| C H A P T E R 1 | 
| Introduction to System Management Services | 
This manual describes the System Management Services (SMS) 1.5 software that is available with the Sun Fire high-end server system.
This chapter includes the following sections:
The system controller (SC) in Sun Fire high-end systems is a multifunction, CP1500- or CP2140-based printed circuit board (PCB) that provides critical services and resources required for the operation and control of the Sun Fire system.
A Sun Fire high-end system is often referred to as the platform. System boards within the platform can be logically grouped together into separately bootable systems called dynamic system domains, or simply domains.
Up to 18 domains on can exist simultaneously on a single E25K/15K, and up to 9 domains on the Sun Fire E20K/12K. (Domains are introduced in this chapter, and are described in more detail in Chapter 5). The SMS software lets you control and monitor domains, as well as the platform itself.
The SC provides the following services for the Sun Fire system:
There are two SCs within a Sun Fire platform. The SC that controls the platform is referred to as the main SC, while the other SC acts as a backup and is called the spare SC. The software running on the main SC monitors both SCs to determine when an automatic failover should be performed.
We strongly recommend that the two SCs have the same configuration. This duplication includes the Solaris OS, SMS software, security modifications, patch installations, and all other system configurations.
The failover functionality between the SCs is controlled by daemons running on the main and spare SCs. These daemons communicate across private communication paths built into the Sun Fire platform. Other than the communication between these daemons, there is no special trust relationship between the two SCs.
SMS software packages are installed on the SC. In addition, SMS communicates with the Sun Fire high-end system over an Ethernet connection. See Management Network Services.
| Note - SMS 1.5 cannot communicate with SMS 1.4.1 across the I2 network. If one of the SCs is running SMS 1.4.1 and the other is running SMS 1.5, the I2 network tests will fail, and the SCs will communicate instead through high-availability SRAM (HASRAM) For information about the I2 network, see I2 Network. | 
SMS 1.5 supports Sun Fire high-end domains running the Solaris 8 02/02, Solaris 9 04/04, and Solaris 10 03/05 operating systems and the Solaris 8 02/02 and Solaris 9 04/04 operating systems on the system controllers. The commands provided with the SMS software can be used remotely.
| Note - Graphical user interfaces for many of the commands in SMS are provided by the Sun | 
SMS enables the platform administrator to perform the following tasks:
SMS enables the domain administrator to perform the following tasks:
Previous SMS releases provided the following:
SMS 1.5 provides the following new features:
 IV 1.65-GHz processor
 IV 1.65-GHz processor
 4.1.1
 4.1.1
A voltage core monitoring parameter (VCMON) was added to the showplatform command with firmware version 5.18. When VCMON is enabled, and the SC is the main SC, CPU voltage core data will be monitored.
SMS uses a distributed client-server architecture. init(1M) starts, and restarts as necessary, one process: ssd(1M). ssd is responsible for monitoring all other SMS processes and restarting them as necessary. See FIGURE 4-1.
The Sun Fire high-end systems platform, the SC, and other workstations communicate over Ethernet. You perform SMS operations by entering commands on the SC console after remotely logging in to the SC from another workstation on the local area network (LAN). You must log in as a user with the appropriate platform or domain privileges if you want to perform SMS operations, such as monitoring and controlling the platform.
Dual-system controllers are supported within the Sun Fire high-end systems platform. One SC is designated as the primary or main system controller, and the other is designated as the spare system controller. If the main SC fails, the failover capability automatically switches to the spare SC as described in Chapter 12.
Most domain-configurable units are active components. This means that you must check the system state before powering off any DCU.
| Note - Circuit breakers must be on whenever a board is present, including expander boards, whether or not the board is powered on. | 
For details, see Power Control.
Administration tasks on the Sun Fire high-end system are secured by group privilege requirements. SMS installs the following 39 UNIX groups to the /etc/group file.
The smsconfig(1M) command allows an administrator to add, remove, and list members of platform and domain groups as well as set platform and domain directory privileges using the -a, -r, and -l options.
smsconfig also can configure SMS to use alternate group name, including NIS (Network Information Service)- managed groups using the -g option. Group information entries can come from any of the sources for groups specified in the/etc/nsswitch.conf file (refer to nsswitch.conf(4)). For instance, if domain A was known by its domain tag as the Production Domain, an administrator could create an NIS group with the same name and configure SMS to use this group as the domain A administrator group instead of using the default, dmnaadmn. For more information, see Chapter 3, and refer to the smsconfig man page.
