You are previewing HP-UX CSE Official Study Guide and Desk Reference.
O'Reilly logo
HP-UX CSE Official Study Guide and Desk Reference

Book Description

HP-UX CSE: Official Study Guide and Desk Reference

The definitive HP-UX CSE exam preparation guide and reference

HP-approved coverage of all three CSE exams: CSE HP-UX Advanced System Administration, CSE High Availability Using HP-UX Serviceguard, and CSE HP-UX Networking and Security

Comprehensive study resources: exam objectives, sample questions, and summaries for last-minute review

More than a great study guide: an outstanding reference for working system engineers

This book delivers comprehensive preparation for all three HP-UX CSE exams, the core exam: CSE HP-UX Advanced System Administration, and specialty exams, CSE High Availability Using HP-UX Serviceguard and CSE HP-UX Networking and Security. Coverage includes:

  • Implementing HP-UX in technology-rich enterprise environments

  • Maximizing the performance and availability of HP-UX systems and applications

  • Partitioning: node and virtual partitions

  • Disks, volumes, file systems: RAID, LVM, VxVM, HFS, VxFS, VFS layer, swap/dump space, and more

  • Monitoring system resources, activities, events, and kernels

  • Processes, threads, and bottlenecks: priorities, run queues, multi-processor environments, memory requirements, bottlenecks, and more

  • Installation, patching, and recovery, including Software Distributor and Ignite-UX

  • Emergency recovery with HP-UX installation media

  • Broad networking coverage: IPv6, ndd, DHCP, DNS, NTP, CIFS/9000, LDAP, sendmail, Automatic Port Aggregation, VPNs, VLANs, and more

  • Planning, implementing, and managing high availability clustering with Serviceguard

  • Other HP-UX cluster solutions: Extended Serviceguard Cluster, Metrocluster, Continentalclusters, and more

  • Infrastructure for remote access to HA clusters: SANs, DWDM, dark fiber

  • HP-UX security administration: Trusted systems, SSH, HIDS, IPSec, IPFilter, and Bastille Operating Systems/HP-UX

  • Sample questions, last-minute review tips, and other study resources

  • This isn't just an outstanding prep guide, it's the definitive day-to-day reference for working professionals in high availability environments.

    © Copyright Pearson Education. All rights reserved.

