IBM System Storage DR550 Version 3.0 ------17 March 2006 Page 49
IBM Storage Systems Copyright © 2006 by International Business Machines Corporation
Configuring the P5 520 Servers
The P5 520 servers within the IBM TotalStorage Data Retention are shipped with particular AIX
security settings. These settings will not allow remote administration tasks initiated via commands
like telnet, remote shell (rsh), file transfer protocol (ftp) or similar. Therefore, you should use the
integrated console for management activities. (You can use an ASCII (tty) terminal if needed – a
connection must be established using the Serial Port 1 of each P5 520 server to administer
(configure) the P5 520 server. Note that one ASCII terminal may be used by connecting to one
server at a time. The procedure for physically attaching the ASCII (tty) terminal was addressed in
the Installation and Activation section. The ASCII terminal, when attached to Serial Port 1, will be
known in AIX as tty0.)
User Accounts
To provide a greater level of security, DR550 is setup with limited access. These restrictions are
built into the DR550 as follows:
• Limited user definitions
• Limited access to commands from certain accounts
• No remote access with authority to make changes
Login with secure shell (ssh) is required for the AIX accounts (dr550, dr550adm, ibmce and root).
User Accounts
The following user accounts have been created. Each has a specific role when using the DR550.
Passwords should be changed in accordance with company policy and guidelines. To enhance
security, certain user accounts do not have any change authority and other accounts can only be
accessed from the integrated console. The following user accounts have been created, with the
following roles and restrictions specified:
Account Roles Password set at Factory
dr550 Access via integrated console to P5 520 servers
(VTY 0) or via the serial port on the front of the P5
520 server (tty 0) – It is recommended that you use
the integrated console
no remote access
Only user who can ‘su’ to root
Home directory /home/dr550
Shell /bin/ksh
dr550adm Access via integrated console or from remote ASCII
Home directory /home/dr550adm
Shell - /bin/ksh
ibmce console access and remote access
home directory /home/ibmce
shell - /bin/ksh
root no direct login
su allowed only from dr550 account
Ability to view log files and perform SM Client tasks
d3rv1sh – this password
will need to be changed
during the initial
installation. It is initially
setup to require a change
at the initial login.