Book description
HP-UX CSE: Official Study Guide and Desk Reference
The definitive HP-UX CSE exam preparation guide and reference
HP-approved coverage of all three CSE exams: CSE HP-UX Advanced System Administration, CSE High Availability Using HP-UX Serviceguard, and CSE HP-UX Networking and Security
Comprehensive study resources: exam objectives, sample questions, and summaries for last-minute review
More than a great study guide: an outstanding reference for working system engineers
This book delivers comprehensive preparation for all three HP-UX CSE exams, the core exam: CSE HP-UX Advanced System Administration, and specialty exams, CSE High Availability Using HP-UX Serviceguard and CSE HP-UX Networking and Security. Coverage includes:
Implementing HP-UX in technology-rich enterprise environments
Maximizing the performance and availability of HP-UX systems and applications
Partitioning: node and virtual partitions
Disks, volumes, file systems: RAID, LVM, VxVM, HFS, VxFS, VFS layer, swap/dump space, and more
Monitoring system resources, activities, events, and kernels
Processes, threads, and bottlenecks: priorities, run queues, multi-processor environments, memory requirements, bottlenecks, and more
Installation, patching, and recovery, including Software Distributor and Ignite-UX
Emergency recovery with HP-UX installation media
Broad networking coverage: IPv6, ndd, DHCP, DNS, NTP, CIFS/9000, LDAP, sendmail, Automatic Port Aggregation, VPNs, VLANs, and more
Planning, implementing, and managing high availability clustering with Serviceguard
Other HP-UX cluster solutions: Extended Serviceguard Cluster, Metrocluster, Continentalclusters, and more
Infrastructure for remote access to HA clusters: SANs, DWDM, dark fiber
HP-UX security administration: Trusted systems, SSH, HIDS, IPSec, IPFilter, and Bastille Operating Systems/HP-UX
Sample questions, last-minute review tips, and other study resources
This isn't just an outstanding prep guide, it's the definitive day-to-day reference for working professionals in high availability environments.
© Copyright Pearson Education. All rights reserved.
Table of contents
- Copyright
- Hewlett-Packard® Professional Books
- PREFACE
-
ONE. Managing HP-UX Servers
- ONE. An Introduction to Your Hardware
-
TWO. Partitioned Servers: Node Partitions
-
2.1. A Basic Hardware Guide to nPars
- 2.1.1. A cell board
- 2.1.2. The IO cardcage
- 2.1.3. The Core IO card
- 2.1.4. System backplane
- 2.1.5. How cells and IO cardcages fit into a complex
- 2.1.6. Considerations when creating a complex profile
- 2.1.7. The Utility Subsystem
- 2.1.8. The GSP
- 2.1.9. Other complex related GSP tasks
- 2.1.10. IO Cardcage slot numbering
- 2.2. The Genesis Partition
- 2.3. Cell Behavior During the Initial Boot of a Partition
- 2.4. Partition Manager
- 2.5. Other Boot-Related Tasks
- Chapter Review
- Test Your Knowledge
- Answer to Test Your Knowledge Questions
- Chapter Review Questions
- Answers to Chapter Review Questions
-
2.1. A Basic Hardware Guide to nPars
-
THREE. Partitioned Servers: Virtual Partitions
- 3.1. An Introduction to Virtual Partitions
- 3.2. Obtaining the Virtual Partitions Software
- 3.3. Setting Up an Ignite-UX Server to Support Virtual Partitions
- 3.4. Planning Your Virtual Partitions
- 3.5. Creating the vPar Database
- 3.6. Booting a Newly Created vPar from an Ignite-UX Server
- 3.7. Managing Hardware within a Virtual Partition
- 3.8. Rebooting vpmon
- 3.9. Interfacing with the Virtual Partition Monitor: vpmon
- 3.10. Changing Partition Attributes
- 3.11. Resetting a Virtual Partition
- 3.12. Removing a Virtual Partition
- 3.13. Turning Off Virtual Partition Functionality
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
FOUR. Advanced Peripherals Configuration
-
4.1. Reorganizing Your IO Tree
- 4.1.1. Consider making a System Recovery Tape
- 4.1.2. Collect IO trees from all nodes concerned
- 4.1.3. Decide on the format of the standardized IO tree
- 4.1.4. Document current device file → hardware path mapping
- 4.1.5. Establish which system and user applications use current device files