    Table of Contents

    1. Copyright
      1. Dedication
    2. Hewlett-Packard® Professional Books
    3. PREFACE
      1. HP-UX CSE: ADVANCED ADMINISTRATION
      2. HP-UX CSE: HIGH AVAILABILITY WITH HP-UX SERVICEGUARD
      3. HP-UX CSE: NETWORKING AND SECURITY
      4. Acknowledgments
    4. ONE. Managing HP-UX Servers
      1. ONE. An Introduction to Your Hardware
        1. 1.1. Key Server Technologies
        2. 1.2. Processor Architecture
        3. 1.3. Virtual Memory
        4. 1.4. The IO Subsystem
        5. 1.5. The Big Picture
        6. 1.6. Before We Begin…
        7. REFERENCES
      2. TWO. Partitioned Servers: Node Partitions
        1. 2.1. A Basic Hardware Guide to nPars
          1. 2.1.1. A cell board
          2. 2.1.2. The IO cardcage
          3. 2.1.3. The Core IO card
          4. 2.1.4. System backplane
          5. 2.1.5. How cells and IO cardcages fit into a complex
          6. 2.1.6. Considerations when creating a complex profile
          7. 2.1.7. The Utility Subsystem
          8. 2.1.8. The GSP
            1. 2.1.8.1. THE COMPLEX PROFILE AND THE GSP
            2. 2.1.8.2. INVESTIGATING THE CURRENT COMPLEX PROFILE
          9. 2.1.9. Other complex related GSP tasks
          10. 2.1.10. IO Cardcage slot numbering
            1. 2.1.10.1. HP-UX HARDWARE ADDRESSING ON A NODE PARTITION
        2. 2.2. The Genesis Partition
          1. 2.2.1. Ensure that all cells are inactive
          2. 2.2.2. Creating the Genesis Partition
            1. 2.2.2.1. BOOT ACTIONS
        3. 2.3. Cell Behavior During the Initial Boot of a Partition
        4. 2.4. Partition Manager
          1. 2.4.1. Modifying existing partitions
            1. 2.4.1.1. REMOVING AN ACTIVE CELL FROM AN ACTIVE PARTITION
            2. 2.4.1.2. REMOVING AN INACTIVE CELL FROM A PARTITION
          2. 2.4.2. Adding a cell to a partition
          3. 2.4.3. Deleting a partition
        5. 2.5. Other Boot-Related Tasks
          1. 2.5.1. Reboot/Halt a partition
          2. 2.5.2. Reboot-for-reconfig a partition
          3. 2.5.3. Reset a partition
          4. 2.5.4. Instigate a crashdump in a hung partition
          5. 2.5.5. Boot actions
          6. 2.5.6. Powering off components
        6. Chapter Review
        7. Test Your Knowledge
        8. Answer to Test Your Knowledge Questions
        9. Chapter Review Questions
        10. Answers to Chapter Review Questions
      3. THREE. Partitioned Servers: Virtual Partitions
        1. 3.1. An Introduction to Virtual Partitions
        2. 3.2. Obtaining the Virtual Partitions Software
        3. 3.3. Setting Up an Ignite-UX Server to Support Virtual Partitions
        4. 3.4. Planning Your Virtual Partitions
        5. 3.5. Creating the vPar Database
        6. 3.6. Booting a Newly Created vPar from an Ignite-UX Server
        7. 3.7. Managing Hardware within a Virtual Partition
          1. 3.7.1. Adding/removing cells to an nPar running vPars
        8. 3.8. Rebooting vpmon
        9. 3.9. Interfacing with the Virtual Partition Monitor: vpmon
        10. 3.10. Changing Partition Attributes
          1. 3.10.1. Changing configuration attributes
          2. 3.10.2. Changing boot-related attributes
        11. 3.11. Resetting a Virtual Partition
        12. 3.12. Removing a Virtual Partition
        13. 3.13. Turning Off Virtual Partition Functionality
        14. Chapter Review
        15. Test Your Knowledge
        16. Answers to Test Your Knowledge
        17. Chapter Review Questions
        18. Answers to Chapter Review Questions
      4. FOUR. Advanced Peripherals Configuration
        1. 4.1. Reorganizing Your IO Tree
          1. 4.1.1. Consider making a System Recovery Tape
          2. 4.1.2. Collect IO trees from all nodes concerned
          3. 4.1.3. Decide on the format of the standardized IO tree
          4. 4.1.4. Document current device file → hardware path mapping
          5. 4.1.5. Establish which system and user applications use current device files
          6. 4.1.6. Create an ASCII file representing the new IO tree
          7. 4.1.7. Shut down the system(s) to single user mode
          8. 4.1.8. Apply the new IO tree configuration with the ioinit command
          9. 4.1.9. Reboot the system to single user mode
          10. 4.1.10. Check that all new device files are created correctly
          11. 4.1.11. Rework any user or system applications affected by the change in device file names
          12. 4.1.12. Remove all old device files
        2. 4.2. Disk Device Files in a Switched Fabric, Fibre Channel SAN
        3. 4.3. Online Addition and Replacement: OLA/R
          1. 4.3.1. Replacing a failed PCI card
            1. 1. IDENTIFY THE FAILED PCI CARD
            2. 2. PERFORM CRITICAL RESOURCE ANALYSIS ON THE AFFECTED PCI CARD
            3. 3. TURN ON THE ATTENTION LIGHT FOR THE AFFECTED PCI CARD SLOT
            4. 4. CHECK THAT THE AFFECTED PCI SLOT IS IN ITS OWN POWER DOMAIN
            5. 5. CHECK THAT THE AFFECTED PCI CARD IS NOT A MULTI-FUNCTION CARD
            6. 6. RUN ANY ASSOCIATED DRIVER SCRIPTS BEFORE SUSPENDING THE DRIVER
            7. 7. SUSPEND THE KERNEL DRIVER FOR THE AFFECTED PCI SLOT
            8. 8. TURN OFF THE POWER TO THE AFFECTED PCI SLOT
            9. 9. REPLACE THE PCI CARD
            10. 10. TURN ON THE POWER TO THE PCI SLOT
            11. 11. RUN ANY ASSOCIATED DRIVER SCRIPTS BEFORE RESUMING THE DRIVER
            12. 12. RESUME THE DRIVER FOR THE PCI SLOT
            13. 13. CHECK FUNCTIONALITY OF THE NEWLY REPLACED PCI CARD
            14. 14. TURN OFF THE ATTENTION LIGHT FOR THE AFFECTED PCI SLOT
          2. 4.3.2. Adding a new PCI card
        4. Test Your Knowledge
        5. Answers to Test Your Knowledge
        6. Chapter Review Questions
        7. Answers to Chapter Review Questions
      5. FIVE. Disks and Volumes: RAID Levels and RAID Parity Data
        1. 5.1. RAID Levels
        2. 5.2. RAID Parity Data
        3. Chapter Review
        4. Test Your Knowledge
        5. Answers to Test Your Knowledge
        6. Chapter Review Questions
        7. Answers to Chapter Review Questions
      6. SIX. Disks and Volumes: LVM
        1. 6.1. LVM Striping (RAID 0)
        2. 6.2. LVM Mirroring (RAID 1)
          1. 6.2.1. PVG-strict
          2. 6.2.2. Mirroring vg00
          3. 6.2.3. Lose a disk online, but have it replaced while the system is still running
          4. 6.2.4. Lose a disk, and sustain a reboot before the disk can be replaced
          5. 6.2.5. Spare volumes
          6. 6.2.6. Conclusions on mirroring
        3. 6.3. Alternate PV Links
        4. 6.4. Exporting and Importing Volume Groups
        5. 6.5. Forward Compatibility with Newer, Larger Capacity Disk Drives
        6. Chapter Review
        7. Test Your Knowledge
        8. Answers to Test Your Knowledge
        9. Chapter Review Questions
        10. Answers to Chapter Review Questions
      7. SEVEN. Disks and Volumes: Veritas Volume Manager
        1. 7.1. Introducing Veritas Volume Manager
        2. 7.2. VxVM Striping (RAID 0)
