SSA Remote Systems Management v1.50 AIX 4.3.2 & 4.3.3 Stand Alone Version Last Updated : 06 March 2000 1.0 - PRE-REQUISITES 2.0 - SETUP <<< !IMPORTANT! >>> 3.0 - SECURITY <<< !IMPORTANT! >>> 4.0 - NOTES FOR USERS .1 - Tutorial .2 - Help .3 - Proxies .4 - Netscape Configuration .5 - Browser Time-outs .6 - General .7 - Known Problems / Fix History 5.0 - SSA HOMEPAGE The Remote Systems Management (RSM) configurator is a web based configuration tool for use with the IBM Advanced SerialRAID Adapter. 1.0 PRE-REQUISITES ================== To run the RSM AIX Stand Alone service you require : * One of the following IBM SSA RAID Adapters configured on the target RS6000: IBM SSA Enhanced RAID Adapter (PCI or MCA) IBM Advanced SerialRAID Adapter. You should ensure you are running the latest adapter, disk and enclosure microcode and are running the latest SSA Host Software. The latest levels can be checked via RSM, or visit http://www.storage.ibm.com/hardsoft/products/ssa/ * IBM AIX 4.3.2, with Lotus Go web server as supplied on the AIX V4.3.2 Bonus Pack CD, or IBM AIX 4.3.3, with IBM Apache web server as supplied on the AIX V4.3.3 Bonus Pack CD. * TCP/IP services running on the RS6000 * Netscape 4.07+, recommend 4.08+ Netscape 4.5x+, recommend 4.71+ or Internet Explorer 4.72 SP2 Internet Explorer 5.0x NOTE: RSM is not supported with any releases of Internet Explorer 3, or Netscape 3 or below. 2.0 SETUP ========= The setup procedure depends upon which web server you are using. Follow the instruction for your web server. 2.1 Set up with Lotus Go web server ====================================== 1) Install the "Lotus Go" web server from the AIX4.3.2 bonus pack CD on each server you wish to have access to RSM. If you already have WebSM installed please proceed to step 2. 2) Edit /usr/lpp/internet_server.base/inst_root/etc/httpd.conf Change the port number from 80 to a unique number. The more obscure the better. If an unauthorised user attempts to gain access to RSM they will have to guess the port number first. See 3.0 Security for more details. 3) To further protect RSM from being used by unauthorised users, you can also enable password authentication to restrict access to RSM's CGI directory via the web server. To enable password authentication follow the instructions below: a) Edit the httpd.conf file again and find the "PROT-ADMIN Protection" directive in the file, then add the following line after it: Protect /cgi-bin/rsm/* PROT-ADMIN Where /cgi-bin/rsm is the relative path to the RSM's CGI directory from the server root. The default is /cgi-bin/rsm. This will protect all files under that directory. b) Now add a new Web admin user to access RSM using the following command: /usr/sbin/htadm -adduser /usr/lpp/internet/server_root/protect/webadmin.passwd rsm_user Where rsm_user is the web admin who will have access to RSM, and webadmin.passwd is the password file specified in the PROT-ADMIN directive in httpd.conf. Enter the password for rsm_user and the directory is now only accessible by rsm_user. See the section titled "User authentication and document protection" in the httpd.conf for more information on setting up directory protection. 4) Run /usr/ssa/rsm/setup ( as root ) and follow the prompts. If you have not modified the paths in the httpd.conf file, select Lotus Go when setup asks which web server you are running, then accept the defaults by pressing [ENTER] when prompted. Otherwise enter the appropriate paths when prompted. NOTE: If you do not see any text when you run setup you are probably not using an English locale. RSM is only provided in English. You can use RSM by copying /usr/ssa/rsm/wssa.cat to /usr/lib/nls/msg/XXX where XXX is your locale. 5) To start the web service, and hence allow access to RSM run the following command as the root user : /usr/sbin/httpd -p [port_num] -r /usr/lpp/internet_server.base/inst_root/etc/httpd.conf where [port_num] is the number you specified in the httpd.conf. If you wish to start RSM when the system starts add the following line to inittab to get the web server to auto-start : httprsm:2:wait:/usr/sbin/httpd -p [port_num] -r /usr/lpp/internet_server.base/inst_root/etc/httpd.conf 6) You have completed setup of RSM. Open a browser at : http://your.tcpip.address:[port_num]/cgi-bin/rsm/ssa "your.tcpip.address" is either the dotted decimal, or TCP/IP machine name of the RS6000 containing RSM; and [port_num] is the port number chosen in httpd.conf Enter the web username and password (as setup in 2) above) and you should now see RSM displaying the Adapter List. 2.2 Set up with IBM Apache web server ===================================== 1) Install the "IBM Apache" web server (IBM HTTP Server) from the AIX4.3.3 bonus pack CD on each server you wish to have access to RSM. If you already have WebSM installed then please proceed to step 2. 2) Run /usr/ssa/rsm/setup ( as root ) and follow the prompts. If you have not modified the paths in the httpd.conf file you can select Apache when setup asks which web server you are running, then accept the defaults by pressing [ENTER] when prompted. Otherwise enter the appropriate paths when prompted. NOTE: If you do not see any text when you run setup you are probably not using an English locale. RSM is only provided in English. You can use RSM by copying /usr/ssa/rsm/wssa.cat to /usr/lib/nls/msg/XXX where XXX is your locale. 3) Edit /usr/lpp/HTTPServer/etc/httpd.conf Change the port number from 80 to a unique number. The more obscure the better. If an unauthorised user attempts to gain access they will have to guess the port number first. See 3.0 Security for more details. Change the "StartServers", "MinSpareServers" to 1, "MaxSpareServers" to 2. 