This action might not be possible to undo. Are you sure you want to continue?
Minh Nguyen Ron Barker
Page 1 of 20
The pSeries® Hardware Management Console (HMC) was introduced in 2001 at the same time as the POWER4™ family of AIX 5L™ servers. It consists of a 32-bit Intel® processor-based computer running a modified Linux operating system. The primary function of the HMC is to run a graphical user interface based on Java™ that provides management tools for controlling one or more POWER4 servers and associated logical partitions (LPARs). This white paper describes what IBM has done to protect the HMC from unauthorized access or exploitation in a networked environment. As shipped by IBM, the HMC is a special-purpose system to be used for server and partition management only. It does not run other Linux applications. Most of the native Linux interfaces are hidden from users, so no Linux skills are required to operate or manage the HMC. To prevent interference with system function, only IBM approved software may be installed on the HMC. For the remainder of this white paper, we will reference HMC Recovery Software for pSeries Release 3 Version 2.6 and describe its security features.
Page 2 of 20
) Remote user and program access to these management applications Common Information Model (CIM) repository and data base The applications used to manage the HMC are depicted by icons seen in the navigation area on the left side of the screen in the illustration below.doc Page 3 of 20 . the Web-based System Manager Remote Client. code updates. security.The Role of the HMC The HMC provides tools for managing complex system topologies. psshHMCsecuritywp040804. The tree structure allows the user to select the specific task that needs to be accomplished. The HMC management functions include: • • • • • • • • • • • • • Base platform management (power controls. Although the menus differ from those found in AIX 5L. etc. license entry and notifications Platform hardware/firmware service event consolidation Platform hardware/firmware inventory consolidation Platform firmware installation/upgrade Platform data capture for engineering/manufacturing/field problem determination Tools to perform or coordinate platform hardware service activities Support functions for the console itself (problem determination. configuration tools. modes of operation) LPAR management Virtual Terminal for AIX 5L Base High Performance Switch Network Management Capacity Upgrade on Demand (CUoD) information display. Its main application is the graphical user interface. clusters of virtual servers and the pSeries High Performance Switch. including static and dynamic logical partitions. In this illustration. the common interface makes it easier for a System Administrator to manage both AIX 5L and HMC environments. backup/restore. the icon labeled DYN352030BLD is a POWER4 server controlled by this HMC.
doc Page 4 of 20 . psshHMCsecuritywp040804.The pSeries Hardware Management Console graphical user interface main menu.Figure 1 .
File permission settings of 640 on the HMC. The Apache server can be turned off by using the following command: chhmc –c http –s disable X11: This server is required to allow the Web-based System Manager Remote Client to run at the local console.conf /etc/hosts. which prevents X window sessions from being opened on the HMC by a malicious user in a denial of service attack. Access to the directories known to the server is password protected.conf . No . etc/gshadow psshHMCsecuritywp040804. with root ownership: All files under /etc/xinetd.deny /etc/login.Configuration Settings and HMC Customization Many applications and services that typically would be found on a standard Linux installation have been removed from the HMC. It is protected by xhost -.doc Page 5 of 20 .d and /etc/xinetd. /etc/shadow. with root ownership: /etc/lilo.defs /etc/aliases File permission settings of 600 on the HMC.rhosts files exist on the HMC.allow and /etc/hosts. The following services are disabled on the HMC: telnet wu-ftp rexec chargen chargen-udp daytime daytime-udp echo echo-udp rlogin time time-udp NFS NIS identd routed snmpd portmap ntpd sendmail OpenSSH (optionally this can be enabled to allow remote command execution) The following services are enabled on the HMC: Apache: This server is required to allow distribution of the Web-based System Manager Remote Client.
In its place. Although Linux on the HMC has the traditional root userid. movement of resources between partitions and other administrative actions. a command line login can be obtained at the console by entering the key sequence <CTRL><ALT>F1. This lets Systems Administrators perform any task that hscroot can perform. HSC_Adv_Operator: Advanced Operator HSC_Operator: Operator HSC_Viewer: The Viewer user has the lowest privileges in the HMC System. but allows the system to keep track of which user performed the action. it is advisable to assign individual userids with the role of System Administrator. Users with other roles cannot su to become root. Another instance would be when an IBM Service Support Representative needs to perform problem determination on the HMC. it brings up a login menu from which a user may sign on to the Web-based System Manager Remote Client. One is file system recovery following power failure or an ungraceful shutdown.HMC User Management and Access Control Users on the HMC may have one of six different roles that allow them to perform certain functions. the normal interface on the console. HSC_Admin: The User Administrator users have authority to create users on the HMC System. The console events log tracks changes in logical partitions and profiles. The root userid is only used in a few instances. psshHMCsecuritywp040804. It is used for nearly all systems administration functions. hscroot is the default userid with System Administrator authority. A root user may not login directly to the HMC. New accounts can be created on the HMC by users with System Administrator or User Administrator roles. These roles inherently limit what users can do. Furthermore. When the HMC boots. For audit control. SA380590. A Pluggable Authentication Module (PAM) has been configured to block root login both at the console and from a remote client (assuming remote SSH access has been enabled). for a detailed description of the tasks that each role may perform. even if they know root’s password. thus allowing only a single command line login prompt at the HMC console. To return to the graphical interface. including System Administrator users. All but one of the mingetty virtual consoles normally found in Linux have been removed from /etc/inittab. The six pre-defined roles on the HMC correlate to pre-defined user groups: HSC_Sys_Prog: The System Administrator users have un-restricted authority to access and modify most of the HMC System. enter the key sequence <CTRL><ALT>F2. including both successful and failed login attempts. The six roles are: System Administrator Advanced Operator Service Representative Operator User Administrator Viewer Refer to the IBM Hardware Management Console for pSeries Installation and Operations Guide. it is almost never used. For problem determination reasons. HSC_Serv_Rep: The Service Representative users have access to most of the Service applications on the HMC System.doc Page 6 of 20 . access to root via the su command is restricted to users with the System Administrator and Service Support Representative role.
Removing this user will render the HMC unusable. which is controlled by the client. This user has the System Administrator role. IBM support may use SSH to remotely login to an HMC and get to an un-restricted shell. Root access still requires the root password. psshHMCsecuritywp040804. This is done using the User Management application from the HMC console. or by using the chhmcusr command. It is created on the HMC with a default password. With this userid. abc123.There are two user names that are reserved by the system: HSCROOT: This is the logical root user on the HMC. HSCPE: This is a special userid created at the client’s discretion for IBM Service Support Representative.doc Page 7 of 20 . Clients need to change it immediately when they install the HMC.
Password Length and Expiration Policies The HMC was originally released with no password length or expiration policy settings. It was left to the clients to implement and enforce their own password policies. the following are the default password policies.Setting password expiration in R3V2. the passwords on the HMC are shadowed. Default minimum acceptable password length is set to 7 All users on the HMC. As of HMC Recovery Software for pSeries Release 3 Version 2.doc Page 8 of 20 . The User Management application can also be used to set the password expiration value. psshHMCsecuritywp040804. with /etc/shadow and /etc/gshadow files’ permissions set to 600. The commands chhmcusr and mkhmcusr have arguments to allow setting the maximum number of days a password may be used. are subject to password aging. specify the pwage attribute as follows: chhmcusr –t pwage –v 90 –u john From the first release of the HMC.6 To use chhmcusr to change the number of days until a user’s password expires. and owned by root.6. Default maximum number of days a password can be used is set to 180. as shown below: Figure 2 . They are contained in the /etc/login. except root and hscroot.defs file.
company.com is setup to receive message from the network.debug /tmp/syslog. this can be done by adding the –r option to the SYSLOGD_OPTIONS in file /etc/sysconfig/syslog. For clients who wish to route syslogd entries to another remote system. A valid user can simply use the cat or more command to view the file. For example.99.crit /dev/console Then the System Administrator would enter: # touch /tmp/syslog.conf file on the HMC to specify a system to remotely log to. For remote login.com with IP address 9. In AIX 5L.log. On most Linux systems. the following command line will cause syslog entries to be sent to the hostname myremotesys. under the HMC Management—System Configuration application or by using the command lssvcevents command.xyz. and is under logrotate control. such as: *.Auditing Capabilities on the HMC A secure system also requires strong auditing capabilities. the client hostname or IP address is also logged.com The System Administrator needs to make sure that the syslogd daemon running on myremotesys. psshHMCsecuritywp040804. For example: lssvcevents -t console Earliest Timestamp Description 10/16/03 07:27:51 PM HSCE2175 User hscroot login failed from remote host abcd.com: chhmc –c syslog –s add –h myremotesys.doc Page 9 of 20 .9999 Standard log entries that come from syslogd can be also be viewed on the HMC by viewing the file /var/hsc/log/secure.conf file would be edited by uncommenting the appropriate lines at the bottom of the file. These entries can be viewed by using the View Console Events task. This file can be read by users with System Administrator role. Most tasks performed on the HMC (either locally or remotely) are logged in a file iqyylog. the /etc/syslog.company.out rotate size 100k files 4 *.999. When a user logs in to the HMC locally or from a remote client.out # refresh –s syslogd. A log entry contains the timestamp. the user name and the task being performed.company. A user with the System Administrator role could also use the scp command to securely copy the file to another system. entries are also logged in this file. the chhmc command can be used to change /etc/syslog. This section describes some of the logging/auditing functions on the HMC.