        3. 7.3. VxVM Mirroring (RAID 1)
        4. 7.4. VxVM Striping and Mirroring (RAID 0/1 and 1/0)
        5. 7.5. Faster Mirror Resynchronization after a System Crash
        6. 7.6. VxVM RAID 5
        7. 7.7. Recovering from a Failed Disk
        8. 7.8. Using Spare Disks
        9. 7.9. VxVM Snapshots
        10. 7.10. VxVM Rootability
        11. 7.11. Other VxVM Tasks
          1. 7.11.1. Deport and import of a disk group
          2. 7.11.2. Dynamic relayout
          3. 7.11.3. LVM to VxVM conversion
          4. 7.11.4. Dynamic Multipathing (DMP)
          5. 7.11.5. VxVM diagnostic commands
        12. Chapter Review
        13. Test Your Knowledge
        14. Answers to Test Your Knowledge
        15. Chapter Review Questions
        16. Answers to Chapter Review Questions
      8. EIGHT. Filesystems: HFS, VxFS, and the VFS Layer
        1. 8.1. Basic Filesystem Characteristics
          1. 8.1.1. Large files
        2. 8.2. HFS Internal Structure
        3. 8.3. Tuning an HFS Filesystem
          1. 8.3.1. Filesystems containing only a few large files
          2. 8.3.2. Resizing an HFS filesystem
          3. 8.3.3. Symbolic and hard links
        4. 8.4. HFS Access Control Lists
        5. 8.5. VxFS Internal Structures
        6. 8.6. Online JFS Features
          1. 8.6.1. Upgrading an older VxFS filesystem
          2. 8.6.2. Converting an exiting HFS filesystem to VxFS
          3. 8.6.3. Online resizing of a filesystem
          4. 8.6.4. Online de-fragmentation of a filesystem
          5. 8.6.5. Logging levels used by the intent log
          6. 8.6.6. Setting extent attributes for individual files
        7. 8.7. Tuning a VxFS Filesystem
          1. 8.7.1. Additional mount options to affect IO performance
          2. 8.7.2. Buffer cache related options (mincache=)
          3. 8.7.3. Controlling synchronous IO (convosync=)
          4. 8.7.4. Updating the /etc/fstab file
        8. 8.8. VxFS Snapshots
        9. 8.9. Navigating through Filesystems via the VFS Layer
        10. Chapter Review
        11. Test Your Knowledge
        12. Answers to Test Your Knowledge
        13. Chapter Review Questions
        14. Answers to Chapter Review Questions
        15. REFERENCES
      9. NINE. Swap and Dump Space
        1. 9.1. Swap Space, Paging, and Virtual Memory Management
          1. 9.1.1. The virtual memory system
        2. 9.2. How Much Swap Space Do I Need?
          1. 9.2.1. Reserving swap space
          2. 9.2.2. When to throw pages out
          3. 9.2.3. So how much swap space should I configure?
        3. 9.3. Configuring Additional Swap Devices
        4. Chapter Review on Swap Space
        5. 9.4. When Dump Space Is Used
        6. 9.5. Including Page Classes in the Crashdump Configuration
        7. 9.6. Configuring Additional Dump Space
        8. 9.7. The savecrash Process
        9. 9.8. Dump and Swap Space in the Same Volume
        10. Chapter Review on Dump Space
        11. Test Your Knowledge
        12. Answers to Test Your Knowledge
        13. Chapter Review Questions
        14. Answers to Chapter Review Questions
        15. REFERENCES
      10. TEN. Monitoring System Resources
        1. 10.1. Dynamic Kernel Configuration and Monitoring
          1. 10.1.1. Dynamically Loadable Kernel Modules (DLKM)
            1. 10.1.1.1. STATIC OR DYNAMIC
          2. 10.1.2. Dynamically Tunable Kernel Parameters (DTKP)
          3. 10.1.3. Monitoring kernel resource with kcweb
        2. 10.2. Monitoring General System Activity and Events
          1. 10.2.1. syslogd
            1. 10.2.1.1. MANAGING SYSLOG LOGFILES
          2. 10.2.2. The Event Monitoring System (EMS)
          3. 10.2.3. Support Tools Manager (STM)
        3. 10.3. Was It a PANIC, a TOC, or an HPMC?
          1. 10.3.1. An HPMC
          2. 10.3.2. A TOC
          3. 10.3.3. A PANIC
          4. 10.3.4. Storing a crashdump to tape
        4. Chapter Review
        5. Test Your Knowledge
        6. Answers to Test Your Knowledge
        7. Chapter Review Questions
        8. Answers to Chapter Review Questions
      11. ELEVEN. Processes, Threads, and Bottlenecks
        1. 11.1. Defining Processes and Threads
          1. 11.1.1. Tools to monitor processes
          2. 11.1.2. Processes and threads
          3. 11.1.3. Managing threads
          4. 11.1.4. Viewing threads
        2. 11.2. Process Life Cycle
        3. 11.3. Context Switches and Timeslices
        4. 11.4. Process/Thread Priorities and Run Queues
          1. 11.4.1. Scheduling policies and run queues
        5. 11.5. Multiprocessor Environments and Processor Affinity
          1. 11.5.1. cc-NUMA and other deviants
          2. 11.5.2. The mpctl() system call and processor affinity
          3. 11.5.3. Processor Sets
          4. 11.5.4. Concurrency in multiprocessor environments
        6. 11.6. Memory Requirements for Processes/Threads
          1. 11.6.1. Locating private and shared data
        7. 11.7. Memory Limitations for 32-bit Operating Systems, magic Numbers, and Memory Windows
          1. 11.7.1. Program magic numbers
          2. 11.7.2. Memory windows
        8. 11.8. Performance Optimized Page Sizes (POPS)
          1. 11.8.1. POPS using vps_ceiling and vps_pagesize
          2. 11.8.2. POPS using chatr
          3. 11.8.3. Conclusions on POPS
        9. Chapter Review on a Process Life Cycle
        10. 11.9. Common Bottlenecks for Processes and Threads
          1. 11.9.1. Common CPU bottlenecks
            1. 11.9.1.1. RESOLVING CPU BOTTLENECKS
          2. 11.9.2. Common memory bottlenecks
            1. 11.9.2.1. RESOLVING MEMORY BOTTLENECKS
          3. 11.9.3. Common disk bottlenecks
            1. 11.9.3.1. RESOLVING DISK BOTTLENECKS
        11. Chapter Review on Common Bottlenecks
        12. 11.10. Prioritizing Workloads with PRM and WLM
          1. 11.10.1. A simple PRM configuration to manage CPU shares
            1. 11.10.1.1. PRM APPLICATION RECORDS
            2. 11.10.1.2. THREAD SCHEDULING AND PRM
            3. 11.10.1.3. PRM PROCESSOR SETS
          2. 11.10.2. Using PRM to prioritize memory shares
        13. Chapter Review on PRM
          1. 11.10.3. WorkLoad Manager (WLM)
            1. 11.10.3.1. THE WLM CONFIGURATION FILE
            2. 11.10.3.2. SPECIFYING A GOAL
            3. 11.10.3.3. HELP IS AT HAND: WLM TOOLKITS
        14. Chapter Review on WLM
        15. Test Your Knowledge
        16. Answers to Test Your Knowledge
        17. Chapter Review Questions
        18. Answers to Chapter Review Questions
        19. REFERENCES
    5. TWO. Install, Update, and Recovery
      1. TWELVE. HP-UX Patches
        1. 12.1. What Is a Patch?
        2. 12.2. When Should I Patch My Server(s)?
        3. 12.3. Understanding the Risks Involved When Applying Patches
        4. 12.4. Obtaining Patches
          1. 12.4.1. ITRC
            1. 12.4.1.1. ITRC: CUSTOM PATCH MANAGER
          2. 12.4.2. Support Plus Media
            1. 12.4.2.1. THE BUNDLE MATRIX
          3. 12.4.3. Support Plus CD-ROM Layout