- 4.1.6. Create an ASCII file representing the new IO tree
- 4.1.7. Shut down the system(s) to single user mode
- 4.1.8. Apply the new IO tree configuration with the ioinit command
- 4.1.9. Reboot the system to single user mode
- 4.1.10. Check that all new device files are created correctly
- 4.1.11. Rework any user or system applications affected by the change in device file names
- 4.1.12. Remove all old device files
- 4.2. Disk Device Files in a Switched Fabric, Fibre Channel SAN
-
4.3. Online Addition and Replacement: OLA/R
-
4.3.1. Replacing a failed PCI card
- 1. IDENTIFY THE FAILED PCI CARD
- 2. PERFORM CRITICAL RESOURCE ANALYSIS ON THE AFFECTED PCI CARD
- 3. TURN ON THE ATTENTION LIGHT FOR THE AFFECTED PCI CARD SLOT
- 4. CHECK THAT THE AFFECTED PCI SLOT IS IN ITS OWN POWER DOMAIN
- 5. CHECK THAT THE AFFECTED PCI CARD IS NOT A MULTI-FUNCTION CARD
- 6. RUN ANY ASSOCIATED DRIVER SCRIPTS BEFORE SUSPENDING THE DRIVER
- 7. SUSPEND THE KERNEL DRIVER FOR THE AFFECTED PCI SLOT
- 8. TURN OFF THE POWER TO THE AFFECTED PCI SLOT
- 9. REPLACE THE PCI CARD
- 10. TURN ON THE POWER TO THE PCI SLOT
- 11. RUN ANY ASSOCIATED DRIVER SCRIPTS BEFORE RESUMING THE DRIVER
- 12. RESUME THE DRIVER FOR THE PCI SLOT
- 13. CHECK FUNCTIONALITY OF THE NEWLY REPLACED PCI CARD
- 14. TURN OFF THE ATTENTION LIGHT FOR THE AFFECTED PCI SLOT
- 4.3.2. Adding a new PCI card
-
4.3.1. Replacing a failed PCI card
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
4.1. Reorganizing Your IO Tree
- FIVE. Disks and Volumes: RAID Levels and RAID Parity Data
-
SIX. Disks and Volumes: LVM
- 6.1. LVM Striping (RAID 0)
- 6.2. LVM Mirroring (RAID 1)
- 6.3. Alternate PV Links
- 6.4. Exporting and Importing Volume Groups
- 6.5. Forward Compatibility with Newer, Larger Capacity Disk Drives
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
SEVEN. Disks and Volumes: Veritas Volume Manager
- 7.1. Introducing Veritas Volume Manager
- 7.2. VxVM Striping (RAID 0)
- 7.3. VxVM Mirroring (RAID 1)
- 7.4. VxVM Striping and Mirroring (RAID 0/1 and 1/0)
- 7.5. Faster Mirror Resynchronization after a System Crash
- 7.6. VxVM RAID 5
- 7.7. Recovering from a Failed Disk
- 7.8. Using Spare Disks
- 7.9. VxVM Snapshots
- 7.10. VxVM Rootability
- 7.11. Other VxVM Tasks
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
EIGHT. Filesystems: HFS, VxFS, and the VFS Layer
- 8.1. Basic Filesystem Characteristics
- 8.2. HFS Internal Structure
- 8.3. Tuning an HFS Filesystem
- 8.4. HFS Access Control Lists
- 8.5. VxFS Internal Structures
- 8.6. Online JFS Features
- 8.7. Tuning a VxFS Filesystem
- 8.8. VxFS Snapshots
- 8.9. Navigating through Filesystems via the VFS Layer
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
REFERENCES
-
NINE. Swap and Dump Space
- 9.1. Swap Space, Paging, and Virtual Memory Management
- 9.2. How Much Swap Space Do I Need?
- 9.3. Configuring Additional Swap Devices
- Chapter Review on Swap Space
- 9.4. When Dump Space Is Used
- 9.5. Including Page Classes in the Crashdump Configuration
- 9.6. Configuring Additional Dump Space
- 9.7. The savecrash Process
- 9.8. Dump and Swap Space in the Same Volume
- Chapter Review on Dump Space
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
REFERENCES
- TEN. Monitoring System Resources
-
ELEVEN. Processes, Threads, and Bottlenecks
- 11.1. Defining Processes and Threads
- 11.2. Process Life Cycle
- 11.3. Context Switches and Timeslices
- 11.4. Process/Thread Priorities and Run Queues
- 11.5. Multiprocessor Environments and Processor Affinity
- 11.6. Memory Requirements for Processes/Threads
- 11.7. Memory Limitations for 32-bit Operating Systems, magic Numbers, and Memory Windows
- 11.8. Performance Optimized Page Sizes (POPS)
- Chapter Review on a Process Life Cycle
- 11.9. Common Bottlenecks for Processes and Threads
- Chapter Review on Common Bottlenecks
- 11.10. Prioritizing Workloads with PRM and WLM
- Chapter Review on PRM
- Chapter Review on WLM
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
REFERENCES
-
TWO. Install, Update, and Recovery
-
TWELVE. HP-UX Patches
- 12.1. What Is a Patch?
