Document revision date: 15 July 2002 | |
Previous | Contents | Index |
When you click Customize Windows NT... on the Customize menu of the Application window, the Availability Manager displays a Security page (Figure 7-14).
Figure 7-14 Windows Security Customization Page
To change the default password for the Data Analyzer to use to access Windows Data Collector nodes, enter a password of exactly 8 alphanumeric characters. Note that this password is case sensitive; any time you type it, you must use the original capitalization.
This password must also match the password for the Windows Data Collector node that you want to access. (See Section 7.6.3 for instructions for changing that password.)
When you are satisfied with your password, click OK.
Exit and restart the Availability Manager for the password to take effect.
7.6.2 Changing Security Triplets on OpenVMS Data Collector Nodes
To change security triplets on an OpenVMS Data Collector node, you must
edit the AMDS$DRIVER_ACCESS.DAT file, which is installed on all Data
Collector nodes. The following sections explain what a security triplet
is, how the Availability Manager uses it, and how to change it.
7.6.2.1 Understanding OpenVMS Security Triplets
A security triplet determines which nodes can access system data from an OpenVMS Data Collector node. The AMDS$DRIVER_ACCESS.DAT file on OpenVMS Data Collector nodes lists security triplets.
On OpenVMS Data Collector nodes, the AMDS$AM_CONFIG logical translates to the location of the default security file, AMDS$DRIVER_ACCESS.DAT. This file is installed on all OpenVMS Data Collector nodes.
A security triplet is a three-part record whose fields are separated by backslashes (\). A triplet consists of the following fields:
The exclamation point (!) is a comment delimiter; any characters to the right of the comment delimiter are ignored.
All Data Collector nodes in group FINANCE have the following AMDS$DRIVER_ACCESS.DAT file:
*\FINGROUP\R ! Let anyone with FINGROUP password read ! 2.1\DEVGROUP\W ! Let only DECnet node 2.1 with ! DEVGROUP password perform fixes (writes) |
The configuration files for DECamds and the Availability Manager are separate; only one set is used, depending on which startup command procedure you use to start the driver. See Installing the Availability Manager on OpenVMS Alpha Systems and Running DECamds and the Availability Manager Concurrently for a further explanation of the configuration file setup for both DECamds and the Availability Manager. |
On each Data Collector node on which you want to change security, you must edit the AMDS$DRIVER_ACCESS.DAT file. The data in the AMDS$DRIVER_ACCESS.DAT file is set up as follows:
Network address\password\access |
Use a backslash character (\) to separate the three fields.
To edit the AMDS$DRIVER_ACCESS.DAT file, follow these steps:
$ ANALYZE/SYSTEM SDA> SHOW LAN |
SDA> SHOW LAN/DEVICE=xxA0 |
The following security triplets are all valid; an explanation follows the exclamation point (!).
*\1decamds\r ! Anyone with password "1decamds" can monitor *\1decamds\w ! Anyone with password "1decamds" can monitor or write 2.1\1decamds\r ! Only node 2.1 with password "1decamds" can monitor 2.1\1decamds\w ! Only node 2.1 with password "1decamds" can monitor and write 08-00-2b-03-23-cd\1decamds\w ! Allows a particular hardware address to write 08-00-2b-03-23-cd\1decamds\r ! Allows a particular hardware address to read node |
OpenVMS Data Collector nodes accept more than one password. Therefore, you might have several security triplets in an AMDS$DRIVER_ACCESS.DAT file for one Data Collector node. For example:
*\1DECAMDS\R *\KOINECLS\R *\KOINEFIX\W *\AVAILMAN\C |
In this example, Data Analyzer nodes with the passwords 1DECAMDS and KOINECLS would be able to see the Data Collector data, but only the Data Analyzer node with the KOINEFIX password would be able to write or change information, including performing fixes, on the Data Collector node. The Data Analyzer node with the AVAILMAN password would be able to perform switched LAN fixes.
If you want, you can set up your AMDS$DRIVER_ACCESS.DAT file to allow anyone in the world to read from your system but allow only certain nodes to write or change process or device characteristics on your system.
After editing the AMDS$DRIVER_ACCESS.DAT file, you must stop and then restart the Data Collector. This action loads the new data into the driver. |
The Availability Manager performs these steps when using security triplets to ensure security among Data Analyzer and Data Collector nodes:
Table 7-3 describes how the Data Collector node interprets a security triplet match.
