PTF MH00998 HMC V7 R3

PTF MH00998 HMC V7 R3.1.0 Recovery media

Description

HMC V7 R3.1.0 Recovery Media images

The HMC V7 R3.1.0 Recovery Media images can be used to upgrade your HMC to V7 R3.1.0, or to perform a clean installation of HMC V7 R3.1.0.

Updating to HMC V7 R3.1.0 requires an Upgrade by means of Recovery Media or the Network. There are no updates to be used with the Install Corrective Service task. For upgrade instruction, please refer to the Special Upgrade Instructions for V7 R3.1.0.

Package information

Package name	Size (bytes)	Checksum	APAR #	PTF#
HMC_Recovery_V7R3.1.0_1.iso HMC_Recovery_V7R3.1.0_2.iso	1133940736 1341313024	16008 02858	MB02021	MH00998

Splash panel information (lshmc -V command output)

Version: 7
Release: 3.1.0
Service Pack: 0
HMC Build level 20070518.1
","base_version=V7R3.1.0

Enhancements and fixes for HMC V7 3.1.0

This package provides the following enhancements and fixes:

Server and Partition Management

The most significant and the most noticeable change in the HMC for V7 R3.1.0 is the move to a new Web-based User Interface both locally and remote. This interface uses a tree style navigation model providing hierarchical views of system resources and tasks using drill-down and launch-in-context techniques to enable direct access to hardware resources and task management capabilities. It provides views of system resources and provides tasks for system administration.

HMC V7 R3.1.0 can manage both POWER5 (with SF240_299 firmware level and above) and POWER6 servers.

On Power6 servers the following new features/enhancements have been added.

Support for Host Ethernet Adapter (HEA). An HEA provides each logical partition using the adapter with its own virtual adapter and logical ports. An HEA may be shared between multiple partitions. This provides direct data and control path between the partitions and the adapter, allowing partition-to-partition connectivity.
Partition Availability Priority. This can be used to prevent transient and catastrophic CPU (processor core) failures from resulting in system or partition termination. Total recovery from catastrophic CPU failures will require that a spare processor is or can be made available to replace the failed CPU.
Utility CoD is a new CoD offering for HMC V7 R3.1.0. It replaces the Reserve CoD offering. Utility CoD is only available for processor resources.
Enhancements to the Dump facilities. These enhancements will reduce unplanned customer outages and improve platform serviceability, by eliminating unneeded and duplicate hardware data from platform system dump, and moving all formatting of dump data to the post-collection analysis phase. This improves dump runtime performance and frees up FSP control store to allow more problem-specific hardware data to be collected.
Shared Pool Usage of Dedicated Capacity. This feature provides the ability for partitions that normally run as "dedicated processor" partitions to contribute unused processor capacity to the shared processor pool. Customers may use some of the capacity that is formerly locked up in dedicated processor partitions to satisfy peak needs for the shared processor pool without resorting to using utility on-demand processors.
Virtual Server Model Instrumentation. This feature provides a common interface for server system management. Driven by IBM and several other companies, there is an effort to standardize the Virtual Server Model (VS Model) for the server system management, which includes the managed server resource representation and the management service functions. HMC V7 R3.1.0 contains the first phase of work for HMC to provide the standardized VS Model as the common interface for third parties to manage the server system and their hardware resources.

System Plan

Automated installation of VIOS into LPAR
Automated provisioning of virtual resources with the VIOS LPAR
Improved capability of creating a system plan from a managed system
Additional import &export capability via HTTPS
Improved System Plan Viewer user controls and details