- 12.2. When Should I Patch My Server(s)?
- 12.3. Understanding the Risks Involved When Applying Patches
- 12.4. Obtaining Patches
- 12.5. Patch Naming Convention
- 12.6. Patch Ratings
- 12.7. The Patch shar File
- 12.8. Patch Attributes
- 12.9. Setting Up a Patch Depot
- 12.10. Installing Patches
- 12.11. Removing Patches and Committing Patches
- 12.12. Managing a Patch Depot
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
THIRTEEN. Installing Software with Software Distributor and Ignite-UX
-
13.1. Using swinstall to Push Software across the Network
- 13.1.1. Set up a software-and-patches depot on the depot server
- 13.1.2. Make Service Control Manager depot available on the depot server
- 13.1.3. Set up Remote Operations Agent software on each client machine
- 13.1.4. On the depot server, set up Remote Operations GUI (optional)
- 13.1.5. Push software to remote clients
-
13.2. Installing a Complete Operating System Using Ignite-UX
-
13.2.1. Set up an Ignite-UX server to utilize an existing Core OS depot
- 13.2.1.1. INSTALL THE IGNITE-UX SOFTWARE
- 13.2.1.2. SET UP TEMPORARY IP ADDRESSES FOR BOOT CLIENTS
- 13.2.1.3. SET UP TFTP AND INSTL_BOOTD SERVICE IN /ETC/INETD.CONF.
- 13.2.1.4. SET UP /ETC/EXPORTS TO GIVE NFS ACCESS TO THE /VAR/OPT/IGNITE/CLIENTS DIRECTORY
- 13.2.1.5. SET UP IGNITE-UX PARAMETERS TO BE USED DURING THE INSTALLATION OF THE OPERATING SYSTEM
- 13.2.1.6. SET UP A DHCP SERVER (OPTIONAL)
- 13.2.1.7. SET UP SOFTWARE DEPOT(S)
- 13.2.1.8. CREATE AN IGNITE-UX CONFIGURATION FILE THAT REPRESENTS THE CONTENTS OF THE SOFTWARE DEPOT(S)
- 13.2.1.9. UPDATE THE IGNITE-UX INDEX FILE TO REFLECT THE NEW CONFIGURATIONS THAT ARE NOW AVAILABLE
- 13.2.1.10. ENSURE THAT THE IGNITE-UX SERVER RECOGNIZES ALL CLIENTS
- 13.2.2. Adding additional software to a Core OS configuration
-
13.2.1. Set up an Ignite-UX server to utilize an existing Core OS depot
- 13.3. Setting Up a Golden Image
- 13.4. Making a Recovery Archive
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
13.1. Using swinstall to Push Software across the Network
-
FOURTEEN. Emergency Recovery Using the HP-UX Installation Media
- 14.1. Recovering a Corrupt Boot Header Including a Missing ISL
- 14.2. Recovering from Having No Bootable Kernel
- 14.3. Recovering from a Missing Critical Boot File: /stand/rootconf
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
TWELVE. HP-UX Patches
-
THREE. Networking
-
FIFTEEN. Basic IP Configuration
- 15.1. Basic Networking Kernel Parameters
- 15.2. Data-Link Level Testing
- 15.3. Changing Your MAC Address
- 15.4. Link Speed and Auto-Negotiation
- 15.5. What's in an IP Address?
