Last week, I learned new command how to find the correct map between SAN's LUN and logical drive in the AIX system.
# fget_config -Av
It will shows Logical UNIT of SAN mapped to correct hdisk in the system. So, if we plan to rebuild the LUN, make sure remove all related hdisk / file system in the system, same as the replacing local disk procedures.
Sunday, December 17, 2006
Sunday, December 10, 2006
Understanding Certificate Life Cycle and Key Management
I have completed learning on topic "Understanding Certificate Life Cycle and Key Management". Below are the summery of this topic:
-
The key life cycle of a certificate is broken into seven distinct stages: certificate enrollment, certificate distribution, certificate validation, certificate revocation, certificate renewal, certificate destruction, and certificate auditing.
-
During certificate enrollment, a user requests a certificate from a CA.
-
Once the CA is satisfied with the credentials presented by the user requesting the certificate, the CA distributes the certificate to the user.
-
If anything occurs before the expiration of the certificate that warrants the cancellation of the certificate, it is added to the CA's certificate revocation list (CRL).
-
If the certificate is not revoked and reaches the expiration date, it can be renewed.
-
To better manage and control certificates, CAs track various events, such as creations, revocations, renewals, and in some cases, successful usage.
Saturday, December 9, 2006
Fibre Channel Path check on AIX
I learned new command how to check SAN connectivity from UNIX box. The command is:
# datapath query device
It this command successfully execute, it will show the output something look like this:
Total Devices : 2
DEV#: 0 DEVICE NAME: vpath0 TYPE: 2105800 POLICY: Optimized
SERIAL: 07028305
==========================================================================
Path# Adapter/Hard Disk State Mode Select Errors
0 fscsi0/hdisk4 DEAD NORMAL 1336 0
1 fscsi0/hdisk6 OPEN NORMAL 3944 0
DEV#: 1 DEVICE NAME: vpath1 TYPE: 2105800 POLICY: Optimized
SERIAL: 50A28305
==========================================================================
Path# Adapter/Hard Disk State Mode Select Errors
0 fscsi0/hdisk5 DEAD NORMAL 29948 1
1 fscsi0/hdisk7 OPEN NORMAL 74165 0
# datapath query device
It this command successfully execute, it will show the output something look like this:
Total Devices : 2
DEV#: 0 DEVICE NAME: vpath0 TYPE: 2105800 POLICY: Optimized
SERIAL: 07028305
==========================================================================
Path# Adapter/Hard Disk State Mode Select Errors
0 fscsi0/hdisk4 DEAD NORMAL 1336 0
1 fscsi0/hdisk6 OPEN NORMAL 3944 0
DEV#: 1 DEVICE NAME: vpath1 TYPE: 2105800 POLICY: Optimized
SERIAL: 50A28305
==========================================================================
Path# Adapter/Hard Disk State Mode Select Errors
0 fscsi0/hdisk5 DEAD NORMAL 29948 1
1 fscsi0/hdisk7 OPEN NORMAL 74165 0
Saturday, December 2, 2006
AIX tips
I learned how the fastest way to run concurrent diag on known specific device. Below is the example of the command:
# diag -d ent0
Then, select problem determination and it will start to examine the device.
# diag -d ent0
Then, select problem determination and it will start to examine the device.
Understanding CA Trust Models
Today, I just finished self-studying on topic "Understanding CA Trust Models" and below are lesson summary:
-To create a scalable solution, you have to design a CA architecture so that CAs can validate certificates issued by other CAs by establishing trusts between CAs.
-Trusts are established between CAs by having each CA issue a certificate to the other CA.
-With mesh trust architectures, all CAs issue certificates for all other CAs. This provides multiple trust paths that can be used for certificate validation.
-Hierarchical trusts establish a top-level CA known as a root CA. Subordinate CAs can be created below that. All users issued certificates in the hierarchy know the root CA, so certificate validation across multiple arms of the hierarchical structure validate through the root CA.
-Bridge CAs connect mesh and hierarchical architectures together. They do not issue certificates to end users, only to other CAs.
-To create a scalable solution, you have to design a CA architecture so that CAs can validate certificates issued by other CAs by establishing trusts between CAs.
-Trusts are established between CAs by having each CA issue a certificate to the other CA.
-With mesh trust architectures, all CAs issue certificates for all other CAs. This provides multiple trust paths that can be used for certificate validation.
-Hierarchical trusts establish a top-level CA known as a root CA. Subordinate CAs can be created below that. All users issued certificates in the hierarchy know the root CA, so certificate validation across multiple arms of the hierarchical structure validate through the root CA.
-Bridge CAs connect mesh and hierarchical architectures together. They do not issue certificates to end users, only to other CAs.
Subscribe to:
Posts (Atom)