HMC command line

A new command, dump, has been added. The dump command sets the system dump parameters for a managed system (POWER6 servers only).
The following commands have been added for system plan resource management on the HMC:

defsysplanres

defines a system plan resource

lssysplanres

lists defined system plan resources

rmsysplanres

removes a defined system plan resource

The following commands have been enhanced to support barrier synchronization (POWER6 servers only): chsyscfg, lshwres, lssyscfg, and mksyscfg.
The following commands have been enhanced to support partition availability priorities (POWER6 servers only): chsyscfg, lssyscfg, and mksyscfg.
The following commands have been enhanced to support the new processor sharing mode that allows an active dedicated processor partition to share its unused processors (POWER6 servers only): chhwres, chsyscfg, lshwres, lslparutil, lssyscfg, and mksyscfg.
The following commands have been enhanced to support electronic error reporting for i5/OS partitions (POWER6 servers only): chsyscfg, lssyscfg, and mksyscfg.
The following commands have been enhanced to support processor compatibility modes (POWER6 servers only): chsyscfg, lssyscfg, and mksyscfg.
The following commands have been enhanced to support Host Ethernet Adapters (POWER6 servers only): chhwres, chsyscfg, lshwres, lssyscfg, mksyscfg, and rsthwres.
The following commands have been enhanced to support Utility Capacity on Demand (POWER6 servers only): chcod, lscod, and lslparutil.
The lssyscfg -r prof command to list partition profiles has been changed. The --filter option to specify the partition for which profiles are to be listed is no longer required. Therefore, all partition profiles for all partitions in the managed system can now be listed by issuing lssyscfg -r prof -m <managed system>.
The mksyscfg -r lpar and mksyscfg -r prof commands have been changed. The load_source_slot attribute is no longer required to be specified when creating an i5/OS partition or partition profile on a POWER6 server.
The partition shared_proc_pool_util_auth attribute has been deprecated. It has been replaced by the allow_perf_collection attribute. These two attributes will always have the same value. The commands that use these attributes are chsyscfg, lssyscfg, and mksyscfg.
A new option has been added to the chsysstate command to enable console service functions for an i5/OS partition.
New options have been added to the chhmc command to set the date, time, time zone and clock type on the HMC.
A new option has been added to the chsvcevent command to close all serviceable events on the HMC.
A new option has been added to the mksysplan command to limit the inventory gathered to just the PCI slot devices.
A new option has been added to the mksysplan command to display verbose output during command processing.
A new option has been added to the lsdump command to list the system dump parameters for a managed system (POWER6 servers only).
The lsdump -h command has been enhanced to display dump offload progress.
The lslic -t power and lslic -t syspower commands have been enhanced to display automatic code download status.
A new option has been added to the lslic command to display Power FRU level and status information.
The dlslic command has been removed. The information that was displayed by the dlslic command is now displayed by the lslic command.
Due to security restrictions in the HMC Web-based user interface, an HTML file containing Terms and Conditions can no longer be presented to users who login locally on the HMC. Instead, a text file containing welcome text can be presented to users who login locally on the HMC. Therefore, the chusrtca command has been changed to no longer support deployment of Terms and Conditions and to support deployment of welcome text instead. If you are upgrading from HMC V6 R1 and the display or Terms and Conditions at login is currently enabled on your HMC, then the contents of the UserLicense.html file containing the Terms and Conditions is preserved. After the upgrade is complete, the contents of the UserLicense.html file will exist unchanged in the /opt/hsc/data/license/WelcomeFile.txt file and will be displayed as welcome text to users that login locally on the HMC. You may then want to deploy a new welcome text file that does not contain HTML and that has text that better fits a welcome message.
The lsusrtca command has been deprecated.
To use X11Forwarding on HMC, from the SSH client, run your ssh command with the -Y or set the value of ForwardX11Trusted in your /etc/ssh_config file to yes
The max_capacity_sys_proc_units and max_capacity_sys_mem attributes displayed by the lshwres command have been deprecated since these values cannot be accurately determined for all managed systems. For partition profiles, the maximum memory value will now be limited to the value 4,294,967,295 (0xFFFFFFFF) MB. The maximum processor values for a partition profile will now be limited to a new value, which is displayed by the new attribute max_procs_per_lpar in the lshwres command.
The lsmediadev command has been enhanced to display the mount point for each removable media device.