- 15.6. Subnetting
- 15.7. Static Routes
- 15.8. The netconf File
- 15.9. Dynamic IP Allocation: RARP and DHCP
- 15.10. Performing a Basic Network Trace
- 15.11. Modifying Network Parameters with ndd
- 15.12. IP Multiplexing
- 15.13. The 128-Bit IP Address: IPv6
- 15.14. Automatic Port Aggregation (APA)
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
REFERENCES
- SIXTEEN. Dynamic Routing
-
SEVENTEEN. Domain Name System (DNS)
-
17.1. Configuring a Master Name Server
- 17.1.1. Decide on and register (if necessary) a DNS domain name
- 17.1.2. Update your/etc/hosts file
- 17.1.3. Create a working directory for the DNS database files
- 17.1.4. Create the DNS database files using the hosts_to_named utility
- 17.1.5. Set up the rndc configuration file
- 17.1.6. Start the named daemon
- 17.1.7. Set up the resolver configuration files
- 17.1.8. Test DNS functionality
- 17.2. Configuring Additional Backup Slave and Caching-Only Name Servers
-
17.3. Delegating Authority to a Subdomain Including DNS Forwarders
- 17.3.1. Help the new master name server set up an appropriate hosts file
- 17.3.2. Set up the delegated master name server
- 17.3.3. Set up the delegated slave server
- 17.3.4. Configure delegated clients to reference delegated name servers
- 17.3.5. Make alias (CNAME) names for all delegated hostnames (Optional)
- 17.3.6. Reference the delegated name server(s) in the name server database file
- 17.3.7. Consider setting up a forwarders entry in the delegated domains /etc/named.conf file
- 17.4. Configuring DNS to Accept Automatic Updates from a DHCP Server
- 17.5. Dynamic DNS Server Updates and TSIG Authentication
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
REFERENCES
-
17.1. Configuring a Master Name Server
-
EIGHTEEN. Network Time Protocol
- 18.1. What Time Is It?
- 18.2. Choosing a Time Source
- 18.3. Stratum Levels and Timeservers
- 18.4. The Role of the NTP Software
- 18.5. Analyzing Different Time Sources
- 18.6. Setting Up the NTP Daemons
- 18.7. NTP Server Relationships
- 18.8. An Unlikely Server: A Local Clock Impersonator
- 18.9. An NTP Polling Client
- 18.10. An NTP Broadcast Client
- 18.11. Other Points Relating to NTP
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
NINETEEN. An Introduction to sendmail
- 19.1. Basic Checks to Ensure That sendmail Is Installed and Working
- 19.2. Using sendmail without Using DNS
- 19.3. Mail Aliases
- 19.4. Masquerading or Site Hiding and Possible DNS Implications
-
19.5. A Simple Mail Cluster Configuration
- 19.5.1. Set up the mail hub as the host to accept local delivery of all email for all mail clients
- 19.5.2. Ensure that all usernames are configured on the mail server
- 19.5.3. Ensure that all client machines have access to the /var/mail directory
- 19.5.4. Configure clients to forward all mail to our mail server (hub)
- 19.5.5. Configure clients to mount the /var/mail directory from the mail server
- 19.5.6. Test sending an email to another user
- 19.5.7. Conclusions on a simple mail cluster configuration
- 19.6. Building Your Own sendmail.cf File
- 19.7. Monitoring the Mail Queue
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
REFERENCES
-
TWENTY. Common Internet Filesystem (CIFS/9000)
- 20.1. CIFS, SMB, and SAMBA
- 20.2. CIFS Client or Server: You Need the Software
-
20.3. CIFS Server Configuration
-
20.3.1. Windows NT LanManager authentication
-
20.3.1.1. USING A LOCAL SMB/CIFS PASSWORD FILE
- 20.3.1.1.1. Installing CIFS-server software
- 20.3.1.1.2. Enable CIFS server functionality in /etc/rc.config.d/samba
- 20.3.1.1.3. Configure /etc/opt/samba/smb.conf
- 20.3.1.1.4. Verify your smb.conf configuration with the testparm utility
- 20.3.1.1.5. Create an SMB password file
- 20.3.1.1.6. Start the CIFS daemon
- 20.3.1.1.7. Verify the configuration with the smbclient utility
-
20.3.1.1. USING A LOCAL SMB/CIFS PASSWORD FILE
-
20.3.1. Windows NT LanManager authentication
-
20.4. CIFS Client Configuration
- 20.4.1. Install the CIFS/9000 Client product
- 20.4.2. Configure /etc/opt/cifsclient/cifsclient.cfg
