06-19-2015
Quote:
Originally Posted by
pawpaw
For this case can I assume the NIM+Endpoint acts like a satellite server?
If you define "acts like" losely enough: yes.
Quote:
Originally Posted by
pawpaw
Seems like product from lumension (Patch and Remediation) can do similar stuff.
Are there any other products out there? I am tasked to do an evaluation on the various products.
With 30-50 LPARs, like you said above, you should definitely have a NIM-Server anyways. NIM-Servers are not only helpful in software deployment but also for configuration management, installation of new systems, systems backup, system recovery and the like.
The big exception being a heavily firewalled environment: this is where NIM servers really suck, because they need an awful lot of ports and most firewall people are reluctant to tear so many big holes into their firewall. I remember working once in a shop where you couldn't even "ping" the default gateway. One needed to get special permission to even use ping to test the failover node on a cluster. NIM was not used there.
If you do not have such a paranoid environment (and, frankly, i do not wish anybody to undergo such a torture) i strongly suggest to set up a NIM server and make all your LPARs NIM clients. It is quite easy to do, a matter of maybe 3-4 hours, all in all, to set up the basic structures and the resources needed most.
I hope this helps.
bakunin
Last edited by bakunin; 06-19-2015 at 08:20 AM..
8 More Discussions You Might Find Interesting
1. IP Networking
Hello friends I'm running Redhat 9.0 with linux kernel 2.4.20-8 & have iptables version 1.2.7a & encountering a problem that I narrate down.
I need to apply patch to my iptable and netfilter for connection tracking and load balancing that are available in patch-o-matic distribution by netfilter.... (0 Replies)
Discussion started by: Rakesh Ranjan
0 Replies
2. Solaris
Does anyone have an alternate site to download J2SE Solaris Recommended Patch Cluster for Solaris 8. Sun does not let me download the patches unless I have a support contract. I do not. Our software is legal, but our support contract wore out. I need this patchset to avoid downloading 30... (6 Replies)
Discussion started by: hshapiro
6 Replies
3. UNIX for Dummies Questions & Answers
Heya,
my university department wants to deploy a UNIX based system instead of various unnetokred windows PCs. We are trying to build a terminal server solution on either FreeBSD,Solaris or Debian Linux. The system would mostly run office applications on X11 and file sharing (with Samba). In... (4 Replies)
Discussion started by: masterfreek64
4 Replies
4. Solaris
Hi guys, can you help me solve this trouble?
TNX!
root@TRaNCe(/var/sadm/spool)
# patchadd /var/sadm/spool/121431-36.jar
Validating patches...
Loading patches installed on the system...
Done!
Loading patches requested to install.
Done!
Checking patches that you specified for... (2 Replies)
Discussion started by: static
2 Replies
5. UNIX for Dummies Questions & Answers
Hi..
I want to download & install JDK 1.6 for linux so please help me where i can downlod it free
Regards
Rinku Garg (1 Reply)
Discussion started by: rinkugarg
1 Replies
6. Shell Programming and Scripting
Hello,
I need ksh88 for my linux system - and I don't want pdksh.
Possible to get original ksh 88 binaries or source ?
(I don't need ksh93 which is available)
thanks
Vilius (1 Reply)
Discussion started by: vilius
1 Replies
7. Shell Programming and Scripting
Hi,
I need to develop a script which will deploy my web application binary(.war) file in the jboss application server.
I also need to take the back up of the existing binary file and rename the same with current date and then deploy the new binary from my specified location.
The same... (1 Reply)
Discussion started by: Siddheshk
1 Replies
8. Solaris
Hi,
I download Full DVD Image (zip):
Oracle Solaris 10 (SPARC) (2,079,737,380 bytes) (md5sum: 3a24f5746ebab5f254c359f979e644f7)
I have also downloaded md5sum.exe from the following site bt.etree.org | Community Tracker
when i run the md5sum it show,
D:\Solaris... (6 Replies)
Discussion started by: beginningDBA
6 Replies
LEARN ABOUT DEBIAN
shorewall-init
SHOREWALL-INIT(8) [FIXME: manual] SHOREWALL-INIT(8)
NAME
shorewall-init - Companion package
SYNOPSIS
/etc/init.d/shorewall-init [start|stop]
DESCRIPTION
Shorewall-init is an optional package (added in Shorewall 4.4.10) that can be installed along with Shorewall, Shorewall6, Shorewall-lite
and/or Shorewall6-lite. It provides two key features:
1. It can close (stop) the firewall during boot prior to starting the network. This can prevent unwanted connections from being accepted
after the network comes up but before the firewall is started.
2. It can interface with your distribution's ifup/ifdown scripts and/or NetworkManager to allow firewall actions when an interface starts
or stops.
These two capabilities can be enabled separately.
After you install the shorewall-init package, you can activate it by modifying the Shorewall-init configuration file:
o On Debian-based system, the file is /etc/default/shorewall-init.
o On other systems, the file is /etc/sysconfig/shorewall-init.
To activate the safe boot feature, edit the configuration file and set PRODUCTS to a space-separated list of Shorewall products that you
want to be closed before networking starts.
Example:
PRODUCTS="shorewall shorewall6"
You also must insure that the compiled scripts for the listed products are compiled using Shorewall 4.4.10 or later.
Shorewall
shorewall compile
Shorewall6
shorewall6 compile
Shorewall-lite
On the administrative system, enter the command shorewall export firewall from the firewall's configuration directory.
Shorewall6-lite
On the administrative system, enter the command shorewall6 export firewall from the firewall's configuration directory.
The second feature (ifup/ifdown and NetworkManager integration) should only be activated on systems that do not use a link status monitor
line swping or LSM.
o Edit the configuration file and set IFUPDOWN=1
For NetworkManager integration, you will want to disable firewall startup at boot and delay it to when your interface comes up. For this to
work correctly, you must set the required or the optional option on at least one interface then:
o On Debian-based systems, edit /etc/default/product for each product listed in the PRODUCTS setting and set startup=0.
o On other systems, use the distribution's service control tool (insserv, chkconfig, etc.) to disable startup of the products listed in
the PRODUCTS setting.
On a laptop with both ethernet and wireless interfaces, you will want to make both interfaces optional and set the REQUIRE_INTERFACE option
to Yes in shorewall.conf[1](5) or shorewall6.conf[2] (5). This causes the firewall to remain stopped until at least one of the interfaces
comes up.
FILES
/etc/default/shorewall-init (Debian-based systems) or /etc/sysconfig/shorewall-init (other distributions)
SEE ALSO
shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5),
shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
shorewall-tunnels(5), shorewall-zones(5)
NOTES
1. shorewall.conf
http://www.shorewall.net/manpages/shorewall.conf.html
2. shorewall6.conf
http://www.shorewall.net/manpages/../Manpages6/shorewall6.conf.html
[FIXME: source] 06/28/2012 SHOREWALL-INIT(8)