Licensed Internal Code (LIC) update

A new task was added which allows the user to ensure that the system has no errors which will prevent Licensed Internal Code update from working correctly. This new task is invoked by selecting "Check System Readiness" from the Updates task selection list or using the -o k parameter of the updlic command.
A new task was added which allows the user to view system information without entering a "change" task. This new task is invoked by selecting "View System Information" from the Updates task selection list.
The restricted-access dlslic command was removed. Equivalent capability was added to the lslic command. For more details, see the command line section of the readme.

Save Upgrade Data/Backup

Added support for saving data to USB memory stick.

Network connectivity

Allow VPN selectable interface and route for ipsec communication

Previously, VPN did not work if the interface for ipsec traffic was different from the public default gateway interface. For instance, if eth1 had been set up for the VPN connection, and eth2 was the "public" network and had the default route, then even after adding static routes for the VPN catchers for eth1, the ipsec program used the default route for communication. This behavior has been changed so that the defined routes will be used to establish the VPN.

RIO Topology

The GUI path to view the RIO Topology is:

Hardware (Information) -> Adapters -> View RIO Topology

Under this path, "View RIO Topology" has been changed to "View Hardware Topology"

Service Focal Point (SFP)

Added refcode links to Manage Serviceable Events.

DLPAR

Memory and Processors

You will notice that the DLPAR operations have slightly changed in the V7 R3.1.0 HMC. An overall change is that the Add and Remove operations for memory and processor resources have been combined into one task. For example, when you want to change the amount of memory that is assigned to the partition you simply launch the "Add/Remove" memory task and enter in the amount of memory you would like to have assigned to the lpar.

Physical I/O

For Physical I/O resources we have combined the move and remove operation into one task so that now you can optionally move the I/O resource that you are trying to remove to another partition. The "Add" operation for I/O resources has basically stayed the same.

RMC-less DLPAR for AIX/Linux Partitions

POWER5 HMC supported DLPAR operations between two AIX or Linux partitions that do not have RMC connections. This function has been removed from the UI due to the fact that these types of operations require multiple steps for the user in order to be successful. You can still remove or add resources to a partition that doesn't have an RMC connection, however you will not be able to move resources between two AIX or Linux partitions that do not have active RMC connections.

Another change that has been implemented for DLPAR operations is that the task will display an indicator within the dialog for AIX and Linux partitions the alerts you to the fact that an RMC connection is missing. This is so that you know you are about to perform and RMC-less DLPAR operation before you start entering data into the fields in the dialog.

If you would still like to move resources between two AIX or Linux partitions that do not have RMC connections the command line "chhwres" command can still be used to facilitate the move operation.

