IBM 865511Y Hardware Maintenance Manual - Page 52

soft lock, hard lock, updated remotely.

Get IBM 865511Y - Netfinity 3500 M10 PDF manuals and user guides
UPC - 087944509769
View all IBM 865511Y manuals
Add to My Manuals
Save this manual to your list of manuals

Page 52 highlights

Enhanced security can be enabled or disabled only when you update system programs. The procedure for enabling enhanced security is explained under "Enabling and disabling enhanced security" on page 45. If enhanced security is enabled and you have not set an administrator password, your server will operate as if enhanced security were disabled. If enhanced security is enabled and you have set an administrator password, your server will operate as follows: The contents of the security EEPROM (your administrator password and startup sequence) will be protected from failure of the battery and CMOS memory. The security EEPROM will be protected from unauthorized access because it locks after your server is turned on and the system programs have completed their startup routine. Once it is locked, the security EEPROM cannot be read from or written to by any software application or system software until the server is turned off and back on again. In a networking environment, this might prevent certain functions from being performed remotely on your server. There is an extra measure of protection for the system programs in your server. Normally, the entire contents of the system programs EEPROM is write protected with a soft lock. A soft lock allows the POST/BIOS update utility to function in a network environment. Enhanced security adds a hard lock. With a hard lock, when your server is turned on and the system programs startup routine is completed, the POST/BIOS update utility is locked and cannot be unlocked until the server is turned off and back on again and the administrator password is entered. Note that in a networking environment this prevents the system programs in your server from being updated remotely. Someone must be present at your server to turn it on and off in order to unlock the POST/BIOS update utility. A chassis-intrusion feature will alert you if the cover of your server has been removed. This feature will work if your server is on or off when the cover is removed. If the cover has been removed, a prompt for your administrator password will appear on the screen, and your server will remain in a halted state until your administrator password is entered. As with nonenhanced security, your configuration settings are protected. The settings cannot be changed in the Configuration/Setup Utility program until your administrator password is entered. This means that any changes in server hardware that are detected by the system programs in your server, such as removal of a memory DIMM, will generate a 44 Netfinity Server HMM

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
Enhanced security can be enabled or disabled only when
you update system programs.
The procedure for enabling
enhanced security is explained under “Enabling and
disabling enhanced security” on page
45.
If enhanced security is enabled and you have not set an
administrator password, your server will operate as if
enhanced security were disabled.
If enhanced security is
enabled and you have set an administrator password, your
server will operate as follows:
±
The contents of the security EEPROM (your
administrator password and startup sequence) will be
protected from failure of the battery and CMOS
memory.
±
The security EEPROM will be protected from
unauthorized access because it locks after your
server is turned on and the system programs have
completed their startup routine.
Once it is locked, the
security EEPROM cannot be read from or written to
by any software application or system software until
the server is turned off and back on again.
In a
networking environment, this might prevent certain
functions from being performed remotely on your
server.
There is an extra measure of protection for the
system programs in your server.
Normally, the entire
contents of the system programs EEPROM is write
protected with a
soft lock
.
A soft lock allows the
POST/BIOS update utility to function in a network
environment.
Enhanced security adds a
hard lock
.
With a hard lock, when your server is turned on and
the system programs startup routine is completed, the
POST/BIOS update utility is locked and cannot be
unlocked until the server is turned off and back on
again and the administrator password is entered.
Note that in a networking environment this prevents
the system programs in your server from being
updated remotely.
Someone must be present at your
server to turn it on and off in order to unlock the
POST/BIOS update utility.
±
A chassis-intrusion feature will alert you if the cover of
your server has been removed.
This feature will work
if your server is on or off when the cover is removed.
If the cover has been removed, a prompt for your
administrator password will appear on the screen, and
your server will remain in a halted state until your
administrator password is entered.
±
As with nonenhanced security, your configuration
settings are protected.
The settings cannot be
changed in the Configuration/Setup Utility program
until your administrator password is entered.
This
means that any changes in server hardware that are
detected by the system programs in your server, such
as removal of a memory DIMM, will generate a
44
Netfinity Server HMM