- 20.4.3. Run the CIFS client start script
- 20.4.4. Create a mount point directory
- 20.4.5. Add the CIFS filesystems to the /etc/fstab file
- 20.4.6. Mount the CIFS filesystems
- 20.4.7. Execute the /opt/cifsclient/bin/cifslogin program
- 20.4.8. Verify that your cifslogin succeeded
-
20.5. NTLM: Using a Windows Server to Perform Authentication and Pluggable Authentication Modules (PAM)
- 20.5.1. Configure /etc/pam.conf to utilize NTLM as an authentication protocol
- 20.5.2. Configure smb.conf to reference the NTLM server
- 20.5.3. Configure a user map to specifically reference individual UNIX users to be authenticated by the NTLM server
- 20.5.4. Restart CIFS client daemon to pick up changes in smb.conf
- 20.5.5. Test the functionality of NTLM authentication
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
TWENTY ONE. An Introduction to LDAP
- 21.1. Introducing the Lightweight Directory Access Protocol (LDAP)
- 21.2. LDAP-UX Integration Products
-
21.3. Step-by-Step Guide to LDAP-UX Client Services
- 21.3.1. Install Netscape Directory Services and LDAP-UX Integrations products
- 21.3.2. Run Netscape setup program
- 21.3.3. Ensure that the SHLIB_PATH environment variable is set up
- 21.3.4. Decide where in our Directory we will store our name service data
- 21.3.5. Decide where you will store client profiles
- 21.3.6. Restrict write access to user attributes
- 21.3.7. Allow users to read all attributes of the POSIX schema
- 21.3.8. Configure a proxy user to read name service data (optional)
- 21.3.9. Allow read access for the proxy user to user attributes
- 21.3.10. Customize /etc/passwd, /etc/group, etc
- 21.3.11. Import name service data into the directory
- 21.3.12. Configure the LDAP-UX Client Services software to enable it to locate the Directory
- 21.3.13. Configure /etc/pam.conf to use LDAP
- 21.3.14. Configure/etc/nsswitch.conf
- 21.3.15. Test user functionality
- 21.3.16. Add another client
- 21.4. Next Steps
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
- TWENTY TWO. Web Servers to Manage HP-UX
-
TWENTY THREE. Other Network Technologies
- 23.1. WAN Solutions: Frame Relay and ATM
-
23.2. An Introduction to Fibre Channel, DWDM, and Extended Fabrics
- 23.2.1. Physical medium
- 23.2.2. HBA and WWNs
- 23.2.3. Topology
- 23.2.4. FC-AL expansion limitations
- 23.2.5. FC-AL distance limitations
- 23.2.6. FC-AL shared transport limitations
- 23.2.7. Loop Initialization Protocol (LIP)
- 23.2.8. Switched Fabric
- 23.2.9. SANs and port types
- 23.2.10. Zoning and security
- 23.2.11. Extended Fabrics—more switches
- 23.2.12. Extended Fabrics – long distances
- 23.2.13. Installing your own fibre: dark fibre, DWDM, and others
- 23.2.14. Fibre Channel bridges
- 23.2.15. Data replication over long distances
- 23.2.16. Mutual recovery
- 23.3. Virtual LAN (VLAN)
- 23.4. Virtual Private Network (VPN)
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
REFERENCES
-
FIFTEEN. Basic IP Configuration
-
FOUR. High-Availability Clustering
-
TWENTY FOUR. Understanding “High Availability”
- 24.1. Why We Are Interested in High Availability?
- 24.2. How Much Availability? The Elusive “Five 9s”
- 24.3. A High Availability Cluster
- 24.4. Serviceguard and High Availability Clusters
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
REFERENCES
-
TWENTY FIVE. Setting Up a Serviceguard Cluster
- 25.1. The Cookbook for Setting Up a Serviceguard Package-less Cluster
- 25.2. The Basics of a Failure
- 25.3. The Basics of a Cluster
- 25.4. The “Split-Brain” Syndrome
- 25.5. Hardware and Software Considerations for Setting Up a Cluster
- 25.6. Testing Critical Hardware before Setting Up a Cluster
-
25.7. Setting Up a Serviceguard Package-less Cluster
- 25.7.1. Understand the hardware and software implications of setting up a cluster
- 25.7.2. Set up NTP between all cluster members
- 25.7.3. Ensure that any shared volume groups are not activated at boot time
- 25.7.4. Install Serviceguard and any related Serviceguard patches
- 25.7.5. Installing a Quorum Server (optional in a basic cluster)
- 25.7.6. Enable remote access to all nodes in the cluster