Security fixes in HMC V7 R3.1.0
Fix	Description
CAN-2003-0989	tcpdump remote DOS
CAN-2003-0190	OpenSSH: info leak issue
CAN-2004-0078	mutt remote buffer overflow
CAN-2004-0110	libxml2 URI Parsing Remote Buffer Overflow
CAN-2004-0109 CAN-2004-0181	Kernel ISO9660/JFS local privilege escalation, info leak
CAN-2004-0183	tcpdump ISAKMP remote DOS
CA-2005-35	SSH Protocol 1 Weakness and Vulnerability
CAN-2004-0427 CAN-2004-0424 CAN-2004-0229 CAN-2004-0228 CAN-2004-0394	Kernel privilege escalation, local DoS
CAN-2004-0554	Kernel "__clear_fpu()" Macro local DoS
CAN-2004-0523	kerberos aname_to_localname remote root compromise
CVE-2004-0493	Input Header Memory Allocation Denial of Service
CVE-2004-0488	Apache mod_ssl FakeBasicAuth Buffer overflow
CVE-2004-0747 CVE-2004-0748 CVE-2004-0751 CVE-2004-0786 CVE-2004-0809	Apache 2 Multiple Denial of Service
CVE-2004-0942	Apache MIME Header Memory Consumption
CAN-2004-0460 CAN-2004-0461 VU#317350 VU#654390	dhcp-server: remote system compromise
CVE-2002-1363	libpng remote DoS
CAN-2004-0590	Certificate chain authentication in Openswan pluto
CAN-2004-0649	L2tpd: remote execution of arbitrary files w/ privs of l2tpd user
VU#388984 VU#236656 VU#160448 VU#477512 VU#817368 VU#286464 CAN-2004-0597 CAN-2004-0598 CAN-2004-0599	libpng: multiple vulnerabilities
CAN-2004-0415	Kernel: local privilege escalation, race condition in file offset pointer handling
VU#550464 CAN-2004-0644	krb5: remote unauthenticated DoS
CAN-2004-0817	imlib: local execution via heap overflow
CAN-2004-0687 CAN-2004-0688	xf86: multiple buffer overflows with malformed xpm images
CAN-2004-0966	gettext: Insecure temporary file handling
CAN-2004-0804 CAN-2004-0886	tiff: Buffer overflows in image decoding
CAN-2004-0884	Cyrus-sasl2: (ver2.1.7)Insecure handling of environment variable
CAN-2004-0971	krb5: krb5-workstation: Possible symlink attack, priv escalation via temporary file mishandling
CAN-2004-0989	libxml: remote code execution, buffer overflow
CVE-2004-0079	Openssl vulnerability
CAN-2004-0975	Openssl: possible symlink attack via temp file mishandling
SUSE-SA:2004:041	xf86: SuSE security updates for libxpm
CAN-2004-0782	imlib: xpm security updates in imlib
CAN-2004-1010	zip: buffer overflow in info-zip when using recursive folder compression
CAN-2004-1308	tiff: multiple buffer overflows
CAN-2004-0986	iptables: variable init failure can cause failure to load firewall rules
CAN-2004-0883 CAN-2004-0949 CAN-2004-1070 CAN-2004-1071 CAN-2004-1072 CAN-2004-1073 CAN-2004-1074	Kernel update for multiple local and remote DoS vulnerabilities
CAN-2004-0079 CAN-2004-0112	OpenSSL remote DOS
CVE-2006-2937 CVE-2006-2940 CVE-2006-2969 CVE-2006-3738 CVE-2006-4339 CVE-2006-4343	OpenSSL vulnerability
CAN-2005-0155 CAN-2004-0452 CAN-2005-0077	Perl: Security update to address two priv escalation and a buffer overflow condition
CAN-2005-0449 CAN-2005-0209 CAN-2005-0529 CAN-2005-0530 CAN-2005-0532 CAN-2005-0384 CAN-2005-0210 CAN-2005-0504 CAN-2004-0814 CAN-2004-1333 CAN-2005-0003	Updates for multiple issues on 2.4-2.6.11 kernels
CAN-2005-1993	sudo: vulnerabilities allow execution of arbitrary commands
CAN-2005-1267 CAN-2005-1278 CAN-2005-1279 CAN-2005-1280	tcpdump: fix for several DOS vulnerabilities
CAN-2005-1151 CAN-2005-1152 CAN-2005-1349 CAN-2005-0103 CAN-2005-0104 CAN-2005-1455 CAN-2005-1454 CAN-2004-1456 - CAN-2004-1470	tiff: buffer overflow allows execution of arbitrary code
CAN-2005-0109	OpenSSL update
CAN-2005-2969	OpenSSL fix for potential SSL 2.0 Rollback vulnerability
