IBM TotalStorage DR550 SMB Version 1.0 ------ 27 May 2005 Page 23
IBM Storage Systems Copyright © 2005 by International Business Machines Corporation
Configuring the P5 520 Server
The P5 520 server within the IBM TotalStorage DR550 SMB is shipped with particular AIX security
settings. These settings will not allow remote administration tasks initiated via commands like telnet,
remote shell (rsh), file transfer protocol (ftp) or similar. Therefore, you should use the integrated
console for management activities. (You can use an ASCII (tty) terminal if needed – a connection
must be established using the Serial Port 1 of each P5 520 server to administer (configure) the P5
520 server. Note that one ASCII terminal may be used by connecting to one server at a time. The
procedure for physically attaching the ASCII (tty) terminal was addressed in the Installation and
Activation section. The ASCII terminal, when attached to Serial Port 1, will be known in AIX as tty0.)
User Accounts
To provide a greater level of security, DR550 SMB is setup with limited access. These restrictions
are built into the DR550 SMB as follows:
• Limited user definitions
• Limited access to commands from certain accounts
• No remote access with authority to make changes
Login
Login with secure shell (ssh) is required for the AIX accounts (dr550, dr550adm, ibmce and root).
User Accounts
The following user accounts have been created. Each has a specific role when using the DR550
SMB. Passwords should be changed in accordance with company policy and guidelines. To
enhance security, certain user accounts do not have any change authority and other accounts can
only be accessed from the integrated console. The following user accounts have been created, with
the following roles and restrictions specified:
AIX
Account Roles Password set at Factory
dr550 Access via integrated console to P5 520 servers
(LFT 0) or via the serial port on the front of the P5
520 server (tty 0) – It is recommended that you use
the integrated console
no remote access
Only user who can ‘su’ to root
Home directory /home/dr550
Shell /bin/ksh
dr550
dr550adm Access via integrated console or from remote ASCII
terminal
Home directory /home/dr550adm
Shell - /bin/ksh
Ability to view log files and perform SM Client tasks
dr550adm
ibmce console access and remote access
home directory /home/ibmce
shell - /bin/ksh
ability to view log files and perform SM Client tasks
ibmce
root no direct login
su allowed only from dr550 account
d3rv1sh – this password
will need to be changed
during the initial installation.
It is initially setup to require
a change at the initial login.
Tivoli Storage Manager