However. RMHMCUSR: This command removes a user on the HMC. If this command is not used. HMCSHUTDOWN: This command can be used from a remote client to shut down or reboot the HMC. because hscroot’s password is encrypted and safely saved away for communicating with various subsystems running on the HMC. such as SSH. we are enforcing a restricted shell when remotely connecting to the HMC via SSH. the service processor will attempt to generate an error to indicate unexpected loss of communication with the HMC. along with all the HMC commands. With the setup of the key in this file. a user can run HMC commands from a script without having to enter a password or passphrase. In the restricted shell environment. psshHMCsecuritywp040804. LSHMC: This command displays various HMC’s configuration settings. the key can be generated using the ssh-keygen command. We choose to use SSH as a means to run these commands because it provides a secure way to perform remote command execution. we will only reference a few commands in this paper that are security related. nor can they use re-direction. WebSM. This command must be used to change the hscroot’s password. UPDHMC: This command performs software updates on the HMC. Users will not be able to use the cd command. users will only have access to a small subset of Linux commands. MKAUTHKEYS: This command updates the caller’s authorized_keys2 file under the $HOME/. by itself.Restricted Shell on the HMC The HMC provides a rich set of commands that encompass most of the tasks found in the graphical user interface. CHHMCUSR: This command changes the properties of an HMC user. version and Vital Product Data. Root and hscroot users cannot be removed using this command. syslog. on Linux and UNIX® systems. Using a Linux command to change the password will render the HMC unusable. LSHMCUSR: This command lists users on the HMC CHHMC: This command changes subsystems and network settings on the HMC. MKHMCUSR: This command creates a user on the HMC. To protect the HMC from users trying to gain higher privileges by some means of exploiting the system. SSH would provide an authenticated user full access to the shell.ssh/ directory with a given DSA or RSA key generated from a client. such as the Hardware Management Console for pSeries Installation and Operations Guide (SA38-0590) and Effective System Management Using the IBM Hardware Management Console for pSeries (SG24-7038). http and network settings. Typically. Because the full list of HMC commands is already described in various IBM publications. LSSVCEVENTS: This command displays console events entries.doc Page 10 of 20 . Software can be installed from a remote ftp server or locally from the DVD-RAM drive on the HMC. This command notifies the service processor on the managed server that it is gracefully going away.
Refer to Chapter 10 System Manager Security in Hardware Management Console for pSeries Installation and Operations Guide. data encryption and data integrity. it should be located in a secure room if at all possible. Obviously. an instance of a the Web-based System Manager Remote Client running a separate Java Virtual Machine will psshHMCsecuritywp040804. SG247038. The user on the client is then authenticated to the server by his login password. the user is required to enter a valid HMC userid and password. The HMC Security Manager application. The former option is more secure. Physical Security Physical security of the HMC is primarily the client’s responsibility. When the Web-based System Manager Remote Client connects to the HMC. this is in a data center. Network Security The HMC is required to be on a network in order to implement dynamic logical partitioning. because of its proximity to the servers it manages. A secure Web-based System Manager Remote Client connection is possible using Secure Socket Layer (SSL) code which is also available on the HMC via http. The user name and password are sent encrypted over the SSL socket. which can only be accessed by a System Administrator-empowered user from the HMC console. A login dialog is then displayed to prompt the user for an id and password. or Chapter 7 in the IBM Redbook Effective System Management Using the IBM Hardware Management Console for pSeries. and listens on port 9090. the keyboard and mouse at the local console will remain locked until the power-on password is entered. Once the Web-based System Manager Remote Client package has been installed. the Web-based System Manager server first authenticates the userid and password. To download the client package from the HMC. The server is authenticated using public key cryptography with the RSA algorithm.Securing Access to the HMC A. All data transmissions between the server and client machines are encrypted by the SSL protocol using the RSA RC4 algorithm. Once the authentication is completed. However. or Double click on the Web-based System Manager Remote Client icon on the Windows desktop. However. The SSL protocol provides server authentication. The SSL protocol protects against changes or substitutions to any data transmissions between the server and client machines.doc Page 11 of 20 . Linux operating system-based version) reside on the HMC and are downloadable via http port 80. controls these options. a Web-based System Manager server runs under xinetd control. Unattended start mode can be set in BIOS to allow the HMC to reboot without the power-on password following restoration of power after an unplanned outage. or to give clients the option of connecting via SSL. These functions are mainly provided as part of the BIOS in the Intel processor-based PC: • • • Change the startup device settings in BIOS to prevent the use of a Linux Recovery CD/diskette to get to single-user mode. collecting serviceable events and managing the HMC from remote clients. Usually. On the HMC. The different versions of the Web-based System Manager Remote Client code (Windows® 2000 or later. SA38-0590. there are features in the HMC that can provide additional physical protection. The HMC itself can be configured to require all clients to connect via SSL. Power-on password can be set in BIOS to prevent unauthorized changes to BIOS settings. the user can connect to the HMC by typing: • • WSM <HMC HOSTNAME> If the user is on a remote Linux system. B.