CVE-2001-0572	SSHv1 Protocol Available
CVE-2004-0175	OpenSSH SCP Client File Corruption Vulnerability
CVE-2006-0225	OpenSSH scp remote attack vulnerability
CVE-2006-4924 CVE-2006-4925	Open SSH vulnerability
CVE-2006-5051	Open SSH vulnerability not applicable to HMC due to GSSAPI being disabled
CVE-2006-5794	Open SSH vulnerability
CVE-2006-0058	Sendmail remote code execution
CVE-2006-1721	Cyrus-sasl remote denial of service
CVE-2006-2024 CVE-2006-2025 CVE-2006-2026	Libtiff: various denial of service attacks
CVE-2005-3352 CVE-2005-3357	Apache2 cross site scripting in mod_imap and mod_ssl
CVE-2006-0455	Gpg remote execution by signature checking
CVE-2005-3353 CVE-2005-3389 CVE-2005-3390 CVE-2005-3391 CVE-2005-3392 CVE-2005-3883	Multiple vulnerabilities in php4
CVE-2005-2970	Apache2 worker memory leak
CVE-2005-2974 CVE-2005-3350	Libungif denial of service attack/buffer overflow
CVE-2005-2959	Sudo environment cleaning privilege escalation vulnerability
CAN-2005-2491	PCRE: Integer overflow vulnerability
CVE-2005-3119 CVE-2005-3179 CVE-2005-3180 CVE-2005-3181	Kernel potential denial of service and information disclosure
CAN-2005-2797 CAN-2005-2798	OpenSSH: fixes to prevent escalation of privileges and bypass certain security restrictions
CVE-2005-2876	Util-linux umount "-r" Re-Mounting security issue
CAN-2005-2495	Xf86: Fix remote command execution
CAN-2005-2491 CAN-2005-2700 CAN-2005-2728	Apache2: Security fixes
CAN-2005-1761 CAN-2005-1768 CAN-2005-2500	Kernel: Various Security Fixes
CAN-2005-2452	Tiff: Vulnerability allows DOS attack due to divide by zero error
CAN-2005-2177	Net-snmp remote attack vulnerability
CAN-2005-0448	Perl vulnerabilities
CAN-2005-0758 CAN-2005-0988 CAN-2005-1228 CAN-2005-1260 CAN-2005-0953	Bzip2 vulnerability
CAN-2004-1189	Krb5 multiple security issues
CAN-2005-1849 CAN-2005-2096	Zlib buffer overflow
CAN-2005-2088 CAN-2005-1268	Apache2: fix for multiple vulnerabilities
CVE-2005-2970	Apache2: memory leak
CVE-2005-3357	Apache2 Cryptographic problem
CVE-2006-3747	Apache2: Off-by-one error in the ldap scheme handling in the Rewrite module
CVE-2006-3918	Apache2 vulnerability
CVE-2005-2728	Apache Byte Range Denial of Service
CAN-2004-1453 CAN-2004-0968 CAN-2004-1382	Glibc: Infoleak and symlink attack vulnerabilities
CAN-2005-1111 CAN-2005-1229	Cpio directory traversal and privilege escalation
CAN-2005-0605	Xf86: libXPM integer overflow
CAN-2004-0970	Gzip: temporary file mishandling
CAN-2005-0160 CAN-2005-0161 CAN-2005-0961	telnet: ENV buffer overflow
CAN-2005-1704	Binutils vulnerabilities
CAN-2005-1993	Sudo: race condition
CAN-2005-0373	Cyrus-sasl, cyrus-sasl2 remote code execution
CVE-2005-0916 CVE-2005-2456 CVE-2005-2457 CVE-2005-2458 CVE-2005-2555 CVE-2006-0554 CVE-2006-0555 CVE-2006-0557 CVE-2006-0744 CVE-2006-1055 CVE-2006-1056 CVE-2006-1242 CVE-2006-1523 CVE-2006-1524 CVE-2006-1525 CVE-2006-1527 CVE-2006-1528 CVE-2006-1857 CVE-2006-1858 CVE-2006-1863 CVE-2006-1864 CVE-2006-2271 CVE-2006-2272 CVE-2006-2274 CVE-2006-2444 CVE-2006-2448 CVE-2006-2451 CVE-2006-2934 CVE-2006-2935 CVE-2006-3085 CVE-2005-3180 CVE-2006-3468 CVE-2006-3626 CVE-2006-3745 CVE-2006-4093 CVE-2006-4145 CVE-2006-4813 CVE-2006-4997 CVE-2006-5757 CVE-2006-5823 CVE-2006-6053 CVE-2006-2274 CVE-2006-2444 CVE-2006-2448 CVE-2006-2451 CVE-2006-2934 CVE-2006-2935 CVE-2006-3085 CVE-2005-3180 CVE-2006-3468 CVE-2006-3626 CVE-2006-3745 CVE-2006-4093 CVE-2006-4145 CVE-2006-4813 CVE-2006-4997 CVE-2006-5757 CVE-2006-5823 CVE-2006-6053	Kernel Vulnerabilities

