will
be corrected in a future PTF.
·
When user attempts Migration
using Validation Panel and selects any shared processor pool other than
Default, Default shared processor pool is taken instead of the selected shared
processor pool.
Enhancements and Changes in V7R3.3.0
Server and
Partition Management
· On the Integrated Virtual Ethernet (Host
Ethernet Adapter) panels, you can no longer toggle between HEAs. Instead,
all physical ports across all HEAs are displayed together. In addition, the
profile panels no longer allow LHEA (Logical Host Ethernet Adapter)
capabilities to be changed. This is now a commandline-only option.
· A new user authentication type
"ldap" is supported along with existing type "local", and
"kerberos". If HMC is configured to use a LDAP server, when a user
with ldap authentication type logs in, the authentication will be done via LDAP
server.
· The max number of lpars that HCA (Host
Channel Adapter) adapter(s) can support ranges from 1-16. By default, the max
lpars supported is 1 and it can be changed. Manually using chsyscfg command.
The max lpar support setting is applicable for all HCA adapters installed on
the system. New HCA 2 adapters can be installed along with HCA 1 adapter(s) on
the same system and the max lpar support described above applies to both HCA
adapter types
· POWER5 systems now display their SRC codes
as clickable links to the full description of the code.
· The HMC now supports Internet Protocol
Version 6 (IPv6) on the “internet” connections. IPv6 is not supported on
network connections to servers.
· New user login control mechanism. When
adding, modifying, and copying user in the "Manage User Profiles and
Access" window, the "User Properties" button will pop up another
window to set the following timeout and remote access properties for the user:
- Session timeout minutes - It specifies how many
minutes a session should be last for this user.
- For GUI login, when the session runs long enough to reach the timeout minutes
(no matter user actively executes tasks or let it idle), the GUI will prompt a authentication window to ask this user re-authenticate. If
the re-authentication passed, the next session timeout counting started. If the
authentication failed three times or the authentication password is not
re-entered within the Verification Timeout minutes, the session
will be forcedly disconnected.
- For ssh login, when the session time reaches the
limitation, the ssh session will be closed.-
Idle timeout minutes - This value indicates how long a user session can
be idle. When the idle time reaches the set value, the login session will be
forcedly disconnected.
- Allow remote access via the web - Select (unselect) this item
will enable (disable) this user to log on to this HMC via the GUI login
remotely.
Note: A value zero for Session timeout minutes, Verification
Timeout minutes, or Idle
timeout minutes means no timeout limit
Platform
Management
· Creation of a new “View VLAN Network Data” GUI task to
display additional detailed data returned from the Collect Network Data command
(SPCN).
· Ability
to initiate a Node Controller Dump from the GUI.
· Provide
ability to launch the full set of HMC UI tasks from a higher level management
console including IBM Director.
· A toolbar has been added to the navigation
pane which provides back and forward navigation, go to and set a home page, as
well as the ability to expand and collapse all navigation nodes.
· A new "Tree" view of resources
is available in the Systems Management, Servers, and Custom Groups work panes.
· Breadcrumbs are now displayed in the work
pane to further enhance navigation between views.
· The tasks pad is enhanced to include
expanding and collapsing of the task groups.
· The tasks pad now displays a settings
button which allows users to update the number of columns used to display
available tasks for selected objects.
· Users may now create their own customized
column views with the "Manage Views" task in the work pane table
toolbar Views menu.
· Miscellaneous updates to the Guided Setup Wizard.
· Improvements were made to the "Add
Enclosure" and “Add FRU” Pending Actions list to enable the Launch
Procedure button only when the location code is selected.
· Fixed a dialog resizing issue when closing
corrective service task.
· Fixed a problem to ensure resource locking
on DVD-RAM media.
· Additional user entry field checking is
now done when entering NTP server information.
Command Line
A new command, lsfru, has been
added to list selected service processor field-replaceable unit (FRU)
information for a managed system (POWER6 servers only).
· The following commands have been added to
support LDAP configuration on the HMC:
-
chhmcldap - changes the HMC LDAP configuration
-
lshmcldap - lists LDAP user information and HMC LDAP
configuration data
·
The following commands
have been enhanced to support HMC LDAP configuration and remote LDAP
authentication:
-
chhmcusr, lshmcusr, mkhmcusr, getfile,
and rmfile.
·
The following commands
have been enhanced to support virtual switches (POWER6 servers only):
-
chsyscfg, lssyscfg, mksyscfg, chhwres,
and lshwres.
·
The chhmc command has
been enhanced to configure the HMC for IPv6 support, and the lshmc command
has been enhanced to display the HMC IPv6 configuration settings.
·
The chhmc and lshmc
commands have been enhanced to support changing and displaying the network
settings for the sl0 interface.
·
The lshmc command has
been enhanced to display the SSH protocol version(s) the HMC can use.
·
The chsyscfg and lssyscfg
commands have been enhanced to support setting and displaying the address
broadcast performance policy for a managed system (POWER6 servers only).
·
The chsyscfg and lssyscfg
commands have been enhanced to support setting and displaying the maximum
number of partitions that can use a Host Channel Adapter (HCA) (POWER6 servers
only). You must set this value if you want more than one partition to use
a HCA.
·
The chlparutil and lslparutil
commands have been enhanced to support new utilization data sampling rates
of 30 seconds, 60 seconds, 5 minutes, and 30 minutes.
·
A new option has been added
to the lpar_netboot command to enable or disable firmware spanning tree
discovery.
·
A new option has been added
to the lssysconn command to list IP addresses that cannot be
automatically discovered by the HMC when using DHCP, and a new option has been
added to the rmsysconn command to remove an IP address from that list.
·
A new option has been added
to the lshwinfo command to allow the user to specify the side of the
managed frame's bulk power assembly for which to list environmental
information. For POWER6 frames with 2 line cords per side, the lshwinfo
command will have two output values per attribute; the first value will be
for line cord 1, and the second for line cord 2.
·
The startdump command
has been enhanced to support initiation of node service processor dumps (POWER6
servers only).
