Configuring the HMC data collection manually (For AIX systems)

Perform the following configuration steps manually to establish SSH communication between the system and the HMC:

1. Install SSH on the AIX partition (if it is not already installed). For more information, see Installing SSH on AIX partition.
2. Manually generate the RSA or DSA keypair (the public and private keys) for the partition. For more information, see Manually generating the RSA or DSA keypair.
3. Create a user with Viewer privileges on the HMC (if necessary). For more information, see Manually creating a user on the HMC.
4. Manually copy the Public Key to the HMC User Account on the HMC (if necessary). For more information, see Manually copying the Public Key to the HMC User Account on the HMC.
5. Verify contents of the config file. For more information, see Verifying the contents of config file.
6. Override the default settings in the data collector configuration file. For more information, see Overriding the default settings in data collector configuration file.
7. Test connection to the HMC. For more information, see Testing connection to the HMC.
8. Verify whether the HMC was added to the list of known hosts. For more information, see Verifying the list of known hosts.

Installing SSH on the AIX partition

SSH is required to collect data from the HMC. You can verify the installation of SSH on the system by typing the following at the command line:

This command returns the SSH version level, and other information. If SSH is not installed, the software to install the SSH is located on the updated AIX Bonus Pack, for AIX 5L Version 5.1 and later. 

For further information about setting up SSH on AIX, refer to Chapter 4: Secure network connection on AIX in IBM Redbook Managing AIX Server Farms. 

You can also visit IBM developerWorks page for more information about using SSH with AIX.

Manually generating the RSA or DSA keypair (the public and private keys)

To create the keypair, ensure that you are logged in using the user that was used to install BMC Helix Continuous Optimization. Use the ssh-keygen utility to generate the public/private keypair. The method for generating keys can be different between various Secure Shell (SSH) implementations. 

The generated Key file is saved in the /usr/adm/best1_<version>/local/setup/.ssh directory.

Following is the sample of syntax required for using ssh-keygen:

Manually creating a user on the HMC

BMC Helix Continuous Optimization requires a user on the HMC, to initiate data collection on the AIX systems running on the partitions managed by the HMC. You can use the HMC system administrator role to create a standard HMC user with the lowest role (Viewer) for the BMC Helix Continuous Optimization Agent to use for data collection. A user that is assigned the Viewer role can view the HMC information, but cannot modify the configuration. If the frame is being managed by using FSM, the FSM user account needs to have the smmon role.

You can also identify which HMC user to use in the Collect configuration file (Collect.cfg ). For more information about options available in the Collect configuration file, see Collect configuration file. 

If you are using multiple HMCs, you can also identify which HMC to use in the Collect.cfg file.

Manually copying the Public Key to the HMC User Account on the HMC

The public portion of the RSA or DSA keypair must be copied to the key file in the user's home directory on the HMC. 

On the AIX client system, use the secure copy command (scp ) to move the authorized_keys2 file to a temporary file on the HMC. Log on to the remote server using the ssh command, and then concatenate the transferred user public key file to the $HOME/.ssh/authorized_keys file. For complete instructions, refer to the chapter on Secure network connection on AIX in the IBM Redbook Managing AIX Server Farms.

Verifying the contents of config file

In the config file located in $BEST1_HOME/local/setup/.ssh, verify that the settings for IdentityFile and UserKnownHostsFile are correct for your environment. The following list shows the options and default settings in the config file where <version> refers the version of the BMC Helix Continuous Optimization Agent version:

• NumberOfPasswordPrompts=0
• ChallengeResponseAuthentication=no
• PasswordAuthentication=no
• StrictHostKeyChecking=no
• IdentitiesOnly=yes
• IdentityFile=/usr/adm/best1_<version>/local/setup/.ssh/id_<key file type>
• UserKnownHostsFile=/usr/adm/best1_<version>/local/setup/.ssh/known_hosts

Overriding the default settings in data collector configuration file

If any default settings related to remotely connecting the HMC are required to be overridden, the appropriate settings need to be set in the /usr/adm/best1_<version>/local/setup/Collect.cfg file. Following is the minimum syntax required for configuring the data collector file:

You can add the required options between BEGIN_HMC and END_HMC. Following example provides information for configuring the BMC Helix Continuous Optimization data collector to connect to the HMC named hmc1, using HMC user account hmcuser and to use /usr/local/bin/ssh to make the remote connection with a timeout of 300 seconds (5 minutes):

Testing connection to the HMC

To test whether or not the BMC Helix Continuous Optimization data collect can connect to the HMC, run:

where <HMC USER> is the HMC user account and <HMC> is the HMC/IP address to connect to. As an example:

If the connection was successful, the HMC should return information about the version of the HMC. Here is an example of the output you should see if the connection was successful:

 "version= Version: 7

Verifying the list of known hosts

Once an attempt has been made to test the connection of the HMC, verify that the HMC name has been added to the list of known hosts in the known_hosts file located in the $BEST1_HOME/local/setup/.ssh directory.  For example: