• Add a Comment
  • Edit
  • More Actions v
  • Quarantine this Entry

Comments (8)

1 ppereira commented Permalink

Hi Chris!!!!! I ran into this last week, Great explanation!!

2 cggibbo commented Permalink

Thanks for the comment Pablo. What method did you use to resolve it? <div>&nbsp;</div> Cheers. <div>&nbsp;</div> Chris

3 cggibbo commented Permalink

Reply from Pablo: <div>&nbsp;</div> "In this case the nimsh was installed first. When they were installing SAP they complained about the port. <br /> I found a SAP Installation Manual which had a note about this issue and that was all :D <br /> Regards. <br /> Pablo."

4 craifarr commented Permalink

Hi Chris, <div>&nbsp;</div> SAP does provide a warning in the installation guides in regards to the use of the this port on AIX systems. However this was not the case a couple of years back. In our case we have disabled nimsh accross all the AIX lpars runnign SAP, our unix admins at KAZ barely batted an eye lid on the request. As I am a SAP administrator and not an AIX administrator I was wondering what the consequences of this are and what value nimsh gives the AIX admin? <div>&nbsp;</div>

5 cggibbo commented Permalink

Hi Craig, <div>&nbsp;</div> Thanks for the comment. Always good to get feedback. <div>&nbsp;</div> It's good to know that SAP does provide a warning. Hopefully people are reading this information and discussing it with their AIX administrator. Can you provide a link to the SAP document that contains this warning? Thanks! <div>&nbsp;</div> rsh is insecure. Most auditors and/or Network Security administrators will ask UNIX admin's to disable the rsh service on a production UNIX system. If security is not a concern for your auditors or security admins, then you can probably get away with it. Although I wouldn't be at all surprised if the rsh option for NIM is removed at some point in the future. nimsh offers secure communications between the NIM master and the NIM client. <div>&nbsp;</div> Cheers. <div>&nbsp;</div> Chris

6 jbhelmich commented Permalink

I've always wondered why IBM didn't implement secure communications through the pretty much universal standard ssh instead of nimsh. If it can work through the standard rsh port I don't see why ssh would be that difficult to spin up.

7 craifarr commented Permalink

Hi Chris

 
A link may not be much use iunless you have access to the SAP Service Marketpleace or SAP Developer Network. But here is the text from the installation OSS Notes.
 
"
If you use NIM Service Handler (NIMSH), do not use 01 or 02 as SAP system instance number. SAPinst uses the instance number for the internal message server port 39<instance number="number">. The NIM client daemon uses reserved ports 3901 and 3902.
"
 
is NIM mandatory to use for AIX management or are the other alternatives? We are looking at going to P7 series and would like some advise around the use of NIM considering we have multiple SAP Systems installed using ports 3901. What are the pro's/con's of using/not using NIM.
 
Regards
Craig</instance>

8 cggibbo commented Permalink

"craifarr wrote <br /> Hi Chris A link may not be much use iunless you have access to the SAP Service Marketpleace or SAP Developer Network. But here is the text from the installation OSS Notes. 'If you use NIM Service Handler (NIMSH), do not use 01 or 02 as SAP system instance number. SAPinst uses the instance number for the internal message server port 39 . The NIM client daemon uses reserved ports 3901 and 3902.' is NIM mandatory to use for AIX management or are the other alternatives? We are looking at going to P7 series and would like some advise around the use of NIM considering we have multiple SAP Systems installed using ports 3901. What are the pro's and con's of using or not using NIM. Regards Craig" <div>&nbsp;</div> Thanks again for your comments Craig. No, NIM is not mandatory. But I think it's essential in environments that runn more than a handful of LPARs. It's advantages are documented thoroughly in the NIM A-Z Redbook, but I may write a new blog post on why I think NIM is an important tool in the Enterprise AIX landscape. I could talk about the alternatives to NIM but to be honest they are antiquated and inefficient....do you feel like running around with physical media....to and from your data centre................... to install AIX and additional software? ;-) Stay tuned and I'll dedicate a post to NIM.

Add a Comment Add a Comment