·
The -l option on the updlic
command now accepts a comma-separated list of firmware levels in the format
<stream>_<level>, to allow specific levels to be specified for a
mixed POWER5 and POWER6 environment.
Licensed
Internal Code (LIC) update
· The
HMC will validate the current version of HMC code is compatible with the
managed server firmware image:
-
At each connection of the HMC to the FSP
-
At the beginning of each managed server/power update
-
And verify that the Power code is also compatible with the managed system
firmware.
· Expanded specific levels to be specified
for a mixed POWER5 and POWER6 environment.
· Enhanced code update readiness check to
issue an error message when redundancy is enabled but a single FSP is present.
This is an unsupported configuration.
· Corrected a problem where
"accept" or "reject fix" operations initiated from the HMC
GUI do not update BPC-B.
· Corrected a problem updating I/O microcode
due to changed RPM packaging.
· Corrected a problem in the
"synchronize redundant components" operation that caused BPC firmware
synchronization to fail with error code E302F831.
· Corrected a problem in R/V BPC firmware
synchronize flow that caused a lock management error.
· Enhanced code update to make "Remove
and Activate" disruptive after the platform has been IPLed on a firmware
level.
· Enhanced code update to initiate ACDL on
BPC-A only, instead of both.
· Corrected a problem where the HMC was
attempting to refresh a lock after FSP failover, causing error code B181303B to
be logged.
· Enhanced HMC error checking to ensure that
FSP state is stable before attempting to activate new firmware.
· Corrected a problem where "-1"
was displayed for the firmware level on the confirmation panel.
· Corrected a problem where code update was
unable to obtain a lock, resulting in error code E302F973.
Scheduled
Operations
· Fixed a problem where a repeated Scheduled operation was occurring when
no CEC was present.
· Improved problem reporting and call home
data to include additional component logging for processor related recoverable
errors.
· Added domain analysis functionality to
improve the dump retrieval process in a multi-system environment.
Problem
Analysis
· Enhanced call home data to include the
CEC's preferred operating system information.
· Improved problem reporting and call home
data to include additional component logging for processor related recoverable
errors.
· Added domain analysis functionality to
improve the dump retrieval process in a multi-system environment.
Service Agent
· Corrected
a problem that resulted in call home failures due to not being able to obtain
credentials from service agent.
· Corrected
a problem with Call-Home logs to prevent logging of too much information.
· Creation of a Task oriented HMC guided setup wizard
for call home. This function will make the set-up wizard more user friendly for
setting up call home and customer notify functions.
· The PMH will now have the following items from the end
of call data text file: FRU part number, FRU serial number, and FRU location
code.
Help
· Enhancements and updates were made to the
help documentation.
Repair and
Verify
· From the R&V panels, inform the user how to find
the procedures translated into a language other than English.
· Support for I/O Drawer Feature Code
5720. Since this drawer is connected via SAS cables from the I/O adapters
in the server, the HMC will not be able to detect its presence in a
configuration. The Repair and Verify procedures will be written to instruct the
user to manually interact with the drawer. The procedures for each FRU will be
displayed within a browser in HTML format.
· Corrected
a problem with adding an enclosure to an iSeries 9406-MMA server. The correct
install instructions are now launching.
· Clarified
and corrected SMP cable instructions for ML Node Repair and ML Node Add.
· Corrected errors that occurred while performing a
Concurrent Node Add on a 9406-MMA (add enclosure 789D Feature Code).
· Corrected a problem when performing a GX+ Adapter Add
on a 9406-MMA server.
· Update to the HMC Support link (located on the HMC
Welcome page) in the Online Information subsection.
· Clarified
the “Add Enclosure” instructions directing the user to use the Next or Launch
Procedure button to add an Enclosure Type to the Pending Actions list.
· Corrected
the instructions that tell the SSR to plug the cables in during a GX+ add
service procedure.
· Updated
the address types that are displayed when Repair & Verify encounters a
situation where a Remote HMC session should be launched from the primary
HMC.
· Updated Resource Constraint detected message with
additional detail.
· Clarified and/or corrected External Cable and HSL
Cable procedures for IO Enclosures 0595 and 5294.
· Updated the System Processor Node repair instructions
for a 9406-MMA server.
· Enhanced instructions for SPCN repair for Node 3 or
Node 4 in an ML12 or ML16 configuration.
· Corrected the panel flow for the ML Node Add.
· Enhanced safety instructions for Node Concurrent
Maintenance procedure.
· Corrected ASM instructions in a Node Add procedure for
the 9406-MMA server.
· Enhanced Repair & Verify implementation to
properly detect the network drop and execute the accurate error message in the
Concurrent Maintenance operation for the 9406-MMA server.
· Updated System Processor Assembly exchange graphics
for the 9406-MMA server.
· Repair & Verify documentation that was previously
supported in Resource Link will now be supported in the IBM Systems Information
Center.
System Plan
· Improved usability/manageability of VIOS
install into LPAR.
·
Additional Manage Install
Resource task.
·
Additional ability to install
AIX into LPAR: as standalone and with NIM.
·
Additional ability to install
RHEL & SLES into LPAR.
·
Additional provisioning of
group capped partition attributes.
·
Improved System Plan Viewer
user controls and details.
· Fix a problem that can result in create
system plan failing for some managed systems with an inventory gathering error.
National
Language Support in HMC V7R3.3.0
The NLS support
remains the same but there are these known issues:
· Mnemonics is no longer supported in the
new UI. However, mnemonics are still being shown in certain language
environments.
·
Number format issues with
decimal point in certain locales. For example, sometimes period (.) is used
instead of comma (,) for decimal point.
·
To allow all UI displayed in
English only in remote management, users can only have English or none in the
language list of their browser setting.
·
Due to the limitation of
groff, some characters in the output of "man" command might be
corrupted in traditional Chinese, simplified Chinese and Korean when the window
is too narrow. Widen the window and retry the command again.
·
User ID, User information,
HMC User password, Partition name, managed system name, profile name and system
profile name are in English only.