Known issues in HMC V7 R3.1.0

Web browser requirements

Hardware Management Console web browser support requires HTML 2.0, JavaScript 1.0, Java Virtual Machine (JVM), and cookie support in browsers that will connect to it. Contact your support personnel to assist you in determining if your browser is configured with a Java Virtual Machine. It is required that the web browser uses the HTTP 1.1 protocol and if you are using a proxy server, the HTTP 1.1 protocol is enabled for the proxy connections. Additionally, pop-ups must be enabled for all Hardware Management Consoles addressed in the browser if running with pop-ups disabled. The following browsers have been tested:

Microsoft Internet Explorer 6.0 or later

If this browser is configured to use an Internet proxy, then local intranet addresses should be included in the exception list, consult your network administrator for more information. If you still need to use the proxy to get to the Hardware Management Console, enable Use HTTP 1.1 through proxy connections under the Advanced tab in your Internet Options window.

Firefox 1.5.0.6 or later.

For Firefox 2.0 make sure the JavaScript options to raise or lower windows and move or resize existing windows are enabled. To enable these options, go to the Content tab in the browser's Options dialog. Click the Advanced button adjacent to the Enable JavaScript checkbox, and then select Raise or lower windows option and Move or resize existing windows option. These features allow you to switch easily between HMC tasks.

Other Web Browser Considerations

Session cookies need to be enabled in order for ASMI to work when connected to HMC remotely. The asm proxy code saves session information and uses it.

Using Internet Explorer

Select Tools -> Internet Options.
Select Privacy tab and select 'Advanced'.
Check if 'Always allow session cookies'.
If not checked, check 'Override automatic cookie handling' and check 'Always allow session cookies'.
You can choose how you want to handle First-party Cookies and Third-party Cookies, block or prompt or accept. (Prompt is preferred in which case you will be prompted every time a site tries to write cookies. It may be a little annoying, but it is the safe thing to do. Some sites need to be allowed to write cookies)

Using Firefox

Tools -> Options
Select Cookies Tab
Select check box Allow sites to set cookies.
If you want to allow only specific sites then select 'Exceptions' and then you can just add this HMC to allow.

Other Issues

The HMC now reserves the first ten virtual adapter slots on each VIOS (Virtual I/O Server) partition for internal HMC use.
Configuration rules:

The maximum Virtual I/O Slot Number should be set to (at least) 10 plus the number of virtual I/O slots desired by the customer.
Note that setting the maximum higher is OK, the danger is setting it too low. Setting it below 10 will cause a compatibility issue with newer levels of HMC code. Excess virtual slots use a small amount of additional memory, but otherwise have no impact.
All customer virtual I/O slots (virtual SCSI, virtual Ethernet or virtual serial) must use virtual slot IDs 11 or greater.

When using the updhmc command with the -i flag, input echo is not restored when the command finishes. You can use the CTRL-D key to logoff then log back in.
The System Plan tasks "Create System Plan" and "Import System Plan" are only available from the Task pad pane. If the task pad pane has been disabled, it can be re-enabled by clicking HMC Management in the navigation area, then clicking "Change User Interface Settings" in the Work Pane. Check the "Tasks pad" box and click apply.
Existing system plans on a Version 6.1.2 HMC are not migrated on an upgrade.
An ASM session brought up from the HMC can still be available even after the user logs off the HMC. The ASM window can be left open for unauthorized access. The proper method for a graceful exit from the ASM session is to select the "Log off" button in the ASMI window, then close the ASMI window. This can happen in both local and remote mode.

Hints and tips for the HMC user interface

Several major components comprise this user interface:

Banner

Across the top of the workplace window, the Banner identifies the product and logo. It is optionally displayed and is set by using the Change User Interface Settings task.

Task bar

Located below the Banner, the Task bar displays the name(s) of any tasks that are running, the user ID under which you are logged in and online help information. It also provides the ability to log off or disconnect from the console.

Navigation pane

Located in the left portion of the window, the Navigation pane contains the primary navigation links for managing your system resources and the Hardware Management Console. The items are referred to as nodes.