The nature of the Sun Fire high-end systems physical architecture, with an embedded system controller, as well as the supported administrative model (with multiple administrative privileges, and hence multiple administrators) dictates that an administrator utilize a remote network connection from a workstation to access SMS command interfaces to manage the Sun Fire high-end system.
Since the administrators provide information to verify their identity (passwords) and might need to display sensitive data, it is important that the remote network connection be secure. Physical separation of the administrative networks provides some security on the Sun Fire high-end system. Multiple external physical network connections are available on each SC. SMS software supports up to two external network communities.
For more information on Sun Fire high-end system networks, see Management Network Services. For more information on securing the Sun Fire high-end system see Chapter 2, Using Solaris Security Toolkit to Secure the System Controller.
SMS provides a command-line interface (CLI) to the various functions and features it contains. You can interact with the SC and the domains on a system by using the CLI commands.
For the examples in this guide, the sc_name is sc0 and sms-user is the user-name of the administrator, operator, configurator, or service personnel logged onto the system.
The privileges allotted to the user are determined by the platform or domain groups to which the user belongs. In these examples, the sms-user is assumed to have both platform and domain administrator privileges, unless otherwise noted.
For more information on the function and creation of SMS user groups, see Chapter 3 and refer to the System Management Services (SMS) 1.5 Installation Guide.
| Note - This procedure assumes that smsconfig -m has already been run. If smsconfig -m has not been run, you will receive the following error when SMS attempts to start and SMS will exit. | 
2. Log in to the SC and verify that SMS software startup has completed. Type:
3. Wait until showplatform finishes displaying platform status.
The output shown is what you would see if you had platform privileges.
At this point, you can begin using SMS programs.
An SMS console window provides a command-line interface from the SC to the Solaris OS on the domains.
1. Log in to the SC, if you have not already done so.
| Note - You must have domain privileges for the domain on which you want to run console. | 
The console command creates a remote connection to the domain's virtual console driver, making the window in which the command is executed a console window for the specified domain (domain_id or domain_tag).
If console is invoked without any options when no other console windows are running for that domain, it comes up in an exclusive locked write mode session.
If console is invoked without any options when one or more non-exclusive console windows are running for that domain, it will come up in read-only mode.
Locked write permission is more secure. It can only be taken away if another console is opened using console -f or if ~* (tilde-asterisk) is entered from another running console window. In both cases, the new console session is an exclusive session, and all other sessions are forcibly detached from the domain virtual console.
The console comman can utilize either Input Output Static Random Access Memory (IOSRAM) or the internal management network for domain console communication. You can manually toggle the communication path by using the ~= (tilde-equal sign) command. Doing so is useful if the network becomes inoperable, in which case the console session appears to be hung.
Many console sessions can be attached simultaneously to a domain, but only one console will have write permissions; all others will have read-only permissions. Write permissions are in either locked or unlocked mode.
In a domain console window, a tilde ( ~ ) that appears as the first character of a line is interpreted as an escape signal that directs console to perform some special action, as shown in :
The rlogin command also processes tilde-escape sequences whenever a tilde is seen at the beginning of a new line. If you must send a tilde sequence at the beginning of a line and you are connected using rlogin, use two tildes (the first escapes the second for rlogin). Alternatively, do not enter a tilde at the beginning of a line when running inside of an rlogin window.
If you use a kill -9 command to terminate a console session, the window or terminal in which the console command was executed goes into raw mode, and appears hung. Type CTRL-j, then stty sane, then CTRL-j to escape this condition.
In the domain console window, vi(1) runs properly and the escape sequences (tilde commands) work as intended only if the environment variable TERM has the same setting as that of the console window.
For more information on the domain console, see Chapter 9 and refer to the console man page.
In the event that a system controller hangs and that console cannot be reached directly, SMS provides the smsconnectsc command to remotely connect to the hung SC. This command works from either the main or spare SC. For more information and examples, refer to the smsconnectsc man page.
Your other option is to connect to the hung SC using an external console connection, but you cannot run smsconnectsc and use an external console at the same time.
Sun Management Center for Sun Fire high-end systems is an extensible monitoring and management tool that integrates standard Simple Network Management Protocol (SNMP)-based management structures with new intelligent and autonomous agent and management technology based on the client/server paradigm.
Sun Management Center is used as the graphical user interface (GUI) and SNMP manager/agent infrastructure for the Sun Fire system. The features and functions of Sun Management Center are not covered in this manual. For more information, refer to the latest Sun Management Center documentation available at www.docs.sun.com.
Copyright © 2005, Sun Microsystems, Inc. All Rights Reserved.