          4. 12.4.4. HP online Software Depot
            1. 12.4.4.1. SECURITY PATCH CHECK
          5. 12.4.5. Local Response Center
          6. 12.4.6. HP-assigned Support Representative
        5. 12.5. Patch Naming Convention
        6. 12.6. Patch Ratings
          1. 12.6.1. Patches with warnings
          2. 12.6.2. Patch rating update
        7. 12.7. The Patch shar File
        8. 12.8. Patch Attributes
          1. 12.8.1. Is a patch applied or configured?
          2. 12.8.2. Patch ancestry
        9. 12.9. Setting Up a Patch Depot
          1. 12.9.1. A patch-only depot
          2. 12.9.2. A depot of software and associated patches
          3. 12.9.3. The process of setting up the patch depot
        10. 12.10. Installing Patches
          1. 12.10.1. Installing patches from a patch-only depot
          2. 12.10.2. Installing patches from a software-and-patches depot
        11. 12.11. Removing Patches and Committing Patches
          1. 12.11.1. Committing patches
        12. 12.12. Managing a Patch Depot
        13. Chapter Review
        14. Test Your Knowledge
        15. Answers to Test Your Knowledge
        16. Chapter Review Questions
        17. Answers to Chapter Review Questions
      2. THIRTEEN. Installing Software with Software Distributor and Ignite-UX
        1. 13.1. Using swinstall to Push Software across the Network
          1. 13.1.1. Set up a software-and-patches depot on the depot server
          2. 13.1.2. Make Service Control Manager depot available on the depot server
          3. 13.1.3. Set up Remote Operations Agent software on each client machine
            1. 13.1.3.1. REMOTE OPERATIONS AND SOFTWARE DISTRIBUTOR ACLS
          4. 13.1.4. On the depot server, set up Remote Operations GUI (optional)
          5. 13.1.5. Push software to remote clients
        2. 13.2. Installing a Complete Operating System Using Ignite-UX
          1. 13.2.1. Set up an Ignite-UX server to utilize an existing Core OS depot
            1. 13.2.1.1. INSTALL THE IGNITE-UX SOFTWARE
            2. 13.2.1.2. SET UP TEMPORARY IP ADDRESSES FOR BOOT CLIENTS
            3. 13.2.1.3. SET UP TFTP AND INSTL_BOOTD SERVICE IN /ETC/INETD.CONF.
            4. 13.2.1.4. SET UP /ETC/EXPORTS TO GIVE NFS ACCESS TO THE /VAR/OPT/IGNITE/CLIENTS DIRECTORY
            5. 13.2.1.5. SET UP IGNITE-UX PARAMETERS TO BE USED DURING THE INSTALLATION OF THE OPERATING SYSTEM
            6. 13.2.1.6. SET UP A DHCP SERVER (OPTIONAL)
            7. 13.2.1.7. SET UP SOFTWARE DEPOT(S)
            8. 13.2.1.8. CREATE AN IGNITE-UX CONFIGURATION FILE THAT REPRESENTS THE CONTENTS OF THE SOFTWARE DEPOT(S)
            9. 13.2.1.9. UPDATE THE IGNITE-UX INDEX FILE TO REFLECT THE NEW CONFIGURATIONS THAT ARE NOW AVAILABLE
            10. 13.2.1.10. ENSURE THAT THE IGNITE-UX SERVER RECOGNIZES ALL CLIENTS
          2. 13.2.2. Adding additional software to a Core OS configuration
            1. 13.2.2.1. SET UP SOFTWARE DEPOT(S)
            2. 13.2.2.2. CREATE AN IGNITE-U UX CONFIGURATION FILE THAT REPRESENTS THE CONTENTS OF THE SOFTWARE DEPOT(S)
            3. 13.2.2.3. UPDATE THE IGNITE-UX INDEX FILE TO REFLECT THE NEW CONFIGURATIONS THAT ARE NOW AVAILABLE
            4. 13.2.2.4. USE THE NEW CONFIGURATION TO INSTALL A CLIENT
        3. 13.3. Setting Up a Golden Image
          1. 13.3.1. Use make_sys_image to create the Golden Image
          2. 13.3.2. Create an Ignite-UX configuration file that represents the contents of the Golden Image
            1. 13.3.2.1. POST-CONFIGURE AND POST-LOAD SCRIPTS
          3. 13.3.3. Update the Ignite-UX INDEX file to reflect the new configurations that are now available
          4. 13.3.4. Test the Golden Image configuration
        4. 13.4. Making a Recovery Archive
          1. 13.4.1. Allowing clients access to the configuration files
          2. 13.4.2. Ensure that the clients have the most up-to-date recovery commands
        5. Chapter Review
        6. Test Your Knowledge
        7. Answers to Test Your Knowledge
        8. Chapter Review Questions
        9. Answers to Chapter Review Questions
      3. FOURTEEN. Emergency Recovery Using the HP-UX Installation Media
        1. 14.1. Recovering a Corrupt Boot Header Including a Missing ISL
        2. 14.2. Recovering from Having No Bootable Kernel
        3. 14.3. Recovering from a Missing Critical Boot File: /stand/rootconf
          1. 14.3.1. A magic label of 0xdeadbeef
          2. 14.3.2. Start block address of the root LV
          3. 14.3.3. Size of the root LV
          4. 14.3.4. Creating the /stand/rootconf file by hand
        4. Chapter Review
        5. Test Your Knowledge
        6. Answers to Test Your Knowledge
        7. Chapter Review Questions
        8. Answers to Chapter Review Questions
    6. THREE. Networking
      1. FIFTEEN. Basic IP Configuration
        1. 15.1. Basic Networking Kernel Parameters
        2. 15.2. Data-Link Level Testing
        3. 15.3. Changing Your MAC Address
        4. 15.4. Link Speed and Auto-Negotiation
          1. 15.4.1. The truth about auto-negotiation
        5. 15.5. What's in an IP Address?
        6. 15.6. Subnetting
        7. 15.7. Static Routes
        8. 15.8. The netconf File
          1. 15.8.1. Proxy ARP
        9. 15.9. Dynamic IP Allocation: RARP and DHCP
          1. 15.9.1. Reverse Address Resolution Protocol: RARP
            1. 15.9.1.1. RARP LIMITATIONS
          2. 15.9.2. Dynamic Host Configuration Protocol: DHCP
            1. 15.9.2.1. DHCP SERVER CONFIGURATION
            2. 15.9.2.2. DHCP: AN INDIVIDUAL NODE CONFIGURATION
            3. 15.9.2.3. DHCP: A POOL GROUP
            4. 15.9.2.4. DHCP: A DEVICE GROUP
            5. 15.9.2.5. BOOTING A DHCP CLIENT
        10. 15.10. Performing a Basic Network Trace
        11. 15.11. Modifying Network Parameters with ndd
          1. 15.11.1. Obtaining a list of network-related parameters
          2. 15.11.2. Changing a network parameter with ndd
          3. 15.11.3. Making an ndd change survive a reboot
        12. 15.12. IP Multiplexing
        13. 15.13. The 128-Bit IP Address: IPv6
        14. 15.14. Automatic Port Aggregation (APA)
          1. 15.14.1. Manually configuring hp_apaconf
          2. 15.14.2. A high-availability network configuration
            1. 15.14.2.1. HOT STANDBY CONFIGURATION
            2. 15.14.2.2. LAN MONITOR CONFIGURATION
            3. 15.14.2.3. USING EXISTING AGGREGATES IN A FAILOVER GROUP
        15. Chapter Review
        16. Test Your Knowledge
        17. Answers to Test Your Knowledge
        18. Chapter Review Questions
        19. Answers to Chapter Review Questions
        20. REFERENCES
      2. SIXTEEN. Dynamic Routing
        1. 16.1. The gated.conf Configuration File
        2. 16.2. Router Discovery Protocol (RDP)
          1. 16.2.1. Router discovery: Server mode
          2. 16.2.2. Router Discovery Protocol: Client mode
          3. 16.2.3. Conclusions on Router Discovery Protocol
        3. 16.3. Routing Information Protocol (RIP)
          1. 16.3.1. Conclusions on RIP