·
The gifs displayed are in
English in Help for the Main User Interface.
·
The first page (top-level
entries) in each chapter of three Help books ("Base Tasks and
Console", "System" and "User Interface") are blank.
·
The order of the address
fields is for US but this address will not be used as Mailing address.
·
The text and flyovers on the
Help window will be displayed in English
Security Fixes
Name
Descriptio
|
CVE-2007-5612 |
Security Vulnerability in L1 agent (Pegasus) |
|
CVE-2007-5707 CVE-2007-5708 |
SECURITY: openldap2 remote denial of service |
|
FIX_BY_IBM |
SECURITY: Pegasus - CVE-2008-0003 PAM Callback stack
buff... |
|
CVE-2007-4135 |
SECURITY: nfsidmap name - uid translation flaw |
|
CVE-2007-4752 |
SECURITY: openssh X11 cookie and SIGALRM fixes |
|
CVE-2007-2445 |
SECURITY: libpng DOS |
|
CVE-2007-2442 CVE-2007-2443 CVE-2007-2798 |
SECURITY: krb5 remote code execution |
|
CVE-2007-2754 |
SECURITY: freetype remote code execution |
|
CVE-2007-2926 |
SECURITY: bind DNS cache poisoning |
|
CVE-2007-3387 CVE-2007-3798 |
SECURITY: findutils local vulnerability |
|
CVE-2007-3798 |
SECURITY: tcpdump BGP packet handler overflow |
HMC Ports
|
Ports |
Protocol |
Application name |
Description |
Enabled by default |
|
22 |
tcp |
ssh.name |
Allows remote secure shell
access |
No |
|
443 9960 |
tcp |
SecureRemoteAccess.name |
Allow access to the HMC via
remote web browser |
No |
|
5989 |
tcp |
pegasus.name |
Allows access to
OpenPegasus Server |
Yes |
|
5988 9197 |
tcp |
CSM_SNIA.name |
SNIA CIM for Cluster System
Management |
No |
|
657 |
tcp/udp |
RMC.name |
Allows access between HMC
and partitions |
Yes |
|
9920 9900 |
tcp/udp |
FCS.name |
Allow HMC to HMC
communication |
Yes |
|
9735 |
tcp |
vtty.name |
Allows remote virtual
terminal access |
Yes |
|
2302 |
tcp |
vtty_proxy.name |
Allows remote virtual
terminal access |
Yes |
|
2300 2301 |
tcp |
i5250.name |
5250 terminal access |
Yes |
|
123 |
udp |
ntp.name |
Network Time Protocol |
No |
|
1701 |
udp |
ntp.name |
Allows the HMC to share its
modem with an i5 OS partition |
Yes |
|
427 |
udp |
SLP.name |
Allows the HMC to receive
and respond to Service Location Protocol service |
Yes |
|
12347 12348 |
udp |
RPD.name |
Allow group communication
and aliveness UDP packets produced by RSCT subsystems. This is required when
forming an RSCT Peer Domain across multiple HMCs. |
Yes |
|
8899 |
tcp |
hwserver.name |
Allow hardware servers
between CSM and HMC, or between HMCs to communicate. This is required for FNM
to log errors and report to the ELA master on HMC. RSCT Peer Domains must
also be enabled for this to work properly |
Yes |
|
162 |
tcp/udp |
snmptrap.name |
Receive Simple Network
Management Protocol (SNMP) Trap messages. |
No |
|
Incoming ping |
Echo-request:icmp |
ping.name |
Allow the HMC to respond to
the ping network utility. |
Yes |
The chhmc command can be used
to change the firewall settings for each of the application above.
Examples:
To disable access to port 5989 for OpenPegasus on
network interface eth0:
chhmc –c pegasus.name –s remove –a 0.0.0.0 –nm 0.0.0.0
–i eth0
To enable access to port 123 for NTP on network
interface eth0:
chhmc
–c ntp.name –s add –a 0.0.0.0 –nm 0.0.0.0 –i eth0
Known Issues
in
· When using the chhmc command to
configure Kerberos, the ‘a’ option only accepts IPv4 addresses.
·
Updating Licensed Internal Code on
multiple Managed Systems in a 9125-F2A within the same power frame can be
updated simultaneously by using the following procedure:
-
Step 1: Select one Managed System in each frame from the "Servers" or
"Updates" panel and perform the Licensed Internal Code update. This
will update Licensed Internal Code on the Power Subsystem and the selected
Managed System.
-
Step 2: Select the remaining Managed Systems in all frames from the
"Servers" or "Updates" panel. This will update Licensed
Internal Code on the remaining Managed Systems. The Power Subsystem was already
updated in Step 1 and will not be updated again.
Note: after Licensed Internal Code has been updated in Step
1, the image is saved on the HMC. The "disk" repository can then be
used for subsequent updates in Step 2.
Server and
Partition Management
· IO Reporting Partition (Hardware
Discovery)
-
Provides summary of IO
attached to the system pre-OS for configuration
-
Provides
-
Allows administrators to view
Ethernet
-
Provides detailed inventory
to System Plan Tool to verify system configuration and validate customer orders
· Ability to create multiple virtual
processor pools, providing easier license management by capping the number of
processor cycles that can be consumed by a group of uncapped logical
partitions.
· Partition mobility - a new
· Support for redundant POWER6 FSP failover.
Platform
Management
· Added support to allow the use of Kerberos
to authenticate users on
·
Added support to setup
Kerberos Key Distribution Center (KDC) server configuration.
·
Corrected Manage Dumps task
handling of dump parameters for a Squadrons Server
·
Redundant FSP enhancements
and corrections.
·
Added a Deactivate Attention
LED task that allows a user to deactivate the attention LED's on multiple
servers and/or partitions. This new task simplifies the previous methods for
deactivating LED's, View System Attention tasks for systems and Manage
Attention LED for partitions, which were single target tasks.
·
Corrected a problem where a
FSP dump could not be initiated from HMC when system is in poweron state giving
unrecoverable error message.
·
Added console log events for
adding and deleting NTP servers to create audit trail.
