INDEX
1639
AA6 record, 931AAAA records, 931AAL (ATM Adaptation layer), 1116Access control identifiers (ACI), 1075–1076Access Control Lists (ACLs), 960, 1370
HFS (High performance Files system), 400–409Account Support Engineer (ASE), 654acctcom command, 531ACEdirector (Alteon), 1173Active Directory Service (ADS), Windows 2000, 1069–
1070, 1087ACTIVE state, 341Acutime 2000 Synchronization Kit, 978Additive inverse, 1464addlog option, vxassist command, 350addpeer command, 988Address offset, 382Address ranges, 567–568Address space, 449
layout, 568Address swizzling, 570addr-pool-last-address=, 831addr-pool-start-address=, 831admin event, 1395Administrative domain, 1035Adoptive node, 1182–1183ADVA Optical, 1147Advanced peripherals configuration, 185–233
Fibre Channel SAN, 200–208IO tree, reorganizing, 186–200Online Addition and Replacement (OLA/R),
208–228Advocates, 4Age hand, 457Aged pages, 593AgentConfig.SD-CONFIG fileset, 701–703Aging a page, 457alert facility, syslogd, 485aliases.db file, 1006allow-bootp-clients=, 832allow-update policy, 957Alternate boot path (ALT), 75, 77, 86, 115, 170Alternate PV Links, 286–291, 370
defined, 286AND operator, truth table for, 238–239Annualized Failure Rate (AFR), 1170Anycast addressing, 855APA, See Automatic Port Aggregation (APA)Apache web server, 1095, 1102–1107
default web page, 1106Application monitoring script, 1230Application package IP address, 1182–1183Application package monitoring, 1232
Application records, Process Resource Manager (PRM), 608–614
Applied patches, 666Arbitrated Loop (FC-AL) topology, 1127
distance limitations, 1127expansion limitations, 1127Loop Initialization Protocol (LIP), 1128–1129shared transport limitations, 1127–1128
Arbitrated Loop Physical Address (AL_PA), 1127Arbitrator nodes, 1321Architectural concepts, 10ARP (Address Resolution Protocol), 797, 803ARP Cache, 878ARP hack, 825–826Array Interface, 202ASU/9000 (Advanced Server for UNIX), 1034Asymmetric key, 1435–1436Asynchronous data replication, 1331Asynchronous Transfer Mode (ATM), 1115–1120
ATM Forum, 1117defined, 1115HP ATM solutions, 1117serial link speeds, 1118–1119service types, 1115–1116
Available Bit Rate (ABR), 1116Constant Bit Rate (CBR), 1115Unspecified Bit Rate (UBR), 1116Variable Bit Rate (VBR), 1116
ATM, See Asynchronous Transfer Mode (ATM)ATM Forum, 1117ATMARP Clients, 1118Attention light, 215–216Attributes, patches, 663–669audisp comman, 1397Audit log files, setting up, 1391–1399audswitch() system call, 1395audwrite() system call, 1395auth facility, syslogd, 485Authentication, 1437Authenticity, 1437AUTO file, 770, 773Auto FS, 381Autoconfiguration, IPv6, 854Automatic cluster reconfiguration, after node failure,
1176Automatic link failure and recovery, 859Automatic Port Aggregation (APA), 859–883
failover group:using existing aggregates in, 878–883
high-availability network configuration, 870Hot Standby configuration, 871–873LAN Monitor Configuration, 873–878
hp_apaconf:manually configurung, 860–870modifying, 871
ΚεενανΙνδεξ.φµ Παγε 1639 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
1640 Index
Auto-negotiation, 808–811AutoPath/XP, 291Available Bit Rate (ABR), 1116Available memory, 453
B-B option, parcreate command, 96B_Port, 1136backplane, 17Backup domain controllers (BDC), 1035Baltimore certificates, 1466, 1473Bandwidth, 1119Barriers, 1155Base cells, 88base option, parcreate command, 88Basic disk topology, 384Basic IP configuration, 797–887
Automatic Port Aggregation (APA), 859–883basic network trace, performing, 839–843data-link level testing, 799–803dynamic IP allocation, 826–839IP Address, 811–814IP multiplexing, 851–853IPv6, 853–859link speed and auto-negotiation, 808–811MAC address, changing, 803–808network parameters, modifying with ndd, 843–
851networking kernel parameters, 798–799static routes, 816–818
Proxy ARP, 825–826subnetting, 814–816
Bastian host, 1495Bathtub failure distribution, 1169BB_Credits, 1144–1145BCH, 57–58BCH search command, 58BDRA, 784BEA, 1166BECN (Backward Explicit Congestion Notification), 1115Berkeley filesystem, 383Berkeley Internet Name Daemon (BIND), 912, 920, 923BIB, 80–82BIB (Boot-Is-Blocked), 80–82BIND v9.2.0, 912, 920, 923BIND v9.1.3, 853Blocking semaphores, 563BO command, 67–68, 78, 99, 110, 123Boot Authenticator for Standard Mode HP-UX, 1402Boot Console Handler (BCH), 57–58Boot Data Reserved Area (BDRA), 784Boot Inhibit Bit (BIB), 80–82Boot paths, 75, 77, 86, 94, 115, 169–170Boot string, 169–170Boot-Is-Blocked (BIB) state, 67bootpd, 830–831, 837bootptab, 830Boot-related attributes, changing, 169–171Bottlenecks, 529, 586–601
defined, 586reasons for, 586resolving, 587
Bound CPUs, 130–131, 149Bound thread, 534Boundary concept, Single System Image (SSI), 1174Bridge port, 1136Broadcast address, 815–816Broadcast client, 995–996Browse Master, 1034Bucket-brigade attack, 1465Buffer credits, 1144Bureau International des Poids et Mesures (International
Bureau of Weights and Measures) (BIPM), 977Business Copy XP, 1151
CCabinet Level Utilities, 29Cabinet power monitors, 29Cache FS, 381Caching only slave, setting up, 943Caching-only server, 915Caesar cipher, 1434Calendar Server, 1229Call setup state, switched virtual circuits (SVCs), 1114Call termination state, switched virtual circuits (SVCs),
1114Campus Cluster solution, 1320CAP option, 618Capping, 605–606cb command, 501CBR, 1115CC command, 65, 67ccmonpkg, 1329–1330cc-NUMA, 10, 120
and multiprocessor environments, 554–556CDE, 459CDFS, 381ce command, 501cell board, 15, 17–18, 18, 23Cell Controller chip, 18, 21Cell delineation, 1116–1117Cell Local Memory (CLM), 24–25, 89Cell rate decoupling, 1117Cells, 17
behavior during inital book of a partition, 80–83CERIAS (Center for Education and Research in
Information Assurance and Security) project, 1420Certificate Revocation List (CRL), 1474Certification Authority (CA), 1437Certified System Engineers, 4chacl command, 400chatr command, 570, 576
POPS using, 582–585chatr -M command, 573Checksum, 1437CHIP ports, 1151chroot command, 785, 787Chunks of memory, 383, 451CIFS client configuration, 1041–1047
adding the CIFS filesystems to the /etc/fstab file, 1043
CIFS client start script, running, 1042CIFS filesystems, mounting, 1043–1044CIFS/9000 Client product, installing, 1041–1042
ΚεενανΙνδεξ.φµ Παγε 1640 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
Index 1641
cifslogin, 1044–1047cifslogout, 1045–1046cifsmount, 1046–1047creating a mount point directory, 1042/etc/opt/cifsclient/
cifsclient.cfg, configuring, 1042executing the /opt/cifsclient/bin/
cifslogin program, 1044CIFS client daemon, restarting to pick up changes in
smb.conf, 1052–1053CIFS client of server, 1034–1035CIFS server configuration, 1035–1041
CIFS daemon, starting, 1039CIFS server functionality, enabling in /etc/
rc.config.d/samba, 1036CIFS-server software, installing, 1036/etc/opt/samba/smb.conf, configuring,
1037local SMB/CIFS password file, using, 1036SMB password file, creating, 1039verify the configuration with the smbclient
utility, 1040–1041verifying your smb.conf configuration with the
testparm utility, 1038Windows NT LanManager authentication,
1035–1036cifsclient command, 1042Circuit switching, 1112CISCO Systems, 1147, 1166Classes, IP addresses, 812–814Classical IP (CIP) address, 1118class-id, 835CLEAN state, 341cleanup command, 689–690Client Host Interface Port (CHIP), 1151Client mode, Router Discovery Protocol (RDP), 894–897Client profiles, deciding where to store, 1075clifsclient command, 1053CLM, 24–25, 89:clm option, parcreate command, 88–89clock.cuhk.edu.hk, 988clockwatch application, 1232–1234, 1272–1273close event, 1395Closed mutex, 533Cluster:
Active/Active, 1183Active/Standby, 1183basics of, 1183–1186cluster coordinator, 1184cluster monitoring, 1183defined, 1183Rolling Standby, 1183setting up:
data center, 1188disk drives, 1187hardware and software considerations,
1187–1189networks, 1187performance, 1188power supplies, 1187–1188security, 1188–1189SPU failure, 1187
user access, 1188testing critical hardware, 1189–1193
disk drives, 1189–1192LAN cards, 1192–1193
Cluster lock functionality, 1323Cluster Management Daemon, 1177Cluster Object Manager software, 1310, 1312, 1378Cluster quorum, 1321Cluster-wide security policies, 1177CM command, 51, 68, 89cmapplyconf, 1273cmcheckconf, 1273cmcld, 1183–1184, 1212cmclnodelist file, 1310–1311cmgetconf, 1273cmquerycl, 1270, 1273cmrecovercl command, 1330cmviewcl, 1273CNAME (alias) names, making for all delegated
hostnames, 948–951CNT, 1147Cocks, Clifford, 1439Code Book, The (Singh), 1435Collabra Server, 1229Colon hexadecimal notation, 854Committed Burst Size (CBS), 1115Committed Information Rate (CIR), 1115Committed patches, 666Common bottlenecks, 586–601
CPU bottlenecks, 587–592disk bottlenecks, 596–600memory bottlenecks, 593–596
Common Internet Filesystem (CIFS/9000), 381, 1033–1064
CIFS client configuration, 1041–1047adding the CIFS filesystems to the /
etc/fstab file, 1043cifslogin, 1044–1047cifslogout, 1045–1046cifsmount, 1046–1047creating a mount point directory, 1042/etc/opt/cifsclient/
cifsclient.cfg, configuring, 1042
executing the /opt/cifsclient/bin/cifslogin program, 1044
installing the CIFS/9000 Client product, 1041–1042
mounting the CIFS filesystems, 1043–1044
running the CIFS client start script, 1042CIFS client daemon:
restarting to pick up changes in smb.conf, 1052–1053
CIFS client of server, 1034–1035CIFS server configuration, 1035–1041
CIFS daemon, starting, 1039CIFS server functionality, enabling in /
etc/rc.config.d/samba, 1036CIFS-server software, installing, 1036/etc/opt/samba/smb.conf,
configuring, 1037
ΚεενανΙνδεξ.φµ Παγε 1641 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
1642 Index
local SMB/CIFS password file, using, 1036
SMB password file, creating, 1039verify the configuration with the
smbclient utility, 1040–1041verifying your smb.conf configuration
with the testparm utility, 1038Windows NT LanManager
authentication, 1035–1036defined, 1034
Complete Plex, 313Complex Profile, 18
considerations when creating, 24–25current, investigating, 35–36Dynamic Complex Configuration Data
(DCCD), 34and GSP (Guardian Service Processor), 33–35incoherent, 82Partition Configuration Data (PCD), 34Stable Complex Configuration Data (SCCD),
33, 100–101and timestamp information, 35
Computer Emergency Response Team (CERT), 1419Computer Operation, Audit, Security, and Technology
(COAST) project, 1420Concurrency, in multiprocessor environments, 562–563conf.cacheonly file, 943Confidentiality, 1437Configuration:
defined, 1143Configuration attributes:
partitions:changing, 167–169
conf.sec file, 934–935conf.sec.save file, 934–936Consistency, 1150Constant Bit Rate (CBR), 1115Context switches, 540–541
defined, 539–540reasons for, 540
Continentalclusters, 1152, 1310, 1329–1360configuration:
validating/testing, 1348–1359configuration file:
editing/applying, 1342–1347data replication:
configuring, 1333–1334defined, 1329–1330logical replication, 1331monitor package:
editing/applying, 1339–1342starting, 1347–1348
physical replication, 1331primary cluster:
configuring, 1334–1336primary packages:
ensuring normal operation of, 1347recovery cluster:
configuring, 1336–1339security files:
preparing, 1339setting up, 1331–1332
software, installing, 1332–1333tasks, 1359–1360
Continuation inode, 1375Continuous Access XP, 1329, 1331Continuous Access XP Extended, 1150–1151Continuous Access XP Synchronous, 1150Control flag, 1051Controlled access protection, 1380convert operation, 367Copper cabling, 1122–1123COPS (Computer Oracle and Password System), 1420Core Cell alternate, 94Core Cell capable, use of term, 39, 44, 66–67Core cells, 88, 94Core class switches, 1129–1130Core IO Card, 19, 20–21Core OS Install and Recovery, 759Core Switch PID Format., 203Corrupt boot header:
including a missing ISL:recovering, 760–774
corrupt state, 666Cost of downtime, 1164CP command, 36, 39CPID (Creator Process ID), 566–567cpio, 382, 1374–1375cpm.collect.sh, 646CPU bottlenecks, 587–592
CPU Run Queue, 587–588size of, 587
and CPU utilization, 587–589CPU-related metrics to monitor, 590example of, 589hardware solutions to, 591metrics to consider, 587Priority Queue, 587resolving, 591–592software solutions to, 591–592
CPU Run Queue, 587–588size of, 587
CPU self tests, 80CPU utilization, 587–589Crashdump, storing to tape, 523Crashed HP-UX system:
recovering, 759–793corrupt boot header, including a missing
ISL, 760–774from having no bootable kernel, 774–781from a missing critical boot file, 781–789
create event, 1394Create ISAKMP Preshared Key window, 1473Creating the Genesis Partition, 44crit facility, syslogd, 485Criteria Thresholds, events, 489–490Critical Resource Analysis, 8, 209, 213–215cron facility, syslogd, 485CrossBar interface, 21–22Cryptography, 1434–1437Currency, 1150Customer LAN, 33customer_defined_run_cmds, 1231cxperf command, 531
ΚεενανΙνδεξ.φµ Παγε 1642 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
Index 1643
Cylinder groups, 383Cyphertext, 1434
Dd_boot_authenticate capability, 1400daemon facility, syslogd, 485–486daisy-chain multiple IO cardcages, 18Dark fibre, 1146Data Change Object (DCO), 350Data circuit-terminating equipment (DCE), 1113Data migration, 1077Data rate, 1148Data replication, 1322Data terminal equipment (DTE), 1113Data transfer state:
permanent virtual circuits (PVCs), 1114switched virtual circuits (SVCs), 1114
Data-link connection identifier (DLCI), 1113Data-Link layer, 799Data-link level testing, 799–803DataProtector, 1120DB_READER, 1227DB2, 1229, 1276db.cache file, 943dbd, 451db.root file, 925DCE (Distributed Computing Environment), 1496DCF77 transmissions, 978ddns-address, 956Deactivations, and memory bottlenecks, 593DEAD_COUNT, 875debug facility, syslogd, 485Dedicated Heartbeat LAN, 1176Default gateway, 825–826Default route, 817Default VLAN ID, 1153delay (roundtrip time) column, 984Delegated clients, configuring to reference delegated
name servers, 948Delegated master name server, setting up, 945–948Delegated name servers, referencing in the name server
database file, 951–953Delegated slave server, setting up, 948Delegated subdomain, 912–913Delegation, defined, 944delete event, 1394Demand-paged virtual memory system, 448Dense Wave Division Multiplexing (DWDM), 1123–
1124, 1146deporting disk groups, 364–366desfree, 455–457, 593Designing Disaster Tolerant High Availability Clusters,
1324DETACHED volumes, 340Detection Templates, 1446–1447DETTACHED/IOFAIL state, 342devassign file, 1387Device assignment database, 1387device drivers, 9Device group, 835–837Device Interface, 202Device status, 489
dgcfgbackup command, 333dgcfgrestore command, 333–334DHCP server:
configuring DNS to accept automatic updates from, 955–963
DNS master server:updating, 956–963
updating, 955–956dhcp_pool_group, 831DHCPDISCOVER request, 831dhcptab, 836dhcptools command, 833–835dhcptrace, 836DHCPv6, 853DI command, 55Diagnostics directory, 649.dict files, 488–489Diffie, Whifield, 1439Diffie-Hellman crypto-system:
basics of, 1463–1465failing of, 1465–1466
Diffie-Helmann crypto-system, 1439–1440dig command, 931Digital signatures, 1437–1438Director class switches, 1129–1130Directories, 1067Directory Access Protocol (DAP), 1067–1068Directory Server, 1229Directory Services administrator password, 1077Dirty region log (DRL), 313DISABLED/ACTIVE state, 342DISABLED/IOFAIL state, 342DISABLED/NODEVICE STATE, 342DISABLED/OFFLINE state, 342DISABLED/REMOVED state, 342DISABLED/STALE state, 342Discretionary security protection, 1380DISENABLED volumes, 337–339, 337–340Disk bottlenecks, 596–600
and disk queue length, 596–597hardware solutions to, 598–599metrics, 596–598and processes blocked on disk IO, IO, buffer
cache, inode:, 596–597resolving, 598–600software solutions to, 599–600
Disk drives, testing, 1189–1192Disk group, 311Disk media, 311–312Disk media name, 316Disk striping, 246–253Disks/volumes:
Logical Volume Manager (LVM), 245–307RAID levels, 236–238Veritas Volume Manager (VxVM), 309–379
disp (dispersion) column, 984Dispersion, 979–980Distinguished Name, 1069Distributed FS, 381Distributed lock manager (DLM), 1360Distributed Logical Volume, 248Distributed volume, 250
ΚεενανΙνδεξ.φµ Παγε 1643 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
1644 Index
DL command, 55dlpi driver, 798dmesg command, 517dmp_pathswitch_blks_shift kernel parameter,
373DMZ, 1494–1495DNS master server, updating, 956–963dnsseckeygen, 925, 958DocumentRoot directive, 1099Domain name, 964Domain Name System (DNS), 797, 911–973, 1067
additional backup slave and caching-only name servers:
configuring, 934–943DNS forwarders:
delegating authority to, 944–955DNS master server:
updating, 956–963as glue of the Internet, 911master name server:
configuring, 915–934subdomain:
delegating authority to, 944–955Domains, 912
user manager for, 1048Don’t Fragment flag, 1482Dotted octet notation, 812DR command, 55driftfile, 986Dual-speed slots, 55–56Dual-stack machines, 854Dummy volumes, 253dump, 382Dump space, 447–472DWDM, 1120–1121Dynamic Complex Configuration Data (DCCD), 34Dynamic DNS server (DDNS), 956Dynamic DNS server updates, 963Dynamic Host Configuration Protocol (DHCP), 828–839
booting a DHCP client, 837–839defined, 828device group, 835–837individual node configuration, 830–831pool group, 831–835server configuration, 829–830
Dynamic IP allocation, 826–839Dynamic Multipathing (DMP), 313, 370–373Dynamic routing, 889–909
gated.conf configuration file, 891–892network for, 890Open Shortest Path First (OSPF), 900–906Router Discovery Protocol (RDP), 892–897
client mode, 894–897conclusions about, 897server mode, 892–894
Routing Information Protocol (RIP), 897–900conclusions about, 900
Dynamically Linked Kernel Modules (DLKM), 227Dynamically Loadable Kernel Modules (DLKM), 474–
478Dynamically Tunable Kernel Parameters (DTKP), 478–
480
EE_Port, 1135–1136, 1146Easyspace, 916Echelon, 25Echelon/Rank, 25Edge switches, 1129–1130, 1153EFI, See Extensible Firmware Interface (EFI)800SUPPORT command, 7628-slot PCI cardcage, 18EL command, 55Ellis, James, 1439elm, 1002Elroy chip, 56EMC Symmetrix SRDF, 1331–1332emerg facility, syslogd, 485EMPTY state, 341EMS, See Event Monitoring System (EMS)EMS dictionary, 488EMS HA Monitors, 489–491, 1217–1218EMS hardware monitors, 647, 649EMS High Availability Monitors, 473EMS Kernel Resource Monitor, 647, 649Emulate LAN (ELAN) interfaces, 1118Emulated private loop (EPL), 1129ENABLED volumes, 337, 337–340Encryption, 1155Encryption key, 1434Encyption algorithm, 1434Enterprise Cluster Master Toolkit, 1229, 1230, 1276Enterprise Server, 1229Enterprise Server Pro, 1229Entitlement-based SLOs, 626Entity, 840Entrust Security Certificates for Primary Authentication,
1466Enumeration, 1087EPIC (Explicitly Parallel Instruction Computing), 6err facility, syslogd, 485/etc/cmcluster/cmclconfig, 1177/etc/default/security configuration file, 1369,
1402–1407/etc/default/security configuration
file, capabilities, 1402–1407/etc/group, 1067
customizing, 1078/etc/hosts file, 960/etc/inittab, 190/etc/ioconfig, 190/etc/named.conf file, 926, 944, 956, 964, 966
setting up a forwarders entry in, 953–955/etc/nsswitch.conf file, 960/etc/ntp.conf, 980, 985, 989, 992/etc/ntp.keys file, 992/etc/opt/resmon/lbin/monconfig, 490/etc/pam.conf file, 1049
configuring to utilze NTLM as an authentication protocol, 1049–1052
/etc/passwd file, 1035, 1039, 1067, 1374–1378customizing, 1078
/etc/rndc.conf file, 936, 964/etc/sbtab, 784
ΚεενανΙνδεξ.φµ Παγε 1644 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
Index 1645
/etc/services, 1067/etc/services.window configuration file, 578–
579Ethernet, 1113Euclid’s algorithm, 1464EUI-64 identifier, 855Evaluation levels, ITSEC, 1382Event Monitoring System (EMS), 484, 488–494, 1183,
1227Events:
Criteria Thresholds, 489–490defined, 488
Excess Burst Size (EBS) Traffic Management parameters, 1115
EXEC_MAGIC executable, 571–572, 574–575EXPORT option, 619Extend Serviceguard Cluster, 1152Extended fabrics, 1120–1121
long distances, 1144–1145switches, 1143–1144
Extended Long Wave GBICS, 1123Extended Serviceguard cluster, 1319–1365
Continentalclusters, 1329–1360data replication in, 1322Metrocluster, 1323–1329networking in, 1322Serviceguard extension for SAP, 1360–1361Serviceguard Extensions for Oracle Real
Application Clusters (RAC), 1360three data centers:
design limitations, 1321two data centers:
design limitations, 1320–1321Extensible Firmware Interface (EFI), 58, 319
numbering convention, 61Extent-based striped logical volume, 247–248
drawback of, 251–252
FF_Port, 1135Fabric, defined, 1129Fabric Discovery, 80Fabric Login (FLOGI), 1128, 1130–1131, 1135Failed disk, recovering, 333–342FAILING disk, 34 0, 335Failover group, 859–860FAILOVER_GROUP, 875Fair Share Scheduler, 601Fast EtherChannel (FEC/PAgP) technology, 860Fast Ethernet, 808–809FastTrack Server, 1229Fat pipe, 859, 867Fault Tolerant systems, 1164–1165FC-AL topology, 1127
distance limitations, 1127expansion limitations, 1127Loop Initialization Protocol (LIP), 1128–1129shared transport limitations, 1127–1128
fcmsutil command, 1125, 1131, 1139, 1141FDDI, 860, 870, 1117FEC_AUTO protocol, 862, 863, 867, 870–871, 874, 880FECN (Forward Explicit Congestion Notification), 1115
Fibre Channel, 8, 9, 906, 1112, 1120–1122, 1175copper cabling, 1122–1123fibre-optic cable, 1122–1123frame, 1144physical medium, 1122protocol layers, 1122standards, 1122, 1129topologies supported by, 1127
Fibre Channel SANs, 200–208, 1120, 1146Fibre-optic cable, 1122–1123
multi-mode fibre, 1123single-mode fibre, 1122–1123
File and directory permissions, 1370–1376HFS Access Control Lists, 1375–1376VXFS Access Control Lists, 1371–1375
Filesystems, 9, 10, 381–445, 409–414, 529basic characteristics, 382–383
large files, 382Berkeley filesystem, 383HFS (High performance Files system), 382
Access Control Lists (ACLs), 400–409internal structure, 383–388tuning, 388–400
McKusick filesystem, 383mount options to affect IO performance, 428–
429navigating:
via the VFS layer, 434–437online JFS features, 409–414
controlling synchronous io (convosync=), 429–430
logging levels used by the intent log, 416–420
online de-fragmentation of, 414–416upgrading an older VxFS filesystem, 409–
414structure of, 381VxFS filesystem,:
tuning, 421–428VxFS Snapshots, 431–434
finger command, 1087Firewalls, 1155, 1495First-level security concerns, 1369fl command, 495FL_Port, 1135flex-cable connectors, 21Floating CPUs, 130FLOGI, 1128, 1130–1131, 1135, 1138FLPs (fast link pulses), 808–809fork() system call, 537forwarders, setting up, 953–955Forwarding requests, 914FQDN, See Fully Qualified Domain Name (FQDN)fr command, 495Fragmentation Needed flag, 1482Frame Relay packet-switched network (PSN), 1113
supported adapters, 1115fsck command, 340, 381, 777, 789fsdb command, 386–387FSPF (Fibre Shortest Path First), 906, 1126, 1143ftp, 784, 1423ftpd, 785
ΚεενανΙνδεξ.φµ Παγε 1645 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
1646 Index
Fully Qualified Domain Name (FQDN), 912, 915–916, 931
Fully qualified entries, 1069Fundamental Tenet of Cryptography, 1439
GG_Port, 1136Gardner, Martin, 1435gated routing daemon, 817–818, 824–825, 889–890gated.conf configuration file, 891–892, 897GBIC (Gigabit Interface Converter), 1123General Release patch, 642General/Special recalled patch, 643General/Special Superseded patch, 643Generic UNIX monitoring tools, 531Genesis Partition, 15, 63–80
boot actions, 75–80creating, 61–62, 65–80ensuring cells are inactive, 63–65
getmemwindow command, 579glance command, 143, 531, 535, 588
Processor Sets in, 561–562Global addresses, 854Global area, 459Global Catalog server, 1087–1088Global Environment directives, 1103Global Virtual Address (GVA), 450Global Wait States, 588–589Glue records, 914Gold Applications patch bundle, 647Gold Base depot, 647Golden Image, 698
creating, 727using make_sys_image, 728–730
creating Ignite-UX configuration file representing contents of, 730–735
Post-Configure script/Post-Load script, 734–735
defined, 727setting up, 727–744testing the configuration, 741–744
GOLDQPK11i depot, 648gpgslim, 457, 593gpm command, 531GPS receiver, 978Grande chip, 55Greenwich Meridian, 977, 987grep command, 1480–1481Group membership service (GMS), 1360groups command, 1087GSP (Guardian Service Processor), 18, 20–21, 28, 30–55
administrator-level user, 31, 45categories of user on, 45Chassis/Console Log screen, 51, 53Command Menu screen, 50and Complex Profile, 33–35Console screen, 51–53Customer LAN, 33GSP Command Menu, 36, 45Local serial port, 33operator-level user, 31, 45Private LAN, 32–33
Remote serial port, 33single partition user, 45SO command, 45switches, 34Virtual Front Panels (VFP) screen, 51–52
Guardian Service Processor (GSP), See GSP (Guardian Service Processor)
H-H option, shutdown command, 63HACMP (IBM), 1174Halfdome Utility Communications (or Connector)
Board (HUCB), 29–30halt-for-reconfig, 62Hard reset, 171Hard zoning, 1137, 1140–1141Hardware enablement patch bundle, 647Hardware monitor, 489Hardware Path, 58
components of, 59Hardware status monitoring, 489Hardware support call, 504, 509–510Hashed Page Table (HTBL), 451<HBA hardware path>, 203, 1133HBA (host bus adapter), 1123–1124HBPB0 (Halfdome BackPlane Board 0), 21HE command, 44Heap, 568Heartbeat LAN, 1176HEARTBEAT_IP, 1184Hellman, Martin, 1439Hewlett-Packard, Precision Architecture (HP), 5–7HFS Access Control Lists, 1375–1376HFS (High performance Files system), 382
Access Control Lists (ACLs), 400–409basic layout, 385inode, 386internal structure, 383–388tuning, 388–400
HIDS, 459, See Host Intrusion Detection System (HIDS)High Availability Alternative (HAA), 75–76, 86, 115High Availability Clusters, 1171–1174
and Serviceguard, 1174–1178synchronous/asynchronous data replication in,
1152High Availability (HA), 1163–1180
Annualized Failure Rate (AFR), 1170cluster, 1171defined, 1164–1165as a design principle, 1165–1166five 9s, 1168–1170
Mean Time Between Failures (MTBF), 1169–1170
percentages, 1168pillars of:
IT processes, 1167support partnerships, 1167technology infrastructure, 1166–1167
reasons for interest in, 1164–1165statement defining, 1170
High Priority Machine Check (HPMC), 504–505defined, 506
ΚεενανΙνδεξ.φµ Παγε 1646 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
Index 1647
High-priority sleepers, 549High-speed cache, 7, 10HMIOB (Halfdome Master IO Backplane), 20hn, 832Hop count, 899Host address (host ID), 812Host Bus Adapter (HBA), 1123–1124Host Intrusion Detection System (HIDS), 1446–1463
conclusions about, 1463defined, 1446Detection Templates, 1446–1447HIDS Agent software:
starting, 1454–1455HIDS clients:
importing public keys on, 1452–1453multi-homed, 1450–1452response programs, creating, 1461–1463selecting the hosts to be monitored,
1458–1459HIDS server:
creating private/public keys on, 1448–1452
monitoring alerts on, 1460–1461multi-homed, 1449–1450
installing HIDS on the HIDS server and all HIDS clients, 1448
Surveillance Group:creating to contain relevant Detection
templates, 1456–1458Surveillance Schedule:
downloading/activating to relevant HIDS clients, 1459
surveillance survey, creating to reference the Surveillance Group, 1455
Hostnames, 912hosts_to_named utility, 915, 918–921, 1011Hot Standby, 859Howes, T., 1067, 1067–1068HP AutoPath/VA, 291HP e-Commerce Traffic Director Server Appliance
SA8220, 1173HP Hardware Customer Engineer, 784HP Instant Support Enterprise Edition, 647–648HP online Software Depot,
security_patch_check, 649–654HP Proliant PC, 32HP Systems Partitions Guide, 15HP_APA_DEFAULT_PORT_MODE, 862HP_APA_GROUP_CAPABILITY (FEC_AUTO only)
configuration setting, 862HP_APA_START_LA_PPA, 862hp_apaconf file, 863
manually configurung, 860–870HP_APAPORT_CONFIG_MODE, 862HP_APAPORT_KEY (LACP_AUTO only), 862hp_apaportconf file, 874HP/Agilent 58503A, 978HP-assigned Support Representative, 654HPMC (High Priority Machine Check), 39HP-specific monitoring tools, 531hpstreams driver, 798HP-UX:
patches, 642–695Web servers to manage, 1093–1110
HP-UX 11i Enterprise Operating Environment, 1322HP-UX 11i Mission Critical Operating Environment,
1230HP-UX 11i Operating Environment, 1034, 1041, 1071HP-UX AAA Server, 1156HP-UX administrator, 4HP-UX, as a multithreaded operating system, 529HPUX, as onion-skin operating system, 8–9HP-UX Bastille, 1494
defined, 1484installing, 1490–1494
hpux command, 355, 358HP-UX hardware paths, 55HP-UX Installation Media:
emergency recovery using, 759–793recovering:
corrupt boot header, including a missing ISL, 760–774
from having no bootable kernel, 774–781from a missing critical boot file, 781/stand/rootconf, 781–789
HP-UX IPFilter, 1155–1156hpux –is command, 1399HP-UX patch management (PDF), 649HP-UX real-time priorities, 542
run queues for, 547–548HP-UX Strong Random Number Generator software, 920HP-UX Support Plus CD/DVD-ROMs:
Bundle Matrix, 647Support Plus CD-ROM layout, 648–649
HP-UX Timeshare scheduling policy, 549HP-UX Timesharing scheduling policy, 603HP-UX Trusted Systems, 1087–1088, 1369, 1374–1375,
1376–1402disadvantages of using, 1379Division A, 1381Division B, 1380–1381Division C, 1380Division D, 1380enabling/disabling functionality, 1382–1383features of, 1379as measure of HP commitment to operating
system security, 1379HP-UX Tuning and Performance (Sauers/Weygant), 529HP-UX Workload Manager (WLM), 121, 530HSSDC (High Speed Serial Direct Connect) connectors,
1123HTML, 1107htpasswd command, 1107httpd command, 1105httpd process, 1093–1094HyperPlex, 120–121
IIA-64, 6ICMP packets, 1483–1494
warnings regarding, 1482–1483ICMP redirect, 817ICMP redirect message, 817ICMP router advertisements, 890
ΚεενανΙνδεξ.φµ Παγε 1647 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
1648 Index
Ideal server, 698Idle state:
permanent virtual circuits (PVCs), 1114switched virtual circuits (SVCs), 1114
IDS_importAgentKeys command, 1453IEEE 802.1p, 1153IEEE 802.1Q, 1153ifconfig, 856Ignite-UX:
adding additional software to a Core OS configuration, 720–727
setting up software depot(s), 720–722, 722–723
updating the index file to reflect the new/nlconfigurations that are now available, 723–725
using the new configuration to install a client, 725–727
installing a complete operating system using, 706–727
installing software with, 697–758setting up a server to utilize an existing Core OS
depot, 707–720ikmpd daemon, 1467IMPORT option, 619importing disk groups, 364–366inaddr.arpa, 914–915IN-ADDR.ARPA domain, 953Incoherent Complex Profile, 82index.html, 1100inet driver, 798Infant mortality rate, 1170Infinity metric, RIP, 899info command, 501
syslogd, 485infolog command, 501Information menu, 71–72Information Technology Security Evaluation Criteria
(ITSEC), 1382Informix, 1229, 1276Initialized data, 568Installed Products Database (IPD), 666Installing and Managing HP-UX Virtual Partitions
(vPars), 128, 130Instant Capacity on Demand (iCOD) client product, 647Integrated Services Digital Network (ISDN) interfaces,
1112Integrity Superdome servers, 7Intelligent cluster reconfiguration:
after node failure:accomplishing, 1176
Intercabinet copper, 1123Inter-cell communication, 21International Atomic Time (TAI), 977International Earth Rotation Service, 977International System of Units (SI), 977Internet Assigned Number Authority (IANA), 813Internet Assigned Numbers Authority (IANA), 953Internet Corporation for Assigned Names and Numbers
(ICANN), 915InterNIC, 813, 923Inter-Process Communication (IPC), 564–565
kernel parameters, 565Interprocess communication (IPC) mechanisms, 532Intracabinet copper, 1123Intrusion, 1155IO Bays, 19–20IO Cardcage:
connections, 56slot numbering, 55–63
IO cardcages, 15, 23IO chassis, 17–18IO command, 36, 39IO Discovery, 80IO expansion cabinet, 23–24IO subsystem, 8, 9IO tree:
applying a new IO tree configuration, 192change in device file names:
reworking user/system applications affected by, 197–199
create an ASCII file representing, 191current device file:
documenting, 190establishing which system and user
applications use, 190–191ioinit command, 192–193new device files:
checking for correct creation of, 194–197rebooting the system to single user mode, 193reorganizing, 186–200
collecting IO trees, 187–189hardware path mapping, 190motivation for, 186removing all old device files, 199–200shutting down the system(s) to single
user mode, 191standardized IO tree, deciding on format
of, 189–190steps in, 186–187
IO tree, reorganizing, system recovery tape, 187IOFAIL state, 341ioinit command, 185, 187, 192–193ioscan command, 34 0, 143–144, 207–208ioscan –e command, 61ioscan –f command., 187ioscan –fnC disk, 34 0iostat command, 531IP addresses, 811–814, 912–914, 931
classes, 812–814and IN-ADDR.ARPA domain, 953IP version 4 (IPv4), 812
IP Authentication Header (AH), 1468IP multiplexing, 851–853IP subnet-based VLAN, 1153IP version 4 (IPv4), 811
address classes, 812IP6.INT, 915IP-based load balancing, 859ipcclose event, 1395ipccreat event, 1395ipcdgram event, 1395ipcopen event, 1395ipcrm command, 567
ΚεενανΙνδεξ.φµ Παγε 1648 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
Index 1649
ipcs command, 531, 565ipf command, 1486–1487IPFilter, 227, 1155iplanet software, 1069IPMI (Intelligent Platform Management Interface), 97ipnodes, 857IPSec, 459, 1155, 1463, 1465
authenticated or nested ESP, 1469Authentication Headers, 1468–1469boot-time configuration:
setting up, 1475–1476Encapsulated Security Payload headers, 1469ensuring establishment of Main Mode and
Quick Mode SAs, 1477–1482filters, 1468importing/requesting certificates or configuring
preshared keys, 1473–1475installing, 1466–1467IPSec daemons:
starting, 1476–1477ISAKMP Main Mode policies:
configuring, 1472–1473nested ESP, 1470policies:
configuring, 1467–1468using GUI to configure, 1471–1472
setting up, 1466–1473Tunneling Mode for AH and ESP headers, 1470
IPSec policies, 1467–1468IPsec/9000, 1155IPv4-mapped IPv6 address, 959–960, 963IPv6, 459, 853–859is_patch attribute, 663–664ISAKMP, 1468ISL Trunking, 1136ISS (Internet Security Scanner), 1420IT Resource Center (ITRC), 645–646
Candidate Patch List, 646Custom Patch Manager (CPM), 645–646ITRC User ID, 645
Itanium, 6, 15ITRC Patch Database, 656
JJava Servlet Proxy, 1496
Kkcalarm command, 483kcusage command, 483kcweb, 473
monitoring kernel resource with, 480–484kcweb –s command, 482, 484kcweb –s stop command, 484Kerberos authentication, 1035, 1068, 1495, 1496kern facility, syslogd, 485kernel, 7
principle subsystems, 9Kernel mode, 10
processes, 537–539Kernel stack, 569Kernel states, 34 0Kernel/volume states, and the Next Step, 342
Key Distribution Center (KDC), 1437, 1495Key name, 964Key server technologies, 5kill command, 530, 566Kille, S., 1067Kilobyte-striping, 247, 252kminstall –a widgedrv command, 474kmsystem command, 477kmtune command, 478, 480kthread structure, 535
LL_Port, 1136LABEL file, 769, 772, 781Labeled security protection, 1380–1381LACP_AUTO protocol, 863, 867, 870–871, 874, 880LAN cards, testing, 1192–1193LAN Emulation Clients (LEC), 1118LAN Monitor Failover Groups, 870LAN Monitor mode, 859lanadmin command, 799, 804, 806–808, 809, 865lanapplyconf, 874, 874–875lancheckconf, 874lanconfig file, 876lanconfig.ascii file, 874, 876landeleteconf, 874LANICs, 1176LanManager for UNIX, 1034lanqueryconf, 874lanscan, 226, 867largefiles, 382–383Layered volume, 327, 329LC (Lan Config) command (Lan Config) command, 45,
49LC (Lucent) connectors, 1124LDAP Access Profiles, 1068ldapmodify command, 1074ldappaswdd command, 1087LDAP-UX Client Services, 1070–1071
step-by-step guide to, 1071–1087LDAP-UX Client Services software:
access control identifiers (ACI), 1075–1076client profiles:
deciding where to store, 1075configuring to enable it to locate the directory,
1080–1082data migration, 1077Directory Services administrator password, 1077/etc/group:
customizing, 1078/etc/passwd:
customizing, 1078name service data:
configuring a proxy user to read, 1077–1078
deciding on location of directory for, 1074–1075
importing into directory, 1078–1080netscape:
access control identifiers (ACI), 1075–1076
Netscape Directory Service 4.X:
ΚεενανΙνδεξ.φµ Παγε 1649 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
1650 Index
console, 1077POSIX schema:
allowing users to read all attributes of, 1076–1077
user attributes:allowing read access for proxy user to,
1078restricting write access to, 1075–1076
LDAP-UX Integration products, 1070–1071installing, 1071–1072LDAP-UX Client Services, 1070–1071NIS/LDAP Gateway, 1070
LDIF (LDAP Directory Interchange Format), 1070Lease expiry time, 828Leased line, 1115lease-grace-period, 832lease-policy, 832lease-time=, 832lifcp command, 357Lightweight Directory Access Protocol (LDAP), 1066
adding another client, 1086–1087defined, 1067directories, 1066, 1068–1069
schema, 1070directory server, 1069/etc/nsswitch.conf, 1082–1083/etc/pam.conf, configuring to use, 1082LDAP-UX Client Services:
step-by-step guide to, 1071–1087LDAP-UX Integration products, 1070–1071
LDAP-UX Client Services, 1070–1071NIS/LDAP Gateway, 1070
user functionality, testing, 1083–1085Link aggregate, 859Link aggregation control protocol (LACP), 860Link speed and auto-negotiation, 808–811Link-local addresses, 854linkloop command, 800, 1329Link-state routing protocol, 890Listen directive, 1104ll command, 526Load Average, 588Load Average/Run Queue, 589Load balancer, dispatcher as, 1173Load balancing, 859
Hot Standby, 859IP-based load balancing, 859MAC-based load balancing, 859port-based algorithm, 859round-robin, 870
Local Bus Address (LBA), 56Local clock, 993Local clock impersonator, 993–994Local Director (Cisco Systems), 1173local() facility, syslogd, 485Local Response Center, 654Local timeserver, 979Locality domain, 555–556Location-based access controls, 1390Lockable memory, 453LOCKABLE option, 619Locking a mutex, 532–533
Log Plex, 313Logfile:
sendmail:monitoring, 1028–1029
logger command, 487Logical data receiver packages, 1331Logical data replication, 1329Logical data sender packages, 1331Logical IP Subnet (LIS), 1118Logical Track Group (LTG), 246, 254Logical unit number (LUN), 204–207Logical Volume Manager (LVM), 245–307
Alternate PV Links, 286–291disk drive forward compatibility, 299–304LVM mirroring (RAID 1), 254–285LVM striping (RAID 0), 246–253and RAID, 246volume groups, exporting/importing, 291–299
login event, 1395Loop Initialization Protocol (LIP), 1128–1129
LIP storm, 1128Loop Initialization Protocol (LIP) exchange, 1127Loop port, 1129Loopback FS, 381Los Alamos National Laboratory, 1174lotsfree, 455–457, 593Low-priority sleepers, 549LPID (Last Process ID), 566–567lpmodify command, 1074lpr facility, syslogd, 485LS (Lan Show) command, 49lsacl command, 400LUN masking, 1140lvdisplay command, 209lvlnboot command, 209, 213LVM, 9LVM mirroring (RAID 1), 254–285
conclusions about, 285losing a disk online:
replacing while system runs, 275–281sustaining reboot before disk
replacement, 281–284mirroring vg00, 267–275PVG-strict, 254–267spare volumes, 284–285
LVM PV Links, 8LVM striping (RAID 0), 246–253
MMA command, 51maabof.com, 916, 1010–1013MAC address:
changing, 803–808by rebooting/running lanadmin
command manually, 806–808new address, deciding on, 804–805setting up startup configuration file to specify,
805–806MAC-based load balancing, 859Magic number, 570–577, 1440Mail aliases, 1005–1009mail facility, syslogd, 485
ΚεενανΙνδεξ.φµ Παγε 1650 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
Index 1651
Mail queue:files in, 1027–1028monitoring, 1026–1030
Mail statistics, 1029–1030mailq command, 1026mailx, 1002Main Control Unit (MCU), 1152Main Mode, 1468Main Mode Security Associations, 1467, 1477Maintenance mode boot, 781make_[tape|net]_recovery, 187make_config command, 730make_net_recovery, 744make_recovery, 744make_sys_image command, 744make_tape_recovery, 744malloc(), 569Managing web servers, 1093–1110Mandatory protection, 1380Man-in-the-middle attack, 1465Manually configured port trunks, 860map command, 501mapfile, 294, 297Masquerading, DNS implications, 1005–1009Master name server, 915–934
configuring, 915–934creating a working directory for the DNS
database files, 917creating the DNS database files using the
hosts_to_named utility, 917–918deciding on a DNS domain name, 915–916delegated:
setting up, 945–948effects of a slave on, 940–943helping to set up appropriate hosts file, 944–945named daemon, starting, 927–930official registrars, 915–916registering a DNS domain name, 915–916rndc configuration file, 925–927setting up the resolver configuration files, 928–
929testing DNS functionality, 931–934updating the /etc/hosts file, 916–917
max_thread_proc, 535maxdsiz, 569Maximum share entitlement, 607maxssiz, 569maxswapchunks, 460maxtsiz, 569McKusick filesystem, 383MC/ServiceGuard, 225MDA (Mail Delivery Agent), sendmail as, 1002Mean Time Between Failures (MTBF), 1169–1170MeasureWare command, 531Memory bottlenecks, 593–596
hardware solutions to, 595memory metrics indicating, 593–594resolving, 594–596software solutions to, 595–596
Memory limitations, for 32-bit operating systems, 569–570
memory line, 461
Memory management, 9, 10Memory Mapped Files, 568, 573Memory partitioning, 567–568Memory quadrants, 567–568Memory self tests, 80Memory shares, 618Memory windows, 570, 574, 577–580Merkle, Ralph, 1439Message digest, 1437–1438Message integrity check (MIC), 1437Messaging Server, 1229Metrocluster, 1152, 1310, 1323–1329
architectural differences between an Extended Serviceguard cluster and, 1323
forms of, 1323fundamental differences between Extended
Serviceguard and, 1323Metrocluster/CA, 1323–1324, 1326–1327Metrocluster/SRDF, 1323, 1326
Metropolitan distances, 1147minfree, 455–457, 593Mirror Consistency Recovery (MCR), 254Mirror Write Cache (MWC), 254mirror-concat layout policy, 324MirrorDisk/UX product, 1322–1329Mirrored-striped volume, 250Mirroring, 254–285Missing critical boot file:
creating the /stand/rootconf file by hand, 783–789
magic label of 0xdeadbeef, 782maintenance mode boot, 781recovering from, 781–789size of the root LV, 782, 783start block address of the root LV, 782
mkboot command, 357–358, 361mknod, 799moddac event, 1395moddaccess event, 1395monconfig command, 490–491, 493Monitor daemons, 488Monitors, 488mpctl() system call, and processor affinity, 556–559mpshed command, 143msgmap, 565msgmax, 565msgmnb, 565msgmnl, 565msgseg, 565msgsssz, 565msgstql, 565MTA (Mail Transport Agent), sendmail as, 1002MUA (Mail User Agent), sendmail as, 1002Muliticast addressing, 855Multi-function card, 216Multi-homed hosts, 817–818Multi-mode fibre, 1123Multiprocessor environments, 553–563
cc-NUMA, 554–556concurrency in, 562–563Processor Sets, 559–562
ΚεενανΙνδεξ.φµ Παγε 1651 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
1652 Index
Multiprocessor environments and processor affinity, mpctl() system call and processor affinity, 556–559
Multithreaded applications, 532–533Mutex, 533Mutual recovery, 1151–1152, 1331
NN_Port, 1135N_Port ID, 1132–1133Name servers, 912Name service data:
configuring a proxy user to read, 1077–1078deciding on location of directory for, 1074–1075importing into diretory, 1078–1080
named daemon, starting, 927–930Named Response Center Engineer (NRCE), 654named.conf file, 933namesvrs file, 927National Physical Laboratory (UK), 977NATTACH, 566–567ndd command, 823–824
modifying network parameters with, 823–824NDS (Novell), 1067NEEDSYNC state, 341Neighbor Discovery Protocol (NDP), 857netconf file, 866–867netconf-ipv6 file, 854–855netdiag1 driver, 798netfmt command, 842, 1480Netscape:
access control identifiers (ACI), 1075–1076setup program, running, 1072–1074
Netscape Directory Service 4.X, 1074console, 1077installing, 1071–1072
Netscape Directory Services, 1067Netscape Enterprise Server, 1496netstat command, 531nettl command, 839–843, 1479Network address (net ID), 812Network Address Translation (NAT), 1490–1494Network Attached Storage (NAS), 1121Network File System (NFS), 9, 459, 1034Network FS, 381Network Information Center, 813Network Information Service (NIS), 1065–1066Network Node Interface (NNI) cell, 1116Network Time Protocol (NTP), 975–999
authentication, setting up, 991–993broadcast, 987broadcast client, 995–996clients, 987configuration file (/etc/ntp.conf), 978Coordinated Universal Time (UTC), 977different time sources:
analyzing, 980–985International Atomic Time (TAI), 977local clock impersonator, 993–994logfile, 996NTP daemons:
setting up, 985–987NTP etiquette, 979
NTP server relationships, 987–993NTP software, role of, 980peer, 987peer server, setting up, 987–991polling client, 994–995publicly accessible timeservers, 979server, 987slewing time, 996Stratum Levels and timeservers, 979time source, choosing, 978–979worldwide timekeepers table, 976
Network Tracing and Logging subsystem (nettl), 868Networking drivers, 798Networking kernel parameters, 798–799newaliases command, 1006news facility, syslogd, 485nfsktcpd process, 535–536, 546-547nfsstat command, 531nice value, 543, 550–552, 603Nifty-54 diagram, 26–27, 84, 96NIS/LDAP Gateway, 1070nkthread, 535NL_Port, 1129, 1135nms driver, 798Node Partitionable servers, 14
list of current servers, 16Node Partitions, 13–126
HP-UX hardware addressing on, 57–63Node WWN, 1125NODE_NAME, 875NODEVICE state, 341Non-layered volumes, 329Non-redundant volumes, 337–339Nonrepudiation, 1437–1438NonStop servers, 1164–1165Normal executable, 571notice facility, syslogd, 485nPar, 13, 121, 127
basic building blocks of, 15–22basic hardware guide to, 15–16physical configuration, 132running vPars:
adding/removing cells to, 157–161<N_Port ID>, 1133nslookup command, 931nsquery command, 931NSS_LDAP, 1068nssshow command, 1131nsswitch.conf file, 931nsupdate command, 963–964nswapdev, 460nswapfs, 460NT LanManager authentication (NTLM), 1035, 1049
domains:user manager for, 1048
testing the functionality of NTLM authentication, 1053–1062
user map:configuring to reference UNIX users to
be authenticated by the NTLM servers, 1052
NTP daemons, setting up, 985–987
ΚεενανΙνδεξ.φµ Παγε 1652 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
Index 1653
NTP etiquette, 979NTP server relationships, 987–993NTP software, role, 980ntp0.cs.mu.OZ.AU, 981ntp1.gbg.netnod.se, 988ntp-cup.external.hp.com, 981ntpdate command, 980, 985, 996ntp.metas.ch, 981ntpq command, 986ntps1-0.cs.tu-berlin.de, 988ntptrace command, 985
OObAM-Apache web server, 1094–1102
browser plug-in, 1102Partition Manager, 1101
default web page, 1102Object Action Manager framework, 1095OFFLINE state, 341Offset, 449offset command, 986offset (time difference) column, 984OLA/R, See Online Addition and Replacement (OLA/R)olrad command, 212One-package configuration, Serviceguard extension for
SAP, 1361Onion-skin operating system, 8–9Online Addition and Replacement (OLA/R), 8, 98, 117,
208–228adding a new PCI card, 226–228motivation for using, 209replacing a failed PC card, 209–226
identifying the failed PCI card, 211–212performing Critical Resource Analysis on
the affected PCI card, 213–215replacing a failed PCI card:
checking functionality of the newly replaced PCI card, 225–226
checking the power domain, 216multi-function card, 216replacement procedure, 223resuming the driver for the PCI slot, 224–
225running associated driver scripts before
resuming the driver, 224running associated driver scripts before
suspending the driver, 217–218suspend the kernel driver for the affected
PCI slot, 219–222turning off the attention light for the
affected PCI slot, 226turning off the power to the affected PCI
slot, 222–223turning on the attention light for the
affected PCI card slot, 215–216turning on the power to the PCI slot,
223–224Online de-fragmentation, 414–416Online JFS features, 409–414
controlling synchronous IO (convosync=), 429–430
logging levels used by the intent log, 416–420
online de-fragmentation of, 414–416upgrading an older VxFS filesystem, 409–414
open event, 1395Open mutex, 533Open SAN, 1139Open Shortest Path First (OSPF), 900–906Optical GBICs, 1123–1124Oracle, 1166, 1229, 1276Oracle 8i Standby Database, 1331Oracle Parallel Server, 1329Oracle Standby Database, 1229Oracle Toolkit, 1276Orange Book standard, 1379–1382Organization units, 1069Organizational units, 1074OSPF, 890ospf_monitor, 906
PPackage control script, 1230Package-less cluster, 1177
setting up, 1182, 1193–1217Packet switching, 1112Packet-switching technologies, 1112Page Directory (PDIR), 7, 450–451, 451Page Frame Data Table (pfdat), 451Page outs, 593Page-ins, 448Page-out rate, and memory bottlenecks, 593Page-outs, 448Paging systems, 7PAM, See Pluggable Authentication Modules (PAM):PAM framework, 1051PAM_LDAP, 1068PANIC, 505, 518–523Parallel Detection, 809parcreate command, options, 88–90pardisplay command, 214PA-RISC, 15Parity data, 236parmodify command, 76–78, 99–100
-B option, 99–100, 108PARPERM command, 97parstatus command, 61, 84, 88Partition attributes, changing, 167–171Partition configuration, basic goals of, 16–17, 20, 24Partition Configuration Data (PCD), 34Partition Manager, 83–109, 1094, 1095
adding a cell to partition, 107–108boot actions, 115–117boot paths, 86deleting a partition, 108–109existing partitions, modifying, 97–107host-based GUI, 85instigating a crashdump in a hung partition,
113–114minimum requirements for a partition, 84powering off components, 117–120reboot-for-reconfig, 110–112rebooting/halting a partition, 110resetting a partition, 112–113web-based GUI, 84
ΚεενανΙνδεξ.φµ Παγε 1653 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
1654 Index
Partition Manager software, 73Partition name, 86–87Partition rendezvous, 82Partitionable servers, 16Partitioned servers, 4
Node Partitions, 13–126Virtual Partitions, 127–184
Partitioning continuum initiative (HP), 14Partitioning, key benefits of, 14Partitions, attributes, changing, 167–171parunlock command, 101Password History Database, 1402Password-based authentication, 1068Patch bundle depots, 649Patch bundle readme files (text), 649Patch depot:
managing, 689–692setting up, 669–678
process of, 672–678Patches:
ancestry, 667–669applied, 666attributes, 663–669
ancestor fileset, 664applied_patches attribute, 664patch_state attribute, 667state attribute, 666
committed, 666committing, 685–688defined, 642filesets, 663–664
states, 666General Release patch, 642General/Special recalled patch, 643General/Special Superseded patch, 643installing, 678–684
from a patch-only depot, 678–680from a software-and-patches depot, 681–
684ITRC Patch Database, 656naming convention, 654–655obtaining, 645–654
HP online Software Depot, 649–654HP-assigned Support Representative, 654HP-UX Support Plus CD/DVD-ROMs,
647–648IT Resource Center (ITRC), 645–646local Response Center, 654
patch usage models, 643products, 663–664
states, 666purpose of, 642rating updates, 656ratings, 655–656removing, 684–685right time to patch a system, 643risks involved when applying, 644–645shar file, 657–663
Special Installation Instructions, 657–660show_patches command, 665Special Release patch, 643superseded, 666
with warnings, 656Patching:
common reasons for, 643–644proactive, 644
Patch-only depot, 681installing patches from, 678–680
PATH HAA <path> command, 76PATHFLAGS, 78–80, 90, 97, 115–117pax, 1374–1375Payload rate, 1148PCI-X interface, 8PC-Offset Stack Trace, 522PDCA (Power Distribution Control Assembly) units, 120pdcinfo, 509PDH (Plesiochronous Digital Hierarchy), 1117pduin, 841pduout, 840pdweb command, 212PE command, 80, 119–120Peer, 987Perfect Forward Secrecy (PFS), 1440, 1468, 1472–1473Performance Optimized Page Sizes (POPS), 7–8, 580–585
conclusions about, 585defined, 580using chatr, 582–585using vps_ceiling and vps_pagesize,
582Peripheral Status Monitor (PSM), 489Permanent virtual circuits (PVCs), 1113, 1114–1115Permanent Virtual Connections (PVC), 1116Persistent FastResync, 350pfdat structure, 451PGP (Pretty Good Privacy), 1495Phantom mode, 1129Phantom Mode, 1129PHCO_24630, 665PHCO_27101 patch, 358, 362Physical Addresses, 7–8, 450Physical data replication, 1329Physical Extents, 254Physical memory, 453Physical Page Number (PPN), 450PIM (Processor Information Module), 509ping command, 531, 856, 1043PKI (Public Key Infrastructure), 1156Plaintext, 1434Plain-text attack, 1440Plex, 312–314plock() system call, 453Pluggable Authentication Modules (PAM), 1047–1052,
1071, 1496PMD (Physical Medium Dependant sub-layer), 1116Point-to-Point topology, 1127poll (poll period) column, 984POLLING_INTERVAL, 875Pool group, 831–835pool-name=, 831<Port ID>, 203Port WWN, 1125–1126Port-based algorithm, 859Port-based VLAN, 1153POSIX real-time policy:
ΚεενανΙνδεξ.φµ Παγε 1654 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
Index 1655
run queues, 544–546SCHED_FIFO, 544, 546SCHED_RR, 544SCHED_RR2, 544
POSIX real-time priorities, 541–542run queues for, 547–548
POSIX schema, allowing users to read all attributes of, 1076–1077
post_replace, 224Power-On Self Test (POST), 80–81PP-Fabric, 1130Practical UNIX and Internet Security (Garfinkel/
Spafford), 1425Precision Architecture (HP), 5–7Predictive Support, 649Preferred plex read policy, 325Pregions, 451, 457prep_replace, 224Preshared keys, 1468Primary Authentication, 1466Primary boot path, 75, 86, 94, 115, 170, 760Primary Domain Controller, 1034–1035Primary interface address, 854Primary server, 915PRIMARY/STANDBY, 875Principal Switch, 1141Priority Queue, 587, 588–589Priority ranges, 541–542Private key, 1435, 1438Private LAN, 32–33Private loop devices, 1128–1129Private network, defined, 1154Private region, 313, 329, 337PRM, See Process Resource Manager (PRM):PRM command, 531prmmonitor command, 605Proactive patch analysis, 654Proactive patching, 644, 645process event, 1395Process management, 9Process Resource Manager (PRM), 121, 530, 562, 1177
application records, 608–614capping, 605–606defined, 622prioritizing workloads with, 601–622Processor Sets, 614–618share entitlement, 601–605shares, 602simple configuration to manage CPU shares,
602–618thread scheduling and, 614using to prioritize memory shares, 618–622
Process Thread List, 535–536Processes:
common bottlenecks to, 586–601CPU bottlenecks, 587–592disk bottlenecks, 596–600memory bottlenecks, 593–596
compared to threads, 534defining, 530–536generic UNIX monitoring tools, 531HP-specific monitoring tools, 531
kernel mode, 537–539memory requirements for, 563–569multiprocessor environments, 553–563
cc-NUMA, 554–556concurrency in, 562–563processor sets, 559–562
multiprocessor environments and processor affinity:
mpctl() system call and processor affinity, 556–559
priorities, 541–553HP-UX real-time priorities, 542POSIX real-time priorities, 541–542system timeshare priorities, 542–543timeshare priorities, 542–543user timeshare priorities, 543
process life cycle, 537–540tools for monitoring, 530–531user mode, 537–539
Processor affinity, 556–559Processor architecture, 5–7Processor Information Module (PIM), 172Processor Set, 121Processor Sets, multiprocessor environments, 559–562Program magic number, 570–577Progress (Sybase), 1229, 1276Promiscuous ARP, 825–826Propagation delay, 1144Protocol-based VLAN, 1153Proxy ARP, 825–826Proxy Server, 1229Proxy server, 1495PS command, 37, 39, 55, 62ps command, 531pseudo-swap, 455psmctd daemon, 489psmmon daemon, 489psrset command, 561pstatus command, 989pthread_kill system call, 534PTIMESHARE, 547PTR records, 914PTTOPT_Fabric, 1130Public key, 1435–1436, 1438Public keys, 1468Public loops devices, 1128–1129Public-key cryptography, 1156, 1438puma command, 531pwget command, 1087
Qq4pxdb command, 515Q-compliant switches, 1153QL_Port, 1136Quadrants, 449–450quad-speed slots, 55–56quick keyword, 1486–1487Quick Mode Security Associations, 1467, 1477Quickloop, 1129Quorum Server, 1185, 1232, 1309
ΚεενανΙνδεξ.φµ Παγε 1655 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
1656 Index
R-R option, shutdown command, 62rad –a command, 217rad –c command, 225rad command, 61, 224–226rad –h command, 217rad –V command, 218Radio receiver, 978RADIUS (Remote Authentication Dial-In User Service),
1496RAID (Redundant Array of Inexpensive Disks):
defined, 235AND operator:
truth table for, 238–239OR operator:
truth table for, 239parity data, 238–241RAID 0, 236RAID 1, 237RAID 2, 237RAID 3, 237–238RAID 4, 238RAID 5, 238
parity calculation, 240XOR parity data in, 240
RAID levels, 235, 236–238software RAID, 246, 310, 312XOR operator:
truth table for, 239Rainbow Series, 1379Random numbers, and crypto-systems, 1441Rank/Echelon, 39, 66RARP protocol, 797, See Reverse Address Resolution
Protocol (RARP)rarpc command, 826–839RC interface, 22rcp, 1423reach (reachability) column, 984readdac event, 1394read-modify-write, 240–241, 332reboot command, 110, 113
-H option, 110–111-R option, 34, 110–111
reboot-for-reconfig, 34, 62, 102, 108RECONFIGRESET command, 112Reconfigure fabric link service, 1137RECOVER state, 339, 341Recovering crashed HP-UX systems, 759–793
corrupt boot header, including a missing ISL, 760–774
from having no bootable kernel, 774–781from a missing critical boot file, 781–789
Recovery Archive, 744–756allowing clients access to the configuration files,
745ensuring clients use up-to-date recovery
commands, 745–756make_net_recovery, 744make_recovery, 744make_tape_recovery, 744
Recovery Media, 1382, 1385, 1400
Recovery Shell, 698, 759, 768, 777–779, 781, 784–785, 1382, 1400
refid (reference identification) column, 983relayout operation, 367Relocatable IP address, 1176Remote Account Support Engineer (RACE), 654Remote Authentication Dial-In User Service (RADIUS)
protocol, 1156Remote Control Unit (RCU), 1151–1152Remote Operations Agent software, setting up on each
client machine, 701–705Remote Operations GUI, setting up on the depot server,
705remote (server name) column, 983remote_nfs_swap, 460removable event, 1395REMOVED state, 341remsh, 1423renice command, 550–551Replica Server, 1087reserve line, 461Reserving swap space, 454–455RESET command, 113resls command, 490–491, 524Resource Partitions, 121Resource records (RR), 915
slave server, 934Resources, 488–489Response Center Network Specialist, 797restore, 382Restricted partition management, 97resyncfromreplica option, vxassist command,
349Resyncing a snapshot, 348Reverse Address Resolution Protocol (RARP), 797, 826–
828defined, 826limitations, 827–828
Reverse lookup, 914Reverse resync, 349rexec, 1423ri option, parcreate command, 88RIO/REO/Grande cables, 18RIP, 890RIP-II, 890RISC architecture, 10
key characteristics of, 6Rising-tide allocation policy, 626Ritchie, Dennis, 383rlogin, 1423rm command, 488, 526rndc configuration file, setting up, 925–927rndc utility, 926, 928, 933rndc-confgen utility, 925Rolling Standby cluster, 1183, 1275Rolling upgrades within a cluster, 1307–1309Rootability, defined, 350rootconf file, 781–783rootdg, 314–315, 357Rope number, 56Rope Units, 57Round robin read policy, 324–325
ΚεενανΙνδεξ.φµ Παγε 1656 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
Index 1657
Round-robin load balancing, 870route command, 822, 825, 889–890Router Discovery Protocol (RDP), 892–897
client mode, 894–897conclusions about, 897server mode, 892–894
routerdiscovery packets, 897Routers, 811Routing, 811Routing Chips (RC), 21Routing Information Protocol (RIP), 897–900
conclusions about, 900Routing table, 811Royal Greenwich Observatory, 977RR command, 111–112RS command, 113, 171, 1399RSA Data Security, 1435, 1439RSA-160, 1435–1436rtprio command, 543, 548–549, 603
accessing, 549rtsched command, 543, 544, 547–548, 603ru command, 495Run queues:
defined, 543–544for HP-UX real-time priorities, 547–548POSIX real-time policy, 544–546
SCHED_FIFO, 544, 546SCHED_RR, 544SCHED_RR2, 544
for POSIX real-time priorities, 547–548and scheduling policies, 543–553for timesharing priorities, 553
Runnable thread, compared to running threads, 537–539
SSalt, 1377SAMBA, 1034SAP, 1166sar command, 531SATAN (Security Administrator Tool for Analyzing
Networks), 1420savecrash command, 514, 523/sbin/ioinitrc, 190sc command, 501SC (Standard) connectors, 1124SCHED_NOAGE, 552–553Scheduling allocation domains, 555–556, 559Scheduling policies, 542
and run queues, 543–553<SCSI address>, 203, 1134SCSI logical unit number (LUN), 204–205SDH (Synchronous Data Hierarchy), 1117SEARCH command, 70SEARCH LAN INSTALL command, 70Secondary interface addresses, 854Secondary server, 915secpolicyd, 1467Secret Key Transaction Authentication for DNS (TSIG)
(RFC2845), 925–926Secret keys, 1435, 1466Secret writing, art of, 1434–1435Secure Shell (SSH), 1441–1446
Secure Socket Layer (SSL), 1068Secured network environment, critical security elements,
1154–1155Security administration tasks, 1369, 1407–1431
user-level security settings, 1370–1376Security Association (SA), 1467Security domains, 1381Security Parameter Index (SPI), 1467, 1469Security threats:
common security administration tasks, 1407–1425
buffer overflow problems, avoiding, 1417–1419
/etc/passwd file, checking content and structure of 1408
write command, disabling use of, 1409–1410
HP-UX privileges, disabling/enabling, 1416–1417
enforcing a policy that disables inactive accounts, 1411
password aging, enforcing, 1413–1414ensuring login sessions have automatic
lock or logout facility enabled, 1408–1409
ensuring root has secure home directory, 1408
/etc/inetd.conf, reviewing regularly, 1420–1422
maintaining a paper copy of critical system logfiles and configuration details, 1414–1415
monitoring the system for SUID/SGID programs, 1416
penetration tests, running, 1420installed software components,
periodically verifying integrity of, 1415
ARP cache, populating with permanent entries, 1422–1423
logfiles associated with login activities, regularly monitoring, 1411
computer rooms, reviewing accessibility to, 1424–1425
reviewing need to support other network services, 1423–1424
user-level equivalence for common network services, reviewing, 1423
scrubbing data disks/tapes at disposal, 1424
security bulletins, keeping up with, 1419restricted shells, using for non-root users,
1410–1411/var/adm/inetd.sec file, using
extensively, 1420–1422dealing with, 1369–1431/etc/default/security configuration
file, 1402–1407Security tools, 1433–1499
bastian host, 1495DCE (Distributed Computing Environment),
1496
ΚεενανΙνδεξ.φµ Παγε 1657 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
1658 Index
DMZ, 1494–1495firewalls, 1495Host Intrusion Detection System (HIDS), 1446–
1463ICMP packets, 1483–1494Kerberos, 1495PGP (Pretty Good Privacy), 1495Pluggable Authentication Modules (PAM), 1496proxy server, 1495RADIUS (Remote Authentication Dial-In User
Service), 1496Secure Shell (SSH), 1441–1446SSL (Secure Sockets Layer), 1496tcpwrapper, 1496VirtualVault, 1495–1496VPN (Virtual Private Network), 1495X.509 v3 certificates, 1496–1497
SecurityMon, 1379Seed, 1377Selected plex policy, 325semaem, 565Semaphores, 563–564Semi-Distributed volume, 248semmap, 565semmnl, 565semmns, 565semmnu, 565semvmx, 565sendmail, 1001–1032
ensuring installation of, 1003–1004logfile, monitoring, 1028–1029mail aliases, 1005–1009mail queue:
files in, 1027–1028monitoring, 1026–1030