        4. 16.4. Open Shortest Path First (OSPF)
          1. 16.4.1. OSPF Areas and Autonomous Systems
          2. 16.4.2. OSPF example using a single Area
        5. Chapter Review
        6. Test Your Knowledge
        7. Answers to Test Your Knowledge
        8. Chapter Review Questions
        9. Answers to Chapter Review Questions
        10. REFERENCES
      3. SEVENTEEN. Domain Name System (DNS)
        1. 17.1. Configuring a Master Name Server
          1. 17.1.1. Decide on and register (if necessary) a DNS domain name
          2. 17.1.2. Update your/etc/hosts file
          3. 17.1.3. Create a working directory for the DNS database files
          4. 17.1.4. Create the DNS database files using the hosts_to_named utility
          5. 17.1.5. Set up the rndc configuration file
          6. 17.1.6. Start the named daemon
          7. 17.1.7. Set up the resolver configuration files
          8. 17.1.8. Test DNS functionality
        2. 17.2. Configuring Additional Backup Slave and Caching-Only Name Servers
          1. 17.2.1. Setting up a slave server
            1. 17.2.1.1. EFFECTS A SLAVE CAN HAVE ON THE MASTER SERVER
          2. 17.2.2. Setting up a caching only slave
        3. 17.3. Delegating Authority to a Subdomain Including DNS Forwarders
          1. 17.3.1. Help the new master name server set up an appropriate hosts file
          2. 17.3.2. Set up the delegated master name server
          3. 17.3.3. Set up the delegated slave server
          4. 17.3.4. Configure delegated clients to reference delegated name servers
          5. 17.3.5. Make alias (CNAME) names for all delegated hostnames (Optional)
          6. 17.3.6. Reference the delegated name server(s) in the name server database file
            1. 17.3.6.1. DELEGATING NETWORK NUMBERS
          7. 17.3.7. Consider setting up a forwarders entry in the delegated domains /etc/named.conf file
        4. 17.4. Configuring DNS to Accept Automatic Updates from a DHCP Server
          1. 17.4.1. Updating the DHCP Server
          2. 17.4.2. Updating the DNS master server
        5. 17.5. Dynamic DNS Server Updates and TSIG Authentication
          1. 17.5.1. TSIG authentication for zone transfers
        6. Chapter Review
        7. Test Your Knowledge
        8. Answers to Test Your Knowledge
        9. Chapter Review Questions
        10. Answers to Chapter Review Questions
        11. REFERENCES
      4. EIGHTEEN. Network Time Protocol
        1. 18.1. What Time Is It?
        2. 18.2. Choosing a Time Source
        3. 18.3. Stratum Levels and Timeservers
        4. 18.4. The Role of the NTP Software
        5. 18.5. Analyzing Different Time Sources
        6. 18.6. Setting Up the NTP Daemons
        7. 18.7. NTP Server Relationships
          1. 18.7.1. Setting up a peer server
          2. 18.7.2. Setting up NTP authentication
        8. 18.8. An Unlikely Server: A Local Clock Impersonator
        9. 18.9. An NTP Polling Client
        10. 18.10. An NTP Broadcast Client
        11. 18.11. Other Points Relating to NTP
        12. Chapter Review
        13. Test Your Knowledge
        14. Answers to Test Your Knowledge
        15. Chapter Review Questions
        16. Answers to Chapter Review Questions
      5. NINETEEN. An Introduction to sendmail
        1. 19.1. Basic Checks to Ensure That sendmail Is Installed and Working
        2. 19.2. Using sendmail without Using DNS
        3. 19.3. Mail Aliases
        4. 19.4. Masquerading or Site Hiding and Possible DNS Implications
        5. 19.5. A Simple Mail Cluster Configuration
          1. 19.5.1. Set up the mail hub as the host to accept local delivery of all email for all mail clients
          2. 19.5.2. Ensure that all usernames are configured on the mail server
          3. 19.5.3. Ensure that all client machines have access to the /var/mail directory
          4. 19.5.4. Configure clients to forward all mail to our mail server (hub)
          5. 19.5.5. Configure clients to mount the /var/mail directory from the mail server
          6. 19.5.6. Test sending an email to another user
          7. 19.5.7. Conclusions on a simple mail cluster configuration
        6. 19.6. Building Your Own sendmail.cf File
        7. 19.7. Monitoring the Mail Queue
          1. 19.7.1. Files in the mail queue
          2. 19.7.2. Monitor sendmail's logfile
          3. 19.7. 3 Mail statistics
        8. Chapter Review
        9. Test Your Knowledge
        10. Answers to Test Your Knowledge
        11. Chapter Review Questions
        12. Answers to Chapter Review Questions
        13. REFERENCES
      6. TWENTY. Common Internet Filesystem (CIFS/9000)
        1. 20.1. CIFS, SMB, and SAMBA
        2. 20.2. CIFS Client or Server: You Need the Software
        3. 20.3. CIFS Server Configuration
          1. 20.3.1. Windows NT LanManager authentication
            1. 20.3.1.1. USING A LOCAL SMB/CIFS PASSWORD FILE
              1. 20.3.1.1.1. Installing CIFS-server software
              2. 20.3.1.1.2. Enable CIFS server functionality in /etc/rc.config.d/samba
              3. 20.3.1.1.3. Configure /etc/opt/samba/smb.conf
              4. 20.3.1.1.4. Verify your smb.conf configuration with the testparm utility
              5. 20.3.1.1.5. Create an SMB password file
              6. 20.3.1.1.6. Start the CIFS daemon
              7. 20.3.1.1.7. Verify the configuration with the smbclient utility
        4. 20.4. CIFS Client Configuration
          1. 20.4.1. Install the CIFS/9000 Client product
          2. 20.4.2. Configure /etc/opt/cifsclient/cifsclient.cfg
          3. 20.4.3. Run the CIFS client start script
          4. 20.4.4. Create a mount point directory
          5. 20.4.5. Add the CIFS filesystems to the /etc/fstab file
          6. 20.4.6. Mount the CIFS filesystems
          7. 20.4.7. Execute the /opt/cifsclient/bin/cifslogin program
          8. 20.4.8. Verify that your cifslogin succeeded
            1. 20.4.8.1. AN ALTERNATIVE TO CIFSLOGIN
        5. 20.5. NTLM: Using a Windows Server to Perform Authentication and Pluggable Authentication Modules (PAM)
          1. 20.5.1. Configure /etc/pam.conf to utilize NTLM as an authentication protocol
          2. 20.5.2. Configure smb.conf to reference the NTLM server
          3. 20.5.3. Configure a user map to specifically reference individual UNIX users to be authenticated by the NTLM server
          4. 20.5.4. Restart CIFS client daemon to pick up changes in smb.conf
          5. 20.5.5. Test the functionality of NTLM authentication
        6. Chapter Review
        7. Test Your Knowledge
        8. Answers to Test Your Knowledge
        9. Chapter Review Questions
        10. Answers to Chapter Review Questions
      7. TWENTY ONE. An Introduction to LDAP
        1. 21.1. Introducing the Lightweight Directory Access Protocol (LDAP)
        2. 21.2. LDAP-UX Integration Products
          1. 21.2.1. The NIS/LDAP Gateway
          2. 21.2.2. LDAP-UX Client Services
        3. 21.3. Step-by-Step Guide to LDAP-UX Client Services
