Sunday, December 17, 2006

How to find the correct map between SAN's LUN and logical drive in AIX

Last week, I learned new command how to find the correct map between SAN's LUN and logical drive in the AIX system.

# fget_config -Av

It will shows Logical UNIT of SAN mapped to correct hdisk in the system. So, if we plan to rebuild the LUN, make sure remove all related hdisk / file system in the system, same as the replacing local disk procedures.

Sunday, December 10, 2006

Understanding Certificate Life Cycle and Key Management

I have completed learning on topic "Understanding Certificate Life Cycle and Key Management". Below are the summery of this topic:
  • The key life cycle of a certificate is broken into seven distinct stages: certificate enrollment, certificate distribution, certificate validation, certificate revocation, certificate renewal, certificate destruction, and certificate auditing.

  • During certificate enrollment, a user requests a certificate from a CA.

  • Once the CA is satisfied with the credentials presented by the user requesting the certificate, the CA distributes the certificate to the user.

  • If anything occurs before the expiration of the certificate that warrants the cancellation of the certificate, it is added to the CA's certificate revocation list (CRL).

  • If the certificate is not revoked and reaches the expiration date, it can be renewed.

  • To better manage and control certificates, CAs track various events, such as creations, revocations, renewals, and in some cases, successful usage.


Saturday, December 9, 2006

Fibre Channel Path check on AIX

I learned new command how to check SAN connectivity from UNIX box. The command is:

# datapath query device

It this command successfully execute, it will show the output something look like this:

Total Devices : 2


DEV#: 0 DEVICE NAME: vpath0 TYPE: 2105800 POLICY: Optimized
SERIAL: 07028305
==========================================================================
Path# Adapter/Hard Disk State Mode Select Errors
0 fscsi0/hdisk4 DEAD NORMAL 1336 0
1 fscsi0/hdisk6 OPEN NORMAL 3944 0

DEV#: 1 DEVICE NAME: vpath1 TYPE: 2105800 POLICY: Optimized
SERIAL: 50A28305
==========================================================================
Path# Adapter/Hard Disk State Mode Select Errors
0 fscsi0/hdisk5 DEAD NORMAL 29948 1
1 fscsi0/hdisk7 OPEN NORMAL 74165 0

Saturday, December 2, 2006

AIX tips

I learned how the fastest way to run concurrent diag on known specific device. Below is the example of the command:

# diag -d ent0

Then, select problem determination and it will start to examine the device.

Understanding CA Trust Models

Today, I just finished self-studying on topic "Understanding CA Trust Models" and below are lesson summary:

-To create a scalable solution, you have to design a CA architecture so that CAs can validate certificates issued by other CAs by establishing trusts between CAs.

-Trusts are established between CAs by having each CA issue a certificate to the other CA.

-With mesh trust architectures, all CAs issue certificates for all other CAs. This provides multiple trust paths that can be used for certificate validation.

-Hierarchical trusts establish a top-level CA known as a root CA. Subordinate CAs can be created below that. All users issued certificates in the hierarchy know the root CA, so certificate validation across multiple arms of the hierarchical structure validate through the root CA.

-Bridge CAs connect mesh and hierarchical architectures together. They do not issue certificates to end users, only to other CAs.

Sunday, November 26, 2006

Understanding PKI

Today's work is quite easy, just take care of user's request. Lucky me, there is no new request at all.

I spent my time to read some e-book related to Security+ Certification on Identifying the Components of a Public Key Infrastructure. It is quite easy to understand compare with the book that I read before.

This summary should I bare in my mind, always:
  • Using asymmetric keys without a supporting infrastructure is not scalable to a large environment. A public key infrastructure (PKI) uses asymmetric key pairs and combines software, encryption technologies, and services to provide a means of protecting the security of communications and business transactions.
  • A certificate is a digital representation of information that identifies you as a relevant entity by a trusted third party (TTP).
  • A certification authority (CA) is an entity that is recognized as an authority trusted by one or more users or processes to issue and manage certificates.
  • A certificate revocation list (CRL) is a list of certificates issued by a CA that are no longer valid.

Saturday, November 25, 2006

Windows XP - Start Here

Hi..

Today is the launching of this weBlog - IT International and Me. I'll post topics about Information Technology, Security and my related work in here. So, don't miss my next post here.