be created.doc Page 12 of 20 . A pair of ports in the range of 30000 and 30009 are used as the communications channel between this Web-based System Manager server and the Web-based System Manager Remote Client. For example: The following command disables all remote Web-based System Manager Remote Client connections to the HMC: chhmc –c websm –s disable The following command disables the HTTP service on the HMC: chhmc –c http –s disable psshHMCsecuritywp040804. Clients who choose not to use the remote management function can disable the Web-based System Manager Remote Client and Apache servers by using the command chhmc.
the connectionless User Datagram Protocol (UDP) has been implemented. when transmitting messages over port 657. It is installed and used on the HMC for establishing a trusted communication channel between the HMC and the partitions on the managed server to perform tasks such as: • • • Dynamic allocation of hardware resources on the partitions Graceful shutdown of the AIX 5L operating systems running on the partitions Propagate hardware error log entries from the AIX 5L partitions to the HMC to provide a single focal point for error collection RMC uses port 657 for HMC-to-partition communication.Resource Monitoring and Control The Resource Monitoring and Control subsystem (RMC) is based on IBM’s Reliable. psshHMCsecuritywp040804. the HMC and the partition can be sure with whom they are communicating.doc Page 13 of 20 . but in recent releases of AIX 5L and HMC code. Thus. The authentication is established during configuration steps on the HMC that use the serial network. the TCP protocol was used. Scalable Cluster Technology (RSCT). Initially. RMC employs access control lists to authenticate communication between the partitions and the HMC.
doc ~ Page 14 of 20 . It is therefore CIM compliant and can provide information about its CIM objects to remote CIM clients. A CIM server runs on the HMC and listens on port 5988 for remote CIM requests.CIM and Cluster System Management The HMC uses Open CIMOM (Common Information Model Object Manager) to model the hardware resources of the pSeries server. psshHMCsecuritywp040804. Only requests that supply a valid userid and password on the HMC are honored. The Cluster System Management (CSM) managing server uses this facility on the HMC to perform various hardware ® Cluster 1600 control functions such as power on/off of partitions or servers in an IBM environment. The same SSL protocol used by the Web-based System Manager Remote Client and server can be used to secure the communication between CIM clients and the HMC.
xx psshHMCsecuritywp040804. you should be aware of how to determine whether such an alert is genuine or not. As our example. Requests coming from outside the HMC will be immediately rejected. the table on the next page shows a report from a network scanning tool run against an HMC at IP address x.. NOTE: Some ports only allow incoming request from the local HMC only. SSL SSL XHOST - Figure 3 . and the available security features associated with each port. Blowfish.Network Scan on the HMC The table below provides the list of open ports on the HMC. etc. Therefore. 1199/tcp 9735/tcp 80/tcp 443/tcp 22/tcp 5988/tcp 9198/tcp 6000/tcp Application RMC RMC WebSM WebSM Service Agent Virtual Terminal Server Web Server (HTTP) Web Server (HTTPS) Open SSH CIM Server CIM Server Indication X11 Security Keys exchange Keys exchange SSL SSL Can be disabled Can be disabled Require valid user id and password SSL 3DES.xx. Port/Protocol 657/tcp 657/udp 9090/tcp 30000-30009/tcp 1198.doc Page 15 of 20 .xxx.Open UDP and TCP ports as seen by a network scan. This has led to a number of false alerts. It is not uncommon for a security department to run a network scan against the HMC and obtain ambiguous or misleading results.