          1. 21.3.1. Install Netscape Directory Services and LDAP-UX Integrations products
          2. 21.3.2. Run Netscape setup program
          3. 21.3.3. Ensure that the SHLIB_PATH environment variable is set up
          4. 21.3.4. Decide where in our Directory we will store our name service data
          5. 21.3.5. Decide where you will store client profiles
          6. 21.3.6. Restrict write access to user attributes
          7. 21.3.7. Allow users to read all attributes of the POSIX schema
          8. 21.3.8. Configure a proxy user to read name service data (optional)
          9. 21.3.9. Allow read access for the proxy user to user attributes
          10. 21.3.10. Customize /etc/passwd, /etc/group, etc
          11. 21.3.11. Import name service data into the directory
          12. 21.3.12. Configure the LDAP-UX Client Services software to enable it to locate the Directory
          13. 21.3.13. Configure /etc/pam.conf to use LDAP
          14. 21.3.14. Configure/etc/nsswitch.conf
          15. 21.3.15. Test user functionality
          16. 21.3.16. Add another client
        4. 21.4. Next Steps
        5. Chapter Review
        6. Test Your Knowledge
        7. Answers to Test Your Knowledge
        8. Chapter Review Questions
        9. Answers to Chapter Review Questions
      8. TWENTY TWO. Web Servers to Manage HP-UX
        1. 22.1. HP ObAM-Apache Web Server
        2. 22.2. The Apache Web Server
        3. Chapter Review
        4. Test Your Knowledge
        5. Answers to Test Your Knowledge
        6. Chapter Review Questions
        7. Answers to Chapter Review Questions
      9. TWENTY THREE. Other Network Technologies
        1. 23.1. WAN Solutions: Frame Relay and ATM
          1. 23.1.1. Frame Relay
          2. 23.1.2. Asynchronous Transfer Mode (ATM)
            1. 23.1.2.1. SERIAL LINK SPEEDS
        2. 23.2. An Introduction to Fibre Channel, DWDM, and Extended Fabrics
          1. 23.2.1. Physical medium
          2. 23.2.2. HBA and WWNs
          3. 23.2.3. Topology
          4. 23.2.4. FC-AL expansion limitations
          5. 23.2.5. FC-AL distance limitations
          6. 23.2.6. FC-AL shared transport limitations
          7. 23.2.7. Loop Initialization Protocol (LIP)
          8. 23.2.8. Switched Fabric
            1. 23.2.8. SWITCH FABRIC: N_PORT ID
          9. 23.2.9. SANs and port types
          10. 23.2.10. Zoning and security
          11. 23.2.11. Extended Fabrics—more switches
          12. 23.2.12. Extended Fabrics – long distances
          13. 23.2.13. Installing your own fibre: dark fibre, DWDM, and others
          14. 23.2.14. Fibre Channel bridges
          15. 23.2.15. Data replication over long distances
          16. 23.2.16. Mutual recovery
        3. 23.3. Virtual LAN (VLAN)
        4. 23.4. Virtual Private Network (VPN)
        5. Chapter Review
        6. Test Your Knowledge
        7. Answers to Test Your Knowledge
        8. Chapter Review Questions
        9. Answers to Chapter Review Questions
        10. REFERENCES
    7. FOUR. High-Availability Clustering
      1. TWENTY FOUR. Understanding “High Availability”
        1. 24.1. Why We Are Interested in High Availability?
        2. 24.2. How Much Availability? The Elusive “Five 9s”
        3. 24.3. A High Availability Cluster
        4. 24.4. Serviceguard and High Availability Clusters
        5. Chapter Review
        6. Test Your Knowledge
        7. Answers to Test Your Knowledge
        8. Chapter Review Questions
        9. Answers to Chapter Review Questions
        10. REFERENCES
      2. TWENTY FIVE. Setting Up a Serviceguard Cluster
        1. 25.1. The Cookbook for Setting Up a Serviceguard Package-less Cluster
        2. 25.2. The Basics of a Failure
        3. 25.3. The Basics of a Cluster
        4. 25.4. The “Split-Brain” Syndrome
        5. 25.5. Hardware and Software Considerations for Setting Up a Cluster
        6. 25.6. Testing Critical Hardware before Setting Up a Cluster
        7. 25.7. Setting Up a Serviceguard Package-less Cluster
          1. 25.7.1. Understand the hardware and software implications of setting up a cluster
          2. 25.7.2. Set up NTP between all cluster members
          3. 25.7.3. Ensure that any shared volume groups are not activated at boot time
          4. 25.7.4. Install Serviceguard and any related Serviceguard patches
          5. 25.7.5. Installing a Quorum Server (optional in a basic cluster)
          6. 25.7.6. Enable remote access to all nodes in the cluster
          7. 25.7.7. Create a default ASCII cluster configuration file
          8. 25.7.8. Update the ASCII cluster configuration file
          9. 25.7.9. Check the updated ASCII cluster configuration file
          10. 25.7.10. Compile and distribute binary cluster configuration file
          11. 25.7.11. Back up LVM structures of any cluster lock volume groups
          12. 25.7.12. Start cluster services
          13. 25.7.13. Test cluster functionality
        8. 25.8. Constant Monitoring
        9. Chapter Review
        10. Test Your Knowledge
        11. Answers to Test Your Knowledge
        12. Chapter Review Questions
        13. Answers to Chapter Review Questions
      3. TWENTY SIX. Configuring Packages in a Serviceguard Cluster
        1. 26.1. The Cookbook for Setting Up Packages in a Serviceguard Cluster
        2. 26.2. Setting Up and Testing a Serviceguard Package-less Cluster
        3. 26.3. Understanding How a Serviceguard Package Works
        4. 26.4. Establishing Whether You Can Utilize a Serviceguard Toolkit
          1. 26.4.1. A “typical” application
        5. 26.5. Understanding the Workings of Any In-house Applications
        6. 26.6. Creating Package Monitoring Scripts, If Necessary
        7. 26.7. Distributing the Application Monitoring Scripts to All Relevant Nodes in the Cluster
        8. 26.8. Creating and Updating an ASCII Application Configuration File (cmmakepkg –p)
        9. 26.9. Creating and Updating an ASCII Package Control Script (cmmakepkg –s)
        10. 26.10. Manually Distributing to All Relevant Nodes the ASCII Package Control Script
        11. 26.11. Checking the ASCII Package Control File (cmcheckconf)
        12. 26.12. Distributing the Updated Binary Cluster Configuration File (cmapplyconf)
        13. 26.13. Ensuring That Any Data Files and Programs That Are to Be Shared Are Loaded onto Shared Disk Drives
        14. 26.14. Starting the Package
        15. 26.15. Ensuring That Package Switching Is Enabled
        16. 26.16. Testing Package Failover Functionality
        17. Chapter Review
        18. Test Your Knowledge
        19. Answers to Test Your Knowledge
        20. Chapter Review Questions
        21. Answers to Chapter Review Questions
      4. TWENTY SEVEN. Managing a Serviceguard Cluster
        1. 27.1. Typical Cluster Management Tasks
          1. Cluster Modifications
          2. Package Modifications
        2. 27.2. Adding a Node to the Cluster
        3. 27.3. Adding a Node to a Package
        4. 27.4. Adding a New Package to the Cluster Utilizing a Serviceguard Toolkit