Security Triplet | Interpretation |
---|---|
08-00-2B-12-34-56\HOMETOWN\W | The Data Analyzer has write access to the node only when the Data Analyzer is run from a node with this hardware address (multiadapter or DECnet-Plus system) and with the password HOMETOWN. |
2.1\HOMETOWN\R | The Data Analyzer has read access to the node when run from a node with DECnet for OpenVMS Phase IV address 2.1 and the password HOMETOWN. |
*\HOMETOWN\R | Any Data Analyzer with the password HOMETOWN has read access to the node. |
To change the Data Collector password in the Registry, follow these steps:
The CPU process states shown in the following table are displayed in the OpenVMS CPU Process States page (see Figure 3-7) and in the OpenVMS Process Information page (see Figure 3-19).
Process State | Description | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CEF | Common Event Flag, waiting for a common event flag | ||||||||||||||||||||||||||||||||||||
COLPG | Collided Page Wait, involuntary wait state; likely to indicate a memory shortage, waiting for hard page faults | ||||||||||||||||||||||||||||||||||||
COM | Computable; ready to execute | ||||||||||||||||||||||||||||||||||||
COMO | Computable Outswapped, COM, but swapped out | ||||||||||||||||||||||||||||||||||||
CUR | Current, currently executing in a CPU | ||||||||||||||||||||||||||||||||||||
FPW | Free Page Wait, involuntary wait state; most likely indicates a memory shortage | ||||||||||||||||||||||||||||||||||||
LEF | Local Event Flag, waiting for a Local Event Flag | ||||||||||||||||||||||||||||||||||||
LEFO | Local Event Flag Outswapped; LEF, but outswapped | ||||||||||||||||||||||||||||||||||||
HIB | Hibernate, voluntary wait state requested by the process; it is inactive | ||||||||||||||||||||||||||||||||||||
HIBO | Hibernate Outswapped, hibernating but swapped out | ||||||||||||||||||||||||||||||||||||
MWAIT |
Miscellaneous Resource Wait, involuntary wait state, possibly caused by
a shortage of a systemwide resource, such as no page or swap file
capacity or no synchronizations for single-threaded code.
Types of MWAIT states are shown in the following table:
|
||||||||||||||||||||||||||||||||||||
PFW | Page Fault Wait, involuntary wait state; possibly indicates a memory shortage, waiting for hard page faults. | ||||||||||||||||||||||||||||||||||||
RWAST | Resource Wait State, waiting for delivery of an asynchronous system trap (AST) that signals a resource availability; usually an I/O is outstanding or a process quota is exhausted. | ||||||||||||||||||||||||||||||||||||
RWBRK | Resource Wait for BROADCAST to finish | ||||||||||||||||||||||||||||||||||||
RWCAP | Resource Wait for CPU Capability | ||||||||||||||||||||||||||||||||||||
RWCLU | Resource Wait for Cluster Transition | ||||||||||||||||||||||||||||||||||||
RWCSV | Resource Wait for Cluster Server Process | ||||||||||||||||||||||||||||||||||||
RWIMG | Resource Wait for Image Activation Lock | ||||||||||||||||||||||||||||||||||||
RWLCK | Resource Wait for Lock ID data base | ||||||||||||||||||||||||||||||||||||
RWMBX | Resource Wait on MailBox, either waiting for data in mailbox (to read) or waiting to place data (write) into a full mailbox (some other process has not read from it; mailbox is full so this process cannot write). | ||||||||||||||||||||||||||||||||||||
RWMPB | Resource Wait for Modified Page writer Busy | ||||||||||||||||||||||||||||||||||||
RWMPE | Resource Wait for Modified Page list Empty | ||||||||||||||||||||||||||||||||||||
RWNPG | Resource Wait for Non Paged Pool | ||||||||||||||||||||||||||||||||||||
RWPAG | Resource Wait for Paged Pool | ||||||||||||||||||||||||||||||||||||
RWPFF | Resource Wait for Page File Full | ||||||||||||||||||||||||||||||||||||
RWQUO | Resource Wait for Pooled Quota | ||||||||||||||||||||||||||||||||||||
RWSCS | Resource Wait for System Communications Services | ||||||||||||||||||||||||||||||||||||
RWSWP | Resource Wait for Swap File space | ||||||||||||||||||||||||||||||||||||
SUSP | Suspended, wait state process placed into suspension; it can be resumed at the request of an external process | ||||||||||||||||||||||||||||||||||||
SUSPO | Suspended Outswapped, suspended but swapped out |
Previous | Next | Contents | Index |
privacy and legal statement | ||
6552PRO_012.HTML |