This reveals that the OpenSSH referenced by RHSA-2003:279-17 is indeed fixed with package openssh-3. More. Web site: https://rhn.7.Host: x. and that RHSA-2003:280-06 refers to the OpenSSH for Red Hat Enterprise Linux.7. With this information.1p114. site is still accessible.xx • [attention] [SSH/22/TCP] Server version `Protocol 1. Fix: This vulnerability is resolved with OpenSSH 3. one can conclude that Red Hat.html. NOTE: The Red Hat. which is on the HMC. Clearing the buffer makes an "improperly sized chunk" of memory be overwritten with zeros. Inc. which is most often root. Because this version of HMC code uses the OpenSSH package from Red Hat 7.xxx. Server OpenSSH_3. Such commands could be executed with privileges of the user running the sshd process.adv MandrakeSoft Security Advisory MDKSA-2003:090 NetBSD Security Advisory 2003-012 OpenPKG Security Advisory OpenPKG-SA-2003. the HMC Administrator should visit the Red Hat. Inc. Patches are also available for this issue.doc Page 16 of 20 . A heap corruption can arise from this. so the example is still valid for the time being..040 Red Hat Security Advisory RHSA-2003:279-17 Red Hat Security Advisory RHSA-2003:280-06 Sun Alert Notification 56861 SUSE LINUX Security Announcement SuSE-SA:2003:038 SUSE LINUX Security Announcement SuSE-SA:2003:039 The report specifically mentions that the fix for OpenSSH is in version 3.com/errata/rh72-errata-security. backports the patches to some version of OpenSSH that it has. OpenSSH Buffer Management Error CVE#: CAN-2003-0693 CAN-2003-0695 Summary: There are two buffer "management errors" OpenSSH.1.1p1-14. References: OpenSSH OpenSSH Security Advisory: buffer. Details: The two errors are caused when a buffer is allocated for a large packet. The alerts thus need to be checked to make sure that they point to a genuine vulnerability. Systems using privilege separation in OpenSSH may not be impacted greatly by the vulnerability.redhat.4p1' is known to contain vulnerabilities. instead of incrementing the version number for each security fix. It is always best to upgrade to the latest version.. but are not really vulnerable.xx. which is not the Linux version used by HMC. psshHMCsecuritywp040804.1.2. Inc.99. which could cause concern to an HMC Administrator who knows that his current version of OpenSSH is 3. Patched systems may still be detected as vulnerable by security scanners. causing a denial of service or potentially allow malicious users to execute arbitrary commands.
and they will stay on the Web site only until the next Corrective Service from HMC is released. and the maintenance number is increased when a Corrective Service (Maintenance) package is released. but because of the nature of the problem. The WebSM user can also view this information by selecting the About Hardware Management Console task under the Help menu at the local console. Next. releases security fixes. Use the Install Corrective Service task from the graphical user interface to install security fixes. the HMC has maintained a version naming convention of Release Version Maintenance (RVM). a Recovery CD is made available to facilitate software pre-load at manufacturing. Once fixes are tested. users must first perform a Save Upgrade Data. The release number is incremented when a major change in the base HMC operating system occurs. C.doc Page 17 of 20 . Corrective Service packages are also available on the same Web site where security fixes are published. They have associated APAR number. When Red Hat. Corrective Service Corrective Service packages are cumulative updates. requiring a major update of all packages in the HMC. D. Emergency Fixes Some fixes are not cumulative. Clients have the option of subscribing to technical bulletin alerts from the same Web site.. They allow clients at any version level of a particular HMC release to apply the code and update the HMC to the current Corrective Service level.Distribution of Fixes on HMC Since its introduction. To perform an upgrade with a new HMC Recovery CD. only IBM approved software can be installed on it. there are a number of ways to distribute them to clients. This task will allow the existing HMC configuration as well as LPAR profile configurations to be saved in a special disk partition.ibm. Upgrade Each time a Corrective Service package is released that supports new HMC hardware. need to be posted on the Web site. A. so that a CD can be ordered. because the HMC serves specific management purposes.com/server/hmc. Security Fixes Security fixes are only released on the Web at: http://techsupport. The version number is incremented when there are enhancements to the management software. These fixes may contain more than one package from IBM or Red Hat. Or you can use the updhmc command. This CD can be ordered by clients by referring to an IBM Part Number. This is different from the Version Release Maintenance Fix (VRMF) convention used in software products such as AIX 5L. In addition. B. the HMC is rebooted with the new HMC Recovery CD in the DVD drive. As mentioned earlier. The command lshmc can be used to show the security fixes installed on the HMC. When the psshHMCsecuritywp040804. Inc. and used for upgrading the HMC to this new level of code. Inc. Installation of the Corrective Service package is similar to that of the security fixes. Installation of the Emergency fixes is similar to that of the security fixes. They will then receive mail when security and corrective fixes are available. by using an APAR number associated with each Corrective Service package. Then they will become part of the Corrective Service package. a Corrective Service CD can be ordered via IBM Software Distribution. IBM tests them to ensure that they do not inadvertently affect the behavior of other subsystems running on the HMC. The fix number is not used on the HMC.services.