·
Corrected a problem in the
HMC backup critical console data task where it does not detect specific
permission problem on a remote directory on the ftp server. This problem
prevented backup from completing although a message was displayed that
indicated the task completed successfully.
·
Corrected errors that caused
mail to be sent to the HMC console resulting in performance degradation on the
HMC.
·
Corrected an issue with
backup of the HMC where their HMC archive data may be directed to an unknown
location. If the user did NOT specify an optional directory to offload their
HMC archive to, there will be an internal 'cd /' issued from within the ftp
session. Where that directs their data depends on how their ftp server is
set up. It may be re-directed to user's home directory or to their ftp server's
physical "/" directory.
·
Corrected an issue with the
HMC interface with multiple column tables where a sort option was not
performing correctly.
·
Corrected user interface code
to handle the change in formatting of the V7 HMC model type and display the
information correctly.
·
Corrected a problem in
Systems Management where a user could not toggle between Capacity on Demand and
default views using MS Internet Explorer V6.0.
·
Fixed a problem where data
replication of 'Group Data' failed to replicate changes to any of the slave HMCs.
·
Corrected a problem where the
HMC User Interface Task Bar was flashing continuously.
·
Updated the Network Settings
task's reboot/restart requirements. A reboot is no longer required for
most modifications to network settings.
·
Enhanced Partition
Availability Priority user interface
·
Miscellaneous improvements to
the Guided Setup Install Wizard
·
Corrected the deployment of
the main HMC user interface window to adjust the screen height on the local
console
·
Corrected a problem when
using a context menu or drop-down menu in the HMC Work Pane, the opened menu
will freeze.
·
Corrected an error found when
using the provided icon or dropdown options to filter a table to reduce the
number of visible rows. Instead of only rows that are NOT filtered out
being selected, all rows of the table are selected.
·
Corrected problems seen on an
HMC console with more than one console active (local and remote), where tasks
were not visible and panels were not fully rendered.
·
Corrected a problem with
Network Settings when attempting to return the network interface from an open,
non-DHCP Server configuration (on the private subnet shared with the FSPs and
DHCP Server) to a previous private, DHCP Server configuration.
·
Corrected a problem in Manage
Task and Resource Roles with copying the customized resource roles.
·
Clarified and handled the
field 'No IPv4 address' on the Change Network Settings/Adapter Details panel.
·
Enhanced HMC User Roles so
that users assigned Super User roles (hmcsuperadmin) will be able to
customize their individual user settings independently of other HMC Super
Users. Previously all user assigned Super User roles shared user
settings.
·
Added help to Customizable
Data Replication for "Customer Information" data.
·
Enhanced Change User Password
task user interface.
Power Management
· With power saver mode capable system,
customers can enable this feature through
·
Customers can now schedule
the power saver mode feature through the schedule operations task by selecting
a managed system.
·
·
For more information on
EnergyScale feature, refer to the white paper for
Service Management
· Enhanced the HMC Serviceable Event feature
to not only provide Serviceable Events for the managed system, but to now also
include Serviceable Events for the HMC.
·
SNMP traps were extended to
generate HMC related notices.
· New HMC monitored resources including:
1. CCFW
JVM activity
2. Total HMC system usage
3.
Individual process usage
4. Disk partition utilization
· A new command, chhmcfs, was created to
manage log files.
· Enhanced
ServiceRM to handle increased number of partitions in a single PHYP based
system.
· The
design ServiceRM was enhanced to control the flow of data between itself, the
RMC daemon and the client on the HMC to better handle memory and alleviate
contention for resources.
· ServiceRM was
also modified from handling RMC requests one at a time to handling multiple
requests. Previously, if one request did not complete the subsequent requests
would be queued and resulting in possible deadlock. Now requests are
honored with multiple threads.
Command Line
· SNMP traps were extended to generate HMC
related notices.
·
The following commands have
been added to manage HMC file system disk space usage:
- chhmcfs - frees up
space in HMC file systems
- lshmcfs - lists HMC
file system disk space usage information
· The following commands have been added to
configure and list the HMC object manager security setting:
- chomsec - configures
HMC object manager security
- lsomsec - lists the HMC
object manager security setting
· A new command, rnvi, has been added
to enable HMC users to edit text files in a restricted mode.
· The following commands have been added to
configure and list power management settings for a managed system (POWER6
servers only):
- chpwrmgmt - changes
power management settings
- lspwrmgmt - lists power
management settings
· The following commands have been added to
support partition mobility (POWER6 servers only):
- lslparmigr - lists
partition migration information
- migrlpar - performs a
partition migration operation
· The following commands have been enhanced
to support partition mobility (POWER6 servers only):
- chsyscfg, lssyscfg,
and mksyscfg.
· The following commands have been added to
support Kerberos configuration on the HMC:
- getfile - gets and
deploys the Kerberos service key (keytab) file on the HMC
- rmfile - removes the
Kerberos service key (keytab) file from the HMC
· The following commands have been
enhanced to support Kerberos configuration on the HMC and remote Kerberos
authentication:
- chhmc, lshmc, chhmcusr,
lshmcusr, and mkhmcusr.
· The following commands have been
enhanced to support multiple shared processor pools (POWER6 servers
only):
- chsyscfg, lssyscfg,
mksyscfg, chhwres, lshwres, and lslparutil.
· The following commands have been enhanced
to support hardware discovery (POWER6 servers only):
- chsysstate and lshwres.
· A new option has been added to the chhmc
command to set the SSH protocol version for the HMC to use.
· The chhmc and lshmc commands
have been enhanced to support enabling and disabling remote web browser access
to the HMC.
· A new ‘s’ option has been added to the getupgfiles
command to allow secure FTP to be used to transfer the upgrade files.
· The lssyscfg -r sys command has
been changed. The sp_failover_enabled and sp_failover_state
attributes are no longer output unless the -F option is specified on the
command. Now those attribute values will only be displayed if either the -F
option is specified with no attribute names, or if the sp_failover_enabled and
sp_failover_state attribute names are specified with the -F
option.
