Bookmark and Share
RSS

Recent Posts

NIM Management via HTTP

October 2, 2018

I love NIM. I rely on NIM when I'm doing new server builds, and it's also my go-to for installing the VIO server.

Chances are you love NIM as well. That said, one thing you might not be fond of is firewalls between your NIM server and NIM clients, which requires you to work with your network team and ask for ports to be opened.

Here's a breakdown of ports that need to be opened in a firewall for use with NIM:

Protocol Port(s)
nimsh 3901 - 3902
icmp               5813
rsh*                 513 - 1023**
rlogin* 513
shell* 514
bootp   67 - 68
tftp 69 and 32,768 - 65,535
nfs 2049
mountd 32,768 - 65,535 or user's choice
portmapper 111
NIM 1058 – 1059


Again, in some environments, getting approval for such extensive access can be a challenge. Fortunately, a potential alternative exists. Read this IBM Knowledge Center doc to determine if using NIM over HTTP can work in your environment:

Network Installation Manager (NIM) supports the installation of AIX updates over the Hypertext Transfer Protocol Secure (HTTP) protocol to conform to the emerging data center policies that restrict the use of network file server (NFS).

AIX BOS installation still requires the use of the NFS version 3 protocol or the more secure NFS version 4 protocol. In addition to the installation of filesets, NIM customization processes such as script execution and copying the file_res directory are supported over the HTTP protocol.

The HTTP protocol provides the following advantages for NIM management:

  • All communication occur over a single HTTP port. Hence, the authorization through a firewall is easier to manage.
  • AIX installation steps are driven from the client's end, that is, the target system of the installation. Therefore, remote access is not required for running the commands.
  • NIM or any other products that currently use the client-server model of NFS can easily use HTTP.
  • (The capability) to extend the end product to support additional protocols.

AIX 7.2.0 ships a new service handler that provides HTTP access to NIM resources. The nimhttp service is defined in the /etc/services and the nimhttp daemon, which listen for requests over the 4901 port. When the nimhttp service is active, NIM clients attempt to access the /etc/services file and request customization of the scripts that are defined in the nimhttp service. If HTTP access fails or if the access is denied, access failover attempt to the NFS client occurs.

Were you aware of this option? Have you used it before?

Posted October 2, 2018| Permalink

Post a Comment

Note: Comments are moderated and will not appear until approved

comments powered by Disqus