doc Page 18 of 20 . the Upgrade option must be selected by twice pressing function key F1. when the HMC is rebooted.deny /etc/sysconfig/network /etc/sysconfig/clock /etc/sysconfig/keyboard /etc/sysconfig/i18n /etc/sysconfig/iptables psshHMCsecuritywp040804.installation menu is presented to the user. Below is a partial list of system configuration files saved as part of the Save Upgrade Data process: /etc/group /etc/gshadow /etc/localtime /etc/passwd /etc/shadow /etc/hosts /etc/login. all but one partition on the HMC disk will be erased.conf /etc/syslog.allow /etc/hosts. At the end of the installation process. When selecting this option. data from the saved partition will be copied back into the HMC file systems.conf /etc/hosts. /etc/resolv.defs.
Optionally. the remote WebSM interface itself and the Apache server used to distribute remote client code can be turned off. Users with remote command line access are limited in what they can perform by a restricted shell.Executive Summary The HMC is a Linux operating system-based management appliance designed for the control of POWER4 processor-based servers and partitions. such as changing the startup device settings to prevent use of a Linux Recovery CD or diskette to get into single-user mode. Tools have been added to the HMC to help administrators monitor for unauthorized access. It has been highly customized to limit what it can do and how it can be accessed. remote users of the WebSM interface can be required to use SSL to secure their connection to the HMC. psshHMCsecuritywp040604. If desired. Many services typically found on Linux servers have been turned off. Although useful.doc Page 19 of 20 . Users on the HMC are assigned specific roles that control the level of access they have to the management applications. The remote command line access method is OpenSSH. leaving the client with remote command-line access via OpenSSH and local Web-based System Manager access on the HMC console. and to prevent unauthorized changes to BIOS settings. clients may use BIOS settings of the Intel processor-based PC to provide additional physical security.
Windows is a registered trademark of the Microsoft Corporation.ibm. features and services available in your area.ibm. In the United States and/or other countries.com. More information about IBM Cluster 1600 can be found at http://www. the IBM logo. IBM may not offer the products. features. It will comply with the appropriate FCC rules before final delivery to the buyer.ibm. ^ psshHMCsecuritywp040604.doc ~ Page 20 of 20 . All statements regarding future directions and intent of IBM are subject to change or withdrawal without notice and represent goals and objectives only. Inc. IBM hardware products are manufactured from new parts. Information concerning non-IBM products was obtained from the suppliers of these products or other public sources. . Copying or downloading the images contained in this document is expressly prohibited without the written consent of IBM. IBM. Java and all Java-based trademarks and logos are trademarks of Sun Microsystems. the e-business logo. The information may be subject to change without notice. POWER4 and pSeries are trademarks or registered trademarks of International Business Machines Corporation in the United States or other countries or both. This equipment is subject to FCC rules. or new and used parts. and service names may be trademarks or service marks of others. Consult your local IBM business contact for information on the products. Other company.com/servers/eserver/pseries.ibm. UNIX is a registered trademark of The Open Group in the United States and other countries.© IBM Corporation 2004 IBM Corporation Marketing Communications Systems Group Route 100 Somers. or services discussed in this document in other countries. AIX 5L. Regardless.com/servers/eserver/clusters. The pSeries home page on the Internet can be found at http://www.shtml. Intel is a registered trademark of Intel Corporation in the United States and/or other countries. Questions on the capabilities of the non-IBM products should be addressed with the suppliers. product. New York 10589 Produced in the United States of America April 2004 All Rights Reserved This document was developed for products and/or services offered in the United States. our warranty terms apply.S. The IBM home page on the Internet can be found at http://www.com/legal/copytrade. trademarks owned by IBM may be found at http://www. A full list of U.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.