Communication

This is used by the N1 AA Server to communicate with every N1 AA Client. The technical characteristics of this communication are:

• Client = N1 AA Server

• Server = N1 AA Analyzer clients

• OS User = noaccess

• Commands: cat, tail and logadm on remote file /var/opt/SUNWn1aa/n1data

You can choose to have this communication based on aasap, rsh, or ssh. To do this, perform the following steps:

1. Establish the communication (based on aasap, rsh, or ssh) at the OS level.

2. Specify your choice (aasap, rsh, or ssh) within the general N1 AA customization. For more information, see Sun N1 Advanced Architecture for SAP Solutions 5.2.1 User’s Guide.

rsh and ssh are standards in the Solaris OS. For more information, see rsh(1M) and ssh(1).

aasap is included with the N1 AA software and has to be installed separately. This is described in the following section.

Implementation Based on aasap/aasapd

This allows the client, aasap, to execute remote commands on the servers.

• aasap is the client component. It is installed on the N1 AA Server.

• aasapd is the server component. This daemon, under control of inetd or smf, runs on every N1 AA Client.

aasapd allows access to be restricted on host names, os users, and commands. See the following for details.

Install aasap/aasapd

1. Copy the SUNWn1aad.pkg package file from the installation media to a temporary installation directory and navigate to this directory.

2. Install the SUNWn1aad.pkg package file as superuser.

   # pkgadd -d SUNWn1aad.pkg

   The following functions are performed:

   • Installs /opt/SUNWn1aa/aasap/bin/aasap

   • Installs /opt/SUNWn1aa/aasap/sbin/aasapd

   • Install /etc/aasap.allow

   • Create service entry in /etc/inet/inetd.conf or manifest for smf

   • Create, if necessary, port entry in /etc/inet/services

   • Restart inetd to activate service if not under control of smf

The pkgadd command requires the name of the N1 AA Master Server and the TCP port for the communication between client and server. If you already have a valid service entry for aasap in /etc/services or you are using another naming server, for example LDAP, you can enter 0.

Deactivate aasapd on the N1 AA Server

• On an N1 AA server running Solaris 9:

  1. Remove the aasapd entry from the /etc/inet/inetd.conf file.

  2. Restart inetd.

     # pkill -HUP -x -u 0 inetd

• On an N1 AA server running Solaris 10:

  # /usr/bin/svcadm disable svc:/network/aasap:default

Restrict Access

Restrict aasap access on all N1 AA Clients:

• Only commands from the N1 AA Server will be accepted

• Only commands from the noaccess user are accepted

• Only commands cat, tail, and logadm are accepted

On all N1 AA clients:

The package creates the /etc/aasap.allow file with owner root:sys and permissions 600. The package also creates one entry, noaccess@hostname: cat,tail,logadm

Example:

# cat /etc/aasap.allow

noaccess@n1aaserv : cat,tail,logadm

Test the Communication

Log in to the N1 AA Server as superuser.

# su - noaccess

# /opt/SUNWn1aa/aasap/bin/aasap Hostname_of_an_N1_AA_Client cat /etc/release

The output should display the contents of the /etc/release file of the N1 AA Client.

Check the /var/opt/SUNWn1aa/aasap.log file for messages.