mail statistics, 1029–1030masquerading, 1005–1009sendmail.cf file, 1001sendmail.st file, 1029simple mail cluster configuration, 1013–1020site hiding, 1005–1009spamming, 1001using without using DNS, 1004–1005version 8.11.1, 853
sendmail –bi command, 1006sendmail –q command, 1026sendmail.cf file, building, 1020–1026Server complex, 13, 15
three single points of failure in, 30Server Message Blocks (SMB), 1033Server mode, Router Discovery Protocol (RDP), 892–894ServerAdmin dir, 1104Serverless backups, 1120, 1173ServerNet (Tandem), 1173ServerRoot, 1095Servers, 5, 14Service Control Manager (SCM), 931, 1095
defined, 700Service Control Manager (SCM) depot, making available
on the depot server, 700–701Service Level Agreements (SLAs), 622, 1164–1165, 1362Service Level Objectives (SLO), 601, 626
Service Process rules, 1231Service processes, 1227SERVICE_CMD, 1230–1232SERVICE_NAME, 1227, 1230–1231Serviceguard, 489, 622, 875, 1174
defined, 1218and High Availability Clusters, 1174–1178software, installing, 1332–1333
Serviceguard cluster, See also Extended Serviceguard cluster:
adding a new package to the cluster using a Serviceguard Toolkit, 1275–1292
adding a node to a package, 1273–1275adding a node to the cluster, 1269–1273application failure, 1183application monitoring scripts, distributing to
relevant nodes in cluster, 1278ASCII package control file (cmcheckconf):
checking, 1281ASCII package control script (cmmakepkg –
s):creating/updating, 1278–1279, 1280–
1281manually distributing to all relevant
nodes, 1281basics of a cluster, 1183–1186basics of a failure, 1182–1183Cluster Manager, 1183configuring packages in, 1225–1266constant monitoring, 1217–1218deleting a node from, 1302–1307
Check the updated ASCII cluster configuration file (cmcheckconf), 1306
check updates were applied successfully (cmviewcl), 1307
compile/distribute binary cluster configuration file (cmapplyconf), 1306–1307
ensure no packages run on node (cmviewcl), 1302–1303
obtain up-to-date version of ASCII cluster configuration file (cmgetconf), 1305
remove node as adoptive node from configured packages, 1303–1305
update the ASCII cluster configuration file to remove entry for node to be deleted, 1305
deleting a package from the cluster, 1301–1302ensure package was removed successfully
(syslog.log), 1301halt the package (cmhaltpkg), 1301remove package definition from binary
cluster configuration file (cmdeleteconf), 1301
review remaining cluster activity (cmviewcl), 1301–1302
failure of all LAN communications, 1183managing, 1267–1318modifying an existing package to use EMS
resources, 1292–1300
ΚεενανΙνδεξ.φµ Παγε 1658 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
Index 1659
Network Manager, 1183Package Manager, 1183package monitoring scripts, creating, 1277–1278package switching, ensuring enablement of,
1285–1286packageless cluster:
setting up, 1193–1217setting up/testing, 1226
rolling upgrades within a cluster, 1307–1309setting up, 1181shared files/programs, ensuring loading of on
shared disk drives, 1283split-brain syndrome, 1186starting the package, 1284–1285testing package failover functionality, 1286–1292total system failure, 1183typical cluster management tasks, 1268–1269updated binary cluster configuration file,
distributing (cmapplycomf), 1282Serviceguard Extension for SAP, 1360–1361Serviceguard Extensions for Oracle Real Application
Clusters (RAC), 1360Serviceguard Manager:
cluster modifications, 1268Cluster Property Sheet, 1313drag-and-drop capability, 1314installing/using, 1310–1315package management, 1312, 1315package modifications, 1268–1269
Serviceguard NFS Toolkit, 1230Serviceguard OPS edition, 1310Serviceguard package:
application IP address, 1227application monitoring scripts, distributing to
relevant nodes in cluster, 1237application processes, 1227application startup script, 1230–1231ASCII application configuration file
(cmmakepkg –p):creating/updating, 1237–1243
ASCII package control file (cmcheckconf):checking, 1248–1249
ASCII package control script (cmmakepkg –s):
creating/updating, 1244–1247manually distributing to all relevant
nodes, 1247–1248how it works, 1227–1229LVM volume group/VxVM disk group, 1227package control file:
components of, 1228–1229configuring, 1227–1228
package monitoring scripts, creating, 1234–1237package startup and halt script, 1228
configuring, 1228package switching, ensuring enablement of,
1253service processes, names of, 1228shared files/programs, ensuring loading of on
shared disk drives, 1250starting, 1250–1253
AUTO_RUN, 1250–1251
NODE_SWITCHING, 1250testing package failover functionality, 1254–1263
Standard Tests, 1254–1258stress tests, 1258–1263
Serviceguard Toolkits, 1217, 1225, 1229–1232setting up packages in:
cookbook for, 1226Service-level agreements (SLAs), 1168Session key, 1440setboot command, 214setmemwindow command, 579setprivgrp command, 549, 561setup program:
Netscape:running, 1072–1074
700SUPPORT command, 762Severity, events, 489–490SFF (Small Form Factor) connectors, 1124Shadow password file, 1378–1379ShadowPassword, 1378–1379Share entitlement, 601–605, 618, 623
maximum, 607Shared executable, 570Shared libraries, 564, 569Shared memory, 569Shared memory segment identifiers, 564Shared memory segments, 564Shared objects, 570–574Shared transport, defined, 1127SHLIB_PATH environment variable, ensuring
setup of, 1074shmctl() system call, 453SHMEM_MAGIC executable, 573, 575, 579shminfo utility, 579shmmax, 565shmmni, 565shmseg, 565shutdown command, 34, 99–100, 110shutdown –RH now command, 63shutdown-for-reconfig, 101sig_named command, 933sig_named dump, 925SIGCHLD signal, 539Signal-handling thread, 534Simple Authentication and Security Layer (SASL), 1068Simple mail cluster configuration, 1013–1020
conclusions about, 1019–1020configuring clients to forward all mail to the
mail server (hub), 1016–1017configuring clients to mount /var/mail
directory from the mail server, 1018ensuring client machine access to the /var/
mail/nldirectory, 1015–1016ensuring configuraton of all usernames on the
mail server, 1015mailq command, 1026sendmail.cf file, 1013–1015
building, 1020–1026, 1029setting up the mail hub, 1013–1020test sending an email to another user, 1018–1019
Simple Name Service (SNS), 1131–1132Single Board Computer Hub (SBCH), 28
ΚεενανΙνδεξ.φµ Παγε 1659 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
1660 Index
Single Points of Failure (SPOF), 934, 1166–1167application failure, 1166disk failure, 1166human error, 1167interface card failure, 1166loss of data center, 1167loss of power, 1166network failure, 1166operating system crash, 1166SPU failure, 1166
Single System Image (SSI), 1174boundary concept, 1174
Single-mode fibre, 1122–1123Single-point-of-failure (SPOF), 209Single-server solutions, 5Site hiding, DNS implications, 1005–1009Site-local addresses, 854, 85764-bit, 10SL command, 81–82, 123Slave server:
delegated:setting up, 948
resource records, 934setting up, 934–935
Slewing time, 996Slot-ID, 55
numbering convention, 20SMB, See Common Internet Filesystem (CIFS/9000):smbclient command, 1040smbclient utility, 1036smb.conf file, 1052
configuring to reference the NTLM server, 1052smbpasswd file, 1041Smith, Mark, 1067–1068snapabort command, 350SNAPATT state, 341SNAPDONE state, 341snapstart command, 346–347SNIA (Storage Network Industry Association), 1151SO command, 45, 97Soft reset, 171Soft zoning, 1140–1141Software Distributor, 672, 676, 698, 774
control scripts, 735installing software with, 697–758operation, 666
Software partitioning, 127–128Software RAID, 246, 310, 312Software support call, 504, 522Software-and-patches depot, 681
installing patches from, 681–684setting up on the depot server, 699–700
SONET (Synchronous Optical NETwork), 1117, 1119SONET/SDH, 1117Space ID, 449Space Registers, 450Spamming, 1001Spanning Tree Algorithm, 1176, 1185spcl.maabof, 1011Special machines, 912Special Release patch, 643Special software, 912
Spectracom Netclock/2 WWVB terrestrial radio receiver, 978, 980
Spinlocks, 563Split-brain syndrome, 1186Spoofing, 1422sr command, 495SSH (Secure Shell), 459SSL (Secure Sockets Layer), 1496st (stratum) column, 983Stable Complex Configuration Data (SCCD), 33, 100–
101Stable Storage, 760STALE state, 341Standards, 1122Standby LAN cards, 1176, 1185/stand/ioconfig, 190/stand/rootconf file, 781–789/stand/vmunix, 129/stand/vpdb, 129/stand/vpmon, 129StartServers directive, 1098State table, IPFilter kernel, 1487Static routes, 816–818, 821, 889STATIONARY_IP, 875STATIONARY_IP, 1184Steal hand, 457, 593Stealing a page, 457Stealth mode, 1129Storage Area Network (SAN), 1112, 1120–1121Storage clusters, 1173Storage Network Industry Association (SNIA), 1151Stratum Levels, and timeservers, 979Stratum-1 servers, 981–985Stress tests, 1258–1263
kill one of the major application processes, 1258–1260
kill the application monitoring script, 1260–1263
Striped Pro volume, 330Stripe-mirror volume, 328–330Striping, 246–253Strong Random Number Generator software, 920, 1441,
1464Structured protection, 1381Subdisks, 312, 314Subdomain, delegating responsibility for, 912–913Subnet mask, effect of, 815subnet-mask=, 832Subnetted network, planning document for, 815Subnetting, 814–816, 854Subordinate Switches, 1141Subvolumes, 328Superdome, 120
cabinet numbering in, 24cell board, 17complex, 23
Superseded patches, 666Supersession chain, 642Support Management Station (SMS), 32Support Plus CD/DVD, 489Support Plus users guide (PDF), 649Support Tool Manager (STM), 647, 649
ΚεενανΙνδεξ.φµ Παγε 1660 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
Index 1661
Support Tools Manager (STM), 473, 484, 489, 494–504SUPPRESS option, 618swagentd, 1492swagentd.log, 697Swap devices, 448
configuring additional, 459–461Swap space, 447–472
configuring, 458–459requirements, 448–449reserving, 454–455
swapinfo command, 461swapmem_on, 460swap-mem_on kermel parameter, 455swapon command, 460swchunk, 460swcopy command, 666swinstall, 1034swinstall command, 666, 672, 697, 1041
using to push software across the network, 698–706
to remote clients, 705–706Remote Operations Agent software,
setting up on each client machine, 705Remote Operations GUI, setting up on
the depot server, 705Service Control Manager (SCM) depot,
making available on the depot server, 700–701
software-and-patches depot, setting up on the depot server, 699–700
swintsall, 227Switched Fabric, 1126–1127, 1129–1135