· The -o noprobe option for the mksysplan command has been deprecated. It has been replaced by the --noprobe option. In addition, two new options for inventory collection have been added to the mksysplan command:
-nohwdisc and --noinvscout.
· A new option has been added to the sendfile
command to allow the user to specify the name of the file on the remote
system.
· A new option has been added to the updlic
command to synchronize Licensed Internal Code on redundant service
processors, and also on redundant Bulk Power Controllers.
· Hardware Discovery command line
enhancements:
- chsysstate –r sys will include the new option onhwdisc
- lssyscfg –r sys
will display the new cec capability for Hardware Discovery,
hardware_discovery_capable
- lssyscfg –r
lpar will display the new lpar definition state for Hardware Discovery in the
lpar_env and lpar_type attribute.
- lssyscfg –r
lpar will display the new VSP definition state for Hardware Discovery in
the state attribute.
- lssyscfg –r
prof will display the new lpar definition state for Hardware Discovery in the
lpar_env attribute.
- lshwres –r io
–rsubtype will include a new type slotchildren to list Hardware Discovery slot
information
Licensed
Internal Code (LIC) update
· Enhanced Code Update logic to
disallow accept/reject if all components are running on the "wrong"
flash side:
- If all
components are on the T side, the reject option is grayed out in the GUI, and
the "updlic -o j" command will give the following error message:
The reject operation cannot be performed
because all components are running on the temporary flash side.
- Likewise, if
all components are on the P side, the accept option is grayed out in the GUI,
and the "updlic -o c" command will give the following error message:
The accept operation
cannot be performed because all components are running on the permanent flash
side.
- If there is a
mixture of components on the T and P sides, the accept/reject operations can be
performed to the subset of components that are on the correct side for the
operation (i.e. those running on T side for accept and those running on P side
for reject). In this situation, a message will be displayed to the user
asking if they wish to continue.
· Enhanced estimated time values.
· Amended Code Update to make E302F8A5 an
informational log instead of an error log when exceptions are received from
lslic command in an effort to determine HMC code update ownership.
· Corrected a code update issue where if
multiple updates were started at approximately the same time but to different
repositories the data from one repository survey could be overwritten by the
second.
· Corrected code update to support updating
of systems that have only one BPC.
Scheduled Operations
· Added
support to Scheduled Operations for Utility Capacity on Demand (CoD).
There are two different scheduled operations for Utility CoD:
- Moving Utility CoD processors in/out of the shared
processor pool. This will be accomplished via the chcod command.
- Setting the maximum Utility
CoD minute usage limit. The idea is that the customer could schedule the
setting of this limit on a monthly basis, therefore implementing a monthly
Utility CoD minute usage limit. This will be accomplished via the chcod
command.
· Corrected Scheduled Operations Backup
Profile Data to include a --force parameter to always overwrite any
pre-existing backup file.
· Corrected a problem seen in Dynamic
configuration Scheduled Operation View Details. This was an issue that
only affects Dynamic Reconfiguration Scheduled Operation that were migrated
from the 6.1.2 HMC.
Problem
Analysis
· Corrected handling of contention for dumps
from 2 HMC's to prevent the incorrect HMC from retrieving the dump and multiple
call homes for the same error. A serviceable event will be created on one of
the HMC's indicating a dump could not be retrieved.
·
Enhanced Dump Manager to
track call home status and problem association. (617124 )
·
Enhanced SFP Serviceable
Event Overview sorting.
·
Modify serviceable event text
for PEL-based events to not include PEL severity information.
·
Enhanced call home data to
include a reference code summary file to provide a more concise, complete, and
readable version of the serviceable event data that includes all serviceable
events on the HMC.
·
Amended refcode lookup code
to handle the refcode format passed in via the partition view's refcode column
that includes the partition as part of the input.
·
Added a busy/processing
window to eServer Registration process interface so that it is apparent that
background processing is going on.
Service Agent
· Change to handle 9 character refcodes
·
Corrected a problem with remote
session when running with Firefox browser handling password updates and resets
Repair and
Verify
· Added support to concurrently add a new GX adapter as
an upgrade and for the concurrent (cold) repair support for GX Adapters.
The adapter must be deconfigured/garded during IPL/reIPL prior to the repair.
·
Added support for I/O Drawers MTM
7041-SD1, Feature Code 5886, and MTM 7214-1U2. Since
these drawers are connected via SAS cables from the I/O adaptors in the server,
the HMC will not be able to detect their presence in a configuration. The
Repair and Verify procedures will be written to instruct the user to manually
interact with the drawer. The procedures for each FRU will be displayed within
a browser in HTML format.
·
Corrected the 5094
exchange procedure graphics to include the locations of the connectors on the
card in location C10.
·
Corrected repair procedure
for PCI adapter cards on System I.
·
Enhanced and/or corrected
instructions for Service Processor cable removal.
·
Enhanced concurrent repair
instructions for removable media devices to include quiescent of applications
running on operating systems that may be using a removable media device and
using operation procedures to manually shut down of all applications and
logical partitions.
·
Enhanced process for exchange
of VPD passthru card.
·
Corrected panel flow for the
exchange of the power cables for the 5094.
·
Corrected/enhanced concurrent
and nonconcurrent procedures for the exchange of MMA fans.
·
Add support to procedures and
service guides to handle the IO expansion units G30, 5790, 5796 and 5296.
·
Clarified the A2 Fan Exchange
procedure to instruct the user to replace the Op Panel only if it was removed.
·
Corrected the way that
surveillance errors are logged by the HMC for valid managed systems without an
MTMS. Previously, by default RV launched Info Center content. Now the
correct isolate procedures will be run.
·
Corrected the procedure for a
MMA fan to be concurrent.
Known Issues
in
· A timing issue exists where 2 panels,
using the same set of information, and one panel modifies some data and the
other panel knows nothing about the modifications. This situation can result in
‘stale’ data overwriting newer data. The problem will be fixed in a later PTF.
