Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
Ignite-UX Administration Guide: for HP-UX 11i > Chapter 8 Security

Ignite-UX Server Ports

» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

Ignite-UX server network port usage is described below by server activity. Diagrams follow that describe the port activity by network communication task and timing. See the product documentation to get the protocol for your system when the protocol is listed as tcp/udp.

  • Initiate LAN Boot for Itanium-Based clients, Figure 8-1: ports 67 and 68.

  • Initiate LAN Boot for PA-RISC clients, Figure 8-2: ports 1067, 1068.

  • Cold boot and installation initiated from client, Figure 8-3: 69, 2049, 2121, an SD dynamically allocated port.

  • Live system reinstall via bootsys initiated from the server, Figure 8-4: 2049, 69, 2121, an SD dynamically allocated port, and 514 or 22.

  • make_net_recovery initiated from client, Figure 8-5: 69, 2121, an SD dynamically allocated port, 2049.

  • make_net_recovery initiated from the server, Figure 8-6: 69, 2121, an SD dynamically allocated port, 2049, and 514 or 22.

  • make_sys_image initiated from client, Figure 8-7: 514 or 2049.

Figure 8-1 Port Usage: Initiate LAN Boot for Itanium-Based Clients

Port Usage: Initiate LAN Boot for Itanium-Based Clients
  1. The client sends a boot request to the server over port 67. The request is handled by the bootpd daemon on the server. If the client is registered, the /etc/bootptab file is referenced for the boot IP address; if the client is anonymous, DHCP services are used to assign the boot IP address. The server then sends the networking information to the client on port 68. For more information on booting registered Itanium-based clients, see “Configuring the Ignite-UX Server for Itanium-Based Clients”. For more information on booting anonymous Itanium-based clients, see “Configuring an Ignite Server to Boot Anonymous Itanium-Based Clients”. For more information on bootpd, see bootpd(1M).

Figure 8-2 Port Usage: Initiate LAN Boot for PA-RISC Clients

Port Usage: Initiate LAN Boot for PA-RISC Clients
  1. The client sends a boot request to the server over port 1067. The request is handled by the instl_bootd daemon on the server. The /etc/opt/ignite/instl_boottab file is referenced whether the client is registered or anonymous. The server then sends the networking information to the client on port 1068. For more information on booting registered PA-RISC clients, see “Configuring the Ignite-UX Server for PA-RISC Clients”. For more information on booting anonymous PA-RISC clients, see “Configuring an Ignite Server to Boot Anonymous PA-RISC Clients”. For more information on instl_bootd, see instl_bootd(1M).

Figure 8-3 Port Usage: Client Cold Boot and Installation

Port Usage: Client Cold Boot and Installation
  1. The initial boot content (kernel, file system, and required files) is downloaded from the server to the client, then the client is booted. For Itanium-based systems, these files are downloaded in the order listed: nbp.efi, AUTO, fpswa.efi, hpux.efi, IINSTALL, and IINSTALLFS. PA-RISC systems download these files in the order listed: boot_lif, AUTO, WINSTALL, and WINSTALLFS.

  2. The file install.log is updated on the server in the /var/opt/ignite/clients/client directory. A compressed tar archive of commands to set up disk volumes and file systems is downloaded (INSTCMDS for PA-RISC, and INSTCMDSIA for Itanium-based systems). The TUI is run on the client console. The user selects the installation configuration via the TUI and selects Go!. A compressed tar archive of commands required to complete the installation is downloaded (SYSCMDS for PA-RISC and SYSCMDSIA for Itanium-based systems). Ports used by NFS to make RPC (Remote Procedure Call) calls are not discussed here.

  3. If the installation is from an image, it is downloaded. Ports used by NFS to make RPC calls are not discussed here.

  4. If the installation configuration requires software to be installed from depots on the server, a swinstall request is sent to the server's Software Distributor (SD) daemon, swagentd, on port 2121. An SD agent, swagent, is then spawned on the server that acquires a dynamically allocated communication port for the download. That communication port is then reported to the client on port 2121. The client then spawns a new swagent processes that communicates with the server on the acquired communication port P, where the depot download takes place. For more information on SD, see the Software Distributor Administration Guide available at http://www.docs.hp.com.

    NOTE: Although swinstall is illustrated here, the install could use one or more of swinstall, rexec (port 514), NFS (ports 49152–65535), ftp data (port 20), and ftp (port 21).

Figure 8-4 Port Usage: Live System Reinstall

Port Usage: Live System Reinstall
  1. The server pings the client with an ICMP type 8 echo request. The client answers the ping with an ICMP type 0 echo reply. Files required for bootsys are transferred from the server to the client. These files are transferred with remsh by default, or by ssh if the bootsys -S option is used.

  2. The kernel, file system, and required files are downloaded from the server to the client, then the client is booted. These files are transferred with rcp by default, or by scp if the bootsys -S option is used.

NOTE:

The client can specify to use privileged ports (1–1023) or not via the ssh_config directive. The default is non-privileged ports. If you want to configure ssh to use privileged ports, you have to make the client an suid program.

Figure 8-5 Port Usage: make_net_recovery Initiated from the Client

Port Usage: make_net_recovery Initiated from the Client
  1. The server pings the client with an ICMP type 8 echo request. The client answers the ping with an ICMP type 0 echo reply. If tftp is enabled, the version check is done with the file /opt/ignite/Version.

  2. If tftp is not enabled, the version check is done with swlist using the swinstall depot sequence described in Figure 8-3.

  3. If the client has a lower version of Ignite than the server, a depot of recovery commands is transferred to the client using the swinstall depot sequence described in Figure 8-3.

    NOTE: Although swinstall is illustrated here, the install could use one or more of swinstall, rexec (port 514), NFS (ports 49152–65535), ftp data (port 20), and ftp (port 21).

Figure 8-6 Port Usage: make_net_recovery Initiated from the Server

Port Usage: make_net_recovery Initiated from the Server
  1. The server remotely executes make_net_recovery from the client. The command is run via remsh by default, or by ssh if the client was added for recovery on the server with the ssh option.

    NOTE:

    The client can specify to use privileged ports (1–1023) or not via the ssh_config directive. The default is non-privileged ports. If you want to configure ssh to use privileged ports, you have to make the client an suid program.

Figure 8-7 Port Usage: make_sys_image Initiated from the Client

Port Usage: make_sys_image Initiated from the Client
  1. The golden archive is written to the destination server via remsh or NFS. Note that make_sys_image does not need networking if the archive is written locally to the client.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© Hewlett-Packard Development Company, L.P.