          1. 27.4.1. A Serviceguard Toolkit
            1. 27.4.1.1. CREATE PACKAGE MONITORING SCRIPTS, IF NECESSARY
            2. 27.4.1.2. DISTRIBUTE THE APPLICATION MONITORING SCRIPT(S) TO ALL RELEVANT NODES IN THE CLUSTER
            3. 27.4.1.3. CREATE AND UPDATE AND ASCII PACKAGE CONFIGURATION FILE (cmmakepkg -p)
            4. 27.4.1.4. CREATE AND UPDATE AN ASCII PACKAGE CONTROL SCRIPT (cmmakepkg –s)
            5. 27.4.1.5. DISTRIBUTE MANUALLY TO ALL NODES THE ASCII PACKAGE CONTROL SCRIPT
            6. 27.4.1.6. CHECK THE ASCII PACKAGE CONTROL FILE (cmcheckconf)
            7. 27.4.1.7. DISTRIBUTE THE UPDATED BINARY CLUSTER CONFIGURATION FILE (cmapplyconf)
            8. 27.4.1.8. ENSURE THAT ANY DATA FILES AND PROGRAMS THAT ARE TO BE SHARED ARE LOADED ONTO SHARED DISK DRIVES
            9. 27.4.1.9. START THE PACKAGE (cmrunpkg OR cmmodpkg)
            10. 27.4.1.10. ENSURE THAT PACKAGE SWITCHING IS ENABLED
            11. 27.4.1.11. TEST PACKAGE FAILOVER FUNCTIONALITY
        5. 27.5. Modifying an Existing Package to Use EMS Resources
        6. 27.6. Deleting a Package from the Cluster
          1. 27.6.1. Halt the package (cmhaltpkg)
          2. 27.6.2. Remove the package definition from the binary cluster configuration file (cmdeleteconf)
          3. 27.6.3. Ensure that the package was removed successfully (syslog.log)
          4. 27.6.4. Review remaining cluster activity (cmviewcl)
        7. 27.7. Deleting a Node from the Cluster
          1. 27.7.1. Ensure that no packages are running on the node (cmviewcl)
          2. 27.7.2. Remove the node as an adoptive node from any configured packages
            1. 27.7.2.1. GET THE MOST UP-TO-DATE ASCII PACKAGE CONFIGURATION FILE (cmgetconf)
            2. 27.7.2.2. UPDATE THE ASCII PACKAGE CONFIGURATION FILE
            3. 27.7.2.3. CHECK THE UPDATED ASCII PACKAGE CONFIGURATION FILE
            4. 27.7.2.4. COMPILE AND DISTRIBUTE THE BINARY PACKAGE CONFIGURATION FILE (cmapplyconf)
            5. 27.7.2.5. CHECK THAT THE UPDATES HAVE BEEN APPLIED SUCCESSFULLY (cmviewcl)
            6. 27.7.2.6. STOP CLUSTER SERVICE ON THE NODE TO BE REMOVED (cmhaltnode)
          3. 27.7.3. Get the most up-to-date version of the ASCII cluster configuration file (cmgetconf)
          4. 27.7.4. Update the ASCII cluster configuration file to remove the entry for the node to be deleted
          5. 27.7.5. Check the updated ASCII cluster configuration file (cmcheckconf)
          6. 27.7.6. Compile and distribute the binary cluster configuration file (cmapplyconf)
          7. 27.7.7. Check that the updates were applied successfully (cmviewcl)
        8. 27.8. Discussing the Process of Rolling Upgrades within a Cluster
        9. 27.9. If It Breaks, Fix It!
        10. 27.10. Installing and Using the Serviceguard Manager GUI
        11. Chapter Review
        12. Test Your Knowledge
        13. Answers to Test Your Knowledge
        14. Chapter Review Questions
        15. Answers to Chapter Review Questions
      5. TWENTY EIGHT. Additional Cluster Solutions
        1. 28.1. Extended Serviceguard Cluster
          1. 28.1.1. At least two separate data centers
            1. 28.1.1.1. TWO DATA CENTERS DESIGN LIMITATIONS
            2. 28.1.1.2. THREE DATA CENTERS DESIGN LIMITATIONS
          2. 28.1.2. Data replication in an Extended Serviceguard cluster
          3. 28.1.3. Networking in an Extended Serviceguard cluster
        2. 28.2. Metrocluster
        3. 28.3. Continentalclusters
          1. 28.3.1. Setting up Continentalclusters
          2. 28.3.2. Install Serviceguard and Continentalclusters software
          3. 28.3.3. Configure data replication
          4. 28.3.4. Configure the primary cluster
          5. 28.3.5. Configure the recovery cluster
          6. 28.3.6. Prepare the Continentalclusters security files
          7. 28.3.7. Edit and apply the Continentalclusters monitor package
          8. 28.3.8. Edit and apply the Continentalclusters configuration file
          9. 28.3.9. Ensure all primary packages are operating as normal
          10. 28.3.10. Start the Continentalclusters monitor package
          11. 28.3.11. Validate and test the Continentalclusters configuration
          12. 28.3.12. Other Continentalclusters tasks
        4. 28.4. Additional Cluster Solutions
        5. 28.5. Other Cluster Considerations
        6. Chapter Review
        7. Test Your Knowledge
        8. Answers to Test Your Knowledge
        9. Chapter Review Questions
        10. Answers to Chapter Review Questions
    8. FIVE. HP-UX Security Administration
      1. TWENTY NINE. Dealing with Immediate Security Threats
        1. 29.1. A Review of User-Level Security Settings
          1. 29.1.1. File and directory permissions
            1. 29.1.1.1. VXFS ACCESS CONTROL LISTS
            2. 29.1.1.2. HFS ACCESS CONTROL LISTS
        2. 29.2. HP-UX Trusted Systems
          1. 29.2.1. Features of HP-UX Trusted Systems
          2. 29.2.2. Enabling and disabling HP-UX Trusted System functionality
          3. 29.2.3. The structure of the TCB
            1. 29.2.3.1. FORMAT OF A TCB FILE
            2. 29.2.3.2. THE TTYS, DEVASSIGN, AND OTHER TCB FILES
          4. 29.2.4. Password policies, aging and password history database
          5. 29.2.5. Time- and location-based access controls
          6. 29.2.6. Auditing users, events, and system calls
            1. 29.2.6.1. SETTING UP AUDIT LOG FILES
          7. 29.2.7. Boot authentication
        3. 29.3. The /etc/default/security Configuration File
          1. 29.3.1. Allows a user to log in when his home directory is missing
          2. 29.3.2. Provides minimum length of a user password in a Trusted and non-Trusted System
          3. 29.3.3. The ability to disable/enable all non-root logins
          4. 29.3.4. Sets the number of logins allowed per user ID
          5. 29.3.5. Determines the password history depth (need to configure Trusted Systems)
          6. 29.3.6. Controls which users are allowed to use the su command to change their effective UID to root based on their group membership
          7. 29.3.7. Defines default PATH environment variable when using the su command
          8. 29.3.8. Provides minimum requirements for password structure (needs patch PHCO_24839 or later)
        4. 29.4. Common Security Administration Tasks
          1. 29.4.1. Make sure that root has a secure home directory
          2. 29.4.2. Regularly check the content and structure of the /etc/passwd file
          3. 29.4.3. Ensure that login sessions have either an automatic lock or logout facility enabled
          4. 29.4.4. Disable the use of the write command
          5. 29.4.5. Use restricted shells for non-root users wherever possible
          6. 29.4.6. Enforce a policy whereby inactive accounts are disabled
          7. 29.4.7. Regularly monitor logfiles associated with login activities
          8. 29.4.8. Enforce password aging, even on non-Trusted Systems
          9. 29.4.9. Maintain a paper copy of critical system logfiles and configuration details
