Hi Dirk,
Here's the rationale for requiring passwordaccess generate. Before
authenticating the
end user (client node ID for pre-EM servers or admin ID for EM servers),
the client machine logs
into the ADSM server using the client's ADSM password that has been stored
via
passwordaccess=generate. This check ensures that the client machine is
authorized
to connect using the configured nodename and prevents another user from
setting up a machine
to masquerade as that nodename. Passwordaccess generate is required so
that the client machine
can log into the ADSM server without having to prompt for a password. It
is necessary for allowing a
remote user to connect to the server via the Web Client without having to
type anything at the client
agent machine. Also, since the remote client agent runs as a background
process or service, it is
unable to prompt for a password.
We realize that customers may miss some of the Backup/Archive Client GUI
functions that were not
implemented in the first release of the Web Client. Delete filespaces,
delete archive data, and access
another user are all functions that we would like to implement in the Web
Client. We are hoping to
make them available in the Web Client in future releases.
Regards,
Lori Simcox
ADSM Client Development
Hello,
I hope someone of the ADSM development crew is reading this and could
comment on it:
I was preparing boot diskettes for a customer of our company who wants to
recover his OS/2 systems (Warp 4 with Warp Server Advanced + HPFS386) with
ADSM. Since the Redbook does not cover disaster recovery with ADSM v3
(apart from the contained errors... ) I had to try some things on my own.
After figuring out which files were needed and so on, I had an idea:
Shouldn't it be possible to use the web client with the boot diskettes to
do a remote disaster recovery? In that way a "normal" system technician
could install the new hardware, prepare and boot the system from diskettes
and the ADSM admin could perform the recovery process (maybe some hundred
kilometers away). Two days later it worked! :-)
But I am still not satisfied with it because there is a problem left: The
web client requires PASSWORDACCESS GENERATE as stated in the documentation.
That means I must have the right password file for the client to be
recovered on the diskettes. And if the password expires or changes the file
on the diskette would have to be updated. That way I would have to deal
with a dozen of different client nodes and passwords not to mention the
security aspects. An other possible solution would be a special DR node but
there is different problem: The web client does not support the function
"Access another user" in contrast to the backup/archive client GUI.
So to remove that problems I would like to see the ADSM web client support
the "Access another user" function and PASSWORDACCESS PROMPT. Then it would
be possible to do a remote disaster recovery with a special DR node.
Are there any plans to enhance the web client so it will support that
feature or any other of the missing functions (Delete file spaces, delete
archive data, etc.)? Or do I have missed the point and there are reasons
that contradict my wishes?
CU/2,
Dirk Billerbeck
Dirk Billerbeck
CompuNet Kiel
System Engineering
Am Jaegersberg 20, 24161 Altenholz (Kiel), Germany
Phone: ++49-431/3609-117, Fax: ++49-431/3609-190,
Internet: dirk.billerbeck @ gecits-eu.com
|
