Liberty collective controllers can use the Tivoli Remote
Execution and Access (RXA) toolkit to perform selected operations
on collective members.
Procedure
Setting up Windows machines - Account privileges
Many RXA operations require access to resources that are not
generally accessible by standard user accounts; as a result, the configuration
of a collective member must include the name and password of a Windows
user who belongs to the Administrators group.
Additionally,
you must ensure that the password for the user account is not expired
or about to expire.
- User Account Control
The User Account Control (UAC) feature is included in Microsoft
Windows Vista, Windows 7, Windows 8, Windows Server 2008, and Windows
Server 2012. It blocks or requires a user to manually confirm significant
changes to a Windows system. You must do one of the following on machines
that include collective members:
- Enable and use the built-in Administrator account, which is not
protected by UAC.
- Open Control Panel > Administrative Tools > Local Security
Policy > Security Settings > Local Policies > Security Options.
- Click Accounts: Administrator account status.
- Select Enable.
- Click OK.
- If necessary, define an appropriate password for the Administrator
account.
- Disable UAC.
- Microsoft Windows Vista
- Open Control Panel > User Accounts and Family Safety
> User Accounts.
If you are connected to a network domain,
open Control Panel > User Accounts.
- Click Turn User Account Control on or off.
- Clear the Use User Account Control (UAC) to help protect
your computer check box.
- Click OK.
- Reboot the machine for the changes to take effect.
- Microsoft Windows Server 2008
- Open Control Panel > User Accounts.
- Click Turn User Account Control on or off.
- Clear the Use User Account Control (UAC) to help protect
your computer check box.
- Click OK.
- Reboot the machine for the changes to take effect.
- Microsoft Windows 7/8/2008 Server R2
- Open Control Panel > User Accounts.
- Click Change User Account Settings.
- Set the User Account Control level to Never Notify.
- Click OK.
- Reboot the machine for the changes to take effect.
- Microsoft Windows Server 2012
- Open Control Panel > System Security.
- Under Action Center, click Change
User Account Control Settings.
- Set the User Account Control level to Never Notify.
- Click OK.
- Reboot the machine for the changes to take effect.
- File sharing (Microsoft Windows XP)
Disable simple file sharing on all Windows XP machines that
include collective members.
Simple file sharing requires that
you log in as guest. A guest login does not have the authorization
necessary for RXA to function correctly. To disable simple file sharing,
do the following:
- Open Windows Explorer and select Tools > Folder Options.
- In the Folder Options window, click the View tab.
- Clear the Use Simple File Sharing check
box.
- Click OK.
- Administrative sharing
You must enable administrative sharing on Windows machines
that include collective members. Examples of default administrative
disk shares are C$ and D$. If you
disable administrative sharing, collective controllers will not be
able to access directories within the drive(s) of the machines.
To
enable administrative sharing, do the following:
- Open My Computer.
- Using your secondary mouse button, click the disk drive that you
are enabling for administrative sharing.
- Click Sharing and Security.
- Select Share this folder.
- Specify the share name, such as C$ or D$.
- Click OK.
- Firewalls
Ensure that file sharing operations (on port 445) are not blocked
on machines that include collective controllers or collective members.
For more information, see the documentation for your operating system
or your firewall software.
- Remote Registry service
The Remote Registry service must be running on machines that
include collective members; otherwise, collective controllers will
not be able to remotely run required commands and scripts. To verify
that the Remote Registry service is enabled and started, do the following:
- Click Start > Programs > Administrative Tools > Services.
- Within the list of services, locate the Remote Registry entry
and verify that the status is Started.
Setting up Linux
and UNIX machines Collective controllers, through
RXA, use SSH Version 2 to manage collective members running on Linux
and UNIX machines. This usage requires either OpenSSH 3.6.1, OpenSSH
4.7 (on AIX), or Sun SSH 1.1.
Note that OpenSSH 3.7.1, or
higher, contains security enhancements not available in earlier releases,
and is recommended.
Avoid trouble: OpenSSH
Version 4.7.0.5302 for IBM AIX Version 5.3 is not compatible with
RXA Version 2.3. If machines are running AIX Version 5.3 with OpenSSH
Version 4.7.0.5302 installed, file transfers might not complete. To
avoid this problem, revert from OpenSSH Version 4.7.0.5302 to Version
4.7.0.5301.
- Using Secure Shell (SSH) protocol
RXA does not supply SSH code for UNIX operating systems. You
must ensure that SSH is installed and enabled on all machines that
include collective members.
In all UNIX environments except
Solaris, the Bourne shell (sh) is used. On Solaris machines, the Korn
shell (ksh) is used instead due to problems encountered with the Bourne
shell (sh).
To use password-based authentication for SSH communications,
edit the
/etc/ssh/sshd_config file on each machine
that includes one or more collective members. Set the
PasswordAuthentication property
to
yes. For example:
PasswordAuthentication yes
The default value for the
PasswordAuthentication property
is
no.
After changing this setting, stop
and restart the SSH daemon using the following commands:
/etc/init.d/sshd stop
/etc/init.d/sshd start
Setting up IBM i machines Using SSH public/private key authentication to IBM i machines
is not supported.