data replication over long distances, 1149–1151defined, 1129extended fabrics, 1143–1145Fibre Channel bridges, 1147–1149installing your own fibre, 1146–1147mutual recovery, 1151N_Port ID, 1130–1135SANs and port types, 1135–1139zoning and security, 1139–1143
Switched virtual circuits (SVCs), 1113, 1114Switched Virtual Connections (SVC), 1116swlist command, 362, 664swremove command, 689–690, 697, 874Sybase, 1229Symmetric key, 1435Symmetrical Multi-Processor (SMP), 10SYNC state, 341Synchronous Data Hierarchy (SDH), 1119Synchronous vs. asynchronous data replication, 1149syslog facility, 485, 957–958syslog logfiles, managing, 488syslogd, 485–488
facility and level definitions, 485logfiles, managing, 488
syslog.log, 212, 226SYSREV command, 43System Area Network (SAN), 1173system backplane, 17–18System backplane, 21–22System Bus Adapter (SBA) chip, 56
System call, 10System recovery tape, 187System resources:
general system activity and events:monitoring, 484–504
kcweb:monitoring kernel resource with, 480–
484monitoring, 473–527syslogd, 485–488
logfiles, managing, 488
Tt (types) columns, 983Tag-aware devices, 1153Tagged VLANs, 1153TapeSilo zone, 1140tar, 382, 526, 1374–1375TC command, 113–114, 171, 505TCB, See Trusted Computing Base (TCB):tcpwrapper, 1496TCS (Transmission Convergence Sub-layer), 1116TDM (Time Division Multiplexing), 1116TE command, 55Technical Account Manager (TAM), 654Technology Inf, 1171telnet, 1468TEMP state, 341Terminal control database, 1387Test sending an email to another user, 1018–1019Testing critical hardware, 1189–1193
disk drives, 1189–1192LAN cards, 1192–1193
testparm utility, 1036Thompson, Ken, 383Thrashing, 455, 457, 459Thread management, 9Threads, 9–10
compared to processes, 534defining, 530–536managing, 535memory requirements for, 563–569multithreaded applications, 532–533Mutex, 533priorities, 541–553runnable thread:
compared to running threads, 537–539thread-safe property, 533viewing, 535
Threadtime: The Multithreaded Programming Guide (Norton/Dipasquale), 533
time command, 531Time Of Day (TOD) specification, 1388–1389time.seqno.hostname, 375Timeshare priorities, 542–543, 549Timesharing priorities:
exception to, 552run queues for, 553
timeslice, 540–541Timestamp information, and Complex Profile, 35timex command, 531TLB, 10
ΚεενανΙνδεξ.φµ Παγε 1661 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
1662 Index
TOC, 513–518Token Ring, 860, 870, 1113, 1176Tombstone, 505, 509–510, 513top command, 143, 588Top-level domains (TLD), 914Trace mask, 840tracerouter command, 985Traditional mirror, 327Transfer of Control (TOC), 505, 1212transient state, 666Translation Lookaside Buffer (TLB), 7, 450Translative mode, 1129Trigger values, 455–456Trimble Palisade, 978TruCluster, 1174Trunk, 859Trusted Computer System Evaluation Criteria (TCSEC),
1379Trusted Computing Base (TCB), 1380, 1382
auditing users/events/system calls, 1391–1399boot authentication, 1399–1402devassign, 1387file format, 1386password policies/aging and password history
database, 1387–1389structure of, 1385–1387time- and location-based access controls, 1389–
1390ttys, 1386–1387
Trusted Gateway Agent, 1496Trusted Gateway Proxy, 1496Trusted intermediary, 1436Trusted Systems, 1087–1088try_first_pass option, 1051–1052TSIG (Transaction Signatures), 925
authentication, 963for zone transfers, 966–968
ttisr process, 541tun driver, 79812-slot PCI cardcage, 17Two-package configuration, Serviceguard extension for
SAP, 1361
Uu_acct_expire, 1388u_bootauth capability, 1400u_genletters, 1387u_genpwd, 1387u_maxlen, 1387u_minchg, 1388u_nullpw, 1388u_pickpw, 1387u_restrict, 1388UAREA, 568uevent1 event, 1395uevent2 event, 1395uevent3 event, 1395UFS (HFS) filesystem, 522uipc driver, 798ulimit built-in command, POSIX shell, 618umask function, 1370umount command, 1045
Unbound CPUs, 130–131, 149Unicast addresses, 855Unified Glob of Utilities for Yosemite (UGUY), 29–31Uninitialized data, 568Universally unique identifier (uuid), 375Unreachable route, 897Unspecified Bit Rate (UBR), 1116Untagged VLAN ID, 1153uptime command, 531U.S. National Institute of Standards and Technology, 976U.S. Naval Observatory, 976Usage goal, 632use-on-next-boot flag, 82, 88, 102–105User attributes:
allowing read access for proxy user to, 1078restricting write access to, 1075–1076
User data, 568User error, 1385user facility, syslogd, 485User Manager for Domains screen, 1048User map, configuring to reference UNIX users to be
authenticated by the NTLM servers, 1052User mode, 10
processes, 537–539User Network Interface (UNI) cell, 1116User stack, 568User text, 568User timeshare priorities, 543User-level security settings, 1369, 1370–1376
review of, 1370–1376/usr/contrib/sendmail, 1004Utility subsystem, 28–30uucp facility, syslogd, 485
V/var/adm/crash, 172Variable Bit Rate (VBR), 1116Variable length subnet masks, 816Variable Page Sizes, 7–8Variable-length packets, 1112–1113Vector-distance routing protocols, 890, 899Verified design, 1381Verified protection, 1381Verisign, 1436Verisign PKI, 1466Veritas Cluster Services, 1174VERITAS Cluster Volume Manager (CVM), 1184Veritas Volume Manager (VxVM), 309–379, 790
compared to LVM, 311deporting/importing of a disk group, 364–366dirty region log (DRL), 313disk group, 311disk media, 311–312Dynamic Multipathing (DMP), 313, 370–373dynamic relayout, 367–369failed disk, recovering, 333–342LVM to VxVM conversion, 369–370plex, 312–314preferred plex read policy, 325private region, 313round robin read policy, 324–325selected plex policy, 325
ΚεενανΙνδεξ.φµ Παγε 1662 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
Index 1663
spare disks:using, 343–346
subdisk, 312, 314volume, 312volume layouts, 312VxVM diagnostic commands, 373–375VxVM disk:
basic layout of, 318nopriv disk, 319simple disk, 319sliced disk, 319
VxVM mirroring (RAID 1), 323–325VxVM RAID 5, 332–333VxVM rootability, 350–364VxVM snapshots, 346–350VxVM Striping and Mirroring (RAID 0/1 and 1/
0), 325–330VxVM striping (RAID 0), 320–322
Veritas Volume Manager with Dynamic Multi Pathing, 291
Very Long Instruction Word (VLIW), 6vfork() system call, 537vgexport, 203, 364–366vgextend, 295vgimport, 203, 294–295, 297, 364–366vhand, 7vinstat, 531Virtual Address Space (VAS), 7, 449–450, 456, 567, 569Virtual addresses, 7–8, 450
translating, 581Virtual circuit, 1113Virtual Connections, 1116Virtual hosts, 1094, 1107Virtual interfaces (VIs), 1153Virtual LAN (VLAN), 1152–1154
default VLAN ID, 1153example implementation, 1154IP subnet-based VLAN, 1153port-based VLAN, 1153protocol-based VLAN, 1153tagged VLANs, 1153Untagged VLAN ID, 1153Virtual LAN (VLAN), 1152–1154VLAN ID, 1152VLAN tag, 1153VLAN trunking, 1153VLAN-aware switches, 1152–1153
Virtual memory, 7–8, 529Virtual memory management, 448–452Virtual memory system, 449–452
as paging system, 448trigger values, 455–456when to throw pages out, 455–457
Virtual Page Number (VPN), 450–451Virtual Partition Database, 129Virtual Partition Monitor, 129, 135, 139–140
interfacing with, 163–167rebooting, 161–163
Virtual Partitions, 13, 121, 127–184changing the boot string for, 170defined, 127, 129hardware details, 134
key benefits of, 128–131managing hardware within, 148–161planning, 132–134removing, 172–175resetting, 171–172turning off functionality, 175–179vpmon, rebooting, 161–163
Virtual Partitions product, obtaining, 131Virtual PPA (Physical Point Attachment), 1153Virtual PPA (Physical Point of Attachment), 1153Virtual Private Network (VPN), 1154–1157Virtual SCSI Bus (VSB), 204–206
address, 203–204, 207VirtualVault, 1495–1496VLAN ID, 1152VLAN tag, 1153VLAN trunking, 1153VLAN-aware switches, 1152–1153VLIW architecture, 10
key characteristics of, 6–7vmunix, 779Volume, 312Volume groups, exporting/importing, 291–299Volume layouts, 312Volume management, 529Volume/Plex states, 341vPar, 127
booting from an Ignite-UX server, 145–148database, creating, 134–144intended configuration, 133
vparboot command, 147, 168-p vpar0 option, 156
vparcreate command, options, 134–135VPARMGR, 134vparmodify command, 168vparreset command, 168vPars, 13vparstatus, 167vParsWINSTALL directory, 131vpdb, 129vpmon, 129, 135, 161–163
-a option, 140VPN (Virtual Private Network), 1495vps_ceiling, 582vps_pagesize, 582vxassist command, 316, 323
addlog option, 350-o option, 324resyncfromreplica option, 349snapshot option, 346–350snapwait option, 346
vxbootsetup command, 361–362vxclustd, 1184vxconfigd, 319vxcp_lvmroot command, 351–354, 370vxdco command, 350vxddladm command, 370vxdg command, 318vxdisk list command, 374vxdiskconfig command, 370vxdmpadm command, 372–373VXFS Access Control Lists, 1371–1375
ΚεενανΙνδεξ.φµ Παγε 1663 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ
1664 Index
VxFS filesystem:tuning, 421–428
VxFS Snapshots, 431–434vxinstall command, 315, 319vxmend fix CLEAN command, 342vxprint command, 324, 328, 340, 345vxprivutil command, 374vxrelocd command, 343–345VxVM, 9VxVM Device Discovery Layer (DDL), 370VxVM disk:
basic layout of, 318nopriv disk, 319simple disk, 319sliced disk, 319
VxVM Disk Discovery Layer, 366VxVM Dynamic Multi-Pathing, 8VxVM mirroring (RAID 1), 323–325VxVM RAID 5, 332–333VxVM rootability, 350–364VxVM snapshots, 346–350
defined, 346snapstart command, 346–347
VxVM Striping and Mirroring (RAID 0/1 and 1/0), 325–330
VxVM striping (RAID 0), 320–322vxvmboot command, 357, 362–363
-v option, 363vxvmconvert, 369vxvol init zero <volume> command, 323
Wwarning facility, syslogd, 485wdb tool, 535Web QoS, 1496Web Server Cluster, 1173Webmin, 1103, 1106
main screen, 1106when column, 984WHO command, 55Wide Area Network (WAN) protocols, 1112Williamson, Malcolm, 1439Windows 2000, Active Directory Service (ADS), 1087
Windows NT LanManager (NTLM) authentication, See NT LanManager authentication (NTLM)
Windows server, using to perform authentication and PAM, 1047–1052
Windows zone, 1140WINSTALL file, Ignite-UX, 131Work Load Manager (WLM), 1177WorkLoad Manager (WLM), 530, 623–634
configuration file, 623–630defined, 623prioritizing workloads with, 601–622specifying a goal, 630–633toolkits, 634WLM rendezvous point, 631
Workstation, 5World Wide Names (WWNs), 1124–1126Worldwide timekeepers table, 976WU-FTPD 2.6.1, 853WU-FTPD daemon, 1492WWNs, 1124–1126
XX.25, 1113X.500, 1067X.509 v3 certificates, 1496–1497XBC interface, 21–22xd command, 788XML, 1107xntpd command, 980, 982, 992xntpqc command, 986XP (eXtended Platform) disk array, 1149
Yy option, parcreate command, 88, 94Yellow Pages, 1065, 1067Yeong, W., 1067YPLDAP protocol gateway, 1068
ZZimmerman, Phil, 1495Zombies, 537–539Zone, 912–913Zoning, 1139–1141
ΚεενανΙνδεξ.φµ Παγε 1664 Τηυρσδαψ, Αυγυστ 5, 2004 4:22 ΠΜ