- 25.7.7. Create a default ASCII cluster configuration file
- 25.7.8. Update the ASCII cluster configuration file
- 25.7.9. Check the updated ASCII cluster configuration file
- 25.7.10. Compile and distribute binary cluster configuration file
- 25.7.11. Back up LVM structures of any cluster lock volume groups
- 25.7.12. Start cluster services
- 25.7.13. Test cluster functionality
- 25.8. Constant Monitoring
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
TWENTY SIX. Configuring Packages in a Serviceguard Cluster
- 26.1. The Cookbook for Setting Up Packages in a Serviceguard Cluster
- 26.2. Setting Up and Testing a Serviceguard Package-less Cluster
- 26.3. Understanding How a Serviceguard Package Works
- 26.4. Establishing Whether You Can Utilize a Serviceguard Toolkit
- 26.5. Understanding the Workings of Any In-house Applications
- 26.6. Creating Package Monitoring Scripts, If Necessary
- 26.7. Distributing the Application Monitoring Scripts to All Relevant Nodes in the Cluster
- 26.8. Creating and Updating an ASCII Application Configuration File (cmmakepkg –p)
- 26.9. Creating and Updating an ASCII Package Control Script (cmmakepkg –s)
- 26.10. Manually Distributing to All Relevant Nodes the ASCII Package Control Script
- 26.11. Checking the ASCII Package Control File (cmcheckconf)
- 26.12. Distributing the Updated Binary Cluster Configuration File (cmapplyconf)
- 26.13. Ensuring That Any Data Files and Programs That Are to Be Shared Are Loaded onto Shared Disk Drives
- 26.14. Starting the Package
- 26.15. Ensuring That Package Switching Is Enabled
- 26.16. Testing Package Failover Functionality
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
TWENTY SEVEN. Managing a Serviceguard Cluster
- 27.1. Typical Cluster Management Tasks
- 27.2. Adding a Node to the Cluster
- 27.3. Adding a Node to a Package
-
27.4. Adding a New Package to the Cluster Utilizing a Serviceguard Toolkit
-
27.4.1. A Serviceguard Toolkit
- 27.4.1.1. CREATE PACKAGE MONITORING SCRIPTS, IF NECESSARY
- 27.4.1.2. DISTRIBUTE THE APPLICATION MONITORING SCRIPT(S) TO ALL RELEVANT NODES IN THE CLUSTER
- 27.4.1.3. CREATE AND UPDATE AND ASCII PACKAGE CONFIGURATION FILE (cmmakepkg -p)
- 27.4.1.4. CREATE AND UPDATE AN ASCII PACKAGE CONTROL SCRIPT (cmmakepkg –s)
- 27.4.1.5. DISTRIBUTE MANUALLY TO ALL NODES THE ASCII PACKAGE CONTROL SCRIPT
- 27.4.1.6. CHECK THE ASCII PACKAGE CONTROL FILE (cmcheckconf)
- 27.4.1.7. DISTRIBUTE THE UPDATED BINARY CLUSTER CONFIGURATION FILE (cmapplyconf)
- 27.4.1.8. ENSURE THAT ANY DATA FILES AND PROGRAMS THAT ARE TO BE SHARED ARE LOADED ONTO SHARED DISK DRIVES
- 27.4.1.9. START THE PACKAGE (cmrunpkg OR cmmodpkg)
- 27.4.1.10. ENSURE THAT PACKAGE SWITCHING IS ENABLED
- 27.4.1.11. TEST PACKAGE FAILOVER FUNCTIONALITY
-
27.4.1. A Serviceguard Toolkit
- 27.5. Modifying an Existing Package to Use EMS Resources
- 27.6. Deleting a Package from the Cluster
-
27.7. Deleting a Node from the Cluster
- 27.7.1. Ensure that no packages are running on the node (cmviewcl)
-
27.7.2. Remove the node as an adoptive node from any configured packages
- 27.7.2.1. GET THE MOST UP-TO-DATE ASCII PACKAGE CONFIGURATION FILE (cmgetconf)
- 27.7.2.2. UPDATE THE ASCII PACKAGE CONFIGURATION FILE
- 27.7.2.3. CHECK THE UPDATED ASCII PACKAGE CONFIGURATION FILE
- 27.7.2.4. COMPILE AND DISTRIBUTE THE BINARY PACKAGE CONFIGURATION FILE (cmapplyconf)
- 27.7.2.5. CHECK THAT THE UPDATES HAVE BEEN APPLIED SUCCESSFULLY (cmviewcl)
- 27.7.2.6. STOP CLUSTER SERVICE ON THE NODE TO BE REMOVED (cmhaltnode)
- 27.7.3. Get the most up-to-date version of the ASCII cluster configuration file (cmgetconf)
- 27.7.4. Update the ASCII cluster configuration file to remove the entry for the node to be deleted
- 27.7.5. Check the updated ASCII cluster configuration file (cmcheckconf)
- 27.7.6. Compile and distribute the binary cluster configuration file (cmapplyconf)
- 27.7.7. Check that the updates were applied successfully (cmviewcl)
- 27.8. Discussing the Process of Rolling Upgrades within a Cluster
- 27.9. If It Breaks, Fix It!
