An introduction to security in a CSM 1.3 for AIX 5L environment / [Octavian Lascu ... et al.].

Format:

Book

Contributor:

Lascu, Octavian.

International Business Machines Corporation. International Technical Support Organization.

Series:

IBM redbooks.

IBM redbooks

Language:

English

Subjects (All):

Computer security.

IBM Cluster systems management.

AIX (Computer file).

Physical Description:

xiv, 100 p. : ill.

Edition:

1st ed.

Place of Publication:

[S.l.] : IBM International Technical Support Organization, 2002.

Language Note:

English

System Details:

text file

Summary:

This IBM Redbooks publication contains information about the first official release of the new clustering software IBM Cluster Systems Management (CSM) on AIX 5L Version 5.2. Features include base cluster configuration and management, Resource Monitoring and Control (RMC), subsystem access control list setup for shipped CSM resource managers, hardware control, configuration file management, distributed command execution, and a distributed GUI based on the AIX WebSM infrastructure. Included in this release of CSM is a complete set of base security functions based on IBM host-based authentication (HBA) and offered through an abstraction layer in the CSM software. CSM automatically configures HBA for use by the cluster services and establishes secure cluster communications for the shipped CSM resource managers. The first part of this publication is conceptual and includes an introduction to security for CSM 1.3 for AIX 5L, security concepts and components, and CSM security infrastructure. Next, practical security considerations are provided. Topics, such as network considerations, security in an heterogeneous environment, and security considerations for hardware control, are discussed. The last part of this publication details secure remote command execution, as well as security administration. Among the topics covered are remote command execution software, OpenSSH installation, and administration of RMC.

Contents:

Front cover

Contents

Figures

Notices

Trademarks

Preface

The team that wrote this redbook

Become a published author

Comments welcome

Chapter 1. Introduction

1.1 Security overview

1.1.1 System security

1.1.2 Network security basics

1.1.3 Data transmission security

1.2 Cluster Systems Management security basics

1.2.1 Reliable Scalable Cluster Technology (RSCT)

1.2.2 Resource Monitoring and Control (RMC)

1.2.3 Resource managers (RM)

1.2.4 Cluster Security Services (CtSec)

1.2.5 Group Services and Topology Services

Chapter 2. Security concepts and components

2.1 General security requirements

2.1.1 Authentication

2.1.2 Authorization

2.1.3 Data privacy

2.1.4 Data integrity

2.2 Security algorithms

2.2.1 Symmetric key encryption

2.2.2 Public key encryption

2.2.3 Secure hash functions

2.2.4 Public key certificate

2.2.5 Secure Sockets Layer and Transport Layer Security

2.2.6 Secure Shell (SSH)

2.3 Security requirements and algorithm relationship

2.3.1 Using encryption to ensure data privacy

2.3.2 Using signatures to ensure data integrity

2.3.3 Combining data integrity and data privacy

2.3.4 Use of different cryptographic techniques

Chapter 3. Cluster Systems Management security infrastructure

3.1 Reliable Scalable Cluster Technology security

3.2 Components of Cluster Security Services (CtSec)

3.2.1 Mechanism abstract layer (MAL)

3.2.2 Mechanism pluggable module (MPM)

3.2.3 UNIX mechanism pluggable module

3.2.4 Host-based authentication with ctcasd

3.2.5 Identity mapping service

3.2.6 Resource Monitoring and Control access control list

3.3 Communication flow examples

3.3.1 Initial cluster setup

3.3.2 Adding a new node

3.3.3 Requesting access to resources

Chapter 4. Practical security considerations.

4.1 Network considerations

4.2 Shell security (required parameters)

4.3 Configuration file manager (CFM)

4.4 User management

4.5 Security in a heterogeneous environment

4.6 Web-Based System Manager

4.6.1 Securing Web-Based System Manager

4.6.2 Installing WebSM Security on a remote client

4.7 Security considerations for hardware control

4.7.1 User IDs and passwords

4.7.2 Resource Monitoring and Control access control lists

4.7.3 Console server security

4.8 Name resolution

Chapter 5. Securing remote command execution

5.1 Remote command execution software

5.2 OpenSSH installation on AIX

5.2.1 Downloading OpenSSH and prerequisite OpenSSL software

5.2.2 Preinstallation tasks

5.2.3 Installing SSH on AIX manually

5.2.4 Post-installation tasks

5.2.5 Installing OpenSSH 3.4 for AIX 5L on AIX servers using NIM

5.2.6 Verifying the SSH installation on the AIX nodes

5.3 Installing SSH on Linux nodes

5.4 OpenSSH configuration inside the CSM cluster

5.4.1 Preliminary actions

5.4.2 Update the Cluster Systems Management database

5.4.3 Checking the dsh settings

5.4.4 Set up OpenSSH

5.4.5 How the automated configuration works

5.4.6 Verifying the SSH configuration

5.5 Other remote command execution programs

Chapter 6. Security administration

6.1 Administration of Cluster Security Services

6.1.1 Configuration files

6.1.2 Mechanism pluggable module configuration

6.1.3 The ctcasd daemon administration

6.1.4 The ctcasd daemon key files

6.1.5 Generate new keys

6.1.6 Changing the default key type for ctcasd

6.1.7 Removing entries from the trusted host list file

6.1.8 Verifying exchanged public host keys

6.2 Administration of Resource Monitoring and Control

6.2.1 Configuration files for Resource Monitoring and Control.

6.2.2 Allowing a non-root user to administer CSM

Abbreviations and acronyms

Related publications

IBM Redbooks

Other resources

Referenced Web sites

How to get IBM Redbooks

IBM Redbooks collections

Index

Back cover.

Notes:

"December 2002."

"SG24-6873-00."

Includes bibliographical references and index.

OCLC:

560315618