4) To further protect RSM from being used by unauthorised users, you can also enable password authentication to restrict access to RSM's CGI directory via the web server. To enable password authentication follow the instructions below: a) Edit httpd.conf again and find the "" directive in the file. Change the following option to: AllowOverride All This will allow the cgi-bin directory to use customised access rules as specified in the .htaccess file (See step b). b) Create a text file .htaccess in /usr/lpp/HTTPServer/share/cgi-bin/rsm (i.e. RSM's CGI directory) and add the following lines: AuthUserFile /usr/lpp/HTTPServer/share/cgi-bin/rsm/.htpasswd AuthGroupFile /dev/null AuthName ByPassword AuthType Basic require user rsm_user Where AuthUserFile specifies the full path of the password file to be used for authentication. And rsm_user is the user who will have access to RSM. Issue the following command to change the permission of .htaccess: chmod 744 /usr/lpp/HTTPServer/share/cgi-bin/rsm/.htaccess c) Go to RSM's CGI directory and create a password file using the command: /usr/lpp/HTTPServer/bin/htpasswd -c /usr/lpp/HTTPServer/share/cgi-bin/rsm/.htpasswd rsm_user Enter the password for rsm_user. This will create the password file .htpasswd with a single user rsm_user in it. Now the directory is only accessible by rsm_user. The "-c" flag in the above command means create the specified password file. To add another user for RSM, issue the same command WITHOUT the "-c" flag. Issue the following command to change the permission of .htpasswd: chmod 744 /usr/lpp/HTTPServer/share/cgi-bin/rsm/.htpasswd See the Apache documentation for more information on the options available in httpd.conf. 5) To start the web service, and hence allow access to RSM run the following command as the root user : /usr/lpp/HTTPServer/sbin/httpd If you wish to start RSM when the system starts add the following line to inittab to get the web server to auto-start : httprsm:2:wait:/usr/sbin/httpd 6) You have completed setup of RSM. Open a browser at : http://your.tcpip.address:[port_num]/cgi-bin/rsm/ssa "your.tcpip.address" is either the dotted decimal, or TCP/IP machine name of the RS6000 containing RSM; and [port_num] is the port number chosen in httpd.conf Enter the web username and password and you should now see RSM displaying the Adapter List. 3.0 SECURITY ============ RSM requies adminitrative access to access the ODM and some of the command line tools supplied with ssaraid. Apart from the obvious configuration actions possible, it is not possible to execute another program from RSM. It is very important that you provide some form of user authentication before granting access to rsm. The supported web servers provide such authentication techniques and it is recommended YOU setup a secure web service for RSM access. This is especially important if you are using WebSM together with RSM. The port number chosen is also important. If you chose an obscure number, that means something to you, but is not guessable, you can make it more difficult for an unauthorised user to even find RSM. 4.0 NOTES FOR USERS =================== 4.1 RSM TUTORIAL ================ This version of RSM is supplied with an HTML based tutorial, which can be accessed via : http://your.tcpip.address:[port_num]/help/tutorial.htm OR from the SSA Tools Menu. 4.2 HELP WINDOW =============== The help within SSA RSM is context sensitive. Clicking on the help icon opens another browser window containing the relevant help section. Every subsequent click on the help icon will update the same window. Please be aware that depending upon Windows setup and the browser used, the help window may not auto-raise when the icon is re-selected. 4.3 PROXY CONFIGURATIONS ======================== Some problems may be experienced when accessing SSA RSM via a proxy server. It is recommended that you use an automatic proxy configuration script (if available) otherwise - if you are accessing SSA RSM from behind a firewall, and SSA RSM itself is behind the firewall, ensure you are using the "no proxy for" to stop proxy usage for internal access Some problems have also been found using Netscape when an array contains a failed resource and no hot spare is available. At this point, the failed resource is replaced by a virtual disk, a "blank reserved". When using a proxy server, some versions of Netscape fail to process the "blank reserved" resource. Please contact a service representative. 4.4 NETSCAPE CONFIGURATION ========================== It is recommended that you enable your browser to reload documents every time, otherwise cached pages may cause confusion when configuring systems. Edit, Preferences, Advanced, Cache NETSCAPE 3 USER'S PLEASE NOTE : These versions of the browser are not supported, this is due to the lack of support for some JavaScript functions used in RSM versions 1.42+. This will only occur when you create RAID10 arrays with multiple domains. When you select the Primary and Secondary resources, your browser will not be able to validate the selections as they are made, you will still be presented with the confirmation screen. 4.5 BROWSER TIME-OUTS ===================== If your browser connection is slow (i.e. when remotely accessing RSM), the reply may time-out. Note that the action you performed will have been executed if it got to the server and will continue to completed, since the adapter execute all requests it receives. You should refresh the view before repeating the action, to ensure you don't perform the action twice. 4.6 GENERAL =========== The stand-alone service is single-threaded. If two users attempt to use a single service at the same time, one user may be returned a time-out. Simply click reload on your browser to retry. 4.7 KNOWN PROBLEMS (P) / FIXES (F) ================================== See history.txt copied to install directory for latest release notes / known problems and fixes / enhancements. 5.0 SSA HOMEPAGE ================ For all the latest code releases, device drivers etc, http://www.storage.ibm.com/hardsoft/products/ssa/ For updates to RSM, http://www.storage.ibm.com/hardsoft/products/ssa/ For product news, http://www.storage.ibm.com/ We always welcome comments, or suggestions for improvement via our Active Feedback forms, please submit via the forms on the Website.