·
If a
·
A DLPAR ‘Move Memory’
operation will partially fail if the move hits pinned memory. Sometimes the
pinned memory is higher than the reported minimum. The amount of memory moved
will be some fraction of the amount of memory requested in the move. The
error message gives the impression that the whole operation failed. The problem
will be fixed in a later PTF.
·
If a Virtual Ethernet Adapter
is added with a VLAN ID of 1, the adapter will show up as missing in the LPAR
Properties panel for an AIX partition. The problem will be fixed in a later
PTF.
·
When a customized user logs
in, the “tip of the day” panel displays a task error. The problem will be fixed
in a later PTF.
The most
significant and the most noticeable change in the HMC for 7.310 is the move to
a new Web-based User Interface both locally and remote. This interface
uses a tree style navigation model providing hierarchical views of system
resources and tasks using drill-down and launch-in-context techniques to enable
direct access to hardware resources and task management capabilities. It
provides views of system resources and provides tasks for system
administration.
HMC 7.310 can
manage both Power5 and Power6 servers.
On Power6 servers
the following new features/enhancements have been added.
· Support for Host Ethernet Adapter (HEA).
An HEA provides each logical partition using the adapter with its own virtual
adapter and logical ports. An HEA may be shared between multiple
partitions. This provides direct data and control path between the
partitions and the adapter, allowing partition-to-partition connectivity.
·
Partition Availability Priority.
This can be used to prevent transient and catastrophic CPU (processor core)
failures from resulting in system or partition termination. Total recovery from
catastrophic CPU failures will require that a spare processor is or can be made
available to replace the failed CPU.
·
Utility CoD is a new CoD offering for
eClipz GA1. It replaces the Reserve CoD offering. Utility CoD is
only available for processor resources.
·
Enhancements to the Dump facilities.
These enhancements will reduce unplanned customer outages and
improve platform serviceability, by eliminating unneeded and duplicate hardware
data from platform system dump, and moving all formatting of dump data to the
post-collection analysis phase. This improves dump runtime performance and
frees up FSP control store to allow more problem-specific hardware data to be
collected.
·
Shared Pool Usage of Dedicated
Capacity. This feature provides the ability for partitions that normally
run as “dedicated processor” partitions to contribute unused processor capacity
to the shared processor pool.
·
Customers may use some of the capacity
that is formerly locked up in dedicated processor partitions to satisfy peak
needs for the shared processor pool without resorting to using utility
on-demand processors.
·
Automatic Call-home for i5/OS partitions
·
Virtual Server Model Instrumentation.
This feature provides a common interface for server system management. Driven
by IBM and several other companies, there is an effort to standardize the
Virtual Server Model (VS Model) for the server system management, which
includes the managed server resource representation and the management service
functions. HMC 7.310 contains the first phase of work for HMC to provide
the standardized VS Model as the common interface for third parties to manage
the server system and their hardware resources.
· Automated provisioning of virtual
resources with the VIOS LPAR
·
Improved capability of
creating a system plan from a managed system
·
Additional import &export
capability via HTTPS
·
Improved System Plan Viewer
user controls and details
· A new command, dump, has been added.
The dump command sets the system dump parameters for a managed system (POWER6
servers only).
·
The following commands have
been added for system plan resource management on the
-
defsysplanres - defines a system plan resource
-
lssysplanres
- lists defined system
plan resources
-
rmsysplanres - removes a defined system plan resource
·
The following commands have
been enhanced to support barrier synchronization (POWER6 servers only): chsyscfg,
lshwres, lssyscfg, and mksyscfg.
·
The following commands have
been enhanced to support partition availability priorities (POWER6 servers
only): chsyscfg, lssyscfg, and mksyscfg.
·
The following commands
have been enhanced to support the new processor sharing mode that allows an
active dedicated processor partition to share its unused processors (POWER6
servers only): chhwres, chsyscfg, lshwres, lslparutil,
lssyscfg, and mksyscfg.
·
The following commands have
been enhanced to support electronic error reporting for i5/OS partitions
(POWER6 servers only): chsyscfg, lssyscfg, and mksyscfg.
·
The following commands have
been enhanced to support processor compatibility modes (POWER6 servers only): chsyscfg,
lssyscfg, and mksyscfg.
·
The following commands
have been enhanced to support Host Ethernet Adapters (POWER6 servers
only): chhwres, chsyscfg, lshwres, lssyscfg, mksyscfg,
and rsthwres.
·
The following commands have
been enhanced to support Utility Capacity on Demand (POWER6 servers
only): chcod, lscod, and lslparutil.
·
The lssyscfg -r prof
command to list partition profiles has been changed. The --filter
option to specify the partition for which profiles are to be listed is no
longer required. Therefore, all partition profiles for all partitions in
the managed system can now be listed by issuing lssyscfg -r prof
-m <managed system>.
·
The mksyscfg -r lpar
and mksyscfg -r prof commands have been changed. The load_source_slot
attribute is no longer required to be specified when creating an i5/OS
partition or partition profile on a POWER6 server.
·
The partition shared_proc_pool_util_auth
attribute has been deprecated. It has been replaced by the allow_perf_collection
attribute. These two attributes will always have the same value.
The commands that use these attributes are chsyscfg, lssyscfg,
and mksyscfg.
·
A new option has been added
to the chsysstate command to enable console service functions for an
i5/OS partition.
·
New options have been added
to the chhmc command to set the date, time, time zone, and clock type on
the
·
A new option has been added
to the chsvcevent command to close all serviceable events on the
·
A new option has been added
to the mksysplan command to limit the inventory gathered to just the PCI
slot devices.
·
A new option has been added
to the mksysplan command to display verbose output during command
processing.
·
A new option has been added
to the lsdump command to list the system dump parameters for a managed
system (POWER6 servers only).
·
The lsdump -h command
has been enhanced to display dump offload progress.
·
The lslic -t power
and lslic -t syspower commands have been enhanced to display automatic
code download status.
·
A new option has been added
to the lslic command to display Power FRU level and status information.
