You are previewing An Introduction to Security in a CSM 1.3 for AIX 5L Environment.
O'Reilly logo
An Introduction to Security in a CSM 1.3 for AIX 5L Environment

Book Description

This IBM Redbooks publication contains information about the first official release of the new clustering software IBM Cluster Systems Management (CSM) on AIX 5L Version 5.2. Features include base cluster configuration and management, Resource Monitoring and Control (RMC), subsystem access control list setup for shipped CSM resource managers, hardware control, configuration file management, distributed command execution, and a distributed GUI based on the AIX WebSM infrastructure. Included in this release of CSM is a complete set of base security functions based on IBM host-based authentication (HBA) and offered through an abstraction layer in the CSM software. CSM automatically configures HBA for use by the cluster services and establishes secure cluster communications for the shipped CSM resource managers.
The first part of this publication is conceptual and includes an introduction to security for CSM 1.3 for AIX 5L, security concepts and components, and CSM security infrastructure. Next, practical security considerations are provided. Topics, such as network considerations, security in an heterogeneous environment, and security considerations for hardware control, are discussed. The last part of this publication details secure remote command execution, as well as security administration. Among the topics covered are remote command execution software, OpenSSH installation, and administration of RMC.

Table of Contents

  1. Figures
  2. Notices
    1. Trademarks
  3. Preface
    1. The team that wrote this redbook
    2. Become a published author
    3. Comments welcome
  4. Chapter 1: Introduction
    1. Security overview
      1. System security
      2. Network security basics
      3. Data transmission security
    2. Cluster Systems Management security basics
      1. Reliable Scalable Cluster Technology (RSCT)
      2. Resource Monitoring and Control (RMC)
      3. Resource managers (RM)
      4. Cluster Security Services (CtSec)
      5. Group Services and Topology Services
  5. Chapter 2: Security concepts and components
    1. General security requirements
      1. Authentication
      2. Authorization
      3. Data privacy
      4. Data integrity
    2. Security algorithms
      1. Symmetric key encryption
      2. Public key encryption
      3. Secure hash functions
      4. Public key certificate
      5. Secure Sockets Layer and Transport Layer Security
      6. Secure Shell (SSH)
    3. Security requirements and algorithm relationship
      1. Using encryption to ensure data privacy
      2. Using signatures to ensure data integrity
      3. Combining data integrity and data privacy
      4. Use of different cryptographic techniques
  6. Chapter 3: Cluster Systems Management security infrastructure
    1. Reliable Scalable Cluster Technology security
    2. Components of Cluster Security Services (CtSec)
      1. Mechanism abstract layer (MAL)
      2. Mechanism pluggable module (MPM)
      3. UNIX mechanism pluggable module
      4. Host-based authentication with ctcasd
      5. Identity mapping service
      6. Resource Monitoring and Control access control list
    3. Communication flow examples
      1. Initial cluster setup
      2. Adding a new node
      3. Requesting access to resources
  7. Chapter 4: Practical security considerations
    1. Network considerations
    2. Shell security (required parameters)
    3. Configuration file manager (CFM)
    4. User management
    5. Security in a heterogeneous environment
    6. Web-Based System Manager
      1. Securing Web-Based System Manager
      2. Installing WebSM Security on a remote client
    7. Security considerations for hardware control
      1. User IDs and passwords
      2. Resource Monitoring and Control access control lists
      3. Console server security
    8. Name resolution
  8. Chapter 5: Securing remote command execution
    1. Remote command execution software
    2. OpenSSH installation on AIX
      1. Downloading OpenSSH and prerequisite OpenSSL software
      2. Preinstallation tasks
      3. Installing SSH on AIX manually
      4. Post-installation tasks
      5. Installing OpenSSH 3.4 for AIX 5L on AIX servers using NIM
      6. Verifying the SSH installation on the AIX nodes
    3. Installing SSH on Linux nodes
    4. OpenSSH configuration inside the CSM cluster
      1. Preliminary actions
      2. Update the Cluster Systems Management database
      3. Checking the dsh settings
      4. Set up OpenSSH
      5. How the automated configuration works
      6. Verifying the SSH configuration
    5. Other remote command execution programs
  9. Chapter 6: Security administration
    1. Administration of Cluster Security Services
      1. Configuration files
      2. Mechanism pluggable module configuration
      3. The ctcasd daemon administration
      4. The ctcasd daemon key files
      5. Generate new keys
      6. Changing the default key type for ctcasd
      7. Removing entries from the trusted host list file
      8. Verifying exchanged public host keys
    2. Administration of Resource Monitoring and Control
      1. Configuration files for Resource Monitoring and Control
      2. Allowing a non-root user to administer CSM
  10. Abbreviations and acronyms
  11. Related publications
    1. IBM Redbooks
      1. Other resources
    2. Referenced Web sites
    3. How to get IBM Redbooks
      1. IBM Redbooks collections
  12. Index
  13. Back cover