WAS v8.0 > Install the application serving environment > Distributed operating systems > Centralized installation manager (CIM) > Use the centralized installation manager (CIM) to manage v6.1.x and 7.x > Get started with the centralized installation manager (CIM) for previous versions


Requirements for using Remote Execution and Access (RXA)

We can use Remote Execution and Access in WAS v8.0 and 7.0. WAS Network Deployment provides management features, such as initiating installations of product packages and maintenance from the administrative console. The product uses the Tivoli Remote Execution and Access (RXA) toolkit to access your remote workstations.


Windows target requirements

Many RXA operations require access to resources that are not generally accessible by standard user accounts. Therefore, the account names that you use to log onto remote Windows targets must have administrative privileges.


Simple file sharing

Windows XP system targets must have simple file sharing disabled for RXA to work. Simple networking requires that you log in as guest. A guest login does not have the authorization necessary for RXA to function correctly.

To disable Simple File Sharing, open Windows Explorer and click Tools > Folder Options > View > Use Simple File Sharing. Clear the Use Simple File Sharing check box. Click Apply and OK.

We must enable file sharing for the Guest or Everyone accounts, and disable password protected sharing.

To disable password protected sharing, perform the following steps:

  1. Click Control Panel > Network and Sharing Center > Sharing and Discovery .
  2. Expand Password protected sharing by clicking the down arrow on the far right.

  3. Select Turn off password protected sharing.

  4. Click Apply, and exit the control panel.


Firewalls

Windows XP systems include a built-in firewall called the Internet Connection Firewall (ICF), which is disabled by default. For Windows XP Service Pack 2 systems, the Windows firewall is enabled by default. If either firewall is enabled on a Windows target workstation, RXA cannot access the target workstation. On Windows XP Service Pack 2, you can select the File and Printer Sharing check box in the Exceptions tab of the Windows Firewall configuration to allow access. Do not block port 445.


Administrative sharing

We must enable the remote registry administration, which is the default configuration, on the target workstation for RXA to run commands and scripts.

To verify that the remote registry is enabled and started, click Start > Programs > Administrative Tools > Services. From Remote Registry, ensure the status of the service is started.

We must enable administrative sharing to successfully use RXA to connect to your Windows systems targets. Examples of the default administrative disk share are C$ and D$ . If you disable sharing, RXA considers directories that are located within the drives as hidden. In this case, the following message is displayed:

XCIM0009E: Error connecting to remote target
<host_name>. Exception: java.io.FileNotFoundException:
CTGRI0003E The remote path name specified cannot be found: file_or_directory_path>.
Cause: com.starla.smb.SMBException: The network name is incorrect.

Follow these steps to enable administrative sharing:

  1. Click My Computer.
  2. Right click the disk drive that you are enabling for administrative sharing.

  3. Click Sharing and Security.

  4. Select Share this folder.

  5. Specify the share name, such as C$ or D$, and click OK.


Connect to Windows Vista, Windows 7, or Windows 2008 Server R2 targets

To connect to Windows Vista, Windows 7, and Windows 2008 Server R2 targets, use one of the following options. Before you begin, ensure that the Remote Registry in Windows Services is started, and port 445 is unblocked in the firewall.

  1. Configure both the dmgr machine and the Windows Vista, Windows 7, or Windows 2008 Server R2 target as members of a Windows domain. Use a user account in that domain, or in a trusted domain, when you connect to the target.
  2. Enable and use the built-in administrator account to connect to the target workstation.

    To enable the built-in administrator account perform the following steps:

    1. Select Control Panel > Administrative Tools > Local Security Policy > Security Settings > Local Policies > Security Options.
    2. Next, double-click Accounts: Administrator account status.

    3. Select Enable, and click OK.

  3. Disable the User Account Control that is enabled by default if you are using a different user account to connect to the target workstation. To disable User Account Control perform the following steps:

    1. Select Control Panel > Administrative Tools > Local Security Policy > Security Settings > Local Policies > Security Options.
    2. Next, double-click User Account Control: Run all administrators in Admin Approval Mode.

    3. Select Disable, and click OK.

For the configuration changes to take effect, restart the workstation.


Linux and UNIX target requirements

The centralized installation manager, through RXA, uses SSH v2 to access UNIX and Linux target workstations. This usage requires the use of either OpenSSH 3.6.1 (or, if accessing AIX targets, OpenSSH 4.7), or Sun SSH 1.1 on the target hosts.

Note that OpenSSH 3.7.1, or higher, contains security enhancements not available in earlier releases, and is recommended. OpenSSH Version 4.7.0.5302 for IBM AIX v5.3 is not compatible with Remote Execution and Access v2.3. If your target systems are running AIX v5.3 with OpenSSH v4.7.0.5302 installed, the file transfer might stop in the middle of the transfer.

To avoid this problem, revert the OpenSSH version from v4.7.0.5302 to Version 4.7.0.5301.


Use SSH protocol

Remote Execution and Access does not supply SSH code for UNIX operating systems. We must ensure SSH is installed and enabled on any target you want to access using CIM.

In all UNIX environments except Solaris, the Bourne shell (sh) is used as the target shell. On Solaris targets, the Korn shell (ksh) is used instead due to problems encountered with sh.

To communicate with Linux and other SSH targets using password authentication, edit the /etc/ssh/sshd_config file on the targets and set the following property:

PasswordAuthentication yes

The default value for the PasswordAuthentication property is no.

After changing this setting, stop and restart the SSH daemon using the following commands:

/etc/init.d/sshd stop
/etc/init.d/sshd start 


IBM i targets

Use of SSH public/private key authentication to IBM i targets is not supported.
Get started with the centralized installation manager (CIM) for previous versions

+

Search Tips   |   Advanced Search