          10. 29.4.10. Periodically verify the integrity of all installed software components
          11. 29.4.11. Monitor the system for SUID/SGID programs
          12. 29.4.12. Disable/enable HP-UX privileges
          13. 29.4.13. Avoid “buffer overflow” problems
          14. 29.4.14. Keep up to date with security bulletins
          15. 29.4.15. Consider running your own penetration tests
          16. 29.4.16. Review /etc/inetd.conf regularly and use the /var/adm/inetd.sec file extensively
          17. 29.4.17. Consider populating your ARP cache with permanent entries
          18. 29.4.18. Review who is using user-level equivalence for common network services
          19. 29.4.19. Review whether you really need to support other network services
          20. 29.4.20. Scrub data disks and tapes when disposing of them
          21. 29.4.21. Review who has access to your computer rooms
        5. Test Your Knowledge
        6. Answers to Test Your Knowledge
        7. Chapter Review Questions
        8. Answers to Chapter Review Questions
        9. Answers to “File and Directory Permissions” Questions
        10. REFERENCES
      2. THIRTY. A New Breed of Security Tools
        1. 30.1. The Basics of Cryptography, Including Symmetric and Asymmetric Key Cryptography
        2. 30.2. Secure Shell (SSH)
        3. 30.3. Host Intrusion Detection System (HIDS)
          1. 30.3.1. Install HIDS on the HIDS Server and all HIDS Clients
          2. 30.3.2. Create the private/public keys on the HIDS Server
            1. 30.3.2.1. A MULTI-HOMED HIDS SERVER
            2. 30.3.2.2. A MULTI-HOMED HIDS CLIENT
          3. 30.3.3. Import the public keys on the HIDS Clients
          4. 30.3.4. Start the HIDS Agent software
          5. 30.3.5. Create a Surveillance Schedule that will reference at least one Surveillance Group
          6. 30.3.6. Create a Surveillance Group containing the relevant Detection Templates
          7. 30.3.7. Select the hosts (HIDS Client) to be monitored
          8. 30.3.8. Download and activate a Surveillance Schedule to the relevant HIDS Clients
          9. 30.3.9. Monitor alerts on the HIDS Server
          10. 30.3.10. Create Response Programs on the HIDS Clients to react to alerts locally (optional)
          11. 30.3.11. Conclusions on HIDS
        4. 30.4. IPSec, Diffie-Hellman, and Modular Arithmetic
          1. 30.4.1. The basics of Diffie-Hellman
          2. 30.4.2. The problem with Diffie-Helman
          3. 30.4.3. Setting up IPSec
            1. 30.4.3.1. INSTALL IPSEC
            2. 30.4.3.2. CONFIGURE THE IPSEC POLICIES INCLUDING THE ENCRYPTING AND AUTHENTICATION OF IP PACKETS
              1. 30.4.3.2.1. IPSec Authentication Headers
              2. 30.4.3.2.2. IPSec Encapsulated Security Payload Headers
              3. 30.4.3.2.3. Authenticated or Nested ESP
              4. 30.4.3.2.4. Nested ESP
              5. 30.4.3.2.5. Tunneling Mode for AH and ESP headers
              6. 30.4.3.2.6. Using the GUI to configure IPSec policies
            3. 30.4.3.3. CONFIGURE THE ISAKMP MAIN MODE POLICIES
          4. 30.4.4. Import/Request certificates or configure preshared keys
          5. 30.4.5. Set up boot-time configuration
          6. 30.4.6. Start the IPSec daemons
          7. 30.4.7. Test a connection to a remote machine to ensure that Main Mode and Quick Mode SAs are established
          8. 30.4.8. Warnings regarding ICMP packets
            1. 30.4.8.1. CONCLUSIONS ON IPSEC
        5. 30.5. IPFilter and Bastille
          1. 30.5.1. Installing IPFilter
          2. 30.5.2. Basic IPFilter rules
            1. 30.5.2.1. POINTS TO CONSIDER WHEN SETTING UP IPFILTER
          3. 30.5.3. Installing HP-UX Bastille
          4. 30.5.4. Conclusions on IPFilter and Bastille
        6. 30.6. Other Security-Related Terms
        7. Test Your Knowledge
        8. Answers to Test Your Knowledge
        9. Chapter Review Questions
        10. Answers to Chapter Review Questions
        11. REFERENCES
      3. A. Getting to Know Your Hardware: A Bit of Background
        1. A.1. Processor Architecture
          1. A.1.1. The basic processor
          2. A.1.2. More complex architectures
          3. A.1.3. A bag of tricks
            1. A.1.3.1. SUPERSCALAR PROCESSORS
            2. A.1.3.2. PIPELINED PROCESSORS
            3. A.1.3.3. Instruction size: “How big is yours?”
            4. A.1.3.4. ADDRESSING MODES
        2. A.2. Common processor families
          1. A.2.1. CISC: Complex Instruction Set Computing
          2. A.2.2. RISC: Reduced Instruction Set Computing
            1. A.2.2.1. HEWLETT-PACKARD'S PA-RISC 2.0
            2. A.2.2.2. 64-BIT EXTENSIONS
            3. A.2.2.3. SUPPORT FOR LARGE HIGH-END APPLICATIONS
            4. A.2.2.4. BINARY COMPATIBILITY
            5. A.2.2.5. MIXED-MODE EXECUTION
            6. A.2.2.6. PERFORMANCE ENHANCEMENTS
            7. A.2.2.7. CACHE PRE-FETCHING
            8. A.2.2.8. BRANCH PREDICTION
            9. A.2.2.9. MEMORY ORDERING
            10. A.2.2.10. COHERENT I/O
            11. A.2.2.11. MULTIMEDIA EXTENSIONS
          3. A.2.3. VLIW: Very Long Instruction Word
          4. A.2.4. Conclusions: Which architecture is best?
        3. A.3. Memory Hierarchy
          1. A.3.1. Cache memory mapping functions
            1. A.3.1.1. DIRECT MAPPING
            2. A.3.1.2. FULLY ASSOCIATIVE MAPPING
            3. A.3.1.3. SET ASSOCIATIVE MAPPING
            4. A.3.1.4. REPLACEMENT STRATEGIES
            5. A.3.1.5. MULTIPLE LEVELS OF CACHE
            6. A.3.1.6. WHEN WE WRITE FROM CACHE TO MEMORY
        4. A.4. Main Memory
        5. A.5. A Quick Word on Virtual Memory
        6. A.6. Concurrency: Getting Someone Else to Help You
          1. A.6.1. Flynn's Classification
            1. A.6.1.1. SISD: SINGLE INSTRUCTION SINGLE DATA
            2. A.6.1.2. SIMD: SINGLE INSTRUCTION MULTIPLE DATA
            3. A.6.1.3. MISD: MULTIPLE INSTRUCTION SINGLE DATA
            4. A.6.1.4. MIMD: MULTIPLE INSTRUCTIONS MULTIPLE DATA
              1. A.6.1.4.1. Symmetrical Multi-Processor (SMP)
              2. A.6.1.4.2. Cache coherency protocols
              3. A.6.1.4.3. Snoop bus
              4. A.6.1.4.4. Directory-based cache coherency
            5. A.6.1.5. NON-UNIFORM MEMORY ACCESS
            6. A.6.1.6. OTHER NUMA VARIANTS
            7. A.6.1.7. MASSIVELY PARALLEL PROCESSORS (MPP)
          2. A.6.2. SPMD: Single Program Multiple Data
        7. A.7. IO Bus Architecture and IO Devices
        8. A.8. Disk Drives: Storage or Speed
        9. A.9. Getting to Know Your Hardware
        10. A.10. Conclusions
        11. PROBLEMS
        12. ANSWERS
        13. REFERENCES
      4. B. Source Code
        1. B.1. infocache32
        2. B.2. infocache64.c
        3. B.3. dump_ioconfig.c
        4. B.4. numCPU.c
        5. B.5. setCPU.c
        6. B.6. clockwatch.c
      5. C. Patching Usage Models White Paper
      6. D. Auto-Negotiation White Paper
      7. E. Building a Bastion Host White Paper