- 27.10. Installing and Using the Serviceguard Manager GUI
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
TWENTY EIGHT. Additional Cluster Solutions
- 28.1. Extended Serviceguard Cluster
- 28.2. Metrocluster
-
28.3. Continentalclusters
- 28.3.1. Setting up Continentalclusters
- 28.3.2. Install Serviceguard and Continentalclusters software
- 28.3.3. Configure data replication
- 28.3.4. Configure the primary cluster
- 28.3.5. Configure the recovery cluster
- 28.3.6. Prepare the Continentalclusters security files
- 28.3.7. Edit and apply the Continentalclusters monitor package
- 28.3.8. Edit and apply the Continentalclusters configuration file
- 28.3.9. Ensure all primary packages are operating as normal
- 28.3.10. Start the Continentalclusters monitor package
- 28.3.11. Validate and test the Continentalclusters configuration
- 28.3.12. Other Continentalclusters tasks
- 28.4. Additional Cluster Solutions
- 28.5. Other Cluster Considerations
- Chapter Review
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
TWENTY FOUR. Understanding “High Availability”
-
FIVE. HP-UX Security Administration
-
TWENTY NINE. Dealing with Immediate Security Threats
- 29.1. A Review of User-Level Security Settings
-
29.2. HP-UX Trusted Systems
- 29.2.1. Features of HP-UX Trusted Systems
- 29.2.2. Enabling and disabling HP-UX Trusted System functionality
- 29.2.3. The structure of the TCB
- 29.2.4. Password policies, aging and password history database
- 29.2.5. Time- and location-based access controls
- 29.2.6. Auditing users, events, and system calls
- 29.2.7. Boot authentication
-
29.3. The /etc/default/security Configuration File
- 29.3.1. Allows a user to log in when his home directory is missing
- 29.3.2. Provides minimum length of a user password in a Trusted and non-Trusted System
- 29.3.3. The ability to disable/enable all non-root logins
- 29.3.4. Sets the number of logins allowed per user ID
- 29.3.5. Determines the password history depth (need to configure Trusted Systems)
- 29.3.6. Controls which users are allowed to use the su command to change their effective UID to root based on their group membership
- 29.3.7. Defines default PATH environment variable when using the su command
- 29.3.8. Provides minimum requirements for password structure (needs patch PHCO_24839 or later)
-
29.4. Common Security Administration Tasks
- 29.4.1. Make sure that root has a secure home directory
- 29.4.2. Regularly check the content and structure of the /etc/passwd file
- 29.4.3. Ensure that login sessions have either an automatic lock or logout facility enabled
- 29.4.4. Disable the use of the write command
- 29.4.5. Use restricted shells for non-root users wherever possible
- 29.4.6. Enforce a policy whereby inactive accounts are disabled
- 29.4.7. Regularly monitor logfiles associated with login activities
- 29.4.8. Enforce password aging, even on non-Trusted Systems
- 29.4.9. Maintain a paper copy of critical system logfiles and configuration details
- 29.4.10. Periodically verify the integrity of all installed software components
- 29.4.11. Monitor the system for SUID/SGID programs
- 29.4.12. Disable/enable HP-UX privileges
- 29.4.13. Avoid “buffer overflow” problems
- 29.4.14. Keep up to date with security bulletins
- 29.4.15. Consider running your own penetration tests
- 29.4.16. Review /etc/inetd.conf regularly and use the /var/adm/inetd.sec file extensively
- 29.4.17. Consider populating your ARP cache with permanent entries
- 29.4.18. Review who is using user-level equivalence for common network services
- 29.4.19. Review whether you really need to support other network services
- 29.4.20. Scrub data disks and tapes when disposing of them
- 29.4.21. Review who has access to your computer rooms
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
- Answers to “File and Directory Permissions” Questions
-
REFERENCES
-
THIRTY. A New Breed of Security Tools
