1.  Home
  2. MIDRANGE-L
  3. January 2020

Re: Maximum number of HMC???

I understand that, but having VLANs and being able to dictate to the
customer how it should be implemented we almost always go the fully
redundant way. When the only traffic on that VLAN belongs to the HMCs and
those HMCs manage the IP addressing, there are less opportunities for a
misconfigured DHCP server, a rogue user setting their own IP or a multitude
of problems that don't even have to be related to security. Of course, some
customers don't have the networking expertise to handle such traffic but in
those cases they don't usually have redundant HMCs.
Also, less audit problems, since the audit tools can't actually reach those
IP to try to tell you that it's vulnerable to this or that...

I've no problem with having the ASMI interface on a general subnet, but I
really like getting everything into their own subnet. Heck, I've separated
my own company's network into too many chunks, but other than the sales
guys crying "my phone app can't reach my notebook" (an app that they aren't
even supposed to use) I haven't had any problems.
Besides, If you really go for hardening and you have a modernized
architecture, nothing stops you from not letting anybody see the i and only
interact with the systems that interact with the i (unless, of course,
those live in the i as well, I'm not versed on the i's equivalent to
iptables, how to restrict open ports on each IP address...)

Roberto


On Sun, Jan 26, 2020 at 2:51 PM Rob Berendt <rob@xxxxxxxxx> wrote:

Roberto,
I've never used the second port for an HMC. I've always put all HMCs on
the first port as "open network". To me it makes no sense to be more
concerned who can connect to your service port on your power system than
who can connect to the port where your payroll, customer, engineering, etc
data are accessed.
There have been multiple times I've needed to attach to that directly from
a remote location, and not through an HMC.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Roberto José Etcheverry Romero
Sent: Saturday, January 25, 2020 11:59 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Maximum number of HMC???

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.


AFAIK, it's actually 1 per port, so you get 2 HMCs but on different
networks...

Roberto

On Wed, 22 Jan 2020, 10:34 Rob Berendt, <rob@xxxxxxxxx> wrote:

Tried to attach a third HMC in an effort to migrate from 7042's to vHMC.
Apparently two is the limit, right?
https://www.ibm.com/support/knowledgecenter/en/POWER9/p9eai/B1A3849E.htm

Service Action Log Report

From . . : 01/21/20 08:27:13 To . . : 01/22/20 08:27:13

Select valid options, Press Enter

2=Display failing item information 7=Close and delete an entry
8=Close a NEW entry 9=Delete a CLOSED entry

Opt Status Date Time SRC Resource Count PLID
NEW 01/22/20 08:22:40 B1A3849E *PLATFORM 1
500AD542


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.