Purpose
Manages the Virtual I/O
Server.
Managing
the
Virtual I/O Server includes the following tasks:
- Set date and time zone
- Change passwords
- Set system security
- Virtual I/O Server TCP/IP configuration
- Install and update software
- Storage management
- Devices
- Performance
- Role-based access control
- Shared storage pools
- Electronic Service Agent™
The cfgassist command is menu-driven and accessible
only by the padmin user or any user with the authorization
vios.security.cfgassist for security reasons.
Description
- Set date and time zone
- Set the date and time zone of the Virtual I/O Server.
- Change passwords
- Change the passwords for the users of the Virtual I/O Server.
- Set system security
- Set or unset the security settings by enforcing security rules
and configuring firewall settings on the Virtual I/O Server.
- Virtual I/O Server TCP/IP configuration
- Set the TCP/IP configuration parameters that the Virtual I/O Server
requires. The parameters include the host name, the IP address, the
interface on which the IP is to be configured, the subnet mask, the
gateway, the name server address, and the domain name.
- Install and update software
- Use to install and update software on the Virtual I/O Server.
- Storage Management
- Manage the storage on the Virtual I/O Server. Management operations
include creation, deletion, or modification to the following storage
devices: volume groups, logical volumes, physical volumes, storage
pools, and virtual media repositories.
- Devices
- Manage the devices on the Virtual I/O Server, including virtual
devices. Management operations include configuring or unconfiguring
devices, changing characteristics of devices, removing devices, and
configuring shared Ethernet adapters, link aggregation, and virtual
local area network (VLAN).
- Performance
- Manage the performance tools on the Virtual I/O Server by using
the following topas functions:
- Topas recordings:
The Virtual I/O Server supports local,
central electronics process (CEC), and cluster recording capabilities.
These recordings can be either persistent or normal. Persistent recordings
are recordings that run on the Virtual I/O Server and continue to
run after the Virtual I/O Server reboots. Normal recordings are recordings
that run for a specified time interval. The recording data files that
are generated are stored in /home/ios/perf/topas. Local recordings
gather data about the Virtual I/O Server, whereas CEC recordings gather data about
any AIX® logical partitions that
are running on the same CEC as the Virtual I/O Server. The data
collected consists of dedicated and shared logical partition data,
as well as a set of aggregated values that provide an overview of
the partition set. Cluster recordings gather data from a list of hosts
that are specified in a cluster configuration file. This list is considered
a single cluster. The cluster configuration file is populated with
host names and IP addresses by using the xmtopas configuration
option for the cfgassist command. These hosts can belong to
various CECs that are not on the same CEC as the Virtual I/O Server,
although the xmtopas option, which is responsible for gathering
data outside of the Virtual I/O Server, must be enabled to start the
CEC and cluster recordings. The recording format can be specified
by the user as either binary or nmon.
Persistent recordings
are started by the cfgassist command with the option to specify
the cut and retention of the recording. The user can specify the number
of days of recording to be stored per recording file (cut) and the
number of days of recording to be retained (retention) before the
recording can be deleted. Not more than one instance of persistent
recording of the same type (CEC or local recording) can be run in
a system. When a persistent recording is started, the recording command
is called with user-specified options. The same set of command-line
options used by this persistent recording is added to inittab entries.
This ensures that the recording is started automatically on reboot
or restart of the system.
If a system is already running a persistent
local recording (binary or nmon recording format), a user might want
to start a new persistent recording of a local binary recording. To
start a new persistent recording, the existing persistent recording
must first be stopped by using the stop persistent recording option
available under the stop recording option. Then a new persistent local
recording has to be started from the start persistent local recording
option. Starting a persistent recording fails if a persistent recording
of the same recording format is already running in the system. Recordings
are deleted after the specified retention period. By default, local
persistent recordings run on the Virtual I/O Server.
- Performance Manager
This function configures the Performance
Manager (perfmgr) agent to gather data about performance of
the Virtual I/O Server to analyze the data. The generated recordings
are picked up by the Electronic
Service Agent (ESA) agent, which sends the data to IBM support
for analysis.
After the agent is started, it runs various scripts
internally to collect various data and generates a single data file
named stats.send. All the individual data files and the stats.send file
are stored in /var/perf/pm/daily/<hostname>/. Normally,
the stats.send file is generated every midnight from the list
of individual data files, which are generated by internally called
scripts. A user can generate the stats.send file on demand
by running the Retransmit Recorded Data menu.
- Role-based access control
- Role-based access control (RBAC) concepts are a part of the core
set of security functions. RBAC provides a mechanism in the VIOS system
through which the padmin -specific system functions can also
be managed through users by using the roles assigned to them. RBAC
addresses two aspects of system management: convenience and flexibility
through the split of system management functions as roles. RBAC permits
the system administrator to define roles based on the job functions
within an organization. The administrator assigns authorizations to
these roles, which might require detailed operations to manage resources.
Users are granted membership in the roles (defining the authority
and responsibility for the user) based on their job requirements.
In other words, a role confers to a set of permissions or authorizations
to the assigned user. Also implementation could allow for hierarchies
of roles. RBAC simplifies the system administration due to the following
reasons:
- RBAC permits you to implement and enforce companywide security
policies consistently with regard to system management and access
control.
- It is expected that a role or job function definition within an
organization remains the same as compared to resources and users.
Hence, a change in the role definition is not required.
- By breaking down system functions into smaller units, RBAC permits
you to protect the system to a greater extent. The isolation enforced
around smaller units of administration confines the attackers to the
smallest unit of power in the system.
- RBAC reduces the likelihood of making mistakes of commission and
omission in granting privileges to users.
- RBAC permits you to enforce the traditional least privilege model
of security.
- Electronic
Service Agent
- Electronic
Service Agent automatically monitors and collects hardware problem
information and sends this information to IBM® support. It also can collect
hardware, software, system configuration, and performance management
information which can help IBM support assist in diagnosing problems.
- Shared storage pools
- Shared storage pools manage the cluster
and VIOS nodes, storage pool, and logical units. The following are
the submenu options of shared storage pools:
- Manage cluster and VIOS node
- Manage storage pools in cluster
- Manage logical units in storage pool
- Manage cluster and VIOS node
- Using this menu option, the user can create or delete a cluster,
list existing clusters, add or delete VIOS nodes from a cluster, and
list nodes in a cluster.
- Manage storage pools in cluster
- Using this menu option, the user can list storage pools in a cluster,
list, change, or show physical volumes in a storage pool, and set
or modify storage pool threshold alert.
- Manage logical units in storage pool
- Using this menu option, the user can create and map logical units,
unmap logical units, delete logical units, list logical units, list
logical unit maps, create logical unit snapshots, list logical unit
snapshots, roll back to snapshot, and delete snapshots.
Security
The cfgassist command
is a privileged command. To run the command successfully, assume a
role that has the authorization, vios.security.cfgassist.
Examples
To
start the configuration menu, type the following command:
cfgassist