·
The dlslic command has
been removed. The information that was displayed by the dlslic command
is now displayed by the lslic command.
·
Due to security restrictions
in the
·
The lsusrtca command
has been deprecated.
·
To use X11Forwarding on
·
The
max_capacity_sys_proc_units and max_capacity_sys_mem attributes
displayed by the lshwres command have been deprecated since these values
cannot be accurately determined for all managed systems. For partition
profiles, the maximum memory value will now be limited to the value 4,294,967,295
(0xFFFFFFFF) MB. The maximum processor values for a partition profile
will now be limited to a new value, which is displayed by the new attribute max_procs_per_lpar
in the lshwres command.
Translation language packs
are not available at this time.
will release the translation language packs separately at
a later
time. In the initial release there are some locale specific issues,
i.e., decimal numbers are not being formatted properly. These
issues will be addressed in the
translation language packs.
Known Issues:
Web Browser
Requirements
Hardware Management Console web browser support requires
HTML 2.0, JavaScript™ 1.0, Java Virtual Machine (JVM), and
cookie support in browsers that will connect to it. Contact
your
support personnel to assist you in determining if your browser
is configured with a Java Virtual Machine. It is required that the
web browser uses the HTTP 1.1 protocol and if you
are using a
proxy server, the HTTP 1.1 protocol is enabled for the
proxy
connections. Additionally, pop-ups must be enabled for all
Hardware Management Consoles addressed in the browser if
running with pop-ups disabled. The following browsers have
been tested:
· Microsoft® Internet Explorer 6.0 or later Note:
If this browser is configured to use an internet proxy, then local intranet
addresses should be included in the exception list, consult your network
administrator for more information. If you still need to use the proxy to get
to the Hardware Management Console, enable Use HTTP 1.1 through proxy
connections under the Advanced tab in your Internet Options window.
·
Firefox 1.5.0.6 or
later.
Note: For Firefox 2.0 make sure the JavaScript options to
raise or lower windows and move or resize existing
windows
are enabled. To enable these options, go to the Content
tab in
the browser’s Options dialog, click Advanced...
next to the
Enable JavaScript option, then select Raise
or lower
windows option (a check mark appears) and Move
or resize
existing windows option (a check mark appears).
These
features allows you to switch easily between
.
Other Web Browser Considerations
Session cookies
need to be enabled in order for ASMI to work when connected to HMC
remotely. The asm proxy code saves session information and uses it.
Using Internet Explorer
1. Select Tools -> Internet
Options
2. Select Privacy tab and select
'Advanced'.
3. Check if 'Always allow session cookies'
4. If not checked, check 'Override automatic cookie handling' and
check 'Always allow session cookies'
5. You can choose how you want to handle First-party Cookies and
Third-party Cookies, block or prompt or accept. (prompt is preferred in
which case you will be prompted every time a site tries to write cookies.
It may be a little annoying, but it is the safe thing to do. Some sites
need to be allowed to write cookies)
Using Firefox
1. Tools -> Options
2. Select Cookies Tab
3. Select check box Allow sites to set cookies.
4. If you want to allow only specific sites then select
'Exceptions' and then you can just add this HMC to allow.
Other Issues
The HMC now
reserves the first ten virtual adapter slots on each VIOS (Virtual I/O Server)
partition for internal HMC use.
Configuration rules:
1.
The maximum Virtual I/O
Slot Number should be set to (at least) 10 plus the number of virtual I/O slots
desired by the customer.
Note that setting the maximum higher is OK, the danger is setting
it too low. Setting it below 10 will cause a compatibility issue with
newer levels of HMC code. Excess virtual slots use a small amount
of additional memory, but otherwise have no impact.
2. All customer virtual I/O slots (virtual SCSI, virtual
Ethernet or virtual serial) must use virtual slot IDs 11 or greater.
3. The VASI adapter (used by the Mobile Partition function) must
be assigned to virtual slot ID 2.
· When using the updhmc command with the -i flag, input echo is not restored when the command finishes. You can use the CTRL-D key to logoff then log back in.
Licenced Internal Code (
· Firefox 1.5.0.6 or later.
·
A new task was added which
allows the user to ensure that the system has no errors which will prevent
Licensed Internal Code update from working correctly. This new task is
invoked by selecting "Check System Readiness" from the Updates task
selection list or using the "-o k" parameter of the updlic
command.
·
A new task was added which
allows the user to view system information without entering a
"change" task. This new task is invoked by selecting "View
System Information" from the Updates task selection list.
·
The restricted-access dlslic
command was removed. Equivalent capability was added to the lslic
command. For more details, see the command line section of the
readme.