Work pane

Located in the right portion of the window, the Work pane displays information based on the current selection from the Navigation pane. For example, when Welcome is selected in the Navigation pane, the Welcome window content is displayed in the Work pane.

Status bar

Located in the bottom left portion of the window, the Status bar provides visual indicators of current overall system status. It also contains a status overview icon which may be selected to display more detailed status information in the Work pane.

The System p Operations Guide for the Hardware Management Console and Managed Systems can be accessed online on the HMC. Select Welcome in the Navigation pane. The Welcome window content is displayed in the Work pane. Select HMC Operations Guide to view it.

Additional education, support, tutorial and technical information can also be accessed online on the HMC. Select Welcome in the Navigation pane. The Welcome window content is displayed in the Work pane. Select Online Information to view it.

To log on to the HMC from a remote browser, the HMC must first be configured for web browser access. See Appendix B of the System p Operations Guide for the Hardware Management Console and Managed Systems for instructions on how to configure the HMC for remote web browser access. After the HMC has been properly configured, from your web browser enter the URL of the HMC using the format https://xxx.xxx.xxx.xxx. Also in Appendix B, it is important to read the "Logging on the HMC from a LAN connected Web browser" section. Security warnings may be presented to your Web browser and the issues related to certificate management should be understood prior to using this function so you can perform the appropriate actions.

Other hints and tips

Upgrade hints

Certificates and key ring files generated by the System Manager Security application (on HMC Version 6) will not be migrated to HMC Version 7. Applications such as remote 5250, which import the public key ring file to establish a secure connection with HMC, will need to import a new public key ring file. The new file, SM.pubkr, will be generated and stored on HMC V7 under the /opt/ccfw/data directory. You can copy this file by using the scp or sendfile command.

For further information on how to set up remote 5250 by using SSL, see the support document located on the System i Technical Support website. This document and many others can be found by selecting the "Technical databases" link.

The IBM System p Information Delivery Design

With the introduction of IBM System p with POWER6 technology, IBM is changing many aspects of its product information delivery. IBM has produced a full-color document that identifies these changes and explains the improvements to user experience. This document is called Introducing Improved Information Delivery for IBM System p Hardware, and includes these topics:

Highlights of the IBM System p information delivery design.
The IBM System p product information that is available, who it is intended for, and where it is located.
IBM System p product information that is available from the Hardware Management Console.
The organization and delivery of IBM System p product information and education through the IBM Systems Support Site.
Access and navigation of IBM System p publications.
Who does what to service IBM system p hardware.

Introducing Improved Information Delivery for IBM System p Hardware is available from this Support for IBM System p web site.

From this page, make sure that System p is the hardware entry selected, and then click Go.
Select System p hardware publications under Hardware/Documentation.
Select Introducing Improved Information Delivery for IBM System p Hardware from the publication titles listed.

With HMC V7 External web sites, including the "IBM Systems Hardware Information Center" and "IBM Systems Support Site", can no longer be accessed directly from the HMC and will require a remote HMC session or separate system with Internet access.

Repair and verify information is launched automatically on the HMC during the repair of a serviceable event. Repair and verify information, on-line help, reference codes, the "Operations Guide for the Hardware Management Console," and the "IBM Systems Hardware Information Center" are all included as part of the HMC licensed internal code. The "IBM Systems Hardware Information Center," which provides POWER5 technical data, is included in the licensed internal code for situations where HMC V7 (with SF240_299 firmware level and above) is managing POWER5 systems, with access only to the information required to address the serviceable event.

V6 R1.X to V7 R3.1.0 Task Mappings

This information is used to aid POWER5 HMC users in locating the equivalent WebSM HMC task in the new Web-based HMC UI. The information is divided into the following sections:

Server and Partition Management
Manage On Demand Activations
Frame Management
Utilization Data Management
System Plans
Licensed Internal Code Maintenance
HMC Management
Service Applications

Refer to the System p Operations Guide for the Hardware Management Console and Managed Systems for a complete list of the Task Mappings.