Configure the use of Vmcontrol in a power virtualization environment that uses specific SSH software

Source: Internet
Author: User
Tags command line reflection requires ssh ssh server

In the data center, some companies prefer to use some more professional SSH server/client software to replace the system's own OpenSSH software to ensure the security of system management, file transfer and application connections, effectively resisting various internal and external security risks. In response to this environmental requirement, IBM has since Vmcontrol 2.4 to support users to use Non-default OpenSSH SSH software in the Vmcontrol management environment, but users need to do some extra configuration in the environment. This article will introduce this part of the configuration work to help power administrators understand and understand the specific ways to properly use Vmcontrol 2.4来 for virtualization management.

Vmcontrol support for several common SSH management software

As an advanced plug-in for IBM Systems Director, Vmcontrol can manage the power servers, network, and storage resources of the datacenter, quickly capture and deploy virtual machines (LPARs), and power Virtualized resources (servers and virtual machines) are combined in the system pool, which enables real-time monitoring, optimal management, and automated response for different workloads in the environment (workload).

And the implementation of these management functions has to mention an important protocol SSH (Secure Shell). Many times IBM system Director Some of the advanced management features that typically use the SSH protocol and managed servers and systems to communicate. This requires the system to pre-installed OpenSSH software so that Director can establish secure SSH key authentication with the system.

In the Vmcontrol PowerVM management environment, NIM Master will use the SSH and Ssh-keygen commands in OpenSSH to process the SSH key during the deployment and capture process, and once the SCS (storage Replication Service) deployment is complete, the virtual machine needs To AE (Activate Engine, activate the engine) to automatically reset the SSH key.

But for some reasons, such as support for specific SSH management software or reliance on additional functionality provided by specific SSH management software, some companies may use more professional ssh server/client software in PowerVM management environments, This replaces the system's own OpenSSH software to ensure the security of system management, file transfer and application connectivity, effectively resisting various internal and external security risks.

In addition to the default OpenSSH support, Vmcontrol also provides some additional SSH software support to meet the needs of these customers. In this way, users can use IBM Systems Director and Vmcontrol to implement advanced virtualization management and optimization in a power virtualization environment that uses specific SSH software.

So what SSH software can users use in the Vmcontrol PowerVM management environment?

There are two simple categories, the first of which is any SSH management software that supports the OpenSSH format key (that is, a PKCS 8 PEM code key), such as Request OpenSSH.

The second category is some SSH management software that does not support OpenSSH format keys, such as Attachmate Reflection ssh or Tectia ssh.

For the second type of SSH management software, all are SSH server software that does not support the OpenSSH format key. In these applications, the Attachmate Reflection ssh or tectia SSH configuration is simpler and requires no additional configuration on the IBM Systems Director server side, and the user must configure IBM Systems Dir Ector the server side to establish an SSH key based authentication with these regulated resources.

It is important to note that, while the above SSH software is supported, it does not mean that all management devices in the PowerVM virtualized environment must have those SSH software installed, and in fact OpenSSH will still exist in PowerVM management environments such as HMC, IVM, VIOS, as this Some devices do not natively support the installation of additional SSH software.

Then, in the following Vmcontrol PowerVM management environments, Vmcontrol supports the use of the supported SSH software environment to perform capture and deployment tasks:

AIX systems in a PowerVM virtualized environment that relies on NIM Master;

AIX and Linux systems in a PowerVM virtualized environment that relies on the storage Replication Service (SCS).

Configuration of the management environment for Vmcontrol 2.4 for different SSH software in virtualized environments

By default, IBM Systems Director Vmcontrol can communicate with the unmanaged virtual machine system with other SSH software that is not OpenSSH and establish the correct key authentication. However, the configuration is slightly different in the Vmcontrol management environment based on NIM and the Vmcontrol management environment based on SCS. The following is a description of the specific configuration methods for both environments.

General configuration of the Vmcontrol management environment based on NIM

In the Vmcontrol virtualized management environment based on NIM, to implement the capture and deployment of virtual machines using other SSH software other than OpenSSH, we are going to complete the Nim Master-side SSH-related configuration and the captured virtual machine-side SSH-related configuration.

NIM Master-side SSH environment configuration

The first step is to confirm that the NIM Master system has specific SSH software installed and that the SSH command is placed under the/usr/bin/ssh folder. Take Reflection ssh here for example, if the SSH software is used on NIM Master. View the installed version information and the path information for the installed SSH command line by using the following command.

(0) root @ xvl3033::/

# ssh-v

Ssh:reflection for Secure IT 7.2.0.115 on Powerpc-ibm-aix (32-bit).

(0) root @ xvl3033::/

# which SSH

/usr/bin/ssh

The above results show that the current NIM Master uses Reflection ssh, and the corresponding SSH command is in/usr/bin/.

Note that if you use an SSH package that does not place ssh under/usr/bin and you do not create a symbolic link to the SSH command line in/usr/bin, you must create the symbolic link.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.