|
CAN-2003-0989 |
tcpdump remote DOS |
|
CAN-2003-0190 |
OpenSSH: info leak issue |
|
CAN-2004-0078 |
mutt remote buffer
overflow |
|
CAN-2004-0110 |
libxml2 URI Parsing
Remote Buffer Overflow |
|
CAN-2004-0109 |
Kernel ISO9660/JFS local
privilege escalation, info leak |
|
CAN-2004-0183 |
tcpdump ISAKMP remote DOS |
|
CA-2005-35 |
SSH Protocol 1 Weakness and
Vulnerability |
|
CAN-2004-0427 |
Kernel privilege
escalation, local DoS |
|
CAN-2004-0554 |
Kernel "__clear_fpu()" Macro local DoS |
|
CAN-2004-0523 |
kerberos aname_to_localname remote
root compromise |
|
CVE-2004-0493 |
Input Header Memory
Allocation Denial of Service |
|
CVE-2004-0488 |
Apache mod_ssl
FakeBasicAuth Buffer overflow |
|
CVE-2004-0747
CVE-2004-0748
CVE-2004-0751
CVE-2004-0786
CVE-2004-0809 |
Apache 2 Multiple Denial of
Service |
|
CVE-2004-0942 |
Apache MIME Header Memory
Consumption |
|
CAN-2004-0460 |
dhcp-server: remote system compromise |
|
CVE-2002-1363 |
libpng remote DoS |
|
CAN-2004-0590 |
Certificate chain
authentication in Openswan pluto |
|
CAN-2004-0649 |
L2tpd: remote execution of
arbitrary files w/ privs of l2tpd user |
|
VU#388984 |
libpng: multiple vulnerabilities |
|
CAN-2004-0415 |
Kernel:
local privilege escalation, race condition in file offset pointer handling |
|
VU#550464
|
krb5: remote
unauthenticated DoS |
|
CAN-2004-0817 |
imlib: local execution via heap overflow |
|
CAN-2004-0687 |
xf86: multiple buffer
overflows with malformed xpm images |
|
CAN-2004-0966 |
gettext: Insecure temporary file handling |
|
CAN-2004-0804 |
tiff: Buffer overflows in
image decoding |
|
CAN-2004-0884 |
Cyrus-sasl2: (ver 2.1.7) Insecure handling of environment
variable |
|
CAN-2004-0971 |
krb5: krb5-workstation:
Possible symlink attack, priv
escalation via temproary file mishandling |
|
CAN-2004-0989 |
libxml:
remote code execution, buffer overflow |
|
CVE-2004-0079 |
Openssl vulnerability |
|
CAN-2004-0975 |
Openssl: possible symlink attack
via temp file mishandling |
|
SUSE-SA:2004:041 |
xf86: SuSE
security updates for libxpm |
|
CAN-2004-0782 |
imlib: xpm security updates in imlib |
|
CAN-2004-1010 |
zip: buffer overflow in
info-zip when using recursive folder compression |
|
CAN-2004-1308 |
tiff: multiple buffer
overflows |
|
CAN-2004-0986 |
iptables: variable init failure can cause failure to load
firewall rules |
|
CAN-2004-0883 |
Kernel update for multiple
local and remote DoS vulnerabilities |
|
CAN-2004-0079 |
OpenSSL remote DOS |
|
CVE-2006-2937 |
OpenSSL vulnerability |
|
CAN-2005-0155 |
Perl: Security update to
address two priv escalation and a buffer overflow
condition |
|
CAN-2005-0449 |
Updates for multiple issues
on 2.4-2.6.11 kernels |
|
CAN-2005-1993 |
sudo: vulnerabilities allow execution of arbitrary
commands |
|
CAN-2005-1267 |
tcpdump: fix for several
DOS vulnerabilities |
|
CAN-2005-1151
CAN-2004-1470 |
tiff: buffer overflow
allows execution of arbitrary code |
|
CAN-2005-0109 |
OpenSSL update |
|
CAN-2005-2969 |
OpenSSL fix for potential SSL 2.0 Rollback vulnerability |
|
CVE-2001-0572 |
SSHv1 Protocol Available |
|
CVE-2004-0175 |
OpenSSH SCP Client File
Corruption Vulnerability |
|
CVE-2006-0225 |
OpenSSH scp remote attack
vulnerability |
|
CVE-2006-4924 |
Open SSH vulnerability |
|
CVE-2006-5051 |
Open SSH vulnerability not
applicable to HMC due to GSSAPI being disabled |
|
CVE-2006-5794 |
Open SSH vulnerability |
|
CVE-2006-0058 |
Sendmail remote code execution |
|
CVE-2006-1721 |
Cyrus-sasl
remote denial of service |
|
CVE-2006-2024 |
Libtiff: various denial of service attacks |
|
CVE-2005-3352 |
Apache2 cross site
scripting in mod_imap and mod_ssl |
|
CVE-2006-0455 |
Gpg remote execution by signature checking |
|
CVE-2005-3353 |
Multiple vulnerabilities in
php4 |
|
CVE-2005-2970 |
Apache2 worker memory leak |
|
CVE-2005-2974 |
Libungif denial of service attack/buffer overflow |
|
CVE-2005-2959 |
Sudo environment cleaning privilege escalation
vulnerability |
|
CAN-2005-2491 |
PCRE: Integer overflow
vulnerability |
|
CVE-2005-3119 |
Kernel potential denial of
service and information disclosure |
|
CAN-2005-2797 |
OpenSSH: fixes to prevent
escalation of privileges and bypass certain security restrictions |
|
CVE-2005-2876 |
Util-linux umount “-r” Re-Mounting
security issue |
|
CAN-2005-2495 |
Xf86: Fix remote command
execution |
|
CAN-2005-2491 |
Apache2: Security fixes |
|
CAN-2005-1761 |
Kernel: Various Security
Fixes |
|
CAN-2005-2452 |
Tiff: Vulnerability allows
DOS attack due to divide by zero error |
|
CAN-2005-2177 |
Net-snmp
remote attack vulnerability |
|
CAN-2005-0448 |
Perl vulnerabilities |
|
CAN-2005-0758 |
Bzip2 vulnerability |
|
CAN-2004-1189 |
Krb5 multiple security
issues |
|
CAN-2005-1849 |
Zlib buffer overflow |
|
CAN-2005-2088 |
Apache2: fix for multiple
vulnerabilities |
|
CVE-2005-2970 |
Apache2: memory leak |
|
CVE-2005-3357 |
Apache2 Cryptographic
problem |
|
CVE-2006-3747 |
Apache2: Off-by-one error
in the ldap scheme handling in the Rewrite module |
|
CVE-2006-3918 |
Apache2 vulnerability |
|
CVE-2005-2728 |
Apache Byte Range Denial of
Service |
|
CAN-2004-1453 |
Glibc: Infoleak and symlink attack vulnerabilities |
|
CAN-2005-1111 |
Cpio directory traversal and privilege escalation |
|
CAN-2005-0605 |
Xf86: libXPM
integer overflow |
|
CAN-2004-0970 |
Gzip: temporary file mishandling |
|
CAN-2005-0160 |
telnet: ENV buffer overflow |
|
CAN-2005-1704 |
Binutils vulnerabilities |
|
CAN-2005-1993 |
Sudo: race condition |
|
CAN-2005-0373 |
Cyrus-sasl,
cyrus-sasl2 remote code execution |
|
CVE-2005-0916 |
Kernel Vulnerabilities |