- 30.1. The Basics of Cryptography, Including Symmetric and Asymmetric Key Cryptography
- 30.2. Secure Shell (SSH)
-
30.3. Host Intrusion Detection System (HIDS)
- 30.3.1. Install HIDS on the HIDS Server and all HIDS Clients
- 30.3.2. Create the private/public keys on the HIDS Server
- 30.3.3. Import the public keys on the HIDS Clients
- 30.3.4. Start the HIDS Agent software
- 30.3.5. Create a Surveillance Schedule that will reference at least one Surveillance Group
- 30.3.6. Create a Surveillance Group containing the relevant Detection Templates
- 30.3.7. Select the hosts (HIDS Client) to be monitored
- 30.3.8. Download and activate a Surveillance Schedule to the relevant HIDS Clients
- 30.3.9. Monitor alerts on the HIDS Server
- 30.3.10. Create Response Programs on the HIDS Clients to react to alerts locally (optional)
- 30.3.11. Conclusions on HIDS
-
30.4. IPSec, Diffie-Hellman, and Modular Arithmetic
- 30.4.1. The basics of Diffie-Hellman
- 30.4.2. The problem with Diffie-Helman
- 30.4.3. Setting up IPSec
- 30.4.4. Import/Request certificates or configure preshared keys
- 30.4.5. Set up boot-time configuration
- 30.4.6. Start the IPSec daemons
- 30.4.7. Test a connection to a remote machine to ensure that Main Mode and Quick Mode SAs are established
- 30.4.8. Warnings regarding ICMP packets
- 30.5. IPFilter and Bastille
- 30.6. Other Security-Related Terms
- Test Your Knowledge
- Answers to Test Your Knowledge
- Chapter Review Questions
- Answers to Chapter Review Questions
-
REFERENCES
-
A. Getting to Know Your Hardware: A Bit of Background
- A.1. Processor Architecture
-
A.2. Common processor families
- A.2.1. CISC: Complex Instruction Set Computing
-
A.2.2. RISC: Reduced Instruction Set Computing
- A.2.2.1. HEWLETT-PACKARD'S PA-RISC 2.0
- A.2.2.2. 64-BIT EXTENSIONS
- A.2.2.3. SUPPORT FOR LARGE HIGH-END APPLICATIONS
- A.2.2.4. BINARY COMPATIBILITY
- A.2.2.5. MIXED-MODE EXECUTION
- A.2.2.6. PERFORMANCE ENHANCEMENTS
- A.2.2.7. CACHE PRE-FETCHING
- A.2.2.8. BRANCH PREDICTION
- A.2.2.9. MEMORY ORDERING
- A.2.2.10. COHERENT I/O
- A.2.2.11. MULTIMEDIA EXTENSIONS
- A.2.3. VLIW: Very Long Instruction Word
- A.2.4. Conclusions: Which architecture is best?
- A.3. Memory Hierarchy
- A.4. Main Memory
- A.5. A Quick Word on Virtual Memory
-
A.6. Concurrency: Getting Someone Else to Help You
-
A.6.1. Flynn's Classification
- A.6.1.1. SISD: SINGLE INSTRUCTION SINGLE DATA
- A.6.1.2. SIMD: SINGLE INSTRUCTION MULTIPLE DATA
- A.6.1.3. MISD: MULTIPLE INSTRUCTION SINGLE DATA
- A.6.1.4. MIMD: MULTIPLE INSTRUCTIONS MULTIPLE DATA
- A.6.1.5. NON-UNIFORM MEMORY ACCESS
- A.6.1.6. OTHER NUMA VARIANTS
- A.6.1.7. MASSIVELY PARALLEL PROCESSORS (MPP)
- A.6.2. SPMD: Single Program Multiple Data
-
A.6.1. Flynn's Classification
- A.7. IO Bus Architecture and IO Devices
- A.8. Disk Drives: Storage or Speed
- A.9. Getting to Know Your Hardware
- A.10. Conclusions
- PROBLEMS
- ANSWERS
-
REFERENCES
- B. Source Code
- C. Patching Usage Models White Paper
- D. Auto-Negotiation White Paper
- E. Building a Bastion Host White Paper
-
TWENTY NINE. Dealing with Immediate Security Threats
Product information
- Title: HP-UX CSE Official Study Guide and Desk Reference
- Author(s):
- Release date: September 2004
- Publisher(s): Pearson
- ISBN: 0131463969
You might also like
book
HP-UX 11i System Administration Handbook and Toolkit, Second Edition
Your complete single source for HP-UX system administration! Now, there's a single source for all the …
article
Have ChatGPT Ask You Questions
ChatGPT Shortcuts shows future prompt engineers how to harness the full potential of the state-of-the-art AI …
video
GenAI Essentials for Everyone - Overview
Our team of experts has hand-selected and organized the most crucial concepts and practical applications of …
book
Ubuntu Unleashed 2015 Edition: Covering 14.10 and 15.04, Tenth Edition
The Publisher regrets that the CD/DVD content for this title cannot be made available Online. Ubuntu …